Business Risks

The business performance of the Olympus Group may be materially affected by various risks (uncertainties) that could occur in the future. The Olympus Group has established a comprehensive global Enterprise Risk Management framework to facilitate the attainment of its strategic business objectives, which encompass, among other aspects, its management philosophy and Guiding Principles. The Enterprise Risk Management structure implemented by the Olympus Group is based on and operates in accordance with the formalized “Policy of Risk Management & Crisis Response.” The Olympus Group is undertaking Enterprise Risk Management from the perspective of both opportunities and threats. Opportunities are seized through active and appropriate risks-taking leading to sustainable growth and value creation for the Olympus Group. Threats are identified, prioritized, and treated to ensure the achievement of business objectives and to prevent non-compliance.

The global organizational design integrates the four functions, Risk & Controls, Compliance, Privacy, and Information Security, responsible for the related management systems for Risk & Control, Compliance, Privacy and Information, Product and Cyber Security to deliver a holistic view on risks Olympus wide, embedded in business processes “Aligned Assurance.” During the fiscal year ended March 31, 2025, these areas were integrated with the Global Legal function into Legal, Risk and Compliance function (LRC) reporting into the Global General Counsel (GGC) as executive officer. The Global Chief Compliance Officer maintains regular reporting to the CEO, the Audit Committee, and the Board of Directors while he or she continues to attend applicable Group Executive Committee meetings.

The elements of the enhanced Enterprise Risk Management System are:

• A global Risk & Controls organization embedded into the LRC function
• An enhanced global Enterprise Risk Management methodology and approach
• A globally harmonized Enterprise Risk Management process

Those three elements aim to ensure a streamlined Enterprise Risk Management that feeds into business and financial planning and safeguards the achievement of Olympus Corporation’s business objectives and its company strategy by supporting informed decision making.

Further building on the global Enterprise Risk Management Portfolio for the fiscal year ended March 31, 2024, Olympus conducted Risk Assessments with all relevant functions during the fiscal year ended March 31, 2025, to validate and update Olympus Corporation’s regional and global Risk Portfolio.

Risk and Compliance Management Organizational Setup

The Olympus Group has established a committee structure on both global and regional level, the Global and Regional Risk Assurance and Compliance Committees (G-RACC and R-RACC, collectively the “RACCs”).

The objectives of the RACCs are to establish, implement and manage a framework for addressing enterprise risk and complying with applicable policies, laws, and regulations. Recommendations, guidance and significant risks are regularly reported to the Olympus Group Executive Committee (GEC), the Board of Directors (Board), and the Audit Committee for ongoing monitoring.

The Olympus Group also identified and collaboratively nominated Risk Owners, i.e., Global Division and Function Heads, and Regional Division and Function Heads, and respective Risk Coordinators responsible for managing risks. Each Risk Owner is accountable to execute the necessary measures (organizational structure, process preparation, focus measures, etc.) in their designated area of risk.

< Enterprise Risk Management Organizational Chart >

Enterprise Risk Management Methodology and Approach

The Olympus Group has established a global Enterprise Risk Management Methodology and Approach which includes five Risk Categories (1. Strategic (incl. External), 2. Operations & Product, 3. Financial, 4. Governance, and 5. IT & Digital) and corresponding Risk Sub-Categories.

< Enterprise Risk Management Risk Categories >

The Olympus Group bases the risk assessments on three Risk Evaluation Criteria (1. Exposure, 2. Vulnerability, 3. Velocity) to evaluate and display that the risks it might reasonably have an effect on the achievement of Olympus’ business objectives and the company strategy:

• Exposure which is determined by likelihood and impact. The likelihood indicates the probability of a risk materializing, while the impact assesses the severity of the consequences if a risk does materialize. Likelihood and impact levels are defined as quantitative (financial) or qualitative criteria.
• Vulnerability which refers to how well the organization is prepared to manage a risk if it occurs.
• Velocity which indicates how fast Olympus Corporation would be affected by a risk after it occurs.

