1. Mitsuboshi Belting Ltd.
  2. Sustainability
  3. Risk Management

Governance

Risk Management

Our view on risk management

With the aim of becoming a “sustainable company,” the Mitsuboshi Belting Group recognizes the importance of risk management and continually works to improve its management systems. As a risk management method, we have adopted the concept of “risk and opportunity,” which is an ISO requirement. Based on that concept, we set strategies, policies, plans, and targets to effectively deploy risk management in our business activities.

Our approach to risk management

  1. Integrating risk management and business activities

    The Mitsuboshi Belting Group will contribute to the realization of a sustainable society by effectively employing the results of our risk management activities in ensuring an ESG management practice that allows us to respond to any changes in the business environment and to sustain our business in a stable manner.

  2. Scope of risks

    In the Group’s risk management activities, we address negative non-financial impacts concerning human rights, compliance, health and safety, the environment, quality, and other areas in the same way as we handle negative financial impacts.

  3. Personnel responsiblefor implementation

    In our risk management activities, personnel responsible for implementation are clearly defined to ensure the execution of activities.

  4. Personnel implementing risk management activities

    Our risk management activities are carried out by all executives and employees and cover all of our business activities. Additionally, to ensure the effectiveness of our risk management, information related to the business environment is always kept up-to-date, and particular attention is paid to information obtained from stakeholders.

  5. Maintaining and improving risk management systems

    Effectively functioning risk management systems are in place, maintained, and improved to ensure the execution of our risk management.

  6. Information disclosure

    Information concerning risk management is disclosed to all stakeholders in a timely and appropriate manner.

Management system

The Mitsuboshi Belting Group has a Risk Management Committee* in place, aiming to monitor and evaluate our risk management activities against issues (significant risks) in our business activities that could have a large impact on our business and that should be addressed by the entire Group, as well as to maintain and develop the risk management systems across the Group.

  • Chairperson: An executive appointed by the President; Committee members: Responsible persons of all business departments and affiliated companies

Every fiscal year, the Risk Management Committee determines significant risks and organizations responsible for the respective risks, persons in charge, goals, and plans, receives reports on the response status from the persons in charge of the responsible organizations twice a year in principle, and deliberates on the contents of the reports. The details of decisions made in the selection of significant risks as well as deliberations regarding the response status are reported to the President and the Board of Directors each time. The Risk Management Committee also plays the role of driving the Mitsuboshi Belting Group’s risk management activities from a systemic perspective (such as policies, regulations, and procedures).

Regarding the risk management activities to address the issues (various risks arising in each management environment, including significant risks) that business departments or affiliated companies have determined should be addressed, the responsible persons of respective business departments or affiliated companies define the departments in charge and the persons in charge along with targets and plans in a policy document for the relevant fiscal year for approval by the President. After approval is granted, risk management activities are carried out and the persons in charge monitor and evaluate the implementation status on a daily basis. Once a year, in principle, the responsible persons of business departments or affiliated companies report the implementation status of risk management activities to the President and the Board of Directors, and after deliberation on the report, instructions are given as necessary.

Risk assessment

The Mitsuboshi Belting Group assesses risks based on two factors, the degree of impact on business activities and the probability of occurrence, in the process of selecting issues (risks) that should be addressed. When the Risk Management Committee selects significant risks, for example, it assesses risks based on their impact (Large: 1 billion yen or more; Medium: 100 million to 1 billion yen; and Small: less than 100 million yen) and probability (High: once a year or more; Medium: once in two years; and Low: less than once in ten years). Our business departments and affiliated companies establish their own assessment criteria according to the scale of their business and use them in their risk assessment.

Understanding risks

In FY2023, the Risk Management Committee improved the assessment method to use a risk assessment sheet so that we can make riskssurrounding our business as apparent as possible and identify risks that should be addressed as a priority. Consequently, the Committee identified the following as significant risks for the Mitsuboshi Belting Group: (1) Suspension of business activities and the supply of rawmaterials due to natural disasters, bankruptcy, large-scale accidents, or the like, (2) Information leakage and system outage due to information security incidents, (3) Decline in corporate value due to failure to achieve CO2 emissions reduction targets, (4) Recalls, claims for compensation, or other actions resulting from product quality defects, and (5) Decline in corporate value due to compliance violations. The Committee has also developed countermeasures, organizations for implementing them, responsible personnel, targets, and plans for each risk and monitored and evaluated the implementation status.

