Basic Approach to Risk Management

To achieve sustainable growth, the NAGASE Group appropriately identifies all internal and external risks associated with its business activities, takes risk measures, assesses the status of implementation, and works to improve them.

When a risk materializes, we collect information and ascertain the situation as soon as possible, and work on risk management to minimize damage and loss caused by the materialization of the risk.

Risk Management and Compliance Committee

The Risk Management and Compliance Committee not only complies with laws and regulations, but also strives to establish and strengthen risk management and compliance systems that not only comply with laws and regulations, but also with corporate ethics, ESG Risks, as well as to operate environmental ISO and promote energy conservation. The Risk Management and Compliance Committee has established the Basic Compliance Policy and ensures that all employees, including those of Group companies, conduct corporate activities in accordance with the NAGASE Group Compliance Code of Conduct through regular workshops.

Risks related to the business operations of the NAGASE Group are managed by the Risk Management and Compliance Committee under the supervision of the Board of Directors.

Items Contact
Responsible officer Director in charge of Risk Compliance
(Responsible for risks reported to the CEO)
Deliberative body Risk Management and Compliance Committee
The Risk Management and Compliance Committee reports regularly to the Board of Directors and the Audit and Supervisory Board.
Secretariat Secretariat of Risk Management and Compliance Committee
(Risk Management Div., etc.)

Internal reporting system

In the event that the Company or a Group company becomes aware of a problem, such as a violation of laws and regulations, it shall be immediately reported to the Committee, which shall in turn promptly report the matter to the Board of Directors and the Audit and Supervisory Board. In addition, activities of Risk Compliance Committee are reported to the Board of Directors on a regular basis. In addition, we have introduced an in-house reporting system and have established a point of contact (internal reporting system) for direct reporting and consultation from executives and employees, including Group companies.

Risk Management Upgrading Project

The NAGASE Group is working to avoid the occurrence of crises and to minimize losses when crises do occur by identifying as accurately as possible the risks that could become barriers to management and the impact of those risks, and by taking countermeasures in advance. Specifically, the secretariat of the Risk Management and Compliance Committee, which is in charge of risk management, collaborates with the departments in charge of risk management. The secretariat of the Risk Management and Compliance Committee, which is in charge of risk management, works with the departments in charge of risk management to identify key risks that could have a significant impact on management. The secretariat of the Risk Management and Compliance Committee promotes the "Risk Management Project to Enhance Risk Management Level" to study and implement countermeasures. The project is being carried out under the theme of "Risk Management at a Higher Level. This project will be launched at Nagase this fiscal year, and will be sequentially expanded to other NAGASE Group companies in Japan and overseas.

Risk assessment

The NAGASE Group has trading (trading and marketing), research and development, manufacturing and processing functions in the corporate (common) segments of functional materials, processing materials, electronics and energy, mobility and lifestyle-related products. The nature of our business is such that we are exposed to a variety of domestic and international risks. Currently, the core of Nagase’s Risk Management & Compliance Committee is engaged in a thorough examination of our corporate risk objectives and management/monitoring system. We have identified over 100 risk items and visualized them by creating risk scenarios, and conducted risk assessment based on the degree of impact and likelihood of occurrence for 81 items of risks under the jurisdiction of our corporate division.

Classification of risk terms

We verified the risk definitions and classified the 81 risk items into the following risk classifications.

