Risk Management

Risk Management Structure

Our risk management structure is described below.

Sustainability Promotion Committee

We have established the Sustainability Promotion Committee as the parent body for conducting our Group’s sustainability activities on a continuous, Group-wide basis. It approves the policies, plans, results, items, and figures to be published externally by the Risk Management Committee, which is a subordinate comittee, and reports that information to the Board of Directors.

Risk Management Committee

The Committee identifies major risks that could have a serious impact on our business performance, confirms the validity of response measures to major risks, and gives instructions on what additional measures should be considered to our departments that oversee risk and each department.

The members of the Risk Management Committee consist of the President, Senior executive officers in charge of business and corporate departments, and the heads of departments that oversee risk. In fiscal 2022, the Risk Management Committee convened four times.

Divisions that oversee risk

When it comes to risk oversight, the departments that oversee risk draft and promote response measures for our Group as a whole by coordinating with each business department. These divisions that oversee risk include the Corporate General Affairs Division, Personnel Division, Corporate Finance & Planning Division, Corporate Production Management & Engineering Division, Corporate Research & Development Division, IT Promotion Division, and Global Procurement Division.

Each business department

As part of their original business operations, the Group’s sales departments, factories, R&D departments, and other business units take various measures to properly manage the risks associated with the execution of their own business operations.

 

In addition to the above, the Group has established a corporate governance system and has developed and operated an internal control system, including risk management.

Risk Management Structure chart

The Risk Management Committee is an organization tasked with discussing and approving issues and countermeasures that promote company-wide risk management, with activities in fiscal 2022 as outlined below.

Risk Management Committee

The Risk Management Committee held four meetings in fiscal 2022, at which instructions were given to individual risk management divisions and each business department to confirm progress and disclose details of initiatives for information disclosure based on the TCFD declaration, discuss standards for establishing a “substitute” disaster relief headquarters in the event that the head office is affected by a disaster, and development of an overseas risk management manual given concerns of geopolitical risks. As for the major risk categories to be addressed in fiscal 2023, based on a survey to respective senior executive officers in charge of business segments and corporate departments, seven areas of risk were selected: raw material supply issues and price fluctuations; disasters, accidents, and pandemics; compliance with laws an regulations; product quality; geopolitical risks; information security incidents; and environmental impact reduction measures.

Major Risk Selection and Approval Process

The selection and approval of major risks in the Group is conducted once a year. The process is as follows.

Major Risk Selection and Approval Process

Major Risk Selection and Approval Process chart

Guidelines for Selecting the Degree of Likelihood of Occurrence

Levels Guidelines for selecting the level of likelihood of occurrence
Approximately once every 100 years
to once every 10 years
Low Approximately once every 100 years to once every 10 years
Moderate Approximately once every few years to once every year
High Twice or more each year

Guidelines for selecting level of impact

Levels Guidelines for selecting the level of impact (If more than one of the following applies, select the item with the highest level of impact)
Monetary impact Human life Reputation Impact on operations
Level of impact Low Up to ¥50 million Injuries or illnesses requiring medical attention occur Resolved through routine daily management Affects operations for a few days at one location only
Level of impact
Moderate
¥50 million to
¥1 billion
Injuries or illnesses requiring hospitalization occur Minor coverage (in a negative way) in conventional and online mass media Trust is partially diminished among business partners and consumers Affects operations for several weeks at one location only
Affects operations for multiple days at multiple locations
Level of impact
High
¥1 billion or more One or more deaths occur Numerous cases of injury and/or sickness occur Major coverage (in a negative way) in conventional and online mass media Trust is considerably diminished among business partners and consumers Affects operations for several months at one location only
Affects operations for multiple weeks at multiple locations

Major risk content, potential impacts, and responses

Based on the above-mentioned risk management process, the Group has identified the following major risks that could have a significant impact on the Group’s business, and by viewing these as opportunities and promoting responses, the Group will create value in the future.

The seven major risks to be addressed in fiscal 2023 (selected in fiscal 2022) are: (1) raw material supply problems and price fluctuations, (2) disasters, accidents, and pandemics, (3) compliance with laws and regulations, (4) product quality, (5) geopolitical risk, (6) information security incidents, and (7) measures to mitigate environmental impact (including responses to climate change). Of these, the risks associated with climate change are (1) raw material supply problems, (2) disasters, accidents, and pandemics, (3) compliance with laws and regulations, and (7) measures to reduce environmental impact (including responses to climate change) As we move forward with the TCFD scenario analysis, we will consider our impact evaluation in accordance with the above process.

