Risk Management
1. Philosophy
JSR Group believes that preventing major crises from occurring and minimizing their impacts on business activities is a key part of management. In response to these issues, the Group has formulated Risk Management Policies and established a Risk Management Committee through which it actively pursues risk management activities.
2. Risk Management System
JSR Group has established a Risk Management Committee under the Sustainability Promotion Committee. We have put into place a system whereby the Risk Management Committee comprehensively manages important risks that have materialized or could potentially materialize within the Group.
The Risk Management Committee advances the Group's risk management by taking the lead in identifying important risks and supporting the formulation of policies for responding to such risks and the planning and execution of risk management plans by related committees or departments in charge.
For important risks that were identified, the progress of countermeasures is reported to the Sustainability Promotion Committee and the Board of Directors.
We manage risks related to the individual capital investments of each business, strategic investments such as M&A, and business plans through deliberations and decisions made by the Board of Directors and other committees. Please click on the following link for the roles of each committee and other details.
For risks related to business operations, we engage in risk management centered on the Risk Management Committee in accordance with Risk Management Policies.
The risk management system forms part of the Group’s internal control system. The status of the internal control system’s execution is reported regularly to the Board of Directors. JSR’s Corporate Audit Department continuously verifies and evaluates the preservation and operation of internal control for the entire JSR Group as required by the Companies Act and Financial Instruments and Exchange Act. It also ensures that risk in existing business does not exceed permissible levels. Furthermore, the department additionally strives to maintain and strengthen internal control levels for the entire Group and conducts internal audits to ensure the appropriate and efficient execution of operations.
3. Risk Management Measures
(1) Identifying Risks and Selecting Important Risks
Under the initiative of the Risk Management Committee, each division of JSR Group companies in and outside of Japan identifies risks on a regular basis. In addition, management holistically understands risks related to management strategy and the foundation of business continuity.
Utilizing a risk map that represents level of business impact and frequency of occurrence, we identify risks that could have a significant impact on business continuity and organize them into JSR Group Risk Factors. We build and maintain a system for prevention of latent risks and crisis preparedness by having senior management monitor and regularly review important risks.
Click on the following link for information on the risks that could impact on JSR Group's business performance, financial standing, cash flow, etc.
(2) BCM (Business Continuity Management)
1) Formulation and Operation of BCM Procedures
JSR has formulated BCM procedures that summarize the BCM/BCP* systems in place for both peacetime and emergency situations. In addition to defining the BCM organization and the actual BCP, which includes stipulations on target recovery times, and BCP activation and cancellation standards, these procedures also set out the organizational structure that takes effect during activations of the BCP, and corresponding priority businesses and operations.
Moreover, we maintain a stable supply of funds on hand to allow us to manage our businesses flexibly if a major risk arises. We also acquire issuer ratings and commercial paper ratings from rating agencies each year. JSR's ratings are available on rating agencies' websites as well as the JSR website.
* BCM: Business Continuity Management/BCP: Business Continuity Plan
A BCP defines activities to be conducted in anticipation of emergencies that could threaten a company’s survival (such as a large-scale natural disaster, explosion/fire, or terrorist attack), judgment criteria and action guidelines that enable business continuity in the event of such emergencies, and other matters necessary for ensuring the continuity and early restoration of important businesses. BCM is a management system that operates and continuously improves the BCP through the PDCA (plan-do-check-act) cycle.
2) Major Earthquake Preparations
JSR Group adopted a mid-term business plan in FY1995 concerning preparations for a major earthquake and has been conducting systematic activities to enhance those preparations. After FY2006, we began a seismic retrofitting project focused on high-pressure gas facilities in our plants, and installed an earthquake early-warning system at all JSR business sites. Following the Great East Japan Earthquake, we systematically reinforced the aseismic capabilities of our buildings and implemented safety measures that include tsunami countermeasures. In FY2020, we completed work on these initiatives.
(3) Enhancement of Initial Response to Emergencies
1) Crisis Management Training
Once a year since 2004, JSR holds crisis management training with the participation of “headquarters for accident and crisis control” members.
In FY2022, we conducted crisis management drills based on the scenario that a Tonankai Earthquake (a large-scale earthquake with an epicenter in the Nankai Trough off the coast of the Enshu Sea and Kumano Sea) occurred and the Yokkaichi Plant, our main plant, suffered damages.