Classification Risk
Changes in the social and economic environment Economic recession / Failure to respond to industry restructuring / Low birthrate and aging population / Changing consumer behavior / Missing external environmental changes
Risks related to fluctuations in commodity markets Commodity market price fluctuations
Risks related to exchange rate fluctuations Exchange rate fluctuations
Interest rate risk Interest rate fluctuations
Geopolitical risk Taiwan contingency / U.S.-China confrontation / Invasion of Ukraine / Economic security legislation / terrorism and riots etc. / Other geopolitical issues
Risks related to relationships with business partners Dependence on other companies for core technologies / Mistakes in purchasing and sales strategies / Bankruptcy or delay in collection by a client / Dependence on specific suppliers / Antisocial forces or suppliers subject to economic sanctions / Transactions under unfavorable contract terms / Failure to understand legal risks / Troubled Business Partnersz / Licensor Agreements
Investment Risks Failure of PMI / Losses incurred due to thorough business / Failure to support development of new technologies and services / Failure of technological innovation / Failure of DX promotion / Errors in investment decisions / Price fluctuations of stock holdings / Failure of new business entry
Risks related to product and service quality Failure or inadequacy in service / Inventory Quality Deterioration / Supplier quality and other issues / Inappropriate after-sales service / Delayed delivery or delivery of defective products
Risks related to laws, regulations, etc. Failure to utilize FTA / Regulations on the procurement of conflict minerals / Insider trading / Failure to understand legal risks / Failure to respond to changes in laws and regulations / Litigation, disputes / Infringement of intellectual property of other companies / Failure to comply with environmental regulations / Other violations of various laws and regulations(Logistics-related laws / Various business laws / recall, PL Act / Antitrust Law etc.)
Risks related to information systems and information security System network failure / System development failure / Personal Information Utilization / Cyber attack / Confidential information leakage
Risks related to natural disasters, etc. Outbreak of pandemics / Outbreak of natural disasters / Fire, accident
Risks related to climate change Climate change risk
Risks related to supply chain maintenance or disruption Depletion of natural resources / Difficulty in procuring raw materials / Insufficient Inventory / Supply chain disruption / Logistics disruption due to natural disasters / Soaring logistics prices
Risks related to securing and outflow of human resources, etc. Labor management, Occupational health and safety / Favorable organizational climate / Harassment / Retirement of key personnel and young human resources / DEI failure / Outbreak of labor disputes / Recruitment highly specialized human resources / Compensation system and personnel system / Inappropriate personnel evaluation / Soaring labor costs
Risks related to social demands Addressing ESG / Social demands on the supply chain / Failure to address human rights
Risks related to fraud Bribery / Improper accounting / Improper tax treatment / Fraud by Subsidiary Directors / Fraud by Parent Company Directors / Crimes, accidents / Fraud, embezzlement, breach of trust, etc.
Risks related to inadequate or dysfunctional management Failure to meet management targets of subsidiaries / Dysfunctional Board of Directors / Inadequate performance management
Risks related to inefficient fund management and procurement Excess Inventory / Fundraising failure / Inefficient fund management / Unwanted assets, idle assets
Risks related to information dissemination PR failure / Inadequate IR and disclosure
Risks related to loss of competitive advantage Rise of competitors / Infringement of our intellectual property / Innovation by competitors / Rise of digital platformers / Market entry by companies in other industries / Failure to update services or updates / Failure of overseas strategy

Regarding risk assessment

The Risk Compliance Committee secretariat, which is in charge of risk assessment, then compiles the results and identifies the Group’s major risks.

Risk Assessment Indicators

The risk scenario evaluation indicators are set as follows.

①Degree of influence

Four evaluation criteria are established for financial and non-financial factors (people, goods, and brand/reputation) according to the degree of impact.

②Frequency and likelihood of occurrence

The frequency and likelihood of occurrence are also evaluated using a four-level scale.

Risk map

Risk assessment was conducted for each risk item, and a risk map was created.
As a result of risk mapping, 8 risks that were determined to be of particular importance to the NAGASE Group were set as the Group’s material risks for the current fiscal year.

The NAGASE Group has identified a total of 8 risk categories as being of particular importance, and the risk definitions are as follows

8 Risks identified as particularly important

Annual Securities Report for the 109th fiscal year (Japanese olny) (pdf:24.4 MB)

Infotmation Security

The NAGASE Group strongly recognizes the importance of protecting data assets owned and managed in the course of conducting business activities. The economic and social losses incurred from information leaks and other accidents are incalculable. As for information security measures, all NAGASE Group employees are aware of the importance and need to work together Group-wide on this matter. Regarding the promotion of information security, we have established the Basic Policy of Information Security, as well as the Guideline for Information Security Measures which comprehensively detail recommended security levels and rules that need to be followed.

