Operating risks

Images : Operating risks

The main risks that management recognizes as having the potential to materially affect the Group’s consolidated financial position, operating results, and cash flows are as described below.

The Group classifies operating risks into “particularly significant risks” and “significant risks” according to their relevance to medium- and long-term management policies and strategies, the degree of impact on they may have on future business performance, and the likelihood of their occurrence.

Particularly significant risks

(1) Impact of customers’ investment and purchasing appetite, etc.

The food retail industry, which is the customer base of the Distribution Cloud business, is an important industry that supports people’s daily lives. While the food retail industry is not easily affected by economic fluctuations, in the medium to long term, consumers may become less active in purchasing due to the declining birthrate, aging population, and shrinking population. In addition, the business environment may change due to the integration of major companies through mergers and acquisitions. The Group is constantly pursuing attractive services and strategically developing its business in order to build business relationships with customers of various sizes. However, if the industry’s appetite for investment in information systems declines, there may be a slump in new customer acquisitions or a decrease in orders for additional services from existing customers, which may have an adverse effect on the Group’s business performance.

In the Government Cloud business, the Group closely monitors the policy trends of the national government and local governments, and has a system in place to provide appropriate services in a timely manner. However, the business is affected by such factors as budget cuts in public works, postponement of information system investment, downsizing, policy changes, a decrease in the number of municipalities due to mergers of municipalities, system integration among municipalities, and revisions to the bidding system. In particular, the promotion of standardized and common local government information systems as set forth in the Digital Government Execution Plan (approved by the Cabinet on December 25, 2020) may significantly transform the business model of local government backbone systems, which may have an adverse effect on the Group’s business performance.

In the Trust business, the Company aims to provide highly reliable and low-cost services that leverage the capabilities of the My Number Card. However, if customer interest in investment remains stagnant because utilization of My Number Cards fails to spread, we may not be able to generate projected earnings, and these shortfalls could affect the business performance of the Group.

The strength of the Mobile Network business rests on the Company’s ability to leverage the characteristics of physical stores and provide services with high customer satisfaction. Regardless, the Group’s business performance is subject to impact from four primary factors. First, market contraction caused by population decline, a falling birthrate, and an aging society could materially impact results. Second, growth in online sales of mobile devices could lead to the consolidation and integration of resellers and toward a general reevaluation of their roles in the market. Third, earnings could incur impact through prolonged replacement cycles resulting from high mobile device prices. Fourth, mobile device sales could decrease in volume if telecommunications carriers implement policy changes that deter customers from purchasing these devices.

(2) Changes in market needs and environment, and our response to technological innovation

In the Distribution Cloud, Government Cloud, and Trust businesses, we are working to provide competitive services that meet the needs of our customers and the market by continuously upgrading versions and developing new services that drive the growth of the Group. In particular, the Group’s efforts to implement major upgrades and develop new services are based on our foresight in anticipating current trends and analyzing future needs in the market. We also combine M&A and other methods to provide services to customers and the market at the appropriate time, as needed for strategic reasons. However, if we misread the current trends, and technological innovations, alternative technologies, or competing products emerge more rapidly than expected, or if the technological standards or infrastructure on which we depend changes, we may not be able to develop new services at the appropriate time and may miss the timing to launch them in the market, or we may be late in responding to changes in customer needs and market trends, and may not be able to ensure sufficient competitiveness. Due to such reasons, we may not be able to fully benefit from new service introductions, which may have an adverse effect on the Group’s business performance.

We are also working to shorten development times by strengthening our development structure and adopting development methods that respond flexibly to development needs. However, rapid technological innovation during the development of new services, drastic changes in specifications due to changes in the content of services the market demands, or unforeseen malfunctions may significantly increase development man-hours or worsen profitability and have an adverse effect on the Group’s business performance.

Significant risks

(1) Impact of competitors

In the Distribution Cloud business, the Group competes with system integrators and service providers targeting the food retail industry. In the Government Cloud business, we compete not only with major nationwide system integrators, but also with small and medium-sized system integrators with close ties to local communities. In the Trust business, our competitors are businesses that provide trust-related services such as e-applications and e-contracts. In the Mobile Network business, we compete not only with other resellers of telecommunications carriers but also with other resellers of NTT Docomo, Inc.

