Risk Management Structure
Our risk management structure is described below.
●Sustainability Promotion Committee
●Risk Management Committee
The Committee identifies major risks that could have a serious impact on our business performance, confirms the validity of response measures to major risks, and gives instructions on what additional measures should be considered to our departments that oversee risk and each department.
The members of the Risk Management Committee consist of the President, Senior executive officers in charge of business and corporate departments, and the heads of departments that oversee risk. In fiscal 2022, the Risk Management Committee convened four times.
●Divisions that oversee risk
When it comes to risk oversight, the departments that oversee risk draft and promote response measures for our Group as a whole by coordinating with each business department. These divisions that oversee risk include the Corporate General Affairs Division, Personnel Division, Corporate Finance & Planning Division, Corporate Production Management & Engineering Division, Corporate Research & Development Division, IT Promotion Division, and Global Procurement Division.
●Each business department
As part of their original business operations, the Group’s sales departments, factories, R&D departments, and other business units take various measures to properly manage the risks associated with the execution of their own business operations.
In addition to the above, the Group has established a corporate governance system and has developed and operated an internal control system, including risk management.
The Risk Management Committee is an organization tasked with discussing and approving issues and countermeasures that promote company-wide risk management, with activities in fiscal 2022 as outlined below.
Risk Management Committee
The Risk Management Committee held four meetings in fiscal 2022, at which instructions were given to individual risk management divisions and each business department to confirm progress and disclose details of initiatives for information disclosure based on the TCFD declaration, discuss standards for establishing a “substitute” disaster relief headquarters in the event that the head office is affected by a disaster, and development of an overseas risk management manual given concerns of geopolitical risks. As for the major risk categories to be addressed in fiscal 2023, based on a survey to respective senior executive officers in charge of business segments and corporate departments, seven areas of risk were selected: raw material supply issues and price fluctuations; disasters, accidents, and pandemics; compliance with laws an regulations; product quality; geopolitical risks; information security incidents; and environmental impact reduction measures.
Major Risk Selection and Approval Process
The selection and approval of major risks in the Group is conducted once a year. The process is as follows.
●Major Risk Selection and Approval Process
●Guidelines for Selecting the Degree of Likelihood of Occurrence
Levels | Guidelines for selecting the level of likelihood of occurrence | |
Approximately once every 100 years to once every 10 years |
Low | Approximately once every 100 years to once every 10 years |
Moderate | Approximately once every few years to once every year | |
High | Twice or more each year |
●Guidelines for selecting level of impact
Levels | Guidelines for selecting the level of impact (If more than one of the following applies, select the item with the highest level of impact) | |||
Monetary impact | Human life | Reputation | Impact on operations | |
Level of impact Low | Up to ¥50 million | Injuries or illnesses requiring medical attention occur | Resolved through routine daily management | Affects operations for a few days at one location only |
Level of impact Moderate |
¥50 million to ¥1 billion |
Injuries or illnesses requiring hospitalization occur | Minor coverage (in a negative way) in conventional and online mass media Trust is partially diminished among business partners and consumers | Affects operations for several weeks at one location only Affects operations for multiple days at multiple locations |
Level of impact High |
¥1 billion or more | One or more deaths occur Numerous cases of injury and/or sickness occur | Major coverage (in a negative way) in conventional and online mass media Trust is considerably diminished among business partners and consumers | Affects operations for several months at one location only Affects operations for multiple weeks at multiple locations |
Major risk content, potential impacts, and responses
Based on the above-mentioned risk management process, the Group has identified the following major risks that could have a significant impact on the Group’s business, and by viewing these as opportunities and promoting responses, the Group will create value in the future.
The seven major risks to be addressed in fiscal 2023 (selected in fiscal 2022) are: (1) raw material supply problems and price fluctuations, (2) disasters, accidents, and pandemics, (3) compliance with laws and regulations, (4) product quality, (5) geopolitical risk, (6) information security incidents, and (7) measures to mitigate environmental impact (including responses to climate change). Of these, the risks associated with climate change are (1) raw material supply problems, (2) disasters, accidents, and pandemics, (3) compliance with laws and regulations, and (7) measures to reduce environmental impact (including responses to climate change) As we move forward with the TCFD scenario analysis, we will consider our impact evaluation in accordance with the above process.
Risk | Details and potential impacts of risks | Handling and opportunities | ||||||
Raw materials supply problems and price fluctuations
|
Details
|
Responses
|
||||||
Impacts
|
Opportunities
|
|||||||
Disasters, accidents and pandemics
|
Details
|
Responses
|
||||||
Impacts
|
Opportunities
|
|||||||
Response to laws and regulations
|
Details
|
Responses
|
||||||
Impacts
|
Opportunities
|
|||||||
Product Quality
|
Details
|
Responses
|
||||||
Impacts
|
Opportunities
|
|||||||
Geopolitical risk
|
Details
|
Responses
|
||||||
Impacts
|
||||||||
Information security incidents
|
Details
|
Responses
|
||||||
Impacts
|
Opportunities
|
|||||||
Measures to mitigate environmental impacts
|
Details
|
Responses
|
||||||
Impacts
|
Opportunities
|
The major risks listed above are not an exhaustive list of all risks faced by our Group, as other risks exist that are difficult to foresee. Please also refer to the Securities Report for information on individual risks and how we handle them, as well as opportunities.
