Major business, financial and other matters, which management considers to have the potential to affect the financial position, operating results and cash flows of consolidated companies, are described below.

We aim to actively disclose information to investors and disclose also matters that are not necessarily risk factors but that are considered important for investment decisions. The risks related to investment, however, are not limited to those described below.

The Group takes into consideration risks and the probability of their occurrence and strives to minimize their potential adverse impact on management and business. Forward-looking statements are based on our judgments as of the end of March 2022, and are not guarantees of future outcomes.

1. Hazard Risks

Risks related to natural disasters or similar events

In March 2020, the Group established and introduced a work-from-home system to control the spread of Nobel Coronavirus (COVID-19). However, the Group's business operation, operating results, financial standing, and other aspects may be affected by the difficulty of prompt recovery or continued provision of head office functions and important services, by withdrawal from some operations or services, or by other events that will be caused by the occurrence of those disasters, announcement of a state of emergency, or request to respond to it, among others.

The Group formulated a business continuity plan and an emergency response manual to prepare for major natural disasters affecting a wide area, pandemics such as a novel influenza outbreak, and other emergencies. Thus, the Group is ready to respond promptly and appropriately to those events.

2. Strategic Risks

Risks related to recruitment

For the Group to establish and enhance its corporate foundation to achieve growth, it is essential to recruit and develop excellent human resources with relevant skills and expertise. In addition, the Group is highly dependent on its intangible assets, including special expertise and experience accumulated mainly in the field of information security technologies. Amid the chronic shortage of human resources in the IT industry, the Group's business operation, operating results, financial standing, and other aspects may be affected if it fails to secure the human resources needed for its business expansion due to the loss of engineers with industry-leading expertise or similar causes.

The Group recruits a wide range of human resources with a high level of fundamental skills and ones with industry-ready skills. Recruited employees are developed through training programs and on-the-job training. The Group also strives to improve the workplace environment and increase employees' motivation through workstyle reform.

Risks related to acceptance of orders

Normally, the Group provides services, makes purchases, or takes other actions after receiving an order. In some cases, however, the Group implements tasks, makes purchases, or takes other actions before signing a contract for strategic reasons. There are also cases in which additional cost is generated for responding to a change in specifications, where goods in process are generated at the time of discontinuation of a project or cancellation of a contract, and where advance payment is made to a supplier, among others. The Group's business operation, operating results, financial standing, and other aspects may be affected if these expenses are not recovered.

Risks related to seasonal imbalance in business performance

Due to the budget execution cycle of customers, sales of the Group tend to increase disproportionately in March, which is the fiscal year-end of many customers. On the other hand, because fixed expenses and SG&A expenses included in the cost are generated constantly, the amount of operating income tends to be the greatest in the fourth quarter.

Therefore, if a change in schedule, delay in acceptance inspection, or similar event occurs in a project for which sales will be recorded in March, recording of sales and income from such a project is likely to be postponed until the following fiscal year. The Group's operating results, financial standing, and other aspects may be affected if any of those events occurs in a large-scale project.

Risks on management and operation caused by business expansion

The Group implements a number of measures involving investments for business expansion. This is expected to make it necessary to enhance a variety of management systems concerning business operation and management of the Group. If the measures being implemented are cancelled for some reason, or if the expansion cannot be fully implemented, or if the cost burden associated with the expansion is greater than expected, the Group's business development, business performance, and financial position may be affected.

Risks from dependence on trade with specific industries

In the Group, the ratio of sales from customers from the finance industry is higher than those from other industries. Accordingly, the Group's business operation, operating results, financial standing, and other aspects may be affected if the scale of IT investment in the finance industry changes rapidly.

Risks from relationships with major shareholders

As of the end of the consolidated fiscal year under review, KDDI Corporation owns 31.92% of the Company's outstanding shares (excluding treasury shares). Therefore, KDDI Corporation falls under other affiliated companies of the Company.

The Company and KDDI Corporation have an ordinary business relationship related to products and services. They also operate businesses under a business alliance, including addition of the Company's services to ones provided by KDDI Corporation. In addition, as a part of personnel exchanges for strengthening business and capital alliances, the Company accepts human resources, including a director, from KDDI Corporation. Effective on March 7, 2018, the Company acquired 49.0% of shares in KDDI Digital Security Inc., and began to operate business jointly.

However, stability of the capital relationship, the business relationship, and the personnel relationship between the Company and KDDI Corporation is not guaranteed. Nor is it guaranteed that KDDI Corporation's views and interests related to the Company's management policy always conform with views and interests of other shareholders of the Company. Accordingly, the Group's business operation, operating results, financial standing, and other aspects may be affected by a change in the relationship between the Company and KDDI Corporation.

3. Risks in the External Environment

Risks related to intensified competition

The security solution service business is deemed promising as a growth field. It therefore sees consecutive new entries by foreign-affiliated companies and venture firms in addition to major system integrators. As a pioneer in the information security field in Japan, the Group is striving to expand its security solution service business in the rapidly changing market while influencing the direction of the market. However, competition in the market is expected to be intensified by aggressive entry of the Group's competitors. This may affect the Group's business operation, operating results, financial standing, and other aspects.

Risks related to price competition

In the field of the system integration service business, customers' requests related to cost-effectiveness of IT investment have been growing more difficult in terms of both quality and prices of services that are provided. At the Group, initiatives including differentiation from competitors, productivity improvement, and selection of subcontractors are taken by involving the department in charge of the security solution service business. However, the Group's business operation, operating results, financial standing, and other aspects may be affected if price competition in the market is intensified.

