Basic Approach to Risk Management
To achieve sustainable growth, the NAGASE Group appropriately identifies all internal and external risks associated with its business activities, takes risk measures, assesses the status of implementation, and works to improve them.
When a risk materializes, we collect information and ascertain the situation as soon as possible, and work on risk management to minimize damage and loss caused by the materialization of the risk.
Risk Management and Compliance Committee
The Risk Management and Compliance Committee not only complies with laws and regulations, but also strives to establish and strengthen risk management and compliance systems that not only comply with laws and regulations, but also with corporate ethics, ESG Risks, as well as to operate environmental ISO and promote energy conservation. The Risk Management and Compliance Committee has established the Basic Compliance Policy and ensures that all employees, including those of Group companies, conduct corporate activities in accordance with the NAGASE Group Compliance Code of Conduct through regular workshops.
Risks related to the business operations of the NAGASE Group are managed by the Risk Management and Compliance Committee under the supervision of the Board of Directors.
|Responsible officer||Director in charge of Risk Compliance
(Responsible for risks reported to the CEO)
|Deliberative body||Risk Management and Compliance Committee
The Risk Management and Compliance Committee reports regularly to the Board of Directors and the Audit and Supervisory Board.
|Secretariat||Secretariat of Risk Management and Compliance Committee
(Legal and Compliance Department, etc.)
Internal reporting system
In the event that the Company or a Group company becomes aware of a problem, such as a violation of laws and regulations, it shall be immediately reported to the Committee, which shall in turn promptly report the matter to the Board of Directors and the Audit and Supervisory Board. In addition, activities of Risk Compliance Committee are reported to the Board of Directors on a regular basis. In addition, we have introduced an in-house reporting system and have established a point of contact (internal reporting system) for direct reporting and consultation from executives and employees, including Group companies.
Risk Management Upgrading Project
The NAGASE Group is working to avoid the occurrence of crises and to minimize losses when crises do occur by identifying as accurately as possible the risks that could become barriers to management and the impact of those risks, and by taking countermeasures in advance. Specifically, the secretariat of the Risk Management and Compliance Committee, which is in charge of risk management, collaborates with the departments in charge of risk management. The secretariat of the Risk Management and Compliance Committee, which is in charge of risk management, works with the departments in charge of risk management to identify key risks that could have a significant impact on management. The secretariat of the Risk Management and Compliance Committee promotes the "Risk Management Project to Enhance Risk Management Level" to study and implement countermeasures. The project is being carried out under the theme of "Risk Management at a Higher Level. This project will be launched at Nagase this fiscal year, and will be sequentially expanded to other NAGASE Group companies in Japan and overseas.
The NAGASE Group has trading (trading and marketing), research and development, manufacturing and processing functions in the corporate (common) segments of functional materials, processing materials, electronics and energy, mobility and lifestyle-related products. The nature of our business is such that we are exposed to a variety of domestic and international risks. Currently, the core of Nagase’s Risk Management & Compliance Committee is engaged in a thorough examination of our corporate risk objectives and management/monitoring system. We have identified over 100 risk items and visualized them by creating risk scenarios, and conducted risk assessment based on the degree of impact and likelihood of occurrence for 81 items of risks under the jurisdiction of our corporate division.
Classification of risk terms
In the revised Corporate Risk Management Chart, definitions for 102 risks were reviewed based on the causal event and classified into large, medium and small categories. Comprehensiveness is ensured by extracting risks minute by minute.
|Large Classification||Middle Classification||Small Classification||Risk|
|External environment||External Threats||P:Politics||Failure to respond to economic security legislation / U.S.-China confrontation / Taiwan contingency / invasion of Ukraine / other geopolitical issues / terrorism and riots etc./Crimes, accidents, etc.|
|E:Economics||Economic recession / Failure to utilize FTAs / Rise of competitors / Soaring labor costs / Soaring logistics prices / Commodity market price fluctuations / Exchange rate fluctuations / Interest rate fluctuations / Price fluctuations of stock holdings / Failure to respond to industry restructuring|
|S:Social||Failure to address human rights / Failure to address diversity, equity, and inclusiveness of human capital / Growing social need to address ESG / Low birthrate and aging population in Japan / Changing consumer behavior|
|T:Technology||New technology and service development and technology and service innovation by competitors / Rise of digital platformers / Market entry by companies in other industries|
|E:Environment||Climate change risk failure/failure to comply with environmental regulations/unsuitable industrial waste and other pollutants
emissions/ depletion of natural resources/ outbreak of infectious disease pandemics/ outbreak of natural disasters such as earthquakes, windstorms, floods, etc.