Examples of responses to significant risks

(1) Business continuity plan (BCP)

Our Risk Management Committee began its activities in FY2015, and every year it identifies “suspension of business activities and the supply of raw materials due to natural disasters, bankruptcy, large-scale accidents, or the like” as a significant risk. To address this risk, a “business continuity plan (BCP)” was introduced in FY2016. We recognize that it is our corporate responsibility to utilize a BCP to promptly restore business activities since their suspension could cause damage not only to the Mitsuboshi Belting Group but also to the society as a whole that collaborates in the value chain.

In the Mitsuboshi Belting Group, site-based contingency plans have been developed and implemented under our quality management and environmental management systems to respond to emergency situations at the respective sites. In addition, to establish a unified approach throughout the Group, a BCP Development and Implementation Procedure has been developed and implemented to unify BCP policy, purpose, and development and operation processes. As a result, a system has been established to systematically manage risks in accordance with this standard. We aim for sustainable corporate activities that will enable us to respond to unexpected accidents and disasters by continually improving our BCP management system.

-Management system

As mentioned above, the Mitsuboshi Belting Group implements its BCP activities as measures to address the significant risks identified by the Risk Management Committee. The Safety and Environment Management Department, appointed as the organization responsible for our BCP, maintains the BCP Development and Implementation Procedure and monitors the operational status of BCPs deployed at our respective business locations on a monthly basis. The department also provides education and training, disseminates information, and offers assistance in the development of a BCP when necessary. In addition, although our business locations formulate their own BCPs, we review them with a bird’s-eye view of the entire Group to ensure that their BCPs are not too specific to their own situation. The details of our BCP activities are reported to the Risk Management Committee twice a year and to the President and the Board of Directors after deliberation by the Committee.

-Implementation status

We reviewed the BCP Development and Implementation Procedure to clearly define a business impact analysis (BIA) process and switched from the previously implemented cause-based BCP to an outcome-based (all hazards) BCP throughout the Group. The business impact analysis (BIA) is a method of examining all operations to identify the most important operations for business continuity, and it greatly influences the effectiveness of a BCP. An outcome-based BCP is a plan to restore operations in a situation where resources needed for business continuity have been lost, without limiting to specific types of accidents or disasters. We have adopted this type of BCP to deal with unexpected accidents and disasters. We were aiming to expand it to all of our production sites, including those overseas, through our activities in FY2023.

(2) Information security

Our current information networks are linked not only within the Group but also to external systems, making it difficult to prevent in-house information security incidents from impacting society, and vice versa. Each company connected to an information network must take responsibility for managing its own information security and preventing incidents from occurring. Recognizing the importance of information security management, the Mitsuboshi Belting Group established the Information Security Committee in 2021, which works to ensure information security for the entire Group based on our information security policy.

The Risk Management Committee continued to define “information leakage and system outage due to information security incidents” as a significant risk for FY2023. The details of such activities of the Information Security Committee are reported to the Risk Management Committee and are shared with the responsible personnel of all business departments and affiliated companies of the Group.

-Management system

The Mitsuboshi Belting Group aims to build an Information Security Management System (ISMS), with the Information Security Committee playing a central role, in order to meet the demands of car manufacturers, which are our important customers.

The Information Security Committee is made up of a Chairperson appointed by the President and other members who are the heads of business and administrative departments designated by the Chairperson. The Committee is responsible for identifying information security challenges that should be addressed as a Group; determining the department responsible for each issue; and monitoring, evaluating, and providing instructions on the implementation status, the details of which are reported to the President and the Board of Directors. Additionally, the Information Security Committee is also responsible for developing, promoting, and improving information security management systems for the whole Mitsuboshi Belting Group.

-Implementation status

In FY2022, the Information Security Committee launched an ISMS for our Kobe Head Office, which complies with the Trusted Information Security Assessment Exchange (TISAX), an information security standard published by the German Association of the Automotive Industry. After establishing policies, regulations, and procedures, the Committee has appointed information security managers in all departments and trained them to identify information assets, assess risks, provide training, and so on in each department. The implementation status and effectiveness of the system are verified through internal audits with corrective measures instructed as necessary and their completion and effectiveness confirmed. In FY2023, we deployed the ISMS to our Group companies in Japan. We are also taking measures to prevent information security incidents by introducing and deploying across the Group security software that detects cyberattacks and controls damage. In FY2024, we plan to deploy the ISMS to our Group companies outside of Japan.