Business Risks

The “Strategy” Risk Category includes Force Majeure, Planning & Resource Allocation, Growth Strategy, Business Development & Investment, Communication & Stakeholder Management, Market Dynamics, and Major Projects & Programs. The highest rated risks relate to operational dependencies, competitive dynamics, and the ability to anticipate and respond to market developments.

• Geopolitical tensions have been categorized as having Top Risk status, threatening supply chains through military conflicts and trade wars that increase costs and create compliance risks from rapidly changing sanctions regimes.
• In major markets, the market environment is changing significantly due to the implementation of protective measures for domestic industries and other factors. Earnings may be adversely affected due to factors such as fluctuations in tariffs and preferential treatment for domestic suppliers.
• Intensifying competition across key markets may impact the Group’s ability to sustain its market position and profitability, particularly in areas characterized by rapid technological advancement and pricing pressure.
• Insufficient depth or timeliness of market intelligence, as well as misjudgment of market trends, customer needs, or competitor actions, may impair strategic decision-making and the ability to maintain competitive positioning.
• M&A activities present both opportunities and threats, requiring rigorous due diligence and structured integration processes. Insufficient risk mitigation may adversely affect business execution, performance, and financial position through goodwill impairment or related expenses.

• To address risks arising from intensifying competition, the Olympus Group advances initiatives to enhance innovation effectiveness and accelerate product development cycles.
• In China, we are making progress with preparations for local manufacturing, and in the United States, while monitoring the situation regarding tariffs, we are working closely with industry associations, with the safety and health of patients as our top priority.
• To mitigate risks related to insufficient or untimely market intelligence, the Olympus Group strengthens its market and competitive intelligence capabilities by aligning activities with the strategic importance of business units. This includes the development of standardized and partially automated analyses, with a focus on the timely delivery of actionable insights.
• To address risks arising related to market position and customer needs, the Olympus Group undertakes innovation through both in-house development and external technology acquisition via M&A and strategic alliances; as well as targeting high-value-added products such as those that may be used in an Intelligent Endoscopy Ecosystem.
• To minimize risks associated with M&A activities, the Olympus Group engages in the continuous refinement of M&A processes and systems to improve target selection, due diligence, and post-acquisition integration effectiveness.

The “Operations & Product” Risk Category includes Manufacturing & Repair, End-to-End Supply Chain, Research & Development, Sales, Marketing & Service, Quality, Physical Assets, as well as People & HR. Risks relate to operational continuity, supplier dependencies, and the transformation of products and operating models.

• Continuation of remediation activities associated with the FDA warning letters may require significant resource allocation, process enhancements and system improvements across Manufacturing, Quality, Supply Chain Management, and R&D functions.
• Disruptions to critical operational infrastructure or logistics networks, particularly where dependencies are concentrated, may adversely affect product availability, business continuity, and the ability to serve customers and patients.
• Heightened geopolitical tensions, including those in the Middle East, the expansion of sanctions, and instability in logistics networks and energy supply may disrupt the procurement of raw materials and components.
• In particular, shortages or supply constraints of critical raw materials, including semiconductors, could result in production delays or adjustments and may impact product supply.
• Potential disruptions to manufacturing operations, including downtime of production sites, may result in delays in production and impact the Group’s ability to meet customer demand.
• Insufficient transparency regarding dependencies on single or sole source suppliers, as well as supplier disruptions, may adversely affect the stability and resilience of the supply chain.
• Security breaches or disruptions at third-party service providers may impact critical operations, data integrity, and service continuity.
• In the event of a crisis, suppliers may not recover within required timeframes, potentially resulting in material shortages and disruptions to production.
• The increasing adoption of digital technologies and artificial intelligence in products and services may require adjustments to the operating model, organizational capabilities, and governance structures. Failure to effectively manage this transformation may impact competitiveness and operational effectiveness.

• To mitigate risks related to manufacturing disruptions, the Group enhances operational resilience through a range of measures, including the implementation of business continuity plans, the establishment of safety stocks for critical materials and finished goods, and the safeguarding of key production capabilities and equipment.
• To address risks related to supplier dependencies, the Group strengthens supply chain resilience by increasing transparency on supplier structures and reducing reliance on single or sole sources. This includes targeted initiatives to diversify sourcing and the establishment of appropriate safety-stock levels for critical materials.
• To mitigate risks related to disruptions of critical operational infrastructure and logistics networks, the Group identifies key dependencies and critical locations and implements a structured Business Continuity Management (BCM) framework. This includes the development and continuous enhancement of Business Continuity Plans, as well as the strengthening of crisis management capabilities and organizational readiness.
• To mitigate risks associated with third-party security, the Group implements a structured third-party risk management approach, including dedicated governance within the risk and compliance framework to assess, monitor, and manage external security risks.
• To address risks related to supplier recovery in crisis situations, the Group enhances supply chain visibility and conducts regular assessments of supplier resilience and business continuity capabilities. In addition, safety stock strategies for critical raw materials are implemented to reduce potential supply disruptions.
• To mitigate risks related to digitalization and the adoption of artificial intelligence, the Group advances its digital transformation by strengthening governance structures, enhancing technology development processes, and investing in digital capabilities and talent. This includes the establishment of appropriate oversight mechanisms and the standardization of development and governance frameworks.

The “Financial” Risk Category includes Accounting & Reporting, Capital Structure, Liquidity & Credit, Revenue Cycle and Tax. The overall risk exposure in this category remains limited compared to other risk categories, reflecting the Group’s stable financial position and effective risk management practices.

