Risk Management System
The Asset Manager has prescribed Risk Management Regulations and Risk Management Implementation Guidelines regarding various risks that arise in the course of managing DHR’s assets. It endeavors to manage risk based on a fundamental policy of comprehensively and accurately identifying risks, qualitatively and quantitatively measuring and appropriately assessing the identified risks’ impacts on operations, formulating risk prevention measures, monitoring risk management status on an ongoing basis and formulating procedures for responding to risks when they surface.
Risk Management Process
The Asset Manager’s risk management is based on the identification, recognition, measurement, monitoring, and reporting of risks in each department, as well as the maintenance of a response system. The risk management process is as follows.
Each department will evaluate risk items, taking into account the likelihood of risk occurrence and the degree of impact. The risk evaluation criteria, which consider both the likelihood of occurrence and the degree of impact, are as shown on the right, with the impact weighted slightly higher.
Development Status of Risk Management System
The Asset Manager has prescribed Risk Management Regulations and Risk Management Implementation Guidelines regarding various risks that arise in the course of managing DHR’s assets. It endeavors to manage risk based on a fundamental policy of comprehensively and accurately identifying risks, qualitatively and quantitatively measuring and appropriately assessing the identified risks’ impacts on operations, formulating risk prevention measures, monitoring risk management status on an ongoing basis and formulating procedures for responding to risks when they surface. Additionally, the Asset Manager conducts annual internal audits to verify the appropriateness and effectiveness of the foregoing risk management system and implementation status of risk controls. The audit results are reported to the President and CEO. The Asset Manager is committed to ensuring that operations are conducted appropriately and soundly managed through such means as reporting to the Compliance Committee and Board of Directors as the occasion demands.
The risk management, improvements and other relevant matters are incorporated into the annual Plan of Compliance Programs and reported to the Boards of Directors of both the Asset Manager and DHR.
Internal Audits
To ensure the effectiveness of the Asset Manager’s management system, the Board of Directors has set out Rules for Internal Audits, and the Compliance Department conducts internal audits of the Asset Manager’s operations, audits of risk management, and the like to verify compliance with laws, rules, and regulations; develops an understanding of problems and summarizes recommendations for correcting them; reports the results of these efforts to the President and CEO as well as the Compliance Committee, the Board of Directors, and the DHR Board of Directors as necessary; and follows up on the status of improvements. Notably, in an effort to ensure the effectiveness of internal audits, the Compliance Department maintains close communication with departments to be audited, notifying them prior to conducting the audits and holding post-audit review sessions.
Internal Audit Implementation Status
| Item | Results (FY2024) |
|---|---|
| Number of internal audits carried out | 7 times |
| Number of external inspections of internal management systems | 1 time |
Business Continuity Planning
The Asset Manager establishes the necessary items for its disaster prevention and crisis management in relation to risks specified separately for natural disasters such as large-scale earthquakes, accidents, crimes, and other material facts. It has established an “Emergency Response Manual” in order to prevent and avoid risk, ensure people’s safety and reduce/mitigate damage in the event of a disaster, prevent secondary accidents, resume DHR’s asset management operations at an early point, and fulfill its corporate social responsibility. Furthermore, to ensure continuity of payment and disclosure operations from the standpoint of the business continuity requirements to which financial instrument business operators are subject, the Asset Manager plans to operate in accordance with a BCP Execution Plan it has formulated.
The Asset Manager has stockpiled supplies, including three days of emergency meals and drinking water for officers and employees and two storage batteries, at its office, warehouse for general affairs and elsewhere.
Safety Confirmation System
As part of corporate crisis management, the Asset Manager has adopted an online safety confirmation system to ascertain its officers and employees’ safety and post-disaster status at the time of disaster swiftly.The Asset Manager conducts safety confirmation drills at least once annually. In the fiscal year ended March 2025, the participation rate was 100%.
Managing Personal Information
DHR recognizes the importance of personal information (here and hereinafter including specific personal information as defined in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (hereinafter referred to as the “Numbers Act”)), and in its handling of personal information complies with the Act on the Protection of Personal Information, the Numbers Act, and other laws and regulations on protecting personal information in addition to guidelines and other literature issued by the competent authorities.
Additionally, DHR engages in the proper handling, protection, and management of personal information based on the following policy (hereinafter referred to as the “Personal Information Protection Policy”).
Please refer to "Personal Information Protection Policy"
https://www.daiwahouse-reit.co.jp/en/privacy/index.html
Information Security
The Asset Manager recognizes the proper management of information as an important management challenge and has established an information security policy as a basic policy to ensure information security. This policy implements the following items
- Preparation of an information security management system
- Appointment of an information security manager
- Establishment of internal regulations
- Information security education
- Reinforcement of management systems of outsourcing companies
- Implementation of ongoing improvements
Additionally, the Asset Manager has established IT management Regulations, which define specific procedures for handling information devices to safely and smoothly manage information devices and secure the confidentiality and completeness of data, with an aim to fully protect the information handled by the Asset Manager.
| Item | Fiscal year ended March 2022 | Fiscal year ended March 2023 | Fiscal year ended March 2024 | Fiscal year ended March 2025 |
|---|---|---|---|---|
| Information security training | 2 times | 2 times | 2 times | 2 times |
Governance on Information Security and Cyber Security
IT-related management is handled by the Asset Manager’s Well-being Department, Administration and Accounting Division, with the Head of Administration and Accounting Division as the person responsible for IT control.
The person responsible for IT control is responsible for the following matters.
- Supervision of IT-related operations
- Overall IT management and maintenance
- Provide guidance and advice to each department on the introduction of IT and promote its use
- Other matters related to the handling of IT
Risks related to information and cyber security are handled by the Well-being Department, Administration and Accounting Division, which assesses risks using the risk assessment sheet and reports on control measures and other matters to the Compliance Committee, of which the Head of Administration and Accounting Division is a member, as well as to the Board of Directors and the DHR Board of Directors.
Internal Rules on Information Security
At the Asset Manager, the employment rules require that, depending on the circumstances, an employee be reprimanded, reduced in pay, barred from work, suspended, or demoted/reduced in rank, if any of the following applies to the employee.
- Leaking or attempting to leak company secrets outside the company, or obtaining company or other company secrets through improper means
- Using company computers in violation of company regulations or other instructions, infecting them with computer viruses or otherwise interfering with business operations, or using them for unauthorized purposes outside of work and similarly interfering with business operations
- Unauthorized entry into the company’s network or hacking activities
- Using the Internet or e-mail for inappropriate purposes with an account lent by the company
Conducting drills to respond to targeted email attacks
The Asset Manager draws attention to suspicious emails through information security training conducted annually. However, in an effort to improve awareness among all officers and employees in a more practical way, the Asset Manager conducts drills for responding to targeted email attacks.
If an officer or employee opens the email and then opens an attachment or clicks on an embedded link, they are shown educational content about targeted emails in an effort to verify and improve their awareness of information security.
Receiving regular reports from outside contractors on information device operation and management
The Asset Manager has established IT Management Regulations and Information Device Operation and Management Guidelines, and when it contracts the operation and management of information devices to an outside contractor, the person responsible for IT control (Head of Administration and Accounting Division) receives quarterly reports on information device operation from the contractor.
Information Security-related Problems
There were no serious problems related to information security at the Asset Manager that would influence stakeholders. (Fiscal year ended March 2025)
The number of incident reports related to information security submitted to regulatory authorities by the Asset Manager.
| FY2022 | FY2023 | FY2024 |
|---|---|---|
| 0 | 1 | 1 |