< Enterprise Risk Management Risk Evaluation Method >

Based on the three dimensions, the Olympus Group actively identifies, mitigates and monitors risks. Mitigation measures are regularly reviewed and tested for effectiveness. The Olympus Group utilizes a 3D-Risk Matrix to effectively visualize and manage risks. This matrix combines Exposure levels with assessed Vulnerability and incorporates Risk Velocity. The 3D-Risk Matrix is divided into four quadrants, each providing specific guidance on appropriate risk response strategies. The Olympus Group has implemented an enhanced IT system featuring integrated databases and visual dashboards to enable more effective and data-driven risk-based decision making. During the fiscal year ended March 31, 2025, the ERM IT system has been upgraded with in-house design and tested artificial intelligence tools to optimize the risk portfolio completeness, while simultaneously structuring, categorizing, and standardizing risk descriptions to enhance clarity and comprehension.

Enterprise Risk Management Process

The main components of the Enterprise Risk Management Process are:

• Risk Assessment to identify, analyze, and evaluate risks.
• Risk Treatment to mitigate risks, coordinate and execute Risk Management activities.
• Risk Monitoring to design and implement monitoring procedures on risks and evaluate effectiveness on Risk Treatment activities.
• Risk Reporting to aggregate and evaluate risks and mitigating measures and report to relevant stakeholders regularly. Risk Reporting is developed and deployed internally as part of the annual plan.

The Enterprise Risk Management Process is based on the strong collaboration between the Risk & Controls Function and the Divisions/Business Functions following the principle of the Three Lines Model. Risk & Controls is responsible for providing, maintaining and developing Enterprise Risk Management Methodology and operational guidance.

< Enterprise Risk Management Process >

Macroeconomic Business Environment

From April 2024, many countries experienced higher-than-expected inflation rates due to supply chain disruptions, rising energy prices and other factors.

Geopolitical tensions continue to pose risks to the global macroeconomic environment. In addition to the uncertainty caused by the war in Ukraine and the situation in the Middle East region, and trade tensions between major economies, including the United States and China, there is also uncertainty regarding additional tariffs in the United States, which is having a significant impact on global trade and supply chains.

Technological advancements such as digital technologies, artificial intelligence, and automation are driving productivity gains and creating new economic opportunities. However, these advancements also pose challenges, including concerns about data privacy and cybersecurity.

Climate change and sustainability are globally important issues and there is an increasing focus on the sustainability and reduction of carbon emissions. However, the transition to a low-carbon economy also presents challenges, including the need for significant capital investment and potential disruptions to traditional industries.

Risk Environment in MedTech sector

In addition to the macroeconomic business environment described above, the MedTech sector is also greatly affected by factors specific to this industry.

In the medical field, healthcare system reforms are being continuously implemented in Japan and overseas with the aim of curbing medical care costs and improving the quality of life of patients by improving the safety and efficacy of healthcare services. Meanwhile, legal and regulatory requirements for medical device applications and registrations in each country, including the US Food and Drug Administration (FDA) and European Medical Device Regulations (EU-MDR), are increasing every year. Also, the requirements concerning infection prevention and reprocessing (i.e., cleaning, disinfection, and sterilization) are becoming more complex.

The hurdles and complexities for technological development are increasing due to changes in healthcare policies in various countries, reductions in healthcare costs, tighter healthcare-related laws and regulations, and further increased demands for infection prevention and reprocessing. Accordingly, the business environment is changing dramatically, not only due to new and alternative technologies, but also due to the entrants into the medical industry from other industries, including large IT companies.

Furthermore, there is a growing need for healthcare as societies progressively age, particularly in developed countries. There are many competitors in the business areas in which the Olympus Group is involved. Technological innovation is also progressing, and competition is intensifying more than ever before. Emerging markets are experiencing increasing healthcare needs and economic growth potential.

In the industry in which the Olympus Group operates, competition for talent is intensifying globally, and changes in the labor market are leading to higher retirement rates. Recruitment, development, and retention of personnel is becoming increasingly important.