• Foreign currency exchange rate fluctuations may present significant exposure. The Group hedges against foreign currency-denominated transactions, but business performance can potentially be adversely affected by a strong yen and positively affected by a weak yen.
• Financing risks could emerge from financial market volatility affecting access to capital and borrowing, and from company performance influencing borrowing costs. Deteriorating company performance and changes in the financial market environment potentially narrow financing options.
• Tax burden may increase through changes in applicable tax laws or interpretations across global jurisdictions. Deferred tax asset valuations may require reassessment due to changing business conditions or organizational restructuring.
• Credit risks from customers and suppliers may further impact financial stability.

The Group maintains a robust financial risk management framework, including structured planning and monitoring processes, centralized treasury activities, and appropriate controls to manage liquidity, foreign exchange, and other financial risks. These measures support financial stability and enable timely responses to potential changes in the financial environment.

• To mitigate risks related to foreign currency fluctuations, the Group utilizes derivative instruments including forward exchange contracts and currency swaps to manage exchange fluctuations, complemented by global cash pooling to reduce foreign currency exposure.
• To reduce financial market volatility risks, the Group diversifies funding methods such as public bonds to optimize financing costs, coupled with fixed interest rate policies for long-term debt to minimize interest rate volatility.
• To address tax risks, the Group proactively monitors and responds to tax legislation changes across jurisdictions, with appropriate adjustments to intra-group transaction rules and close profitability management to optimize deferred tax asset positions.

The “Governance” Risk Category includes Compliance, Regulatory, Legal, Culture, Data Privacy, Corporate Governance, Resilience Governance (Governance Framework for Business Continuity, Emergency and Crisis Response) and Third-Party Risk Management. Risks related to regulatory compliance, interactions with regulatory authorities, and the effectiveness of governance and control frameworks are proactively managed:

• Potential non-compliance with applicable laws and regulations may result in delays in product commercialization, restrictions on market access, litigation or other regulatory actions.
• Incomplete or delayed resolution of the FDA warning letters and/or a failure to address FDA observations to the satisfaction of the FDA could result in regulatory actions and potentially impact product supply.
• Inadequate management of third-party risks may expose the Group to operational disruptions, compliance risks, and potential legal or reputational impacts.

• To mitigate risks related to regulatory non-compliance, the Group enhances its compliance framework by strengthening global processes, policies, monitoring activities, training programs and controls.
• To address regulatory and quality risks from the FDA warning letters, the Group implemented a structured remediation program to address the FDA warning letters.
• On June 24, 2025 (U.S. time), the FDA published import alerts for certain medical devices manufactured at the company’s Aizu facility in Fukushima, Japan. This action prevents the import of the specified devices into the U.S. until further notice. The devices affected include certain bronchoscopes, laparoscopes, ureterorenoscopes, and automated endoscope reprocessors. We are addressing the FDA’s concerns promptly and ensuring that our products meet the highest quality standards.
• In late 2025, the FDA conducted inspections at eight Olympus facilities in the U.S., Europe, and Japan, thereby providing an opportunity to review our ongoing operational and quality improvements. Certain inspections resulted in FDA observations. Many relate to activities that predate our recent changes, while others reflect areas where we need to further advance the maturity, consistency, and integration of our quality systems and processes. We are addressing these findings through a coordinated, enterprise-wide approach. Actions underway include a risk-based review of our product portfolio that prioritizes patient safety, continued global harmonization of quality systems, and targeted strengthening of our quality and regulatory teams. The inspection results remain an open matter with the FDA — we are in direct communication with the Agency regarding the proactive nature of the actions we are taking.
• To address risks associated with third-party management, the Group enhances its third-party risk management framework through continuous improvement of governance structures, operating models, and compliance processes. This includes strengthening risk assessment methodologies, increasing transparency, and ensuring consistent application of compliance standards across third parties.

The “IT & Digital” Risk Category includes IT Security & Cyber, IT Applications, IT Governance, IT Infrastructure & Services, and Digital Enablement. Potential risks relate to cybersecurity threats, the resilience of IT systems, and the governance of digital environments.

• The increasing frequency and sophistication of cybersecurity threats may result in unauthorized access to systems, data breaches, or disruptions to critical operations.
• The aging or obsolescence of IT infrastructure and applications, including end-of-life or end-of-support systems, may increase the risk of operational disruptions, system failures, and security vulnerabilities.
• Insufficient governance and management of decentralized or non-standard IT solutions may increase exposure to security vulnerabilities, data inconsistencies, and compliance risks.
• Disruptions or failures of critical enterprise systems may adversely affect core business processes, including manufacturing and supply chain operations.

• To mitigate cybersecurity risks, the Group implements a comprehensive information security program, including continuous monitoring, threat detection, and the strengthening of preventive and responsive security measures across the IT landscape.
• To address risks related to aging IT infrastructure and applications, the Group advances structured lifecycle management, including the prioritization of system upgrades, replacements, and migrations to ensure operational stability and security.
• To mitigate risks associated with decentralized IT environments, the Group strengthens governance by integrating non-standard IT activities into centralized structures and enhancing oversight, standardization, and security controls across the organization.
• To address risks related to critical system disruptions, the Group enhances IT resilience through the development of recovery and continuity plans, as well as the implementation of measures to safeguard system availability and support business continuity.