Risk Governance


Risk Governance Overview

Risk governance is a part of Mizuho's corporate governance framework, centered on our risk appetite framework (RAF). The Board of Directors determines fundamental matters regarding the RAF, along with its management systems and specific risk appetites, and incorporates these in document form as the risk appetite statement (RAS).

At Mizuho, we also work to foster and promote a sound risk culture to support this risk governance framework. The effective administration of the RAF leads to the creation of a sound risk culture, and at the same time, cultivating a sound risk culture creates a foundation for the disciplined risk–taking and risk communication which are promoted as part of the administration of the RAF.

To ensure strong risk governance, we maintain a risk management and compliance structure that operates in accordance with the principles of the "three lines of defense."

Risk Culture

We foster a sound risk culture in which all executive officers and employees maintain a high level of awareness regarding risk, and endeavor to make proper judgements and take appropriate actions rooted in good sense and ethical standards. Such judgement and actions allow us to achieve our risk appetite and enhance our corporate value.

We have also established Behavioral Guidelines for a Sound Risk Culture, and work to ensure that executive officers and employees understand these principles through messages from senior management, training sessions and other measures. For Mizuho to put the "customer first principle" into practice and enhance our corporate value, it is essential that all members maintain an attitude of not simply avoiding risk, but rather taking appropriate risk. These guidelines provide a foundation for the appropriate values and courses of action for Mizuho's executive officers and employees to take when approaching risks. The guidelines are aligned with the five Mizuho Values that form a part of Mizuho's Corporate Philosophy, and executive officers and employees can refer to them when they are unsure of a risk–related judgement that needs to be made in their daily work. Putting these guidelines into practice improves our ability to address and counter risks, and fosters a sound risk culture.

These initiatives are also important from the standpoint of internal control, ultimately helping to prevent inappropriate behavior by executive officers and employees.

Risk Appetite Framework (RAF)

The purpose of our RAF is to maximize our corporate value by securing sustainable and stable profits, and to fulfill our social responsibilities. Based on such purpose, our core risk appetite is to take appropriate risk and provide solutions based on our customers' actual needs, establishing our competitive advantage against our peers.

We have positioned the RAF as the corporate management framework to support taking the types and levels of risk that we will accept in order to implement our business and financial strategies. We will further concretely define our risk appetite in our medium–term and fiscal year business plans. The risk appetite forms the basis for establishing our business strategy, resource allocation, and earnings plans as well as monitoring the operating status, thus integrating risk management, business strategy, and profits in order to achieve disciplined risk–taking that achieves an optimal balance of risk and return.

Systems for operating the risk appetite framework

Our risk appetite consists of a risk appetite policy that serves as the fundamental policy regarding our risk–taking activities, and risk appetite metrics that serve as a means of quantifying the level of risk–taking based on the risk appetite policy.

In implementing the RAF, the Board of Directors decides on basic matters, including the risk appetite policy, metrics, and levels of risk, and operations are supervised based on the Board's decisions. In addition, the Risk Committee, which advises the Board of Directors, provides advice regarding risk governance and offers suggestions to management.

On the other hand, to implement the RAF in the course of business operations, the Group CRO, Group CFO, and Group CSO provide assistance overseen by the Group CEO, and implement business strategy, financial strategy, and risk management from an overall perspective. Also, heads of in–house companies, units, and groups are responsible for planning and implementing strategies based on risk appetite, and as the individuals in charge of risk–taking, conduct operations. Note that the Internal Audit Group provides objective and comprehensive assessments of the effectiveness of the RAF from an independent perspective and offers advice and recommendations for addressing any issues that arise.

Formulation and monitoring of risk appetite

Risk appetite is determined through management discussions on the outlook for external factors such as the macroeconomic, regulatory, and competitive environment, along with potential risk events such as economic slowdown and turbulence in financial markets. These are then incorporated into main and risk scenarios that are shared internally.

We then formulate a group–wide risk appetite policy based on our awareness of these external environments, create specific strategies and measures according to this policy, and determine corporate resource allocation and earnings plans. Our risk appetite metrics are expressed in terms of capital strength, profitability, and liquidity, utilizing measures such as CET1 Capital Ratio, ROE, and LCR. Further, the risk appetite for the entire group is shared with the in–house companies that implement strategies, to ensure the effectiveness of the RAF. The in–house companies in turn formulate individual risk appetite policies to implement the group's overall policy, and set risk appetite metrics and levels to meet group metrics and levels.

Monitoring of the operational status for the established risk appetite is conducted by the Risk Management Committee (Chairman: Group CRO) on a quarterly basis and as necessary. As part of this process, the Group CRO and each in–house company work to identify issues related to risk and share information on these issues. This monitoring enables timely and appropriate actions, including flexible revisions to our risk appetite and strategies, to be discussed and carried out in the event of changes in the external environment that increase risk or impede our risk appetite and strategies.

Mizuho's RAF Control Structure

Mizuho's RAF Control Structure

Three Lines of Defense

In accordance with the "three lines of defense" approach in the Corporate Governance Principles for Banks released by the Basel Committee on Banking Supervision and the definitions and roles outlined below, we ensure appropriate and effective risk governance through autonomous controls (first line) and a check–and–balance system (second line), along with an independent third line of internal auditing. In addition, Mizuho Financial Group sets group strategies and allocates resources, monitoring the autonomous controls in the first line at core group companies in order to strengthen the system providing appropriate responses.

Our definition of the three lines of defense and their roles

First line Autonomous control function
The first line–of–defense involves daily operations based on the rules, procedures, and risk appetite, and has a primary responsibility for risks and compliance matters accompanying the conduct of business as a risk owner, and for performing autonomous control activities (to identify, assess, and manage/control risks and compliance matters).
Second line Risk management and compliance function
The second line of defense oversees (monitors), measures, and assesses the first line's autonomous control activities, and is responsible for establishing and implementing basic policies for risk management and compliance.
Third line Internal audit function
The third line–of–defense is independent of the first and second lines and involves assessment and examination of the operations of the first and second lines, and is responsible for providing advice and guidance to settle issues.


Our risk management and compliance framework

Our risk management and compliance framework

*   Of the core group companies, Mizuho Bank, Mizuho Trust & Banking, Mizuho Securities, and Mizuho Americas conduct risk management and compliance based on the "three lines of defense" concept.

Back to top