In selecting its target markets, the Group has adopted a policy of segmenting industries and regions and aiming to be number one in each segment. We strive to maintain or improve our competitive edge over our competitors by concentrating our capital. However, if price competition with competitors further intensifies, or the Group’s service capabilities decline relative to its competitors due to their improved technological and service capabilities, we may lose sales orders for proposed projects or see a decrease in sales volume, which may have an adverse effect on the Group’s business performance.

(2) Delays and problems with system implementation and development work

In the Distribution Cloud, Government Cloud, and Trust businesses, we may add functions, make improvements to stabilize operation, and develop systems such as interfaces, in addition to implementation work such as master settings, at the time of service introduction. In such implementation and development work, the Group estimates costs based on work processes and other factors, and manages the progress of each project. However, it is difficult to accurately estimate all costs due to the nature of the project, and there may be times when the number of man-hours required exceeds the initial estimate due to factors such as estimation errors, work delays, or specification changes. The Group’s profitability may deteriorate due to higher-than-expected cost burdens, delays in development, or other factors. If we are unable to complete and deliver the installation and development work by the delivery date set with the customer, if quality problems occur due to system malfunctions, or if our products or services are found to be defective, we may incur increased costs due to repair work, loss of credibility, liability for damages, and loss of orders, which may have an adverse effect on the Group’s business performance. 

(3) System failures

The Group’s provision of services to customers is heavily reliant on computer systems and their networks. To maintain safe and secure service provision, the Group has acquired certifications for its conformity to ISO 27001 (Information Security Management) and ISO 20000 (IT Service Management) standards. In addition, the Group is taking measures such as distributed operation of multiple data centers, including backup centers, and enhancing the number of infrastructure engineers who support these measures. We also carry IT business liability insurance for all eventualities. However, system troubles may occur due to natural disasters such as earthquakes and fires, computer virus infections, cyber-terrorism, or other factors. The Group’s system may not operate properly or customer data may be lost due to failures in public lines or other network infrastructure. In addition to direct damage to the Group, such cases may lead to deterioration in the quality of services, liability for damages, loss of public trust, and termination of contracts with customers, which may have an adverse effect on the Group’s business performance.

(4) Risks related to information leakages

Since the Group handles a large amount of personal and corporate information in connection with its business activities, the Group has established various regulations, including information risk management rules, and has published its personal information protection policy. In addition, the Group strives to raise awareness of information management through in-house training. In the Mobile Network business, we work to prevent information leakages by participating in training sessions conducted by NTT Docomo, Inc. and by having our operations audited by NTT Docomo. The Group has also obtained ISO 27001 (Information Security Management) certification, and conducts risk analysis and improvement related to information assets within the company. Through these efforts, we are working to prevent the leakage, falsification, and unauthorized use of information assets, and have obtained the Privacy Mark for personal information. Despite these measures, if personal or corporate information leaks out due to reasons such as device failure or loss, operational errors, or cyber-terrorism, the Group may incur liability for damages, loss of public trust, or termination of contracts with customers or business partners, which may have an adverse effect on the Group’s business performance.

(5) Legal restrictions and compliance

The Government Cloud business is regulated by the Telecommunications Business Act, the Construction Business Act, the Broadcasting Act, and other related laws and regulations. The Group has appointed dedicated personnel to conduct safety management, safety training, and other activities to ensure strict compliance with laws and regulations. However, if such laws and regulations are violated or additions or changes are made to legal regulations, the Group’s business may be adversely affected. The enforcement of new laws or regulations, or changes in the interpretation of existing laws or regulations, may impose restrictions on the business activities of the Group, thereby affecting its business performance.

In addition, the Group is working to ensure compliance by establishing regulations requiring directors and employees to comply with social norms, including laws and regulations, establishing internal and external contact points for consultation, and conducting periodic awareness surveys and tests. However, illegal or improper conduct, including personal conduct, may result in a loss of public trust, damage to the brand image, liability for damages, or suspension of bidding.

(6) Intellectual property rights

Although the Group develops software in-house, there is little risk of intellectual property related to developed software being imitated because, unlike software sold as applications, the Group provides services in the cloud. Conversely, to avoid disclosure through patent applications, our policy is in principle not to obtain patent rights. Whenever we launch a new project, we investigate intellectual property rights, and we strive to avoid disputes by clearly stipulating the handling of intellectual property rights in contracts with subcontractors and other parties. To date, the Group has never been sued by a third party for infringement of intellectual property rights. However, due to the rapid advancement of technological innovation in software, we may not be able to accurately assume or judge the possibility that our software may infringe on the intellectual property rights of a third party. In addition, if patent rights or other rights not recognized by us are granted in the Group’s business field, we may be subject to claims for damages or product use injunctions and incur expenses for legal procedures to respond to these claims, which may have an adverse effect on the Group’s business performance.