Approximately 50 people, including the President who leads the head office’s headquarters for accident and crisis control, participated in the drill and confirmed the actions that the head office should take, such as gathering information and determining response policies, in response to fires, injuries, and other possible events on the day of a disaster.
By conducting drills that anticipate a variety of potential disasters, we will continue to make the preparations needed to ensure safety, control damage, maintain business continuity.
2) Disaster Management Training at Each Plant and Laboratory
JSR Group conducts disaster management, evacuation, and notification training and drills on a regular basis. FY2022 was no exception. While implementing measures to combat COVID-19 infections, we held drills that simulate disasters at each of our business bases. We will continue working to minimize the impacts of emergencies and improve our ability to ensure business continuity.
3) Safety Confirmation System
In FY2009, JSR introduced a safety verification system that uses employees’ mobile phones and smartphones. The system can promptly ascertain the safety of employees in the event of a large-scale earthquake or other disasters. In FY2011, we began expanding the system's coverage to include domestic Group companies and the families of JSR employees.
Training using this system is conducted regularly, and JSR is prepared for large-scale and wide-area disasters.
4) Infection Preparedness
We stockpile masks in preparation for an epidemic of influenza or another infectious disease. In addition, before the influenza season, we invite doctors and nurses to JSR's head office and Yokkaichi Plant to provide influenza vaccinations to employees who request one.
Following the spread of the COVID-19 pandemic since FY2020, we continue to maintain our Code of Conduct, enforce the wearing of masks and other protective equipment, implement regulations on outside visitors, share information with our employees around the world, and carry out such measures at each base as working from home in order to sustain the Group’s main manufacturing, research and development bases in Japan, Asia and Europe and the United States.
Although the COVID-19 pandemic is gradually easing, we will continue striving to maintain the operation of each of the Group's business sites in light of the situation in each country and region.
5) Responses to Legal Risks and Compliance Risks
Click on the following link for information on our responses to legal risks and compliance risks.
Response to the Situation in Ukraine
In response to the sanctions and stronger regulations in other countries associated with Russia’s invasion of Ukraine, in FY2022, we confirmed impacts on customers and on the supply chain in the form of the Group’s raw materials procurement and transportation in Japan, Asia, Europe and North America. We also provided support to employees stationed in Europe and their families, increased awareness of cyberattacks among employees, and implemented other measures such as training provided by the HQ response team.
Going forward, we will work on crisis management and business continuity by centrally managing information and taking appropriate actions while respecting the unique culture and autonomy of our bases around the world.
4. Information Security Measures
JSR Group endeavors to manage information in an appropriate and secure manner by establishing Information Security Policy and by thoroughly disseminating the policy to its employees.
Information Security Policy
- JSR Group, by complying with laws and regulations and by observing other social norms relating to the handling of information, will protect information that belong to JSR Group, its customers, business partners and other third parties.
- JSR Group will strive to develop and actively use its information assets for the efficient execution of its business. Officers and employees will only use these information assets for the purposes of their work and within the scope of their authority.
- JSR Group will improve organizations and systems, provide education on information security, thoroughly disseminate this policy and related regulations, and implement measures to ensure information security.
- JSR Group will implement appropriate human, organizational, and technological measures and work to prevent unauthorized access to information assets from outside the company, as well as leaks, falsification, loss, theft and destruction of information assets.
- If an information security-related problem occurs, JSR Group will promptly identify the cause and take measures to minimize damage and prevent recurrences.
- JSR Group will periodically assess and review its information security measures to respond appropriately to changes in external environments.
Established January 2006
Having established an Information Security Policy, JSR Group is working on the appropriate management of information by making this policy known to all employees. In August 2019, we established the Cybersecurity Management Office as the department in charge. We are working alongside outside experts on information security management including Group companies, employee training and education, and strengthening our response capabilities to cyberattacks or other incidents.
In FY2014, we published the Information Security Handbook so as to further increase employee sensitivity toward information leakage risks and to ensure their actions are in compliance with company rules at all times. We make employees aware of this handbook through our company intranet, e-learning, and workplace discussions.
In FY2022, using a ransomware attack as a scenario, we conducted a cyberattack response drill targeting members of HQ emergency response team, including the President.