GovernanceRisk Management
Basic ApproachBack to Top
Risks surrounding corporations continue to diversify and grow more complex. The most pressing risks include global shifts in political and economic landscapes, environmental shifts brought by climate change, the growing sophistication of cyber-attacks with the advance of digital transformation, and human rights issues such as forced labor.
As a group of companies engaged in manifold businesses, the TOPPAN Group views accurate detection, appropriate management, and steady prevention of these impending risks as one of its principal management challenges. In keeping with this viewpoint, we identify a set of “significant risks” affecting us through annual risk assessments and take steps to prevent their occurrence.
When a significant risk actually arises, we immediately collect the necessary information and take comprehensive and strategic countermeasures under our risk management structure to minimize losses, ensure business continuity, and maintain the trust of society.
Routine Risk Management Structure and “Significant Risk” Selection ProcessBack to Top
As the first line of defense of the companywide risk management structure, the TOPPAN Group operating companies identify risks that could have a significant impact on each business and consider countermeasures. Next, as the second line of defense, the corporate function divisions within TOPPAN Holdings assess the frequency and potential severity of the risks, and examine the adequacy and effectiveness of the countermeasures formulated. Midway through each fiscal year, the second line reviews the progress of the countermeasures formulated at the beginning of the fiscal year and revises them as necessary, taking into account the latest risk-related trends. As the third line of defense, the Management Audit Office, analyzes and evaluates whether the first and second lines are functioning adequately. The results of the analysis and evaluation are reported to the representative directors, the Board of Directors, and the Audit & Supervisory Board.
Through the above process, risks that could exert severe adverse impacts on management are defined as “significant risks." These risks are reviewed annually by the Risk Management Working Group (led by the Director in charge of Risk Management; attended by persons in charge of risk management at the responsible head office divisions; and administrated by the Compliance Department in the Legal Division), one of the Corporate ESG Projects established under the Sustainability Promotion Committee (chaired by the President & Representative Director), and approved by the Sustainability Promotion Committee. The consideration of "significant risks" takes into account the group’s response to the “material issues” it has selected, the results of risk assessments at each operating company, social conditions, and the possibility of risks materializing from a medium to long-term perspective.
The Risk Management Working Group regularly reports activity results to the Sustainability Promotion Committee. The committee members discuss risk management independently and objectively, in cooperation with the TOPPAN Group ESG Management Promotion Committee, which includes independent external directors.
Under the leadership of the Director in charge of Risk Management, the Risk Management Working Group manages risks from a position independent from the business divisions within the Group.
Under the direction of the Chief Risk Officer (Director) in charge of the GRC Division, which was established on April 1, 2024 as the department in charge of risk management, we are currently examining and reviewing ways to further strengthen the companywide risk management structure, including the aforementioned risk management procedures and the structure of the bodies for discussing risk management.
First line (operating companies)
The operating companies of the TOPPAN Group consist of subsidiaries that have business divisions for each type of business, and subsidiaries that do not have a business division system. In either case, the operating companies are composed of departments and divisions in direct contact with customers, such as manufacturing and sales (Line 1), and administrative departments such as business strategy, accounting, legal affairs and general affairs (Line 1.5). Each department and division carries out its business based on the risk management plan formulated by the division in charge at the head office. The responsibility for risk management rests with the representative director of each subsidiary, or with the heads of business divisions for subsidiaries that have adopted the business division system. It is noted that generally, the administrative departments support the work of the first line, therefore they are described as Line 1.5 in the risk management structure.
Second line (TOPPAN Holdings corporate function divisions)
Corporate function divisions are administrative departments such as corporate planning, finance, legal affairs, and human resources. For routine risk management, they annually instruct operating companies to conduct a risk assessment, and verify progress at mid-term of the fiscal year. In addition, the divisions annually select significant risks for the TOPPAN Group, develop response plans, and implement thorough management. The risks selected and corresponding countermeasures are reported to the Sustainability Promotion Committee and the Board of Directors. When an incident is reported by an operating company, the division in charge of risk management in the second line (the responsible head office divisions) handles it. If the impact of the incident is significant, the Crisis Management Committee is convened.
Third line (Management Audit Office)
The Management Audit Office is responsible for conducting internal audits to analyze and evaluate whether the first and second lines are functioning adequately. Specifically, the office conducts operational audits to check for issues in the mechanisms for the prevention of misconduct and for compliance with relevant laws, regulations, and in-house rules. The office also performs management audits, focusing on processes to verify and evaluate alignment with management objectives, and whether sufficient and adequate risk control is implemented. The audit results are reported to the representative directors, the Board of Directors, and the Audit & Supervisory Board.
Risk Management Structure
We designated 19 significant risks in fiscal 2024. The responsible head office divisions spearhead Groupwide efforts to plan countermeasures against these risks and implement comprehensive measures to control them. The Director in charge of Risk Management regularly reports the outcomes of those measures to the Board of Directors.