Risk Details and potential impacts of risks Handling and opportunities
Raw materials supply problems and price fluctuations
Probability of
occurrence Time frame
Short-term
Probabilityof
occurrence Potential
High
Level of impact Moderate
Details
  • ● Reduced output, product discontinuation, and withdrawal from business by suppliers due to soaring raw material and fuel prices
  • ● Delays from suspension of supply or logistics disruptions due to natural disasters or the spread of infectious disease
  • ● Suspension of supply, product discontinuation, and supply-demand imbalances due to revisions to laws and tightened environmental regulations
  • ● Prices increase due to the interlocking of prices in the crude oil and nonferrous metals markets
  • ● Withdrawal from business by raw materials manufacturers due to reconsideration of business portfolio
Responses
  • ● Risk reduction through pluralization of procurement sources for important raw materials, ensuring safety inventory, etc., with stable procurement the foremost consideration
  • ● Implementation of BCP measures and completion of planning for approximately 100 suppliers of important raw materials in Japan
  • ● Working to ensure the availability of substitute products and safety inventory of more than three months for approximately 80 suppliers in Europe, U.S., and China that supply important raw materials
  • ● Confirmation of BCP measures when new raw materials are adopted, and risk reduction by setting a standard of adoption that ensures that materials do not contain prohibited substances
  • ● Application of the formula system for principal raw materials (automatically reflecting raw materials price fluctuations in product prices)
Impacts
  • ● Declining sales, deteriorating profitability, and hindrance to business continuity
Opportunities
  • ● Expansion and continuation of transactions with customers through improved BCP response
Disasters, accidents and pandemics
Probability of
occurrence Time frame
Undetermined*
Probabilityof
occurrence Potential
Moderate
Level of impact High
*Note: However, the Covid-19 pandemic is short-term
Details
  • ● Earthquakes, explosions, fires, storm and flood damage, and pandemics
Responses
  • ● Formulation of a (BCP), annual validation of countermeasures, revision of BCP and ongoing training
  • ● Implementation of measures for reduced production and continuity assurance by securing adequate inventories, establishing redundancy with our production systems, and augmenting spare parts supplies
  • ● Elucidate causes, formulate countermeasures, and deploy countermeasures throughout the Group to prevent explosions and fires, and expand adoption of predictive management system for abnormalities to overseas sites in fiscal 2023
  • ● Review of our “Company-wide COVID-19 Infection Countermeasures Manual” based on measures to prevent the spread of COVID-19, and deployment throughout the entire Group
Impacts
  • ● Impediments to product supply due to personal injury to neighbors & employees, damage to plant/equipment, or disruptions of electricity, gas, water, or telecommunications services
  • ● Impediments to continued business activities due to supply chain disruptions
  • ● Negative effects on business performance, such as claims for substantial damages
Opportunities
  • ● Expansion and continuation of transactions with customers through improved BCP response
Response to laws and regulations
Probability of
occurrence Time frame
Undetermined
Probabilityof
occurrence Potential
Low
Level of impact High
Details
  • ● Significant changes to laws and regulations that are closely connected to the business activities of our Group as a manufacturer of the functional chemical products
Responses
  • ● Minimization of the risks of compliance violation, promotion of development of a compliance system, and promotion of awareness of compliance by the Compliance Committee
  • ● Development of systems by individual risk management divisions, implementation of education, guidance and support to business units, and monitoring by internal auditing departments
  • ● Risk reduction through the operation and maintenance of management systems that can stay up to date with the latest chemical substance regulations in each country
  • ● Adoption of a Compliance Whistleblower System that allows not just officers, but also stakeholders to report issues
Impacts
  • ● New costs for measures to deal with changes in laws and regulations
  • ● Negative effects on business performance due to things such as loss of trust, or major losses due to criminal penalties, surcharges, and civil litigation when laws or regulations are violated
Opportunities
  • ● Expansion and continuation of transactions with customers by responding to laws and regulations, establishing compliance systems, and maintaining and improving operations
