We manage risks based on our Basic Risk Management Policy with the aim to reduce management uncertainties and achieve management objectives.
Basic Risk Management and Compliance Policies
Basic Risk Management Policy and Regulations
In our Business Principles we declare “we will strive to anticipate the changing business environment to assess new opportunities for growth.” We consider risk management to be a foundation for reducing management uncertainties and achieving management objectives. Based on our basic risk management policy, we manage risks that make the achievement of management goals uncertain, such as social change, changes in the global environment, natural disasters, accidents and scandals. In addition, we have established "Risk Management Regulations" that include emergency responses to ensure that the "Basic Risk Management Policy" is deployed in specific risk management activities.
Basic Risk Management Policy
- We prevent and reduce risks in order to ensure the quality and safety of our products and services, protect the lives and safety of our employees and their families, and earn greater trust from our stakeholders.
- We create a system to appropriately manage a wide range of risks associated with our business activities.
- We promote risk management through a plan-do-check-act cycle.
- We quickly and appropriately deal with risks as they are identified.
- In collaboration with group companies we build a system for immediately detecting new risks arising from changes in our business environment and for quickly and appropriately dealing with risks at the group level.
Basic Compliance Policy
Under our Business Principles we pledge that we will act in strict compliance with the law and in accordance with social mores. Fully aware that compliance is the foundation of Sustainability management, we published the Basic Compliance Policy and simultaneously created compliance rules in March 2005. We do not limit our definition of compliance to legal compliance; our definition includes compliance with the social mores from which our laws originate, the mission and business principles of our group, and internal regulations.
Basic Compliance Policy (Summary)
- Compliance with our Mission, Business Principles and social norms
- Maintaining internal systems and rules and ensuring broad-based awareness of them
- Cooperation with all group companies and promotion of educational and enlightenment activities
- Establishing appropriate responses and policies for when problems occur
- Timely and appropriate disclosure and communication of necessary information
- Compliance with international standards and rules, and respect for local cultures and customs
- Rejection of illegal and unwarranted demands from antisocial forces or organizations
Anti-Bribery
Message from President on Anti-Bribery Policy
Compliance is the fundamental concept of Taiheiyo Cement Group’s business. In our Business Principle developed based upon such concept, we pledged that, "we will act in an ethical manner and abide by laws and regulations" and published the Basic Policy on Corporate Governance in March 2005.
Furthermore, we established the Anti-Bribery Basic Principle (Policy) in January 2017 in order to enhance anti-corruption measures in light of the recent global trend of tightening regulations related to bribery.
We declare our thorough implementation of anti-bribery measures by publishing this policy outside the group.
Proper Implementation and Management of Public Research Funds and Response to Misconduct in Research Activities
Taiheiyo Cement has established the rules for proper implementation and management of public research funds in its research activities and response to misconduct in research activities based on the Guidelines for Managing and Auditing Public Research Funds at Research Institutions as well as the Guidelines for Responding to Misconduct in Research enacted by the Ministry of Education, Culture, Sports, Science and Technology (MEXT) of Japan, with the following systems installed in accordance with the rules.
The following responsibility system has been established to ensure proper implementation and management of public research funds and prevention of misconduct in research activities at Taiheiyo Cement.
| Responsibilities | Positions at Taiheiyo Cement |
|---|---|
| Chiesexecutive administrator | President and Representative Director |
| Exetutive administrator | Director in charge of research and development |
| Administrator responsible for compliance implementation in pblic research(Research ethics education administrator) | Manager of the office to which researchers and otherinvolved member*belong |
*Every staff member involved in implementation and/or management of competitive or other public research funds
If there are accusation and consultation about misconduct in implementation and management of Public Research Funds and research activity at Taiheiyo Cement, please contact the head office general affairs department.
Initiatives to ensure compliance related to tax
Taiheiyo Cement Group Tax Policy
The Taiheiyo Cement Group formulated the Taiheiyo Cement Group Tax Policy in November 2019 to enhance its corporate governance related to tax.
