Nihon M&A Center Group constantly strives to strengthen and push forward corporate governance, strictly enforcing compliance, implementing risk management and keeping a tight rein on information security.

Nihon M&A Center Group considers the enhancement of corporate governance as a priority management issue in order to make a lasting contribution to society based on the corporate mission and to meet the expectations of various stakeholders.
By enhancing corporate governance, the Group can monitor the status of business execution and strengthen functions of appropriate check. The Group works the following points to be central to its corporate management and strive daily to achieve them.

• Ensure sound and fair management and thorough compliance with laws and regulations
• Ensure transparent management and full accountability
• Ensure efficient management and strive to maximize shareholder value

Corporate governance framework

We have adopted a governance system of a company with an Audit and Supervisory Committee.

Board of Directors

The Board of Directors has 13 members in total, which consist of 10 Directors (excluding Directors serving as Audit and Supervisory Committee Members), of which five are Independent Directors, and three Directors serving as Audit and Supervisory Committee Members, of which two are Independent Directors. The Board holds monthly regular meetings and extraordinary meetings as necessary to make decisions on basic management policies, important matters on management and matters stipulated in laws, regulations and the Articles of Incorporation as well as to supervise execution of duties by Directors.

Audit and Supervisory Committee

The Audit and Supervisory Committee consists of three members: one Director (full-time Audit and Supervisory Committee Member) and two Independent Directors (Audit and Supervisory Committee Members). The Audit and Supervisory Committee Members attend the Board of Directors meetings or other important meetings and constantly monitor the status of compliance with laws and regulations and other matters. They also browse important documents, conduct interviews on the progress of business and carry out audits on business execution, such as business audits and accounting audits. In addition, they regularly exchange information with the accounting auditor and employees in charge of internal audit to create a cooperative framework to monitor the management.

Nomination Advisory Committee

To ensure reasonableness and transparency of the candidate selection process for the proposal to elect Directors, which is submitted to the General Meeting of Shareholders, the Company has established the Nomination Advisory Committee, a voluntary advisory body to the Board of Directors. The Committee consists of five members in total, including one Representative Director, one full-time Director and three Independent Directors. One of the three Independent Directors chairs the Committee. The Board of Directors respects the contents of the Committee’s discussions to the maximum extent and submits the proposal to elect Directors to the General Meeting of Shareholders.

Remuneration Advisory Committee

To ensure transparency and appropriateness of remuneration for Directors, the Company has established the Remuneration Advisory Committee, a voluntary advisory body to the Board of Directors. The Committee consists of five members in total, including one Representative Director, one full-time Director and three Independent Directors. One of the three Independent Directors chairs the Committee. The Committee deliberates and decides on the policy for determination of remuneration, etc. for Directors as well as on the details of remuneration, etc. for individual Directors. Based on the Committee’s report, the Board of Directors determines the amount to be paid.

Management Meeting

The Company has established the Management Meeting under the Board of Directors.
The Management Meeting consists of full-time Directors, a full-time Audit and Supervisory Committee Member, and CCO, as well as directors and executive officers of our subsidiaries.

The Management Meeting deliberates and decides on matters stipulated in the Management Meeting rules and matters for which authority has been delegated by the Board of Directors. In addition, the Committee discusses and decides on matters related to risk categories stipulated in the risk management rules, and regularly reports to the Board of Directors.

M&A Strategic Meeting, Financial Strategic Meeting

Under the Management Meeting, the Company has established the M&A Strategic Meeting, which oversees our subsidiaries and affiliates in the M&A domain, and the Financial Strategic Meeting, which oversees our subsidiaries and affiliates in the fund management domain. Both meetings consist of full-time Directors of the Company, as well as directors and executive officers, etc. of our subsidiaries.

These meetings work for information-sharing and cooperation in strategic aspects among the Company, subsidiaries and affiliates, and also function as bodies for deliberations and reports on implementation of matters designated by the Company, based on the subsidiaries and affiliates management rules.

Internal audit system

The Company introduced an internal audit system for business execution. In executing business, the Company constantly monitors compliance with laws, regulations and rules, as well as matters concerning standardization and efficiency improvement. At present, three members of the Internal Audit Office (of which, one is full-time member) are in charge of the system.

