Basic ApproachBack to Top

In an age of uncertainty, risks surrounding a business continue to grow more diverse and complex. The most pressing risks include shifts in the world’s political and economic landscapes, numerous international conflicts, environmental shifts brought by climate change, the growing sophistication of cyber-attacks with the advance of the digital transformation, and human rights issues such as forced labor.

As a group of companies engaged in manifold businesses around the world, TOPPAN views accurate detection, appropriate management, and steady prevention of high-impact, high-importance risks as one of the Group’s principal management challenges. In keeping with this viewpoint, we identify a set of “significant risks” affecting us through annual risk assessments.

When a risk actually arises, we immediately collect the necessary information and take comprehensive and strategic countermeasures under our risk management framework to minimize losses, ensure business continuity, and maintain the trust of society.

Significant Risks Selected for Routine ManagementBack to Top

Operating companies are the first line of defense in the Groupwide risk management framework at TOPPAN. These companies identify risks that could have significant impacts on their business and consider countermeasures. The administrative divisions at TOPPAN Holdings Inc. are the second line of defense. These divisions assess the frequency and severity of possible risks and examine the adequacy and effectiveness of countermeasures. Midway through each fiscal year, they review the progress of countermeasures formulated at the beginning of the year and revise them as necessary, taking into account the latest risk-related circumstances. The Management Audit Office, the third line of defense, analyzes and evaluates whether the first and second lines are functioning adequately. The results of the analysis and evaluation are reported to the president & representative director, the Board of Directors, and the Audit & Supervisory Board.

Within this process, risks that could exert severe adverse impacts on our management are defined as “significant risks.” Working as part of the Corporate ESG Project, the Risk Management Working Group (led by the director in charge of risk management; attended by persons in charge of risk management; and administrated by the Compliance Department in the Legal Division) set under the Sustainability Promotion Committee (chaired by the president & representative director) reviews impending risks and selects significant risks for the current year with authorization from the Sustainability Promotion Committee. When selecting the significant risks, the working group considers social conditions, the possibility of risks actualizing over the medium to long term, the alignment with initiatives focused on the Materiality themes we have chosen, the results of risk assessments performed by operating companies, and various other risk-related circumstances within and around the Group.

The Risk Management Working Group regularly reports activity results to the Sustainability Promotion Committee. The promotion committee members discuss risk management independently and objectively, in cooperation with the internal and independent external directors on the TOPPAN Group ESG Management Promotion Committee. Under the supervision of the director in charge of risk management, the working group manages risks from a position independent from business divisions.

Nineteen significant risks have been designated for fiscal 2024. The responsible corporate function divisions at TOPPAN Holdings lead the Group’s efforts to plan countermeasures against these risks and implement comprehensive measures to control them. The director in charge of risk management regularly reports the outcomes of those measures to the Board of Directors.

We have been solidifying our Groupwide risk management framework in the recognition that routine risk control grows in importance when uncertainties increase in the business environment. On April 1, 2024, we appointed a new Chief Risk Officer (CRO) and established a GRC* Division as a risk control body to assist the CRO.

The CRO will spearhead our efforts to consider and review a comprehensive risk management framework throughout the Group, including risk control procedures and the nature of the meeting bodies that discuss risk management. On October 1, 2024, new committees will be established in the Group to deliberate risk management on both the supervisory side (Board of Directors level) and executive side (Management Committee level). The Risk Management Working Group will accordingly become independent from the Sustainability Promotion Committee.

*
Governance, risk management, compliance
Existing Risk Management Framework
New Risk Management Framework
(scheduled for October 1, 2024)

The First Line of Defense: Operating Companies

Our operating companies consist of subsidiaries with business divisions responsible for specific business types and subsidiaries without business divisions. Both types are composed of departments and divisions in direct contact with customers such as manufacturing and sales departments (Line 1), and administrative departments handling functions such as business strategy, accounting, legal affairs, and general affairs (Line 1.5). Each department and division performs operations based on a risk management plan formulated by the divisions in charge at the head office (TOPPAN Holdings corporate function divisions). The responsibility for risk management rests with the president of each subsidiary or with the heads of business divisions for the subsidiaries that have adopted a business division system. As the administrative departments generally support the work of Line 1, we describe them as Line 1.5 in our risk management framework.

The Second Line of Defense: TOPPAN Holdings Corporate Function Divisions

The “corporate function divisions” are administrative divisions at TOPPAN Holdings Inc. responsible for functions such as corporate planning, finance, legal affairs, and personnel & labor relations. These divisions instruct operating companies to conduct annual assessments of their routine risk control regimes and verify the control status midway through the fiscal year. The corporate function divisions also select significant risks for the current year, develop management plans, and monitor risk control across the Group. The significant risks and corresponding countermeasures are reported to the Sustainability Promotion Committee and the Board of Directors.

When an operating company reports an incident, the administrative divisions in charge of risk management in the second line (the responsible head office divisions) direct the response or directly handle the issue. The Crisis Management Committee is convened if the impact is significant.