(7) Dependence on specific persons

As chairman and representative director, Tsuneo Murakami spearheaded management of the Cyberlinks Group for an extended period. However, the March 2024 appointment of Naoki Higashi as president and representative director has decentralized decision-making associated with the planning and execution of the Group’s business plans.

The Cyberlinks Group views excessive dependence on Mr. Murakami as a risk to its status as a going concern and therefore remains committed to mitigating this risk moving forward. Accordingly, the Group is systematically training a team of successors by providing education for directors and executives and progressively delegating authority to them. In addition, the Group is working to develop an organizational structure free from excessive reliance on Mr. Murakami mainly by enhancing information sharing and discussions among members of its Board of Directors and Management Council and by strengthening its Corporate Planning Division. Despite these efforts, if Mr. Murakami were to suddenly become unable to perform management activities for the Group, its business performance could incur impact.

(8) Deficiencies in internal control systems

The Group continuously examines and reviews its internal control systems to strengthen them, and works to reduce risks through systemization. However, any significant deficiencies or weaknesses in internal controls or deviations from internal controls may result in additional costs and inadequate timely disclosure, which may harm the Group’s public trust and have an adverse effect on the Group’s business performance.

(9) Management system of subsidiaries

The Company provides appropriate management and support for the operations of its consolidated subsidiaries. However, if the Company fails to properly manage and support its consolidated subsidiaries, and the consolidated subsidiaries’ performance deteriorates or misconduct occur, the Group’s business performance may be adversely affected.

(10) Securing and developing human resources

In order to secure talented personnel, who are assets that can provide optimal products and services to customers, the Group implements continuous improvements to compensation, accommodation of diverse work styles, awareness-raising of products and services, and other measures. Also, by thoroughly training employees and supporting them in acquiring qualifications, we develop personnel with skills above a certain level that contribute to business development. However, if we are unable to secure and train personnel as planned, or if many of our talented personnel leave the company, we may not be able to adequately serve customers and develop new services. This may lead to lost sales orders, a decrease in sales volume, or delays in service development, which may have an adverse effect on the Group’s business performance.

(11) Natural disasters, etc.

Our head office, offices, and stores are concentrated in Wakayama Prefecture, centering on Wakayama City, with some exceptions. In the event of a major earthquake in the Tonankai region, it may be difficult for us to continue operations due to property damage or human casualties. Similar situations may also occur in other disasters, accidents, or incidents. Therefore, we have formulated a business continuity plan and have taken measures to prevent the interruption of critical operations, such as constructing data centers with earthquake-resistant and seismically-isolated structures, relocating to higher ground, and establishing backup centers in Wakayama, Tokyo, and Osaka. We also have a system in place to quickly restore operations in the event of an interruption of operations. In the future, we plan to further review the location of offices and other facilities, adjust employee residences in consideration of disaster impact, and move administrative operations online. However, despite these preparations, if a disaster or other event causes property damage or human casualties, our business opportunities may decrease. In addition, disruption to the service system could result in liability for damages, loss of public trust, termination of contracts with customers, stagnation of administrative operations, and delays in the settlement of accounts, which may have an adverse effect on the Group’s business performance.

(12) Spread of epidemics

Even in the event of an epidemic, the Group has a system in place to continue operations based on a business continuity plan.

However, the serious or prolonged spread of an epidemic could result in several conditions with potential impact on the Group’s business performance. First, opportunities for business negotiations could become limited, thereby causing declines in transactions or new projects. Second, difficulties associated with attending work or meeting customers in person could temporarily or partially lower service quality. Third, stagnation in the production and delivery of equipment and/or materials could slow down procurement and cause attendant delays in system installation, construction, and capital investment. Fourth, docomo Shops could encounter declines in customer traffic or face temporary closures or other unfavorable circumstances.