Risk Management Committee

Meetings of the Risk Management Committee, which is chaired by CCO and whose members consist of those who have been appointed by President and Representative Director, are held in order to address operational risks of the Group.

The Committee first identifies operational risks, analyzes, and assesses those risks. They then consider countermeasures which they monitor or improve if needed and report to the Management Meeting. While the Management Meeting covers other risks related to overall management, the Risk Management Committee reports those risks to the Management Meeting if they identify any.

In this way, we constantly create and maintain a framework where risks do not materialize, and where swift deliberation and communication are enabled should such risks materialize. The Group conducts encouragement and checks for directors and employees to ensure appropriate risk management.

In addition, the effectiveness of the Risk Management Committee is evaluated by the Board of Directors with a view to taking corrective action as and when appropriate. In the event that it is necessary to respond to changes in the business environment that require our reaction to be notified to all employees or to respond to a new form of risk category, we have in place measures to report issues and actions of each case to the Board of Directors.

Compliance Committee

There is a regular cycle of meetings convened for the Compliance Committee, which is chaired by CCO and whose members comprise a full-time Director, three directors and employees of Nihon M&A Center Inc. and a corporate lawyer. In addition to its activities as an advisory body to CCO, the Compliance Committee also has a function as a consultation and whistleblowing hotline.

In addition, information regarding "Policies and procedures for election/dismissal of Directors," "Succession plan," "Major initiatives to strengthen corporate governance," "Training for Directors," "Remuneration system for Directors," "Operation of the Board of Directors," "Activities of voluntary committees," "Evaluation of the Board of Directors' effectiveness," and "Cross-shareholdings" is disclosed in the Integrated Report.

Please refer to page 57 and onwards of the Integrated Report for details.

Diversity of the Board of Directors

The Board of Directors aims to have a composition that takes into account diversity, including capabilities, broad experience, tenure, age, and gender. We set a medium-term goal to achieve a female representation of 21.4% by 2027 and 31.3% by 2030 among the Board of Directors. (As of the beginning of 2023: 14.3%)
Please refer to page 65 and onwards of the Integrated Report for details on "Diversity of the Board of Directors".

Skill Matrix

Skills (knowledge, experience, and abilities) required of Directors are set based on the medium- to long-term management strategies and management issues of the Company. Internal Directors are required to possess knowledge related to M&A which is the mainstay business and considerable insight in the peripheral business, while also having deep understanding of the business of the Company. Meanwhile, Independent Directors are required to possess specialization in different fields, a wealth of experience, and broad insight that can be leveraged in, for example, supervision of execution of business.

★…Skills that are regarded as especially important

Compliance

Nihon M&A Center Group places the utmost importance on on-going compliance activities, which we regard as essential for maintaining and improving trustworthiness in our business.

After the detection of an inappropriate incident in 2021, we have focused on developing the foundation of compliance and worked to instill it throughout the Company. Currently the external environment surrounding the M&A industry is undergoing significant change and the number of buyers executing M&A for improper purposes and M&A intermediary services industry providing inappropriate services to clients is increasing. Amid such a situation, as a leading company, Nihon M&A Center Group, together with the Small and Medium Enterprise Agency and the M&A Intermediaries Association, aims to enhance the overall trust in the M&A intermediary industry to realize “the optimal M&A experience” by establishing self-regulatory rules, etc.

To this end, we will strive to become an even more trusted company through continuous initiatives in FY2024 and beyond.

Underlying compliance principles

The Group considers compliance to include adherence not only to laws, regulations and internal regulations but also to norms and ethical standards expected by society. To clarify this idea, the Group has established compliance regulations to perform duties to society through fair and appropriate corporate activities in accordance with applicable laws and regulations, internal regulations and social norms.

We are working on fostering compliance awareness by thorough penetration of the Purpose, Philosophy, and Group Compliance Principle.

In addition, we are promoting the enhancement of the compliance system of the Group, and at the same time, making on-going efforts to instill and establish compliance from the perspective of education through measures such as regular implementation of effective training.