In addition, each Group company creates a manual detailing rules and things to be careful about during daily tasks as well as various rules and procedures outlining how to implement information security countermeasures. We are also fostering greater awareness among all employees through regular education and training.

情報セキュリティポリシーおよび関連規定の体系図

Information Security Hierarchy

The NAGASE Group's hierarchy for execution of information security management is as follows.

Information Security Hierarchy

Information Security Committee

  • The NAGASE Group has established an Information Security Committee under the umbrella of the Risk Management & Compliance Committee. The former is responsible for upkeep of the Group's information security, regularly reporting to the Risk Management & Compliance Committee.
  • The Information Security Committee presides over formulating and updating basic policies and guidelines on information security, as well as planning, implementing, and evaluating information security measures.

The administration of trade secrets and intellectual property, the handling of trade secrets belonging to the company, the handling of trade secrets and intellectual property rights of third parties, and the protection of personal information are also clearly defined in the Code of Conduct. These stipulations are rigorously communicated within the Group.

We use these measures to appropriately company-held information assets on a daily, ongoing basis, and we strive to properly leverage confidential information and effectively utilize information assets.

Response System for Cyber Security Incidents

The NAGASE Group has established a CSIRT (Cyber Security Incident Response Team) as an executive organization to prevent information security incidents, detect them early, resolve them early, and minimize damage.
The members of the CSIRT are appointed by the Information Security Committee, and the CSIRT serves as a contact point for reporting information security incidents of the NAGASE Group.

Response System for Cyber Security Incidents

Response System for Cyber Security Incidents

Education Initiatives for Information Security

In order to maintain and improve our information management system, the NAGASE Group regularly implements the following information security training initiatives.

  • Once a year, targeted attack training emails are sent out.
  • Once a year, an e-learning course on information security is conducted.
  • Thorough familiarization of new employees with the Basic Policy on Information Security.

Trade Secret Administration

The NAGASE Group recognizes that intellectual property rights are also key company assets and subsequently endeavors to protect these. Intellectual property rights include patents, utility models, designs, trademarks, and authorship rights of computer software. The handling of trade secrets belonging to the company and the handling of trade secrets and intellectual property rights of third parties, are also clearly defined in the Code of Conduct. These stipulations are rigorously communicated within the Group.

Social Media Policy

Social media policy (excerpt)

When GROUP employees use Social Media, they must obey various laws, the NAGASE Basic Compliance Policies, the NAGASE Group Code of Conduct, and other applicable rules and societal norms. In addition, employees should understand the nature, design, and terms of use of Social Media, endeavoring to avoid negative consequences to GROUP stakeholders, and engaging in highly transparent, wholesome communications. These Basic Policies include the following specific policies: If any law applicable to a local office conflicts with these Basic Policies, the law will govern over the rule in conflict.

・Use Social Media with an understanding of its characteristics and potential impact, exercising conscientiousness and responsibility.
・Do your utmost to publish information that is correct.
・Respect others.
・Do your utmost to engage in wholesome, quality communication.

Crisis Prevention and Business Continuity Planning

Each NAGASE Group company has taken steps to mitigate such risks as those related to natural disasters that could impact the continuity of business activities as well as the safety and lives of employees. NAGASE has enacted measures for crisis prevention to protect human life and assets as well as business continuity plans (BCPs) to ensure steady operations. As for crisis prevention activities, we annually conduct one drill that coordinates our major domestic bases of Tokyo, Nagoya, and Osaka, checking the first responses during times of crisis, such as the transfer of head office functions. As for BCPs, each department has formulated a recovery plan to assure delivery to major business partners.

防災活動と BCP(事業継続計画)活動の図

Securing satellite office functions in the event of disaster

The NAGASE Group’s training facility NAGASE Global HR Development Center in Shibuya, Tokyo is highly resilient to earthquakes and is equipped with power generators. In an emergency in which the Tokyo head office cannot be used, this facility will function as a satellite office with a 150-person capacity.

ナガセグローバル人財開発センター