We have established risk management regulations on various risks surrounding the Company and their management as well as established a risk management committee with the department that comprehensively manages risks as its secretariat.
As a general rule, the Risk Management Committee gathers once a month to hear a summarized report by the person in charge of information handling on the status of risk management in each organization and the comprehensive identification of risks. Then, the Committee evaluates, analyzes, and discusses measures for those risks to decide on how to respond to them. Furthermore, as a general rule, the Committee revises risks relevant to the Company every six month.
Response, status, and initiatives related to risks are shared with various committees mainly by the department in charge of risk management.

We manage four key risks -strategic, financial, operational, and hazard risks- and work to avoid said risks.

BIKE O & COMPANY Group has established an internal reporting system for the early detection and remedy of wrongdoing, etc. and enhancement of compliance withing the Group. We have also established personnel consulting contact to enable consultation related to concerns and harassments and improve physical and mental health of employees as well as workplace environment.
For the internal reporting system, with the aim of making a convenient system, we have established multiple reporting contact in and outside the company to enable reporting to and consulting with external attorneys and specialized contractors. The reporting and consultation can be made in name or anonymously through e-mail, phone, or post.
We have established a Compliance Hotline Subcommittee for the purpose of ensuring smooth operation of the internal reporting system. The Subcommittee is in charge of research and reporting on the reports and consultations received as well as check on the reporter after a set time to ensure that the reporter does not suffer any disadvantage or retaliation. We ensure that persons related to the system and the Subcommittee observe confidentiality obligations regarding personal information and the content of reports.
The number of reports, their content and response are tracked by the Compliance Hotline Subcommittee. In case any critical faults in the internal control are identified, they are promptly reported to the Risk Management Committee. In addition, if a major misconduct is discovered, prompt measures to remedy the situation and prevent reoccurrence will be implemented by the President.

BIKE O & COMPANY Group believes that proper use and safe management of personal, critical, and other information is one of the most important issues and building relationship of trust with its stakeholders.
BIKE O & COMPANY Group has formulated and operates under various regulations related to critical and personal information based on the Group's personal information protection guidelines and information security policy to properly manage information that are considered to be management resources. To improve security, we also implement relevant systems as well as conduct education and training for offices and employees on compliance to various related laws and regulations in order to prevent leaks, protect, and properly use and manage personal and critical information.

We recognize business continuity during disasters and pandemic as one of our material issues and include preservation of life, safety of local communities, and continuation of important operations in our basic policy on BCP.
We have also formulated a response manual for disasters such as earthquakes and tsunamis based on the basic policy on BCP. Triggered by the COVID-19 pandemic, we have also formulated guidelines for responding to pandemic that take the teleworking system into consideration. In terms of manual for responding to disasters, it includes building a crisis management system during normal time as well as responding organizations and a reporting system during disasters. Furthermore, the manual and guidelines are regularly revised.

Our core system and data such as information of transactions are stored on a data server located in an area with low geopolitical risks. Additionally, data is backed up in real time to a cloud server.