Significant Risks for Fiscal 2024
The TOPPAN Group reviews its significant risks annually, and identifies and manages emerging risks that could have a significant impact on its business. The emerging risks are examined from both short-term and medium to long-term perspectives, and appropriate measures are implemented.
In fiscal 2024, "1. Risks related to climate change and loss of biodiversity (of which, biodiversity risk)" and "19. Risks associated with overseas business (of which, geopolitical risk)" are the emerging risks identified.
With regards to "1. Risks related to climate change and loss of biodiversity (of which, biodiversity risk)”, the Group, which has 124 manufacturing sites in Japan and 51 overseas, recognizes that there are potential risks because direct operations may have an impact on biodiversity, and our procurement of over 1 million tons of paper annually is heavily dependent on natural capital such as timber.
As for "19. Risks associated with overseas business (of which, geopolitical risk)”, while the Group, with an overseas sales ratio of 35% in fiscal 2023, is working to expand its business in the Middle East, Africa and other regions, we recognize that there are potential risks, including the risk of penalties due to violations of local laws and regulations, bribery of public officials, international cartels and other illegal acts, as well as the possibility of business suspension or withdrawal due to the outbreak, intensification or prolongation of disputes.
Please refer to “Business and Other Risks" for details and countermeasures for significant risks including emerging risks 1 and 19 mentioned above.
* Link: https://www.holdings.toppan.com/en/ir/governance/risk.html
| List of Significant Risks (and Countermeasures Taken) | |
|---|---|
| 1 | Risks related to climate change and loss of biodiversity |
| 2 | Risks related to environmental pollution (leakage of harmful substances, illegal dumping of waste, etc.) |
| 3 | Human injury or physical damage caused by earthquakes, storms, flooding, other natural disasters, or infectious diseases |
| 4 | Human rights risks |
| 5 | Risks associated with control of the Group |
| 6 | Misconduct (serious improper conduct or inappropriate actions, etc.) and compliance violations (bid-rigging, bribery, other legal or regulatory violations) |
| 7 | Risks related to changes in the market environment |
| 8 | Fluctuations in current value of marketable securities |
| 9 | Fluctuations in foreign exchange rates |
| 10 | Risks associated with strategic partnerships, investments, and acquisitions |
| 11 | Risks associated with product research and development, such as loss of research and development investment (changes in the market that exceed expectations, worsening of the performance of alliance partners or companies invested in, delays in the timing of commercialization or sales launch, etc.) |
| 12 | Securing human resources to support growth |
| 13 | Financial risks (financing, non-performing inventory assets, doubtful receivables, etc.) |
| 14 | Risks related to information security (cyberattacks, information leaks) |
| 15 | Risks related to the quality of products and digital services |
| 16 | Risks related to the supply chain (raw material supply issues, inappropriate orders, fraudulent acts by business partners, etc.) |
| 17 | Risks related to occupational health and safety (fire, industrial accidents, violations of labor-related laws, labor disputes, etc.) |
| 18 | Infringement of patents, copyrights, and other intellectual property rights |
| 19 | Risks associated with overseas business (legal and regulatory violations, geopolitical risk, legal action, labor disputes, international taxation, and other items not included in preceding paragraphs) |
Risk Management Structure
In accordance with the Rules on Risk Management, we have set up a risk management structure under which the responsibilities for risk management are allotted to specific divisions in the head office based on the types of risk involved.
When a risk actually arises somewhere in the Group, the responsible head office division coordinates with relevant business divisions to minimize the negative impacts on business and reports to the Board of Directors if the incident is severe. When emergency response actions are needed, the President & Representative Director or the Executive Vice President & Representative Director is responsible for forming an emergency taskforce to properly handle the issue. The taskforce is composed of directors in charge of the relevant head office divisions, audit & supervisory board members, legal consultants, and other outside experts.
Risk Management Liaison Meeting
All of the personnel in charge of risk management in the head office divisions assemble on a regular basis to share information at the Risk Management Liaison Meeting. When a risk actually arises, the responsible persons from relevant head office divisions convene an extraordinary meeting to take necessary actions and develop preventive measures.
Fostering Risk AwarenessBack to Top
Our internal website posts a set of Rules on Risk Management along with a list of risks facing the Group, details on the division-specific structures set up to address individual risks, and various other risk management materials. This site is constantly updated to keep Group employees apprised of the latest risk-related information.
Based on the division-specific risk management structure, the responsible head office divisions spearhead Groupwide efforts to organize regular training and audits to foster employee awareness of the risks to be addressed. The impending risks facing us include information and cyber security incidents, natural disasters, infectious disease outbreaks, occupational accidents, environmental issues, and compliance violations.
The TOPPAN Group ESG Management Promotion Committee is a forum where officers from Group companies share and pool their experience to deepen their understanding of ESG and SDG issues. Experts from outside of the Group present risk management training programs for the committee members. The external directors on the committee also provide additional information and draw senior managers into discussions.
We will continue to hold annual risk management training programs at the committee.