GovernanceRisk Management
Basic ApproachBack to Top
In an age of uncertainty, risks surrounding a business continue to grow more diverse and complex. The most pressing risks include shifts in the world’s political and economic landscapes, numerous international conflicts, environmental shifts brought by climate change, the growing sophistication of cyber-attacks with the advance of the digital transformation, and human rights issues such as forced labor.
As a group of companies engaged in manifold businesses around the world, TOPPAN views accurate detection, appropriate management, and steady prevention of high-impact, high-importance risks as one of the Group’s principal management challenges. In keeping with this viewpoint, we identify a set of “significant risks” affecting us through annual risk assessments.
When a risk actually arises, we immediately collect the necessary information and take comprehensive and strategic countermeasures under our risk management framework to minimize losses, ensure business continuity, and maintain the trust of society.
Significant Risks Selected for Routine ManagementBack to Top
Operating companies are the first line of defense in the Groupwide risk management framework at TOPPAN. These companies identify risks that could have significant impacts on their business and consider countermeasures. The administrative divisions at TOPPAN Holdings Inc. are the second line of defense. These divisions assess the frequency and severity of possible risks and examine the adequacy and effectiveness of countermeasures. Midway through each fiscal year, they review the progress of countermeasures formulated at the beginning of the year and revise them as necessary, taking into account the latest risk-related circumstances. The Management Audit Office, the third line of defense, analyzes and evaluates whether the first and second lines are functioning adequately. The results of the analysis and evaluation are reported to the president & representative director, the Board of Directors, and the Audit & Supervisory Board.
Within this process, risks that could exert severe adverse impacts on our management are defined as “significant risks.” Working as part of the Corporate ESG Project, the Risk Management Working Group (led by the director in charge of risk management; attended by persons in charge of risk management; and administrated by the Compliance Department in the Legal Division) set under the Sustainability Promotion Committee (chaired by the president & representative director) reviews impending risks and selects significant risks for the current year with authorization from the Sustainability Promotion Committee. When selecting the significant risks, the working group considers social conditions, the possibility of risks actualizing over the medium to long term, the alignment with initiatives focused on the Materiality themes we have chosen, the results of risk assessments performed by operating companies, and various other risk-related circumstances within and around the Group.
The Risk Management Working Group regularly reports activity results to the Sustainability Promotion Committee. The promotion committee members discuss risk management independently and objectively, in cooperation with the internal and independent external directors on the TOPPAN Group ESG Management Promotion Committee. Under the supervision of the director in charge of risk management, the working group manages risks from a position independent from business divisions.
Nineteen significant risks have been designated for fiscal 2024. The responsible corporate function divisions at TOPPAN Holdings lead the Group’s efforts to plan countermeasures against these risks and implement comprehensive measures to control them. The director in charge of risk management regularly reports the outcomes of those measures to the Board of Directors.
We have been solidifying our Groupwide risk management framework in the recognition that routine risk control grows in importance when uncertainties increase in the business environment. On April 1, 2024, we appointed a new Chief Risk Officer (CRO) and established a GRC* Division as a risk control body to assist the CRO.
The CRO will spearhead our efforts to consider and review a comprehensive risk management framework throughout the Group, including risk control procedures and the nature of the meeting bodies that discuss risk management. On October 1, 2024, new committees will be established in the Group to deliberate risk management on both the supervisory side (Board of Directors level) and executive side (Management Committee level). The Risk Management Working Group will accordingly become independent from the Sustainability Promotion Committee.
- *
- Governance, risk management, compliance
Existing Risk Management Framework

New Risk Management Framework
(scheduled for October 1, 2024)

The First Line of Defense: Operating Companies
Our operating companies consist of subsidiaries with business divisions responsible for specific business types and subsidiaries without business divisions. Both types are composed of departments and divisions in direct contact with customers such as manufacturing and sales departments (Line 1), and administrative departments handling functions such as business strategy, accounting, legal affairs, and general affairs (Line 1.5). Each department and division performs operations based on a risk management plan formulated by the divisions in charge at the head office (TOPPAN Holdings corporate function divisions). The responsibility for risk management rests with the president of each subsidiary or with the heads of business divisions for the subsidiaries that have adopted a business division system. As the administrative departments generally support the work of Line 1, we describe them as Line 1.5 in our risk management framework.
The Second Line of Defense: TOPPAN Holdings Corporate Function Divisions
The “corporate function divisions” are administrative divisions at TOPPAN Holdings Inc. responsible for functions such as corporate planning, finance, legal affairs, and personnel & labor relations. These divisions instruct operating companies to conduct annual assessments of their routine risk control regimes and verify the control status midway through the fiscal year. The corporate function divisions also select significant risks for the current year, develop management plans, and monitor risk control across the Group. The significant risks and corresponding countermeasures are reported to the Sustainability Promotion Committee and the Board of Directors.
When an operating company reports an incident, the administrative divisions in charge of risk management in the second line (the responsible head office divisions) direct the response or directly handle the issue. The Crisis Management Committee is convened if the impact is significant.