|L:Leagal||Failure to respond to changes in laws and regulations|
|Stakeholders||Outsourcing company||Violation of laws and regulations and quality problems by suppliers/suppliers|
|Involved parties in the supply chain||Growing social demands for human rights, environmental issues, etc. in the supply chain|
|Internal environment||Risks in Governance||Governance||Fraud by Parent Company Directors/Absence of successor management/Dysfunctional Board of Directors/Failure to maintain and foster a favorable organizational climate|
|Subsidiary Management||Failure to meet management targets of subsidiaries/Fraud by Subsidiary Directors|
|Risks associated with business activities||A.Research, Development and Planning||Failure to support development of new technologies and services / Dependence on other companies for core technologies|
|B.Sales Planning||Support for development and failure of new technologies and services/Dependence on other companies for core technology|
|C.Supplier Selection||Transactions under unfavorable contract terms/ Mistakes in purchasing and sales strategies/ Missing changes in the sales environment|
|D.Purchasing and Procurement||Conducting transactions with suppliers whose creditworthiness, quality, reputation, etc. are in question/dealing with antisocial forces or suppliers subject to economic sanctions/failure to comply with regulations on the procurement of conflict minerals|
|E.Inventory||Insufficient Inventory/Inventory Quality Deterioration, Damage, Contamination, or Loss/Excess Inventory|
|F.Manufacturing and processing||Cost reduction failure/quality problems|
|G.Sales||Delayed delivery of defective products / Logistics disruption due to natural disasters or accidents|
|G.Sales (Service Providing Business)||Failure or inadequacy in service|
|H.Collection of accounts receivable and payment of accounts payable||Bankruptcy or delay in collection by a client|
|I.Maintenance and after-sales service||Inadequate customer service (e.g., inappropriate after-sales service)|
|I.Maintenance and after-sales service(Service Providing Business)||Service update/update failure|
|Risks in head office functions||Information technology||System development failure/ System network failure/ Computer virus infection due to cyber attack, system failure/
Personal information leakage/ Confidential information leakage/ Failure of DX promotion
|Performance management||Inadequate performance management (e.g., delays in performance aggregation, inaccurate aggregation, etc.)|
|Management plan||Failure of technological innovation and innovation / Failure of overseas strategy / Failure of new business entry / Losses incurred due to thorough business|
|Accounting||Improper accounting/improper tax treatment (underreporting, failure to pay taxes, failure to comply with transfer pricing taxation)|
|Financial affairs||Inefficient fund management/fundraising failure|
|Asset management||Fire, accident/unwanted assets, idle assets owned and maintained|
|External Relations and Public Relations||PR and PR failures/inadequate corporate and investor relations disclosures|
|Human Resources and Labor||Failure to hire highly specialized human resources/retirement of key personnel and young human resources/labor management (time, safety, mental health)/inadequate occupational health and safety/outbreak of labor disputes/inefficient compensation system and personnel system/inappropriate personnel evaluation|
|Investment & M&A||Errors in investment decisions (e.g., insufficient consideration of the significance of the investment and growth strategy, errors in business plan and acquisition plan calculations, failure to understand risks, etc.)|
|judicial affairs||Violation of Antitrust Law/ Bribery/ Insider trading/ Violation of other important laws (e.g., Subcontract Act)/ Violation of logistics-related laws/ Violation of various business laws/ Fraud, embezzlement, breach of trust, etc. / Harassment, violation of internal rules, occurrence of ethical issues/ Litigation, disputes/ Infringement of intellectual property of other companies/ Infringement of our intellectual property/ Cancellation of contracts from licensors, recall, PL Act compliance/ Violation of contracts, failure to understand legal risks in contracts|
Regarding risk assessment
The Risk Compliance Committee secretariat, which is in charge of risk assessment, then compiles the results and identifies the Group’s major risks.
Risk Assessment Indicators
The risk scenario evaluation indicators are set as follows.