Product Quality
Probability of
occurrence Time frame
Undetermined
Probabilityof
occurrence Potential
Low
Level of impact High
Details
  • ● Large-scale product incidents
  • ● Advancement of quality management standards sought by customers, etc., after placement on the market due to advances in science and technology and changes in customer markets and methods of use
Responses
  • ● Creation of a product quality management framework that is consistent from design management to manufacturing and sales, and adheres to manuals compliant with international quality management standards
  • ● Annual verification of quality management status by qualified experts, and identification of potential quality risks and mitigation response using FMEA and FTA
  • ● Elimination of human variables and enhancement of traceability using AI/IoT technology at four major domestic bases, and expansion to main overseas factories
  • ● Establishment of a system that can centrally manage quality issues that occur at all domestic and overseas business sites, and verification of effectiveness of response/measures to address quality issues
Impacts
  • ● Negative effects on business performance due to things such as loss of trust, major costs due to recalls, or compensation for damages
  • ● Occurrence of unforeseeable quality problems due to advancement of quality management standards
Opportunities
  • ● Expansion and continuation of transactions with customers by maintaining and improving quality control systems
Geopolitical risk
Probability of
occurrence Time frame
Undetermined
Probabilityof
occurrence Potential
Moderate
Level of impact High
Details
  • ● Suspension of import/export transactions and settlement of funds due to strengthened economic security policies in each country
  • ● Wars and conflicts
Responses
  • ● Collection of information from experts and government agencies to prepare or enhance the effectiveness of risk management manuals at overseas sites
  • ● Collection of information about import/export control and economic sanctions, and utilizing multi-fabrication and multi-sourcing to reduce or minimize impacts
Impacts
  • ● Criminal penalties, administrative penalties, civil lawsuits, and loss of public trust due to inability to respond to unforeseeable changes
  • ● Impediments to business continuity due to threats to employee lives and assets, or disruption of logistics, procurement, or infrastructure
Information security incidents
Probability of
occurrence Time frame
Undetermined
Probabilityof
occurrence Potential
Moderate
Level of impact High
Details
  • ● Principal systems failure or stoppage, or leakage of confidential information held by our company due to cyberattack
Responses
  • ● Establishment of cross-organizational body “SUMIBE-CSIRT,” and of a framework for coordination of response between management and external organizations in times of emergency
  • ● Implementation of measures such as improving vulnerability response, detecting risks through the introduction of remedial products, and constantly monitoring against cyber-attacks
  • ● Strengthening prevention and promoting awareness through regular information security education for all directors and employees in Japan and abroad
  • ● Promote acquisition of “Registered Information Security Specialist” certification to improve the skillsets of our information security staff, and train information security personnel and deploy them to overseas sites
Impacts
  • ● Loss of community trust
  • ● Negative effects on business performance due to costs such as compensation to business partners, or disorder or disruption of business activities
Opportunities
  • ● Expansion and continuation of transactions with customers by maintaining and improving the information security management system
Measures to mitigate environmental impacts
Probability of
occurrence Time frame
Medium- to long-term
Probabilityof
occurrence Potential
Moderate
Level of impact High
Details
  • ● Climate change issues (Strengthening greenhouse gas emissions regulations, carbon pricing, etc.)
Responses
  • ● Promotion of activities under “Environmental Vision for 2050 (net zero)” in a cross-functional organization headed by top management
  • ● Proactive participation in industry projects, and programs linking industry, academia, and government, as well as development of the innovative technologies needed to reduce environmental impact
  • ● Efforts to achieve SDG-contributing product revenue ratio targets
  • ● Scenario analysis of our key business areas by TCFD Task Team
Impacts
  • ● Exclusion from markets due to delay of countermeasures
Opportunities
  • ● Increased demand for products that contribute to SDGs