The Third Line of Defense: Management Audit Office
The Management Audit Office, the body in charge of internal audits, analyzes and evaluates whether the first and second lines are functioning adequately. This office conducts operational audits on both lines to check their compliance with relevant laws, regulations, and in-house rules, and to review the mechanisms they employ to prevent misconduct. The office also carries out management audits to verify and evaluate alignment with management objectives and assess whether sufficient and adequate risk control is implemented from a procedural standpoint. The audit results are reported to the president & representative director, the Board of Directors, and the Audit & Supervisory Board.
Significant Risks for Fiscal 2024
Significant risks are reviewed every year, along with emerging risks considered to have the potential to significantly impact our business. The emerging risks identified are examined and controlled from short- and medium-to-long-term perspectives.
Two emerging types of risk are designated as significant risks for fiscal 2024: “1. Risks related to climate change and loss of biodiversity (specifically, biodiversity risks)” and “19. Risks associated with overseas business (specifically, geopolitical risks).”
With regards to the #1 risks, TOPPAN can potentially impact biodiversity through direct operations at more than 170 production sites (plants, warehouses, etc.) around the world. We recognize the potential climate-change/biodiversity risks we impose in view of our high dependence on natural capital, especially lumber, as a procurer of more than one million tons of paper a year.
As for the #19 risks, we recognize the potential geopolitical risks our operations impose or the risks that may affect our operations as we embark on business in the Middle East, Africa, and other parts of the world outside of Japan. Our overseas sales ratio stood at 35% in fiscal 2023. Of those geopolitical risks, TOPPAN notes risks due to penalties for illegal acts (e.g., violations of local laws or regulations, bribery of public officials, association with international cartels) and possible business suspensions, withdrawals, etc. caused by the outbreak, intensification, or prolongation of conflicts.
Please see the “Business and Other Risks” for more details and countermeasures for #1, #19, and other significant risks.
Significant Risks | Main Initiatives | |
---|---|---|
1 | Risks related to climate change and loss of biodiversity |
|
2 | Risks related to environmental pollution (leakage of harmful substances illegal dumping of waste, etc.) |
|
3 | Human injury or physical damage caused by earthquakes, storms, flooding, other natural disasters, or infectious diseases |
|
4 | Human rights risks |
|
5 | Risks associated with control of the Group |
|
6 | Misconduct (serious improper conduct or inappropriate actions, etc.) and compliance violations (bid-rigging, bribery, other legal or regulatory violations) |
|
7 | Risks related to changes in the market environment |
|
8 | Fluctuations in current value of marketable securities |
|
9 | Fluctuations in foreign exchange rates |
|
10 | Risks associated with strategic partnerships, investments, and acquisitions |
|
11 | Risks associated with product research and development, such as loss of research and development investment (changes in the market that exceed expectations, worsening of the performance of alliance partners or companies invested in, delays in the timing of commercialization or sales launch, etc.) |
|
12 | Securing human resources to support growth |
|
13 | Financial risks (financing, non-performing inventory assets, doubtful receivables, etc.) |
|
14 | Risks related to information security (cyberattacks, information leaks) |
|
15 | Risks related to the quality of products and digital services |
|
16 | Risks related to the supply chain (raw material supply issues, inappropriate orders, fraudulent acts by business partners, etc.) |
|
17 | Risks related to occupational health and safety (fire, industrial accidents, violations of labor-related laws, labor disputes, etc.) |
|
18 | Infringement of patents, copyrights, and other intellectual property rights |
|
19 | Risks associated with overseas business (legal and regulatory violations, geopolitical risk, legal action, labor disputes, international taxation, and other items not included in preceding paragraphs) |
|
Risk Management Framework
In accordance with the Rules on Risk Management, we have set up a risk management framework where responsibilities for risk management are allotted to specific divisions in the head office (TOPPAN Holdings corporate function divisions) based on the types of risk involved.
When a risk actually arises somewhere in the Group, the responsible corporate function division coordinates with relevant business divisions and administrative departments to minimize the negative impacts on business and reports to the Board of Directors if an incident is significant. When emergency response actions are needed, the president or vice president is responsible for forming an emergency taskforce to properly handle the issue. The taskforce is composed of officers in charge of the relevant corporate function divisions, audit & supervisory board members, legal consultants, and other outside experts.
Risk Management Liaison Meeting
All of the personnel in charge of risk management in the corporate function divisions assemble on a regular basis to share information at the Risk Management Liaison Meeting. When a risk actually arises, the responsible persons from relevant corporate function divisions convene an extraordinary meeting to take necessary actions and develop preventive measures.
Alerting Officers and Employees on Risk ManagementBack to Top
TOPPAN’s internal website posts a set of Rules on Risk Management along with a list of risks facing the Group, details on the division-specific regimes set up to address individual risks, and various other risk management materials. This site is constantly updated to keep Group employees apprised of the latest risk-related information.
Based on the division-specific risk management framework, the responsible corporate function divisions spearhead Groupwide efforts to organize regular training and audits to foster employee awareness of the risks to be addressed. The impending risks facing us include information and cyber security incidents, natural disasters, infectious disease outbreaks, occupational accidents, environmental issues, and compliance violations.
The TOPPAN Group ESG Management Promotion Committee is a forum where officers from Group companies share and pool their experience to deepen their understanding of ESG and SDG issues. Experts from outside of the Group present risk management lectures for the committee members. External directors also attend the committee to gain insight into risk management and draw senior managers into discussions. We will continue to hold annual risk management lectures at the committee.