Article 1 (Purpose)

The purpose of this Policy is to establish an Enterprise Risk Management (ERM) framework for stable business continuity within the ONO Group to effectively manage various risks from a global perspective. By fulfilling the necessary accountability to society regarding ONO Group's risk management, the objective is to minimize losses for all stakeholders, including ONO Group and its customers, and contribute to enhancing ONO Group's competitiveness.

Article 2 (Definition)

The terms used in this Policy are described below:

1. "Division" means the headquarters or equivalent organizational units.
2. "Department" means a Department, section, or equivalent organizational unit.
3. "ONO Group" means Ono Pharmaceutical Co., Ltd. and its consolidated subsidiaries.
4. "Staff" means officers and Staff of each company and other persons who are under the common control and direction of each company.
5. "Risk" means anything that may cause physical, economic, or credit losses or disadvantages to the ONO Group.
6. "Risk management" means a series of measures and actions taken to avoid, mitigate, transfer, or minimize losses in the event of risk occurrence, aiming to achieve the best results at the lowest cost.
7. "Enterprise Risk Management (ERM)" means the overall framework and process of risk management from an overall optimization perspective to achieve management objectives and goals.
8. "Risk assessment" means the comprehensive analysis and evaluation of risks, including identifying risks and assessing their likelihood of occurrence and the severity of their impact.
9. "Risk assessment sheet" consists of a sheet listing the results of Risk assessment, including "major risks" (referred to as "Enterprise risk assessment sheet"), and sheets resulting from Risk assessments conducted by each Department (referred to as "Division risk assessment sheet").
10. "Major risks" means Risks among the "Risks" that may cause significant physical, economic, or credit losses or disadvantages to the ONO Group. They are specifically determined by the Risk Management Committee based on the results of Risk assessment and approved by the Management Meetings.
11. The definition of "Chief Risk Management Officer" is provided in Article 5.
12. The definition of " General Manager of Risk Management " is provided in Article 5.
13. The definition of "Division Risk Management Manager" is provided in Article 5.
14. The definition of "Risk Manager" is provided in Article 5.
15. The definition of "Risk Owner" is provided in Article 5.
16. The definition of "Risk Management Committee" is provided in Article 5.
17. The definition of "Department/Division Risk Management Promotion Meeting" is provided in Article 5.
18. "Operational risk" means the risk that arises from failures in management that could have been avoided by using imagination.
19. "External factor risk" means the risk that arises from uncontrollable external factors.
20. "Strategic risk" means the risk associated with the failure of business plans or other risks inherent in the business itself.

Article 3 (Scope of application)

This policy applies to the ONO Group.

1. Each company within the ONO Group has the responsibility to promote Risk management with consistency based on this Policy and strive to establish a framework.
2. In fulfilling the responsibilities mentioned in the preceding paragraph, each company within the ONO Group promotes and establishes a Risk management system that is consistent with this Policy and is appropriate to the circumstances of each company or country.

Article 4 (Basic guidelines for Risk management)

1. The purpose of establishing and promoting an Enterprise Risk Management system is to minimize losses for all stakeholders, including the company and its customers, while fulfilling the necessary accountability to society for stable business continuity and goal achievement.
2. Identify Major risks that are deemed to significantly impact the management and promote Risk management throughout the organization.
3. In the event of Risk occurrence, take measures to minimize damage and ensure prompt recovery, working towards early resolution of the issue.

Article 5 (Risk management organizational structure and mechanism)

The organizational structure and framework for Risk management are outlined in Sections 1 to 13. Additionally, a corresponding conceptual diagram is provided in Appendix 1.

(Organizational Structure)

1. Chief Risk Management Officer
   The highest authority for Risk management within the ONO Group is designated as OPJP President.
2. General Manager of Risk Management is appointed as the head of the Corporate Strategy & Planning Division and assists OPJP President in Risk management. In the absence of OPJP President, the General Manager acts as a substitute.
3. The Board of Directors oversees and supervises significant matters related to the organization and framework of Risk management.
4. Management Meetings
   The Management Meetings will approve and decide on the following matters presented by the Risk Management Committee.
   ①　Decision-making on fundamental policies, organizational structure, and implementation measures pertaining to Enterprise Risk Management (ERM). This includes the approval of Major Risks and Risk Owners.
   ②　Monitoring the implementation status of ERM.
   ③　Decision-making on other important matters related to ERM.
5. Risk Management Committee
   To oversee and manage Enterprise Risk Management, a standing committee is established with the General Manager of Risk Management as the chairperson. This committee includes Division Risk Management Managers and individuals approved by the chairperson as members. The Risk & Compliance Management Department serves as the secretariat, and the committee performs the following tasks:
   ①　Approval of various measures related to ERM, coordination, and communication between Departments.
   　　1) Selection and review of Major risks candidates and risk owner candidates.
   　　2) Monitoring of Major risks.
   　　3) Approval of ERM annual plans (activity plans, training plans, etc.).
   ②　Implementation of other matters related to ERM.
6. Risk Owners
   Risk Owners are appointed through management meetings from among Division Risk Management Managers, etc., to manage the respective risks across the organization.
7. Division Risk Management Manager
   ①　Each Department and the Medical Affairs Division appoint Division Risk Management Manager responsible for promoting Risk management activities within their respective Departments.
   ②　They oversee the management of Risks within their own Departments.
8. Risk Managers
   Risk managers are appointed by Division Risk Management Manager to assist them in their responsibilities.
9. Division/Department Risk Management Promotion Meetings Each Division/Department holds regular meetings to promote risk management and perform the following tasks:
   ①　Approval of various measures related to Risk management.
   ②　Monitoring the status of Risk management.
   ③　Implementation of other matters related to Risk management.

(Framework)

10. Education and Training
    Each company within the ONO Group provides Risk management education to its Staff and others to enhance awareness and sensitivity to risks.
11. Creation and Reporting of Risk assessment sheet
    ①　Each Division/Department of Ono Pharmaceutical Co., Ltd. conducts risk assessments in the Division/Department Risk management promotion meetings. Risk Managers create Departmental Risk assessment sheet and report it to the Risk & Compliance Management Department.
    ②　Risk management personnel in consolidated subsidiaries update their own Risk assessment sheet based on the circumstances of their respective companies or countries. After obtaining approval of the President, they report it to the Risk & Compliance Management Department.
    ③　As for Major Risks, the Risk & Compliance Management Department will create and manage Enterprise risk assessment sheet after approval by the Management Meeting, and report to the Risk Management Committee.
12. Risks Covered by ERM
    This Policy covers Operational risks and External factor risks as part of ERM. Strategic risks are managed in the Medium-Term Management Plan Promotion Meeting.
13. Audits by the Internal Audit Department
    The progress of ERM is subject to audits by auditors or the Internal Audit Department (Internal Audit Department).

Article 6 (Role of Risk & Compliance Management Department)

The Risk & Compliance Management Department is in charge of ERM (Enterprise Risk Management), and carries out the following ERM-related operations:

1. Assisting the Chief Risk Management Officer and the General Manager of Risk Management
2. Considering, planning, and drafting various ERM measures, including:
   ①　Revising the Enterprise risk assessment sheet based on interviews with risk managers using the Departmental risk assessment sheet
   ②　Collaborating with Risk owners
   ③　Monitoring the progress of ERM
   ④　Collaborating with Risk managers
   ⑤　Creating annual ERM plans, etc.
3. Monitoring the status of Division/Department risk management promotion meetings, etc.
4. Administrative duties of the Risk Management Committee, interdepartmental communication, opinion coordination, etc.
5. Implementation of other matters related to ERM.