①Degree of influence
Four evaluation criteria are established for financial and non-financial factors (people, goods, and brand/reputation) according to the degree of impact.
②Frequency and likelihood of occurrence
The frequency and likelihood of occurrence are also evaluated using a four-level scale.
Risk assessment was conducted for each risk item, and a risk map was created.
As a result of risk mapping, 12 risks that were determined to be of particular importance to the NAGASE Group were set as the Group’s material risks for the current fiscal year.
The NAGASE Group has identified a total of 12 risk categories as being of particular importance, and the risk definitions are as follows
12 Risks identified as particularly important
The NAGASE Group strongly recognizes the importance of protecting data assets owned and managed in the course of conducting business activities. The economic and social losses incurred from information leaks and other accidents are incalculable. As for information security measures, all NAGASE Group employees are aware of the importance and need to work together Group-wide on this matter. Regarding the promotion of information security, we have established the Basic Policy of Information Security, as well as the Guideline for Information Security Measures which comprehensively detail recommended security levels and rules that need to be followed.
In addition, each Group company creates a manual detailing rules and things to be careful about during daily tasks as well as various rules and procedures outlining how to implement information security countermeasures. We are also fostering greater awareness among all employees through regular education and training.
Information Security Hierarchy
The NAGASE Group's hierarchy for execution of information security management is as follows.
Information Security Committee
- The NAGASE Group has established an Information Security Committee under the umbrella of the Risk Management & Compliance Committee. The former is responsible for upkeep of the Group's information security, regularly reporting to the Risk Management & Compliance Committee.
- The Information Security Committee presides over formulating and updating basic policies and guidelines on information security, as well as planning, implementing, and evaluating information security measures.
The administration of trade secrets and intellectual property, the handling of trade secrets belonging to the company, the handling of trade secrets and intellectual property rights of third parties, and the protection of personal information are also clearly defined in the Code of Conduct. These stipulations are rigorously communicated within the Group.
We use these measures to appropriately company-held information assets on a daily, ongoing basis, and we strive to properly leverage confidential information and effectively utilize information assets.
Response System for Cyber Security Incidents
The NAGASE Group has established a CSIRT (Cyber Security Incident Response Team) as an executive organization to prevent information security incidents, detect them early, resolve them early, and minimize damage.
The members of the CSIRT are appointed by the Information Security Committee, and the CSIRT serves as a contact point for reporting information security incidents of the NAGASE Group.
Response System for Cyber Security Incidents
Education Initiatives for Information Security
In order to maintain and improve our information management system, the NAGASE Group regularly implements the following information security training initiatives.
- Once a year, targeted attack training emails are sent out.
- Once a year, an e-learning course on information security is conducted.
- Thorough familiarization of new employees with the Basic Policy on Information Security.
Trade Secret Administration
The NAGASE Group recognizes that intellectual property rights are also key company assets and subsequently endeavors to protect these. Intellectual property rights include patents, utility models, designs, trademarks, and authorship rights of computer software. The handling of trade secrets belonging to the company and the handling of trade secrets and intellectual property rights of third parties, are also clearly defined in the Code of Conduct. These stipulations are rigorously communicated within the Group.
Social Media Policy
Social media policy (excerpt)
・Use Social Media with an understanding of its characteristics and potential impact, exercising conscientiousness and responsibility.
・Do your utmost to publish information that is correct.
・Do your utmost to engage in wholesome, quality communication.
Crisis Prevention and Business Continuity Planning
Each NAGASE Group company has taken steps to mitigate such risks as those related to natural disasters that could impact the continuity of business activities as well as the safety and lives of employees. NAGASE has enacted measures for crisis prevention to protect human life and assets as well as business continuity plans (BCPs) to ensure steady operations. As for crisis prevention activities, we annually conduct one drill that coordinates our major domestic bases of Tokyo, Nagoya, and Osaka, checking the first responses during times of crisis, such as the transfer of head office functions. As for BCPs, each department has formulated a recovery plan to assure delivery to major business partners.
Securing satellite office functions in the event of disaster
The NAGASE Group’s training facility NAGASE Global HR Development Center in Shibuya, Tokyo is highly resilient to earthquakes and is equipped with power generators. In an emergency in which the Tokyo head office cannot be used, this facility will function as a satellite office with a 150-person capacity.