The Olympus Group’s Risk State for the Fiscal Year Ended March 31, 2025

Based on the Olympus Group’s global Risk Assessment performed in the fiscal year ended March 31, 2025, risks impacting the Olympus Group have been identified, quantified, and prioritized.

Risks designated as “Improve” in the 3D-Risk Matrix have been prioritized for Risk Treatment. For the risks in the “Test” quadrant controls are in place. Routine audits should ensure that the existing controls are designed well and operate effectively. Risks located in the “Monitor” quadrant are subject to periodic re-evaluation to ensure that their Risk Exposure is still at an acceptable level or to initiate additional Risk Treatment where necessary.

The Olympus Group reports the following top risks per Risk Category:

Risk Category	“Strategy (incl. External)”
Type	Opportunity and Threat
Trend	Increasing
Risk Scenarios	The “Strategy” Risk Category includes Planning & Resource Allocation, Business Development & Investment, Communication & Stakeholder Management, Market Dynamics, and Force Majeure. Highest rated risks include geopolitical threats, business development challenges in volatile markets, and supply chain disruptions. Geopolitical tensions have been categorized as having Top Risk status, threatening supply chains through military conflicts and trade wars that increase costs and create compliance risks from rapidly changing sanctions. In major markets, the market environment is changing significantly due to the implementation of protective measures for domestic industries and other factors. Earnings may be adversely affected due to factors such as increased tariffs and preferential treatment for domestic suppliers. With the intensifying competitive environment, launching innovative products that are competitive in terms of price, technology, and quality into the market in a timely manner remains a priority. M&A activities present both opportunities and threats, requiring rigorous due diligence and structured integration processes. Insufficient risk mitigation may adversely affect business execution, performance, and financial position through goodwill impairment or related expenses.
Risk Treatment	To address these strategic risks, Olympus focuses on: Increasing supply chain visibility and supplier diversification to reduce vulnerability to supply chain disruptions. Monitoring the competitive environment and identifying alternative technologies and market trends, to build a system that will enable the rapid development of new technologies. In China, we are making progress with preparations for local manufacturing, and in the United States, while monitoring the situation regarding additional tariffs, we are working closely with industry associations, with the safety and health of patients as our top priority. Enhancement and harmonization of global Business Continuity Management Systems to ensure continued supply to customers and patients despite potential disruptions. Taking a balanced approach to innovation through both in-house development and external technology acquisition via M&A and strategic alliances; as well as targeting high-value-added products such as those that may be used in an Intelligent Endoscopy Ecosystem. Continuous refinement of M&A processes and systems to improve target selection, due diligence, and post-acquisition integration effectiveness.
Connection with company strategy and policies	Patient Safety and Sustainability, Innovation for Growth, Productivity

Risk Category	“Operations & Product”
Type	Opportunity and Threat
Trend	unchanged
Risk Scenarios	The “Operations & Product” Risk Category encompasses Research & Development, Manufacturing & Repair, End-to-End Supply Chain, Sales, Marketing & Service, Quality, Physical Assets, and People & HR. Most significant risks are primarily related to Product Quality, End-to-End Supply Chain, and Marketing & Sales, affecting product availability and lifecycle management. Key challenges include: Continuation of activities on FDA warning letter remediation activities, which required significant resource allocation across Manufacturing, Quality, Supply Chain Management, and R&D functions. Supply chain resilience which remains a persistent challenge amid increasing geopolitical tensions and climate change-related natural disasters.
Risk Treatment	Olympus prioritizes improving End-to-End Supply Chain stability and quality processes to deliver premium service with an emphasis on patient safety through: Continuous improvement of global Business Continuity Management Systems. Supply chain visibility improvement projects and supplier base diversification to reduce dependency. Implementation of a global multi-year quality program to enhance and harmonize Quality Management Systems and processes.
Connection with company strategy and policies	Patient Safety and Sustainability, Productivity