Risks related to response to technological innovations

The IT industry sees remarkable progress on new technologies, such as artificial intelligence (AI). The progress takes place on a daily basis, resulting in practical application of one technology after another. If the Group fails to respond appropriately and promptly to these technological innovations or changes in customer needs, its contracts with customers concerning the continuation of business or outsourcing may be changed or cancelled. This may affect the Group's business operation, operating results, financial standing, and other aspects.

The Group strives to create new businesses while improving the capabilities of all of its employees and having them learn the skills and expertise needed to respond appropriately to customer needs. In the field of information security, Cyber Grid Japan, the research department of the Company, studies advanced security technologies.

Risks from dependence on specific business partners, etc.

The Group continuously has a certain percentage of transactions with specific business partners, such as business partners with whom we have concluded business partnership agreements and other contracts, as well as major customers over a long period of time. However, if these business contracts are changed or canceled for any reason in the future, or if the business or business environment of the business partner changes, the Group's business operation, operating results, financial position, and other aspects may be affected.

4. Information Security Risks

Information security risks faced by the Group

Given the nature of the Group's businesses, its employees may handle, either directly or indirectly, business information or customer information held by the Group's clients. If the Group sustains damage in a cyber attack, is involved in an information leak, or if the Group's technology is abused for a criminal act or similar situation, for example, the Group's brand image will be degraded, business continuity will be at risk, an obligation to pay compensation for the damage will be generated, and an investment will have to be made to strengthen its management systems. These and other consequences may affect the Group's business operations, operating results, financial standing, and other aspects.

The Group has established rules and regulations concerning information security in accordance with ISO 27001 standards, and we take measures to prevent cyberattacks, information leaks, and other information security incidents. These measures include introducing security systems, implementing various security control measures, and training employees, including ethics training. In particular, for important confidential information handled by our information security services, we are working to strengthen our ability to detect and respond to incidents through stricter network and database access control, log management, and other measures. In addition, for incidents that have already occurred, we are working to minimize the damage caused by such incidents by promptly responding to them in accordance with our crisis management regulations, and by constantly working to prevent a recurrence by investigating the causes after such incidents are resolved.

Risks in the provision of information security services

In the Group's business activities for its information security services, there are cases where the Group is entrusted to take all security measures for a client's information system in the form of a total solution service. The Group has established an operating structure for providing its clients with optimal services and products at all times.

If a security accident, such as a cyber attack on a business partner's information assets and information leak, occurs despite the above measures, the Group's social trust will be eroded, its brand image will be degraded, and an obligation to pay compensation for damage will be generated, regardless of whether the Group is liable for the accident. This may affect the Group's business operation, operating results, financial standing, and other aspects.

5. Operational Risks

Risks in the implementation of commissioned projects

In a project commissioned under a turnkey contract, cost overruns may occur when hours exceed initial estimates, something that may occur for an unexpected reason, even if the project is planned to generate profit when the order is received. It is also possible that unpaid work will be generated due to the exercise of a right to warranty against non-conformity to contract, or when the Group is required to pay damages due to a delay in delivery, defective quality, or similar reason. The Group's business operation, operating results, financial standing, and other aspects may be affected if a money-losing project is generated.

To further improve service quality and prevent the generation of money-losing projects, the Group is taking steps to improve its estimation accuracy and to thoroughly control risks in the implementation of commissioned projects, for instance by starting to review risk factors in the estimation phase. At the same time, the Group is striving to improve its project management skills and to enhance and strengthen its screening and quality control systems.

6. Legal and Compliance Risks

Compliance risks

The Group has established the LAC Group Compliance Policy, which has a basic principle of ensuring sound business activities by establishing corporate ethics. The Group provides compliance training to its officers and employees and carries out activities for raising their awareness of compliance as needed in its efforts to improve its corporate ethics and enhance its legal compliance.

However, it may be impossible to avoid compliance risks completely. In the case of an infringement of laws, regulations, or other rules, the Group's business operation, operating results, financial standing, and other aspects may be affected by erosion of the Group's social trust, degradation of its brand image, payment of compensation for damage that was caused, or a similar event.

Risks related to intellectual property rights, etc.

The Group executes its businesses while being careful not to infringe on third parties' intellectual properties. However, the possibility of infringing on intellectual property due to force majeure is not completely zero. Concerning a service or product provided by the Group, an obligation to pay may arise from a third party making a claim for damages, requesting cessation of use, requesting compensation for the patent in question, or other claims. The Group's business operation, operating results, financial position, and other aspects may be affected in such cases.

7. Financial Risks

Risks related to recoverability of business investment

The Group makes business investments aimed at business expansion, including M&A and new product development. While business investment is an essential factor for the Group's business growth, it is also uncertain. The Group's business operation, operating results, financial standing, and other aspects may be affected if effects of M&A, new product development, or other investments cannot be obtained.

8. Risk of litigation, etc.

A lawsuit was filed against the Company by Nippon Export and Investment Insurance (NEXI) on September 13, 2021, with respect to the business system development contract for the next trade insurance system signed on March 31, 2017, claiming a total of 5,803 million yen in damages.

In addition to responding to the lawsuit filed by NEXI, we have filed a countersuit against NEXI because we believe it is appropriate to realize our claim for damages against NEXI in the legal proceedings. In the event of a disadvantageous outcome for us in these lawsuits, etc., there may be a significant impact on the Group's business performance and financial position.