Compliance Principle

1. Compliance with laws and regulations
   • We will comply with all laws, regulations, and internal rules, both as a company and as individuals, and will conduct our corporate activities in accordance with social norms.
2. Information management
   • We will treat all information entrusted to us as valuable assets. We will manage confidential information with the utmost care to prevent leakage.
3. Prevention of Insider Trading
   • We will strictly maintain all relevant information, both within our own company and with other companies, to prevent insider trading, and we will make prior application when buying or selling securities. We will also alert all relevant parties.
4. Compliance with decent processes
   • We will comply with relevant laws and regulations, company rules, and business processes to provide our customers with the highest quality.
5. No Relationship with Anti-Social Forces
   • We will take a firm stand against anti-social forces and will not engage in any transactions or acts that may be suspected of being transactions with anti-social forces, nor will we have any other relationships with them.
6. Prohibition of Discrimination and Harassment
   • We respect the human rights of all people and do not tolerate or engage in any form of discrimination or harassment.
7. Accurate records
   • We will accurately record all business activities (sales, financial accounting, expenses, attendance, work, etc.) in a timely and accurate manner.
8. Prevention of corruption
   • We will maintain sound relationships with related parties, make clear distinctions between public and private matters, and conduct our business with integrity.
9. Responsibility for Consultation and Reporting
   • We will report, consult, and notify our superiors or the reporting/consultation desk when we discover any act of non-compliance.

Compliance promotion structure

With the Chief Compliance Officer (CCO) in charge of matters related to overall compliance at the core, the Company has established the Compliance Committee which is an advisory body to the CCO and has the functions of the internal consultation and whistleblowing hotline, and the Compliance Division, which is a secretariat to the CCO and the Compliance Committee, respectively.
In addition, a person responsible for compliance is appointed in each division of Nihon M&A Center, and a Compliance Officer (CO) in each of the other major Group companies. By doing so, we have established a system to prevent any potential breach in compliance and to respond as quickly as possible in the event of a breach in compliance or potential breach in compliance. At overseas Group companies, too, we are working to establish a compliance system that is capable of responding to future expansion of cross-border M&As.

Investigation, procedures and consequences when there is any doubt that a compliance regulation has been infringed

Procedures for investigation and response

the event that a problem arises causing an infringement of compliance regulations, be it a concern that this might be the case or that there is any doubt in terms of compliance, the process outlined in our consultation and reporting procedures regulations stipulate that any employee who becomes aware of a compliance-related problem should immediately consult with or report it to appropriate parties within the Company, such as a manager or the Compliance Committee. A manager who has received a consultation or a report of this kind in turn has the duty to report the matter concerned swiftly to the Compliance Committee, followed by a discussion of the content of the consultation or report, and any important matters will be conveyed in turn to the President and Representative Director, while the anonymity of the person who did the consulting or reporting is maintained. The outline of the report of the problem received by the President and Representative Director as well as the status of the response is reported to the Board of Directors along with any related consultation and reports from group companies.

The Compliance Committee will research as necessary the subject of the reports and consultation, taking due care to protect the privacy, individual rights and reputations of all parties including the person who made the consultation, the whistleblower, the purportedly guilty party and those helping with the investigation.

The person who made the consultation or report is informed of the outcome and it can be used by the Compliance Division for the formulation of measures to prevent a future recurrence. The Disciplinary Committee makes a decision on the verdict on what action to take towards the guilty party in accordance with the disciplinary procedure rules.

In addition to promoting the development of employee training and monitoring systems in the Compliance Division, initiatives will be taken in cooperation with the Human Resources Headquarters to be firmly rooted in the corporate culture with a consciousness of high respect for compliance.

Enhancement and strengthening of the internal consultation and whistleblowing system

The Group has put in place the internal consultation and whistleblowing system designating the Compliance Committee as a point of contact. In addition, the Group has also established a system for consultation with and reporting to an external lawyer. We respond in a timely and appropriate fashion upon notification of any kind of breach in compliance or suspicious activities. This includes bullying, harassment and forms of corruption such as illicit profit sharing, excessive entertainment and gifts. This is applicable to employees of the entire Group, including overseas group companies, bound by employment contracts such as directors, staff, and part-time workers, as well as those who are seconded to our companies on a temporary or agency basis (in all cases, including those who have resigned or retired). All of these are with a view to strengthening our compliance system and preventing breaches. The consultation and reports (including advance consultation) can be made anonymously and under strict confidentiality such that the person who made the consultation or the whistleblower is not disadvantaged in any way and is strictly protected. Should it nevertheless occur that such a person is put at any form of disadvantage, help will be provided swiftly and there will be remediation, with the perpetrator also dealt with in an appropriate manner. The Group encourages all directors and employees to utilize the consultation and whistleblowing system to enable early detection of any problem. Additionally, we have built a system in which employees can make consultations and reports more easily by, for example, clearly displaying the abovementioned system on the top page of our intranet portal, and thoroughly and repeatedly raising awareness, including explanations about whistleblower protection.

