Governance
Risk Management
Risk Management
Our view on risk management
With the aim of becoming a “sustainable company,” the Mitsuboshi Belting Group recognizes the importance of risk management and continually works to improve its management systems. As a risk management method, we have adopted the concept of "risk and opportunity," which is an ISO requirement. Based on that concept, we engage in business activities with strategies, policies, plans, and targets in place and risk management effectively deployed. In addition, as part of the plan for FY2023 and beyond, and for the purpose of ensuring thorough risk management across the Group, our risk management regulations will be revised to clearly define a risk management policy, and risk management systems and processes.
Our approach to risk management
1.Integrating risk management and business activities
- The Mitsuboshi Belting Group will contribute to the realization of a sustainable society by effectively employing the results of our risk management activities in ensuring an ESG management practice that allows us to respond to any changes in the business environment and to sustain our business in a stable manner.
2.Scope of risks
- In the Group’s risk management activities, we address negative non-financial impacts concerning human rights, compliance, health and safety, the environment, quality, and other areas in the same way as we handle adverse financial impacts.
3.Personnel responsible for implementation
- In our risk management activities, personnel responsible for implementation are clearly defined to ensure the execution of activities.
4.Personnel implementing risk management activities
- Our risk management activities are carried out by all executives and employees, and cover all of our business activities. Additionally, to ensure the effectiveness of our risk management, information related to the business environment is always kept up-to-date, and particular attention is paid to obtaining information from stakeholders.
5.Maintaining and improving risk management systems
- Effectively functioning risk management systems are in place, maintained, and improved to ensure the execution of risk management activities.
6.Information disclosure
- Information concerning risk management is disclosed to all stakeholders in a timely and appropriate manner.
Management system
We have a Risk Management Committee* in place, aiming to monitor and evaluate our risk management activities against issues (significant risks) in our business activities that could have a large impact on our business and that should be addressed by the entire Group, as well as to maintain and develop the risk management systems across the Group.
*Chairperson: An executive appointed by the President;
Committee members: Responsible persons of all business divisions and affiliated companies
Every fiscal year, the Risk Management Committee determines major risks and organizations responsible for the respective risks, persons in charge, goals, and plans, and receives reports on the response status from the persons in charge of the responsible organizations twice a year in principle, and deliberates on the contents of the reports. The details of decisions made in the selection of significant risks as well as deliberations regarding the response status are reported to the Management Council each time, which informs the Board of Directors of those details. The Risk Management Committee also plays the role of driving the Mitsuboshi Belting Group's risk management activities from a systemic perspective (such as policies, regulations, and procedures).
Regarding the risk management activities to address the issues (various risks rising in each management environment, including serious risks) that business divisions or affiliated companies have determined to address themselves, the risk management manager of the business division or affiliated company defines the department in charge and the person responsible for each risk along with targets and plans in a policy document for the fiscal year for approval by the President. After approval is granted, risk management activities are carried out with the manager monitoring and evaluating the implementation status on a daily basis. Once a year, in principle, the risk management manager of the business division or affiliated company reports on the status of risk management activities to the Management Council, which deliberates on the report and provides instructions as necessary. The implementation status is also reported to the Board of Directors through the Management Council.
Risk assessment
The Mitsuboshi Belting Group assesses risks based on two factors, the degree of impact on business activities and the likelihood of occurrence, in the process of selecting issues (risks) that should be addressed. For example, the Risk Management Committee selects serious risks based on their impact (Large: 1 billion yen or more; Medium: 100 million to 1 billion yen; and Small: less than 100 million yen) and probability (High: once a year or more; Medium: once in two years; and Low: less than once in 10 years). Our business divisions and affiliated companies establish their own assessment criteria based on the scale of their business and use the criteria in their risk assessment.