(13) Impairment losses

The Group is flexibly conducting M&A from the viewpoint of service improvement. In M&A transactions, we conduct financial, legal, business, and other due diligence on the target company to thoroughly examine risks and analyze normal profitability before a decision is made by the governing body, and we thoroughly manage the performance of the acquired company. However, goodwill impairment may occur if the acquired company’s business plan is not achieved due to problems that were not identified in advance, such as the occurrence of contingent liabilities or identification of unrecognized liabilities after the acquisition, as a result of insufficient consideration of corporate valuation. Furthermore, impairment losses may be incurred on assets such as property, plant, and equipment and software owned by the Group if the profitability declines due to significant changes in the business environment or business conditions, and we are unable to generate sufficient cash flow. These impairments may have an adverse effect on the Group’s business performance.

(14) Dependence on specific suppliers and business partners

In the Mobile Network business, we operate Docomo shops as a second-tier reseller of NTT Docomo, Inc. based on a reseller agreement with CONEXIO Corporation and sell cell phones and other products to corporate customers. As a result, almost 100% of the Group’s purchases and sales in the Mobile Network business depend on the Docomo brand. The Company maintains a good relationship with NTT Docomo, Inc. and CONEXIO Corporation, and as of the date of submission, there are no reasons for termination of agreements. However, if the business policies of either company were to change, or if the reseller agreement were to end due to cancellation or termination, or if the content of such agreement were to change significantly, the continuation of the Mobile Network business may be hindered, which may in turn have an adverse effect on the Group’s business performance.

In the Distribution Cloud business, Retailpro for specialty retailers, albeit relatively small in size, is a distributor business of US-based Retail Pro International (RPI), LLC, and almost 100% of purchases are dependent on RPI. Also, in terms of our customer base, sales to certain large customers account for about 40% of total sales. Although the Group currently maintains good relationships with suppliers and customers, changes in their policies may have an adverse effect on the Group’s business performance.

Minamiosaka Computing Center Co., Ltd., a consolidated subsidiary in the Government Cloud business, belongs to the NEC Information Service Business Group and depends on NEC Corporation for most of its purchases. Although Minamiosaka Computing currently maintains a good relationship with NEC, a change in NEC’s policies may have an adverse effect on the Group’s business performance.

(15) Changes in business performance

The Group identifies recurring revenues as an important management indicator, and the scale of recurring revenues has been steadily expanding every fiscal year. In the Government Cloud business, it tends to be particularly difficult to secure stable revenues every year as demand fluctuates greatly depending on the budgets of national and local governments.

In addition, the timing of construction completion, system operation, and acceptance inspection for large telecommunication system installation, system introduction and development, and other projects may fluctuate, which may have an adverse effect on the Group’s business performance. Although we make every effort to coordinate the timing of installation with customers, revenue may be unevenly distributed over a certain period owing to the progress of projects and the concentration of deadlines. Hence, it is difficult to determine the Group’s full-year forecast based solely on the results for a particular quarter. The Group’s financial results for the fiscal year ended December 31, 2023 were as follows.

(Millions of yen)

  Current consolidated fiscal year
(From January 1, 2023 to December 31, 2023)
1st quarter 2nd quarter 3rd quarter 4th quarter Full year
Net sales 4,215 3,459 3,371 3,977 15,023
Operating profit 335 236 160 307 1,040
Ordinary profit 351 238 167 305 1,062

 (Note) Cyberlinks finalized provisional accounting treatment for business consolidation during the consolidated fiscal year ending June 30, 2024. Accordingly, figures for the consolidated fiscal year ended March 31, 2024, reflect the finalization of provisional accounting treatment.

(16) Hostile takeover

The Company’s shares are publicly traded in the capital markets and may be subject to hostile takeover attempts to gain control of management. Our management policies, business performance, or financial position may be affected depending on the policies of the shareholder acquiring management control.

(17) Price fluctuations of cryptocurrencies

In the Trust business, the Group offers CloudCerts, a certificate issuance service using blockchain technology (see note). CloudCerts uses blockchain for fee payments and cryptocurrency for other deposits and withdrawals. Since the market value of cryptocurrencies fluctuates sharply in a short period, a significant rise in the market value of cryptocurrencies could increase our cost of providing services. If we cannot pass on such costs to our sales prices, the Group’s business performance may be adversely affected.

(Note) The term used above is explained below.
Blockchain technology: A type of ledger that directly links nodes on an information communication network and uses cryptography to process and keep track of transactions in a decentralized manner, and is the underlying technology used for cryptocurrencies.