Number of discussions consulted/reported

FY2022	FY2023
62	74

Specific Compliance Permeation Measures

At Nihon M&A Center, all employees have taken a pledge of compliance annually, in order to ensure that the compliance system is further penetrated.
In addition, for all employees of Nihon M&A Center, we have issued copies of the “Compliance Handbook”, which explains our approaches to compliance and Group Compliance Principle, and the pamphlet “MAstyle” to carry with them, which contains not only our corporate mission, Purpose, Philosophy, and the Compliance Principle, but also where to make consultations or reports, the information security policy, disaster countermeasures, etc. At its overseas group offices the Group strives in various ways to increase compliance awareness using appropriate channels of communication and translated documentations.

At a monthly company-wide meeting, the CCO provides compliance-related updates every time.

To evaluate the effectiveness of these initiatives, Nihon M&A Center has been conducting compliance surveys for employees from FY2022. We intend to conduct such surveys on a periodic basis to ensure that we implement fixed-point observation of internal perceptions of compliance. The survey results for FY2023 showed that the overall compliance awareness figures improved compared to FY2022. We will continue to promote compliance-related initiatives.

Rates of affirmative answers for compliance items (examples) in the employee survey

Questionnaire	FY2022	FY2023
Awareness of compliance is maintained at a high level at the Company.	44%	74%
The Company addresses compliance incidents appropriately.	57%	79%
In my organization, there is an atmosphere that places an emphasis not only on sales and efficiency but also on compliance.	75%	70%
I know how to make a consultation or report for a compliance issue if I witness it.	84%	93%

Inaugurate effective compliance training and education

Nihon M&A Center Group holds regular compliance training sessions led by the Compliance Division. Nihon M&A Center holds training sessions for all employees including contract employees as well as full-time employees, by leveraging, for example, e-learning that introduced from FY2023. Furthermore, for employees in managerial positions, we conducted additional training to foster awareness of compliance. Moreover, the Group sequentially formulates and implements educational programs other than classroom training.

Additionally, information regarding the "Message from CCO," "Major initiatives to strengthen compliance," and "Details of complicance e-learning training" is disclosed in the Integrated Report.
Please refer to page 53 and onwards of the Integrated Report for details.

Anti-corruption

Risk management

Nihon M&A Center Group structurally manages major risks that have the possibility to cause disadvantage to the Group to avoid and minimizes losses.

Risk management structure

Meetings of the Risk Management Committee, which is chaired by CCO (Chief Compliance Officer), are held on a regular basis in order to address operational risks of the Group. The Committee identifies, analyzes, assesses risks, considers countermeasures, monitors the progress of and improves these measures. The results are reported or recommended to the Management Meeting, and also reported to the Board of Directors on a periodic basis. In addition, the Committee receives instructions, advice, etc. from external experts such as a corporate lawyer as necessary.

While management risks other than operational risks are managed by the Management Meeting, if the Risk Management Committee recognizes any such risks, it reports them to the Management Meeting.

In this way, we constantly create and maintain a framework where risks do not materialize, and where swift deliberation and communication are enabled should such risks materialize.

The effectiveness of the Risk Management Committee is evaluated by the Board of Directors with a view to taking corrective action as and when appropriate. In the event that it is necessary to respond to changes in the business environment that require our reaction to notify all employees or to respond to a new form of risk category, we have in place measures to report issues and actions of each case to the Board of Directors.

Major policies to address risks with a large impact on business and a high possibility of materialization

1. Risks associated with information management:
   • Enforce full compliance with each internal regulation and rule related to information management.
2. Reputation risks to M&A intermediary industry:
   • Promote initiatives to ensure compliance with guidelines and self-regulatory rules by M&A intermediary companies, cooperating with the Small and Medium Enterprise Agency and the M&A Intermediaries Association.
3. Risks related to personnel and labor affairs:
   • Reinforce labor management trainings for middle management personnel and upgrade organizational culture.