Integration of climate change-related risk management and overall risk management
Implementation status
The Risk Management Committee identified in FY2022 the following significant risks for the Group: (1) Suspension of business activities (production, sales, indirect operations) due to the spread of the new coronavirus infection, (2) Decline in corporate value due to failure to achieve CO2 emissions reduction targets , (3) Suspension of business activities and the supply of raw materials due to a natural disaster, bankruptcy, large-scale accident, or the like, (4) Information leakage and system outage due to information security incidents, and (5) Soaring costs including raw materials and transportation due to dramatic political and economic changes (decrease in operating income). The Committee has also developed countermeasures; defined organizations, responsible personnel, goals, and plans for each risk; and monitored and evaluated the implementation status.
| Identified significant risks | Activities and achievements |
|---|---|
| (1) Suspension of business activities (production, sales, and indirect operations) due to the spread of the new coronavirus infection | The COVID-19 Task Force, which is made up of directors and the heads of relevant departments, has been keeping track of the infection status across the Mitsuboshi Belting Group, and has provided instructions on response measures as necessary. This has enabled the Group to conduct business activities in a stable manner. |
| (2) Decline in corporate value due to failure to achieve CO2 emissions reduction targets | We are on track to achieve our CO2 emissions reduction target for FY2023 (down by 22% from FY2013) by promoting measures such as introducing solar power generation systems and switching to electricity generated by renewable energy and to carbon-neutral gas. Reducing GHG emissions is part of our Materiality, and the progress of each measure is reported to the Sustainability Promotion Committee. |
| (3) Suspension of business activities and the supply of raw materials due to a natural disaster, bankruptcy, large-scale accident, or the like | A system is in place to mutually complement production operations between our sites. In parallel with this, we are sourcing raw materials and MRO (maintenance, repair, and operations) materials from multiple suppliers and developing a business continuity plan (BCP). |
| (4) Information leakage and system outage due to information security incidents | We have launched an information security management system at our Kobe Head Office and are currently rolling it out to all Group companies. |
| (5) Soaring costs including raw materials and transportation due to dramatic political and economic changes (decrease in operating income) | We have successfully minimized the impact of soaring raw material and transportation costs by utilizing DX (digital transformation) to share and discuss information on the purchase of raw materials and inventories among relevant departments. |
Business continuity plan (BCP)
Our Risk Management Committee began its activities in FY2015, and defines "suspension of business activities and disruption of raw material supply due to an incident such as a natural disaster, bankruptcy, or large-scale accident" as a significant risk every year. To address this risk, a "Business Continuity Plan (BCP)" was introduced in FY2016. We recognize that it is a company's responsibility to utilize a BCP to promptly restore business activities since their suspension could cause damage not only to the Mitsuboshi Belting Group but also to the society as a whole that collaborates in the value chain.
Site-based contingency plans have been developed and implemented under our quality management and environmental management systems to respond to emergency situations at the respective sites. In addition, to establish a unified approach throughout the Group, a BCP Development Procedure has been developed and implemented with unified BCP policy, purpose, and development and operation processes in place. As a result, a system has been established to systematically manage risks in accordance with this standard. We aim for sustainable corporate activities that will enable us to respond to unexpected accidents and disasters, by continually improving our BCP management system.
-Management system
As mentioned above, the Mitsuboshi Belting Group implements its BCP activities as measures to address the significant risks defined by the Risk Management Committee. The Safety and Environment Management Department appointed as the organization responsible for our BCP maintains the "BCP Development and Implementation Procedure" and monitors the operational status of BCPs deployed at our respective business locations on a monthly basis. The department also provides education and training, disseminates information, and offers assistance in the development of a BCP when necessary. In addition, although our business locations formulate their own BCPs, we review them from a bird's-eye view as the Group to ensure that their BCPs are not too specific to their own situation. The details of our BCP activities are reported to the Risk Management Committee twice a year, and to the President and the Board of Directors after deliberation at the Committee.
-Implementation status
In FY2022, we reviewed the BCP Development and Implementation Procedure to clearly define a business impact analysis (BIA) process, and switched from the previously implemented cause-based BCP to an outcome-based (all hazards) BCP throughout the Group. The Business Impact Analysis (BIA) is a method of identifying all operations and the most important operations for business continuity, and greatly influences the effectiveness of a BCP. An outcome-based BCP is a plan to restore operations in a situation where resources needed for business continuity have been lost, without limiting to specific types of accidents or disasters. We have adopted this type of BCP to deal with unexpected accidents and disasters.
“Security Export Control”
To ensure proper export control for sustained global peace and safety, security export control systems have been established after the development of the Security Export Control Regulation, which specifies a policy, control systems and processes, and other requirements. We engage in security export control activities under this Regulation and the systems. The global landscape with frequent invasions, civil wars, and terrorism keenly reminds us of the increasing importance of security export control. We will commit ourselves to steadily and swiftly carrying out security export control activities to ensure that our products, raw materials, and the like will never be used in weapons of mass destruction such as nuclear weapons.