Business Continuity Plans (BCPs)
Of the foreseeable disasters and accidents that could occur, we regard earthquakes; explosions, fires, and leaks; storm and flood damage, and pandemics as major emergencies. We prepare BCPs designed to ensure the continuity of business when such emergencies occur, and shares these with our clients as needed. Thus far, we have implemented measures such as ensuring adequate inventories of products and raw materials, ensuring redundancy with our production systems, augmenting our supplies of spare parts, and systematizing our restoration structures. With the cooperation of our suppliers, we are also confirming BCP upstream in the supply chain and examining additional countermeasures, while expanding the introduction of a predictive anomaly management system based on AI and IoT technologies as a preventive measure against fires and explosions that could occur in our Group.
Our response to the COVID-19 crisis since 2020 has included the establishment of a COVID-19 Emergency Taskforce and a countermeasures secretariat at our head office, which operate flexibly as we deliberate measures to be taken in response to the state of the contagion, such as issuing notices as appropriate. We also consider there operations in revising our Companywide COVID-19 Infection Countermeasures Manual as needed. We also refer to this manual in our work of formulating a response framework and action plan for each of our subsidiaries in consideration of the differences in laws, regulations, and industry rules for the country in which each is located.
We recognize that the frequency with which disasters and incidents that we regard as major emergencies occur, as well as the magnitude and extent of their impacts, is changing every year as a result of advances in science and technology and the effects of climate change. As such, every year we verify the adequacy of our BCPs based on the latest information. Moving forward, we will continue to reassess our BCPs and provide training.
Information Security Measures
We retain an extensive array of personal information on customers, shareholders, employees, and others. In addition to personal information, we also retain trade secrets and other confidential information relating to our business partners. All of this is critical information that must never be leaked to outside parties, and we have therefore improved security in the operation of our information systems, including measures against cyberattacks, phishing sites, unauthorized intrusion, and malware infection, and have taken thorough measures to prevent leaks. In fiscal 2022, measures to prevent security incidents such as cyberattacks included investigating vulnerabilities by security vendors, measures against vulnerabilities in place at global sites, measures against viral threats and sending alerts within our Group, planned migration of products no longer supported, security education for all PC users within the Group, and support for IT audits and improvements at overseas business sites. In order to enhance our countermeasures against security incidents, initiatives included quickly investigating suspicious emails or suspected risks, proper incident response by coordinating with relevant staff, holding joint training with CSIRT members, relevant departments, and other companies, and enhancing web filtering tools.
We have established the Computer Security Incident Response Team of Sumitomo Bakelite Co., Ltd. (SUMIBE-CSIRT). Under both normal circumstances and when incidents arise, SUMIBE-CSIRT works together with the Corporate General Affairs Division, IT Promotions Division * , Personnel Division, Intellectual Property Department, and other relevant departments to respond to information security incidents.
- * In October 2023, our company merged with our subsidiary Sumibe Information Systems Co., Ltd., and our Information Systems & Data Processing Department was renamed the IT Promotion Division .
●Data on Information Security
Coverage | Results in FY2022 | ||
Information security training participation rate (%)*1 | Group*3 | Total | Participation Rate: 100% (Number of participants: 4994) |
Group companies located in Japan (including Sumitomo Bakelite Co., Ltd.) | Participation Rate: 100% (Number of participants: 3334) |
||
Group companies located in the countries other than Japan | Participation Rate:100% (Number of participants: 1660) |
||
Number of critical security incidents (numbers per year) *2 | Group*3 | 1 |
- *1 We implemented information security e-learning for the officers and employees of our group companies (including Sumitomo Bakelite Co., Ltd.) who use company-issued PCs (those with company-issued email addresses). In such e-learning, we provided explanations and alerts regarding ransomware, business email compromise (BEC), suspicious phone calls, phishing emails, etc., referring to cases of damage occurring within our Group as well as cases of damage outside our Group. For group companies located in Japan (including Sumitomo Bakelite Co., Ltd.), the e-learning was implemented in March 2023. For group companies located in the countries other than Japan, the e-learning was implemented in April 2023.
- *2 We determine whether a security incident is critical or not based on standards established by our company, taking into account monetary impact, reputation, impact on operations, etc.
- *3 Sumitomo Bakelite Co., Ltd. and the companies in which Sumitomo Bakelite Co., Ltd. directly or indirectly holds more than 50% of the voting rights.
Topics More
- 2024/10/01 Sustainability Sumitomo Bakelite Co., Ltd. signed to the UN Global Compact
- 2024/02/01 Sustainability Sumitomo Bakelite Co., Ltd. announces its establishment of “Human Rights Policy for the Group of Sumitomo Bakelite Co., Ltd.”
- 2023/10/31 Sustainability Integrated Report 2023 of Sumitomo Bakelite Co., Ltd. has been issued.
- 2023/06/21 Sustainability Selected as an iSTOXX® MUTB Japan Platinum Carrier 150 Index