Assessment of ESG risk in new mandates

When taking on new mandates we conduct an assessment with checks that include the probability of a successful sale, the reason for the sale, trustworthiness and a provisional valuation. Not only does this assessment of new mandates play an important role in risk management, it also contributes to greater trustworthiness of the transactions we undertake. From January 2021 we have added new ESG negative screening components to this assessment process for new mandates. We are checking for any overt problems from an ESG perspective, such as an outbreak of pollution to land or water, work-related injuries, product-related health risks, repatriation of illegal foreign workers, illegal labour practices through encouragement or coercion, unpaid salary or rental, or inappropriate relationships with public officials.
If the process of this assessment leads to the discovery of ESG risk, an overall judgement is made on whether or not to proceed with the proposed transaction, also taking into account a series of other checks.

Furthermore, information regarding the "Risk map" is disclosed in the Integrated Report.

Please refer to page 67 and onwards of the Integrated Report for details.

Information security

Nihon M&A Center Group strives to handle security of information in the best possible way.
Confidentiality obligations are of paramount importance to the Group’s business activities. We meet what is expected of us by our stakeholders and give consideration to what is mission critical for our M&A professionals.

The Group has formulated the “information security basic policies” and works to thoroughly enforce compliance with rules related to information security and implement safety measures.

Information security promotion structure

The Group security supervision function headed by the Chief Information Security Officer (CISO) formulates information security strategies and evaluates the status of its implementation.

A CSIRT (Computer Security Incident Response Team)^*1 which is responsible for addressing incidents and persons in charge of security, who handle security operations, are appointed within the Information Security Department which reports to the CISO.

Activities of the CSIRT and the persons in charge of security are reported to the Management Meeting on a regular basis through the CISO.

Furthermore, the Risk Management Committee considers and monitors measures on a regular basis to reduce information security risks.

*1 A dedicated team that responds to security incidents when they occur.

[Security Consultation Council]
Determines response policies and issues instructions on cases of security consultation related to new initiatives and use of new services, among others, based on identified security risks. If the council determines it necessary based on the results of risk assessment, the severity of remaining risks, etc., the issue will be submitted to the Risk Judgment Council.

[Risk Judgment Council]
Reviews the risks and losses of cases submitted by the Security Consultation Council, considers whether to add any matters to be addressed, among other things and determines the feasibility from a comprehensive perspective. The council is composed of internal experts from compliance and risk management divisions, etc.

[Security Cooperation Council]
Holds liaison meetings among persons in charge of information security and information systems of the group companies. The council ascertains the situation of each company on a regular basis using a security report format designated by the Company. In addition, it aims to raise the level of security measures for the entire Group by sharing threats and the policies on how to respond to them.

[CSIRT]
Ascertains the situation when a security incident occurs, responds to the incident, mitigates damage, implements recovery and recurrence prevention measures, and handles such measures.

[Persons in charge of security]
Ascertain security measures and plans, supervise them in their entirety, and prevent security incidents.

[Information Security Department]
Cooperates with IT divisions or persons in charge of security of consolidated subsidiaries and works together with the entire Group to handle the situation when a security incident occurs or when implementing preventive measures. In addition, the Department plans and conducts information security education.

Information security management system

The Group has built highly secure systems with support from external specialists. On May 25, 2016, Nihon M&A Center Inc. and Corporate Value Laboratory Inc. obtained ISO/IEC27001 certification, which is an international standard of the Information Security Management System (ISMS), to ensure thorough information management and continuous improvement thereof. Furthermore, the adequacy of operational performance is verified through ISMS internal audits.

For plans to respond to information security risks and response to information security risks that must be addressed on an ongoing basis, Nihon M&A Center mitigates security risks by continuously running a risk approval process.

Initiatives to protect personal information

The Group has formulated its “Privacy Policy”, which is posted on the website of each company. This policy is thoroughly shared with all directors and employees, and we are committed to ensuring the implementation thereof.

Additionally, details regarding "Initiatives for information security" and the "Message from CISO" are disclosed in the Integrated Report.
Please refer to page 68 and onwards of the Integrated Report for details.