Risk Management

Shareholders and Investors, Customers, Suppliers and Other Trade Partners, Employees, Local Communities, Global Environment

Risk Management Initiatives

We classify risks surrounding the company by category and implement an annual survey of domestic and overseas group companies to determine which risks have the greatest impact on management. The results of the survey are shared with the Risk Management Committee, and important risks that should be addressed by the entire group are selected and prioritized for action.

Risk Categories List

Domain Risk Categories
Transactions and legal Violation of antitrust laws, unauthorized trade, bankruptcy of business partners, violation of subcontracting acts, contract troubles, trade restrictions, etc.
Society and economy Change in market conditions and customer needs, fluctuation of interest rate, exchange rate and stock price, etc.
Natural phenomenon Earthquakes, wind and flood damage, lightning strikes, land subsidence, etc.
Politics War, terrorism, riots, stricter regulations, antisocial forces, etc.
Technology Delay and obsolescence in technological innovation, etc.
Management and internal control Insider trading, tax evasion/underreporting, failure of business strategy, public relations failure, intellectual property infringement, shareholder derivative suits, etc.
Finance Fictitious accounting, insufficient funds, etc.
Products Product accidents, data impersonation, delay of delivery, insufficient performance, use of prohibited materials, ethical violations in the supply chain, delay in responding to claims, etc.
Employment Human resource outflows/excesses, moral degeneration, harassment, illegal employment, scandals, labor-management problems/strikes, etc.
Information System downtime, cyber-attacks, information leaks, etc.
Environmental problems Pollutant leakage, noise/vibration, illegal dumping, violation of environmental laws and regulations, etc.
Safety and health Disease/mental health of employees, traffic accidents, novel influenza, etc.
Facilities and equipment Fire/explosion, equipment accident, theft/vandalism, trespassing, etc.
Human rights Violation of human rights laws and regulations, etc.
The following are the key risks we are aware of and the measures we are taking (excerpts).

Business Continuity Risk

Large-Scale Disaster

We have formulated a Business Continuity Plan (BCP) in order to quickly return to normal business activities in the event of a large-scale disaster such as an earthquake. Starting with the Automotive Anti-Vibration Business Divisions in 2010, the formulation of BCPs has now been completed at all domestic bases, including all the group companies. Currently, we are checking the effectiveness of the BCPs, evaluating the linkage of each BCPs and conducting drills for further spiral improvement.
In 2018, we also began creating a disaster initial response plan focusing on initial measures in the event of a large-scale disaster. We are conducting drills based on the prepared plan to improve the effectiveness of the plan. Furthermore, we are collaborating with the purchasing division to share information on the status of procurement in the event of a disaster or accident.

Infectious Diseases

Based on the knowledge gained from the countermeasures against the new coronavirus infection, we have formulated the "Sumitomo Riko Group Action Plan for Countermeasures against New Infectious Diseases" by completely revising the existing "Sumitomo Riko Group Action Plan for Countermeasures against Highly Virulent New Influenza". We are striving to expand our crisis management system including the measures for new coronaviruses and other infectious diseases in addition to seasonal influenza.
From now on, we will work to strengthen the Group's infectious disease countermeasures and business continuity by spreading the action plan throughout the Group, including overseas companies.

Risks of Information Leakage

Protection of Personal Information

In accordance with the "Personal Information Protection Policy" and "Basic Rules for the Protection of Personal Information," we handle the personal information of our customers, business partners, and employees in an appropriate manner while complying with the laws and other regulations regarding the protection of personal information.
In addition, in response to the EU General Data Protection Regulation (GDPR) and other global trends toward tighter regulations, we are working to respond to revisions of the legal systems in each country and region, and the entire Group is strengthening its personal information management system and addressing the risk of information leaks.
Information Security Basic Policy
The Sumitomo Riko Group has established the Basic Policy on Information Security to maintain and improve information security, which is one of the most important issues in our business activities, in order to become a "Global Excellent Manufacturing Company" that is needed worldwide and to continue to be a company that is trusted by our customers and society.
1. Establishment of Rules for Information Security
The Group shall establish and comply with rules, guidelines, and other regulations in order to appropriately manage information assets in accordance with the risks they pose in the course of conducting business.
2. Information Security Management Structure
The Group shall promote organizational, personnel, technical, and physical information security measures by establishing a company-wide information security management system led by a director who is responsible for information security.
3. Information Security Education
The Group shall provide education on information security to directors and employees to improve their information security literacy.
4. Continuous Information Security Management
The Group shall strive to continuously improve and enhance information security in response to changes in laws and regulations, changes in the social environment, and changes in information security risks, as well as to maintain and improve security measures.

Information Security Management System

In order to address information security measures on a company-wide basis, under the Chief Information Security Officer (CISO), who oversees information security measures, the Group has established a "Risk Management Committee" to determine and address management risks, and the "Computer Security Incident Response Team (CSIRT)" to respond to information security incidents such as data corruption and information leaks due to cyber-attacks, we have established a system to prepare for cyber risks.

Implementation of Information Security Measures

In response to the demand for reform of the IT utilization environment, such as DX, work style reforms, and the use of cloud services, we are striving to improve employee IT literacy and reduce security risks.
Main Activities:
・Establishment of rules and guidelines to maintain information security
・Information security education (group education, e-learning, etc.) and targeted e-mail training
・Vulnerability assessment of critical systems
・Training on how to respond to security incidents

Security Export Control Risks

In order to comply with export regulations for the purpose of international security, we have established internal rules for export control and an export control system with the Director as the Chief Officer.
When exporting, etc., we conduct appropriate screening of individual business negotiations and obtain individual export permits before conducting export activities.
For employees involved in export operations, mainly in internal departments, regular training based on the latest case studies is conducted to raise awareness and acquire knowledge of security export control. In fiscal 2021, a total of 220 employees participated in the training. In addition, we are constantly monitoring the appropriateness of activities by checking the management status within the company and at affiliates, and sharing information among internal departments and affiliates through the Risk Management Committee to reduce security export control risks for the entire Group.

Export Control System



JP Tower Nagoya 1-1-1, Meieki, Nakamura-ku, Nagoya-shi, Aichi 450-6316, Japan
Access map

Komaki Head

1, Higashi 3-chome, Komaki-shi, Aichi 485-8550, Japan
Access map