Basic Concept

The Nisshinbo Group's basic concept to risk management is clearly stated as action guidelines in the “Risk Management Regulations.”

Action Guidelines for Risk Management

The Nisshinbo Group aims to fulfill its social responsibility, secure trust, and achieve lasting development by accurately addressing management risks that may have a significant impact on the smooth operation of its business. All officers and employees shall recognize the importance of risk management, set risk management targets, and strive to implement and improve them, while complying with the following items.

• ①Comply with laws, regulations, and rules, and conduct business activities in accordance with socially accepted norms.
• ②Protect the health, lives, and safety of its Group's officers, employees, and related parties.
• ③Protect the activities and assets of its Group's stakeholders, shareholders, and customers.
• ④Enhance the reputation of the Group in society by accurately responding to fair and reasonable social demands.

While the main objective of its risk management regulations is to minimize losses in the event of management risk, the Group will also consider it important to view management risk as an opportunity for sustainable growth. To this end, the Nisshinbo Group will create new growth opportunities by understanding and analyzing various changes in the business environment and contributing to society as an Environment and Energy Company group based on business policies derived from the Group's corporate philosophy.

Promotion System

The Nisshinbo Group has established a risk management system, shown in the diagram below, to appropriately address business risks and minimize any losses associated with those risks.

The President and the Director of Nisshinbo Holdings Inc. is the chief risk management officer, and the Chief Exective officer appoints a general manager from among the Managing officer of the Company. The general manager is usually the Director and the Chief of the Corporate Strategy Center of the Company. The Risk Management Secretariat is located in the Corporate Governance Department of Corporate Strategy Center.

The Risk Management Committee, consisting of the chief executive officer, the general manager, and members that include the presidents of each core company, meets annually in January. The committee reports on the previous year's review and deliberates on the formulation of plans for the new fiscal year (priority management risks for each business, etc.). Risk management activities are also defined as a key action items in the 5th Sustainability Promotion Plan, with the qualitative target of "operating a risk management system that responds to the external environment."

• Sustainability Promotion Plan and KPIs

Risk Management Structure

Risk Management

Taking into account the economic impact of identified risks, the Nisshinbo Group strives to respond by category to any of the four types of risk that can be avoided, mitigated, transferred, and held.

Risk Analysis Steps

Risks that cannot be mitigated or transferred because the risk to return is too high will be avoided.
For risks that can be alleviated, management risks will be identified and mitigated by establishing a management system as described below. For transferable risks, the Nisshinbo Group has insurance coverage against economic losses due to various types of disasters and liabilities unavoidably incurred in the course of business operations.
The Group strives to reduce transferable costs by structuring a global insurance program.
Risks that can be owned or overcome and that can be absorbed by its own financing are retained as it is. On the other hand, risks that can be overcome by utilizing the Group's own technology, human resources, and other resources can be viewed as business opportunities. By providing a business model that includes products, services, and networks, the Nisshinbo Group will contribute to the realization of a sustainable society and enhance its corporate value, leading to sustainable growth.

Risk Mitigation Mechanism through Risk Management

For risks that can be mitigated, the Nisshinbo Group is working to reduce risks by implementing a one-year PDCA cycle.
Specific procedures are managed based on the Group’s “Risk Management Regulations.” Every fiscal year, management risks are identified for each business. Each risk is rated on a five-point scale, with the higher score given to the risk with the highest impact and probability of occurrence, and the management risks that exceed a certain level are identified by multiplying the impact and probability of occurrence.

Each business reports the identified management risks to the Risk Management Secretariat. The Risk Management Office confirms the reported management risks with the person in charge of risk management in each business and adjusts the management risk items as necessary, taking into account the risk trends and leveling of the entire Nisshinbo Group. The adjusted management risks are approved by the person in charge of each business (the president of the core company) to determine the management risks to be given special attention in the new fiscal year. The secretariat reports the management risks approved by each business to the Risk Management Committee in January, and risk management activities for the new fiscal year begin. Each business will report its risk management activities as one of the reporting items in the monthly report. The secretariat supports the activities of each business by monitoring the reports and interviewing them on the updated progress and other matters as necessary. At the end of the fiscal year, each business reviews the activities for the year, evaluates whether the significance of impacts and probability of occurrence have decreased, and coordinates the evaluation results with the secretariat. By repeating this process every year, the Group will reduce risks.

In the revised "Fifth Sustainability Promotion Plan," the promotion of risk management activities is also a key action items, and "operating a risk management system that responds to the external environment" is a target to be monitored.

Major Risks and Opportunities

The followings are the major risks and opportunities that management perceives as having the potential to seriously affect the consolidated company's financial position, operating results, and cash flows, among other matters related to business conditions and accounting conditions.

Specific Initiatives of The Nisshinbo Group

Cyber Risk Countermeasures

The Nisshinbo Group continuously implements a variety of different measures to strengthen information security in order to prevent leakage of confidential information, including the personal information of customers.

To counter cyberattacks, the Group monitors e-mails using a targeted e-mail countermeasure system, installs antivirus software on information equipment, and thoroughly applies security correction programs. In addition, the Nisshinbo Group has an information security management system that monitors access to important data and restricts network access to unauthorized information devices. Through these measures, the Nisshinbo Group strives to prevent and control information leaks caused by internal fraud and prevent external attacks.

The Nisshinbo Group established rules that each group company must follow in the "Information Security Guidelines," and the Group conducts internal IT audits of Japan and overseas subsidiaries on a regular basis to confirm compliance with these guidelines and to make continual improvements.

Rules to be followed by information system users have been established in the form of educational materials, and the Nisshinbo Group is working to raise awareness of information security measures among all Group users through the periodic education and the Learning Management System.

To raise cybersecurity awareness, the Nisshinbo Group conducted targeted e-mail training for employees of group companies in Japan. Those who opened the training e-mails were educated about receiving e-mails through the contents displayed upon opening the e-mails. The Nisshinbo Group will continue to conduct this training on an ongoing basis.

Countermeasures Against Leaks of Technical Information

In November 2022 and January 2023, the Nisshinbo Group, with the cooperation of the Public Safety Department of the Metropolitan Police Department, held lectures on the latest trends in information leakage countermeasures for the president of Nisshinbo Holdings Inc. and the management of each group company, as well as managers and employees in the technical divisions, information systems divisions, and risk management divisions of each company. The lectures provided an opportunity for participants to review their understanding of recent cases of sophisticated technological theft and the methods used to prevent such thefts.

The Group will continue to reduce the risk of technical information leaks by fostering an organizational culture that is less prone to misconduct through the continuous enhancement of security measures for information systems, thorough reviews and management of trade secrets that include technical information, education for individual employees, and maintenance and improvement of trust relationships through work-life balance and more active internal communication.