The major risks listed above are not an exhaustive list of all risks faced by our Group, as other risks exist that are difficult to foresee. Please also refer to the Securities Report for information on individual risks and how we handle them, as well as opportunities.

 

Business Continuity Plans (BCPs)

Of the foreseeable disasters and accidents that could occur, we regard earthquakes; explosions, fires, and leaks; storm and flood damage, and pandemics as major emergencies. We prepare BCPs designed to ensure the continuity of business when such emergencies occur, and shares these with our clients as needed. Thus far, we have implemented measures such as ensuring adequate inventories of products and raw materials, ensuring redundancy with our production systems, augmenting our supplies of spare parts, and systematizing our restoration structures. With the cooperation of our suppliers, we are also confirming BCP upstream in the supply chain and examining additional countermeasures, while expanding the introduction of a predictive anomaly management system based on AI and IoT technologies as a preventive measure against fires and explosions that could occur in our Group.

Our response to the COVID-19 crisis since 2020 has included the establishment of a COVID-19 Emergency Taskforce and a countermeasures secretariat at our head office, which operate flexibly as we deliberate measures to be taken in response to the state of the contagion, such as issuing notices as appropriate. We also consider there operations in revising our Companywide COVID-19 Infection Countermeasures Manual as needed. We also refer to this manual in our work of formulating a response framework and action plan for each of our subsidiaries in consideration of the differences in laws, regulations, and industry rules for the country in which each is located.

We recognize that the frequency with which disasters and incidents that we regard as major emergencies occur, as well as the magnitude and extent of their impacts, is changing every year as a result of advances in science and technology and the effects of climate change. As such, every year we verify the adequacy of our BCPs based on the latest information. Moving forward, we will continue to reassess our BCPs and provide training.

Information Security Measures

We retain an extensive array of personal information on customers, shareholders, employees, and others. In addition to personal information, we also retain trade secrets and other confidential information relating to our business partners. All of this is critical information that must never be leaked to outside parties, and we have therefore improved security in the operation of our information systems, including measures against cyberattacks, phishing sites, unauthorized intrusion, and malware infection, and have taken thorough measures to prevent leaks. In fiscal 2022, measures to prevent security incidents such as cyberattacks included investigating vulnerabilities by security vendors, measures against vulnerabilities in place at global sites, measures against viral threats and sending alerts within our Group, planned migration of products no longer supported, security education for all PC users within the Group, and support for IT audits and improvements at overseas business sites. In order to enhance our countermeasures against security incidents, initiatives included quickly investigating suspicious emails or suspected risks, proper incident response by coordinating with relevant staff, holding joint training with CSIRT members, relevant departments, and other companies, and enhancing web filtering tools.

We have established the Computer Security Incident Response Team of Sumitomo Bakelite Co., Ltd. (SUMIBE-CSIRT). Under both normal circumstances and when incidents arise, SUMIBE-CSIRT works together with the Corporate General Affairs Division, IT Promotions Division * , Personnel Division, Intellectual Property Department, and other relevant departments to respond to information security incidents.

情報セキュリティ事故対策体制
  • * In October 2023, our company merged with our subsidiary Sumibe Information Systems Co., Ltd., and our Information Systems & Data Processing Department was renamed the IT Promotion Division .

Data on Information Security

  Coverage Results in FY2022
Information security training participation rate (%)*1 Group*3 Total Participation Rate: 100%
(Number of participants: 4994) 
Group companies located in Japan (including Sumitomo Bakelite Co., Ltd.) Participation Rate: 100%
(Number of participants: 3334)
Group companies located in the countries other than Japan Participation Rate:100%
(Number of participants: 1660)
Number of critical security incidents (numbers per year) *2 Group*3 1
  • *1 We implemented information security e-learning for the officers and employees of our group companies (including Sumitomo Bakelite Co., Ltd.) who use company-issued PCs (those with company-issued email addresses). In such e-learning, we provided explanations and alerts regarding ransomware, business email compromise (BEC), suspicious phone calls, phishing emails, etc., referring to cases of damage occurring within our Group as well as cases of damage outside our Group. For group companies located in Japan (including Sumitomo Bakelite Co., Ltd.), the e-learning was implemented in March 2023. For group companies located in the countries other than Japan, the e-learning was implemented in April 2023.
  • *2 We determine whether a security incident is critical or not based on standards established by our company, taking into account monetary impact, reputation, impact on operations, etc.
  • *3 Sumitomo Bakelite Co., Ltd. and the companies in which Sumitomo Bakelite Co., Ltd. directly or indirectly holds more than 50% of the voting rights.

Call or email us about Sustainability