In accordance with the tax policy, the Group pays taxes appropriately by ensuring compliance related to tax.
Structure and Operation
Our president has ultimate responsibility for risk management and compliance promotion. The officer in charge of both areas (officer in charge of the General Affairs Department) is appointed by the president to preside over and run the Risk Management & Compliance Committee and systematically promote organized activities.
The committee plays a core role in our risk management and compliance promotion for the entire group. It deploys the policy, identifies, evaluates and specifies company-wide risks, implements risk management activities based on PDCA cycles and promotes compliance. Moreover, it creates and revises rules for risk management and compliance, and provides instructions for advancing the awareness and education of employees. Four meetings were held in FY2023.
* Subject to risk management: 100 group companies (as of March 31, 2023)
Whistleblower Program
Reports and requests are handled properly in accordance with normal company procedures. We have also set up whistleblower hotlines to receive reports directly without the need for the usual company procedures. Whistleblowers have the option of either disclosing their identity, or reporting anonymously to mitigate any potential psychological constraints. We have whistleblower hotlines both internally (Compliance Hotline) and externally (at a law firm) in order to safeguard the privacy of those submitting reports. Our external hotline is also available to all employees of group companies in an effort to strengthen group governance, improve program effectiveness and reduce the burden on individual companies. In addition, we created the Whistleblower Program Regulations so whistleblowers using the program are not subject to unfavorable treatment.
| Hotline | No. of cases |
| Internal (whistleblower hotlines) | 4 |
| External (law firm) | 1 |
* Reportable cases according to the Whistleblower Program Regulations.
* Taiheiyo Cement Corporation and group companies subject to risk management by the Risk Management & Compliance Committee are subject to aggregation.
Risk Management and Compliance Promotion Activities
Identifying, Evaluating and Specifying Companywide Risks
We collect, evaluate and identify company-wide risks, including those of group companies, every three years and conduct an annual review of those risks. We carried out a company-wide risk review in FY2023. The purpose of identifying risks is to "review the risks surrounding the Group in light of significant changes in the business environment and risks, identify risks that could have a significant impact on the achievement and sustainability of the Group's business plans and targets, and take measures to avoid or reduce such uncertainties".
Measures to Reduce the Impact of Risks
FY2023 was the final year of the Risk Management & Compliance Committee leading the implementation of measures based on the results of the identification and evaluation of company-wide risks that was conducted in FY2020, and the challenges that were addressed were (1) the establishment of a system to prevent scandals such as accounting irregularities, and (2) the revision of compliance-related rules.
We are implementing activities to reduce risk impact through PDCA cycles.
Examples of Overseas Risk Countermeasures
We have created and regularly revise the Riot/Terrorism Response Manual. In addition, with regard to high-risk countries to which our employees are dispatched, we clearly state the procedure for deciding on local evacuations, have created a tool for evaluating the emergency evacuation level according to changes in local situations, and provide training using the tool. We also list and secure supplies (food, clothes, hygiene supplies, and medicines), as well as cash and other resources needed, in the event of evacuation or an emergency at our overseas business sites.
Emergency Task Force
If an event such as a natural disaster, accident or misconduct has occurred, the affected business site informs the general manager of the General Affairs Department. The general manager considers the severity of the event and determines if an emergency task force should be established or if the response to the event can be delegated to the site management. Appropriate action is then taken by the emergency task force or local management.
7 such events were reported in FY2023. Important information, including how the situation is handled, is reviewed by the CSR Management Committee (now the Sustainability Management Committee).
As preparation for responding to natural disasters and accidents, we also conducted Shake Out earthquake drills that assumed a large-scale earthquake at each business site, and provided training for plant staff so they would understand how to appropriately handle complaints if an accident occurs.