-Management system
The President has the most authority in security export control, and a director appointed by the President serves as Export Control General Manager. The General Manager appoints the persons in charge of the departments that are deemed necessary for export control as Export Control Officers, and forms a Security Export Control Secretariat having the personnel charged with export control in relevant departments as its members. The Manager also provides instructions and information through the secretariat, monitors and assesses the status of the respective departments’ activities, and reports the results to the President.
-Implementation status
In-house training is provided to all employees in order to deepen their understanding of the importance of security export control and its control methods. Additionally, newly appointed Export Control Officers and secretariat members receive more professional training by external specialized organizations to maintain and improve the security export control systems. In FY2022, 80 people, including 17 executives, received training.
We have uploaded the results of our assessment for the applicability of our products to security export control to our website in order to quickly answer increasing inquiries from our customers about the applicability as security export control becomes more pervasive in society.
https://www.mitsuboshi.com/support/non_applicability/
Information security
Our current information networks are linked not only within the Group but also to external systems, making it difficult to prevent in-house information security incidents from impacting on society, and the opposite is also true. Each company connected to an information network must take responsibility for managing its own information security and preventing incidents from occurring. Recognizing the importance of information security management, the Mitsuboshi Belting Group established the Information Security Committee in 2021 and works to ensure information security for the entire Group based on our information security policy.
The Risk Management Committee defined "information leakage and system outage caused by information security incidents" as a significant risk for FY2022. The details of activities of the Information Security Committee are reported to the Risk Management Committee, and are shared with the responsible personnel of all business divisions of the Group and affiliated companies.
-
Mitsuboshi Belting Group Information Security Policy
The Mitsuboshi Belting Group (hereinafter referred to as "the Group") is committed to ensuring information security across the Group based on the policy below in order to protect the information of our customers and business partners as well as the information assets held by the Group from threats such as accidents, disasters, and crimes, and to live up to the trust that society has placed in us.
The Group identifies information assets that need to be protected, and establishes and operates information security systems to protect those assets.1.. Establishment of information security systems
The Group will comply with laws and regulations on information security as well as contractual security requirements.2.Regulatory compliance
The group continuously provides education and training regarding information security to our employees.3Provision of education and training
In the event of an information security-related incident, the Group will promptly investigate the cause, and strive to minimize damage and prevent recurrence.4.Response to security incidents
The Group regularly reviews and improves its information security systems in order to adapt to changes in our businesses, society, technology, and other developments.5.Continuous improvement
Mitsuboshi Belting Ltd.
-Management system
The Mitsuboshi Belting Group aims to build an Information Security Management System (ISMS), with the Information Security Committee playing a central role, in order to meet the demands of car manufacturers, which are our important customers.
The Information Security Committee is made up of the Chairperson appointed by the President and the heads of business and administrative divisions designated by the Chairperson. The Committee is responsible for identifying information security challenges that should be addressed as the Group; determining the division responsible for each issue; monitoring, evaluating, and providing instructions on the implementation status; and reporting these details to the Management Council. The contents of deliberations on these reports at the Management Council are reported to the Board of Directors through the Council. Additionally, the Information Security Committee is responsible for developing, promoting, and improving information security management systems for the whole Mitsuboshi Belting Group.
-Implementation status
In FY2022, the Information Security Committee launched an ISMS for our Kobe Head Office, which complies with the Trusted Information Security Assessment Exchange (TISAX), an information security standard published by the German Association of the Automotive Industry. After establishing policies, regulations, and procedures, the Committee has appointed information security managers in all departments and trained them to identify information assets, assess risks, provide training, and so on in each department. The implementation status and effectiveness of the System are verified through internal audits with corrective measures instructed as necessary and their completion and effectiveness confirmed. We plan to roll out the ISMS throughout the Mitsuboshi Belting Group.
To address cyber attacks on our hardware, we conduct "vulnerability diagnoses," and the introduction of a vulnerability diagnosis tool in FY2022 has provided us with a system that allows for more thorough and prompt management of the Mitsuboshi Belting Group as a whole.