Risk Category	“Financial”
Type	Opportunity and Threat
Trend	unchanged
Risk Scenarios	This Risk Category consists of the following sub-categories: Capital Structure, Accounting & Reporting, Liquidity & Credit, Revenue Cycle, and Tax. Foreign currency exchange rate fluctuations present significant exposure. We hedge against foreign currency-denominated transactions, but business performance can potentially be adversely affected by a strong yen and positively affected by a weak yen. Financing risks emerge from financial market volatility affecting access to capital and borrowing, and from company performance influencing borrowing costs. Deteriorating company performance and changes in the financial market environment potentially narrow financing options. Tax burden may increase through changes in applicable tax laws or interpretations across global jurisdictions. Deferred tax asset valuations may require reassessment due to changing business conditions or organizational restructuring. Credit risks from customers and suppliers may further impact financial stability.
Risk Treatment	Olympus implements targeted financial risk mitigation through: Deployment of derivative instruments including forward exchange contracts and currency swaps to manage exchange fluctuations, complemented by global cash pooling to reduce foreign currency exposure. Diversification of funding methods such as public bonds to optimize financing costs, coupled with fixed interest rate policies for long-term debt to minimize interest rate volatility. Proactive monitoring of tax legislation changes across jurisdictions, with appropriate adjustments to intra-group transaction rules and close profitability management to optimize deferred tax asset positions. Systematic monitoring of credit recipients’ financial condition with timely intervention protocols.
Connection with company strategy and policies	Productivity

Risk Category	“Governance”
Type	Opportunity and Threat
Trend	unchanged
Risk Scenarios	The “Governance” Risk Category encompasses Culture, Regulatory, Legal, Compliance, Data Privacy, and Corporate Governance. Fragmented contract management processes and databases create transparency gaps potentially triggering contract breaches, claims, or liabilities. Complex medical device and trade regulations require comprehensive documentation, with potential compliance violations directly impacting product availability. The remediation activities underway to address the FDA warning letters received in the fiscal year ended March 31, 2023 need to be fully executed to comply with regulations. Depending on future progress, additional regulatory actions may be taken by the FDA. Inadequate Business Continuity Management systems may result in operational disruptions during natural disasters or other emergencies.
Risk Treatment	Olympus has implemented key governance improvements through: A contract management enhancement project with process improvements and database renewal. Working on the Quality and regulatory transformation project “Elevate.” Remediation of FDA warning letters we received in the fiscal year ended March 31, 2023. Development and implementation of a harmonized, targeted Business Continuity Management system to standardize existing continuity measures. And, following the resignation of the CEO in the fiscal year ended March 2025, updates to the Global Code of Conduct, along with related training, to clarify that we must comply with our Code, our policies, and all applicable laws and regulations. We will conduct annual Code training for all employees on the updated Code in the fiscal year ending March 2026, and strengthen our offerings for mental health care for executives.
Connection with company strategy and policies	Patient Safety and Sustainability

Risk Category	“IT & Digital”
Type	Opportunity and Threat
Trend	unchanged
Risk Scenarios	The “IT & Digital” Risk Category encompasses IT Security & Cyber, IT Applications, IT Governance, IT Infrastructure & Services, and Digital. High dependency on digital systems creates vulnerability to operational disruptions from IT failures. Cyber security breaches represent high-priority risks requiring continuous monitoring and adaptation. Legacy IT applications approaching end-of-service or end-of-life present significant risks for system failures and operational disruption. Increasing integration of digital technologies in Olympus products necessitates comprehensive cyber security measures throughout the entire value chain.
Risk Treatment	Olympus addresses IT and digital risks through: Implementation of a comprehensive multi-year IT security program progressing according to plan. Significant IT infrastructure updates, upgrades, and transfers advancing on schedule. Enhanced security and collaboration requirements for Third Party Providers. Upgraded Business Continuity and Disaster Recovery Plans within the global Business Continuity Management harmonization project to minimize customer impact during security incidents. A global initiative to protect products and digital services through technologies and processes aligned with the latest cyber security requirements. Periodic employee education on cyber security threats and preventive measures for daily operations.
Connection with company strategy and policies	Patient Safety and Sustainability, Productivity

May 20, 2025 Updated