Risk Management and Compliance Promotion Training
We provide risk management and compliance training for managers and promoters working at the company’s business sites and group companies to ensure effective risk management and compliance. In FY2023, we invited an independent lecturer to give a talk in November to the managers at our group companies about “Business and Human Rights Required of Companies Today” and “Precautions and Points to Actively Utilize the Whistleblower Hotlines”, which was attended by managers from 84 companies. The training program was conducted via streaming video due to COVID-19 measures.
Compliance Training
We have created and distributed to all our employees, as well as all those of our main group companies, the Standards of Conduct (Casebook), which describes specific examples on how to act in line with the Standards of Conduct. We regularly revise the Standards of Conduct (Casebook) to reflect the latest information.
In addition, for all company employees, including those on loan to group companies, we conduct monthly quiz tests as part of e-learning programs to provide education on the Standards of Conduct (Casebook) and other materials so they learn how to act in individual situations. In FY2023, 91.7% of employees participated in the program.
Information security
System to Promote Information Security
To ensure and maintain the security of information assets we have established the Basic Information Security Policy and the Information Security Management Regulations. Under the management system in accordance with these regulations, we are actively working to maintain information security.
Our president has ultimate responsibility for information security. The president appoints the officer in charge of information security (officer in charge of the Corporate Planning Department), who presides over and runs the Information Security Committee in order to advance systematic, organized activities to promote information security.
Basic Information Security Policy (Summary)
- All information created in the course of work are ascribed to information assets.
- Take appropriate security measures to protect information assets under management and control from threats.
- Stipulate a manager, management method, handling standards, and other precautions according to the level of importance for all information assets handled, and safeguard security.
- Always comply with laws related to information security and other social norms, and manage personal information in accordance with our Privacy Policy.
- Continuously provide education and awareness building regarding information security to all officers and employees, and strive to keep everyone familiarized with information security.
- Should a security problem occur with regards to information assets, promptly ascertain the cause and strive to minimize any damage.
- Regularly audit the status of information security, and strive to continuously improve and enhance measures to ensure information security.
Privacy Policy (Summary)
- When obtaining, using, providing, entrusting, or otherwise handling personal information, do so appropriately under strict management and strive to protect the information. Also, do not handle personal information beyond the scope needed to achieve the purpose of use.
- Comply with laws and other norms.
- Take appropriate measures to prevent and/or correct unauthorized access as well as the loss, destruction, alteration, or leakage, etc., of personal information.
- Respond appropriately and promptly to complaints and inquiries regarding the handling of personal information.
- Establish a management system for the protection of personal information, and strive to maintain appropriate management.
Activities to Promote Information Security
In addition to conducting disaster recovery drills based on hypothetical emergencies and drills for responding to suspicious e-mails, we have also purchased cyber security insurance in case of a security incident. We also routinely use a portal site on our intranet to remind and educate all employees, and increase awareness of information security.
Further, we conducted drills on how to respond to suspicious e-mails and conducted a self-diagnostic security survey for group companies, and also conducted an infrastructure security survey for one overseas group company. In addition, we encouraged group companies to purchase cyber security insurance, ensure the backing up of critical systems and data, and encryption of their websites. Furthermore, we held an information department exchange meeting to share and spread information security awareness with group companies.
No serious incidents related to information security occurred in FY2023.
We will continue our efforts to improve the security levels of our domestic and overseas group companies.
Risk Management for Intellectual Property
To ascertain recent developments and prevent infringement of other companies’ intellectual property rights, we periodically share information on applications filed by other companies among related divisions, monitor the progress of examinations of obstructive patents, and conduct various patent surveys. Regarding other companies' applications that may be obstructive, we take measures according to the degree of impact on research and development and our business.
Regarding risk strategies for overseas intellectual property, we are focusing on ascertaining and sharing information on the differences from Japan in the legal systems and practices concerning intellectual property in countries where business development is anticipated, and building a support system that draws upon external country-specific experts.
In addition, at various in-house training on intellectual property, we are providing education about the importance of respecting the rights of other companies with the same level of awareness as the protection of their own rights.
To date, we have never been sued for infringing intellectual property rights, and therefore have not suffered any ensuing business obstacles.