The Third Line of Defense: Management Audit Office

The Management Audit Office, the body in charge of internal audits, analyzes and evaluates whether the first and second lines are functioning adequately. This office conducts operational audits on both lines to check their compliance with relevant laws, regulations, and in-house rules, and to review the mechanisms they employ to prevent misconduct. The office also carries out management audits to verify and evaluate alignment with management objectives and assess whether sufficient and adequate risk control is implemented from a procedural standpoint. The audit results are reported to the president & representative director, the Board of Directors, and the Audit & Supervisory Board.

Significant Risks for Fiscal 2024

Significant risks are reviewed every year, along with emerging risks considered to have the potential to significantly impact our business. The emerging risks identified are examined and controlled from short- and medium-to-long-term perspectives.

Two emerging types of risk are designated as significant risks for fiscal 2024: “1. Risks related to climate change and loss of biodiversity (specifically, biodiversity risks)” and “19. Risks associated with overseas business (specifically, geopolitical risks).”

With regards to the #1 risks, TOPPAN can potentially impact biodiversity through direct operations at more than 170 production sites (plants, warehouses, etc.) around the world. We recognize the potential climate-change/biodiversity risks we impose in view of our high dependence on natural capital, especially lumber, as a procurer of more than one million tons of paper a year.

As for the #19 risks, we recognize the potential geopolitical risks our operations impose or the risks that may affect our operations as we embark on business in the Middle East, Africa, and other parts of the world outside of Japan. Our overseas sales ratio stood at 35% in fiscal 2023. Of those geopolitical risks, TOPPAN notes risks due to penalties for illegal acts (e.g., violations of local laws or regulations, bribery of public officials, association with international cartels) and possible business suspensions, withdrawals, etc. caused by the outbreak, intensification, or prolongation of conflicts.

Please see the “Business and Other Risks” for more details and countermeasures for #1, #19, and other significant risks.

Significant Risks Main Initiatives
1 Risks related to climate change and loss of biodiversity
  • Setting of SBT-validated targets for the reduction of greenhouse gas emissions
  • Establishment of BCP measures, including preparation for the impact of disasters, measures to mitigate damage (windproofing, waterproofing), and maintenance of supply capabilities through the creation of backup structures for manufacturing and procurement
  • Confirm legality in the procurement of raw materials of paper and contribute to the conservation of areas in which society lives in harmony with nature, both inside and outside the Group
2 Risks related to environmental pollution (leakage of harmful substances illegal dumping of waste, etc.)
  • Management and maintenance of hazardous substance storage tanks that could potentially be the source of accidental pollution and discharge
  • Manage manifests stringently, assess appropriate treatment by waste treatment contractors via the Group’s assessment sheet, and conduct onsite inspections, as countermeasures to the risk of illegal disposal or improper treatment of waste by contractors
3 Human injury or physical damage caused by earthquakes, storms, flooding, other natural disasters, or infectious diseases
  • Formulation of a business continuity plan (BCP)
  • Holding of annual supplier BCP workshops conducted by external experts
  • Acquisition of ISO 22301 certification in security-related businesses
4 Human rights risks
  • Establishment of the Human Rights Policy
  • Work to mitigate and rectify human rights risks through surveys and dialogues with the Group’s stakeholders
  • Under the Sustainability Promotion Committee, chaired by the president & representative director, the Human Capital Working Group advances efforts to promote human rights across the Group.
5 Risks associated with control of the Group
  • Operation of the Related Company Administration Regulations
  • Instill awareness of the TOPPAN Group Conduct Guidelines as a set of fundamental rules for compliance
6 Misconduct (serious improper conduct or inappropriate actions, etc.) and compliance violations (bid-rigging, bribery, other legal or regulatory violations)
  • Establishment of the TOPPAN Group Conduct Guidelines
  • Operation of the Conduct Guidelines Promotion Leader system
7 Risks related to changes in the market environment
  • Transform our business portfolio focusing on three growth businesses: digital transformation (DX) business, sustainable transformation (SX) in Japan and Living & Industry business overseas, and new businesses
8 Fluctuations in current value of marketable securities
  • Regularly examine the rationale for strategic shareholdings and monitor the financial condition of the entities in which shares are held
9 Fluctuations in foreign exchange rates
  • Establishment of risk management guidelines
  • Use hedging methods, such as forward exchange contracts
10 Risks associated with strategic partnerships, investments, and acquisitions
  • Strengthen due diligence and monitoring and devise improvement plans
11 Risks associated with product research and development, such as loss of research and development investment (changes in the market that exceed expectations, worsening of the performance of alliance partners or companies invested in, delays in the timing of commercialization or sales launch, etc.)
  • Confirm the progress of research, make decisions on advancing research to further stages, and identify risks to prevent delays in executing projects
12 Securing human resources to support growth
  • Create various channels for the recruitment of both new graduates and mid-career personnel
  • Regularly update in-house human resource development programs and provide opportunities for comprehensive learning, ranging from basic capabilities to practical skills
13 Financial risks (financing, non-performing inventory assets, doubtful receivables, etc.)
  • Diversify the means and terms of financing
  • Maintain and reinforce a sound financial standing
  • Review financial plans
  • Ensure that departments work together to improve turnover efficiency through sales promotion activities
  • Ensure that quality is maintained through regular checks of inventory quality and management status
  • Set credit limits and review credit regularly in accordance with the credit management policy
  • Preserve receivables in the case of delays in collection or credit impairment
14 Risks related to information security (cyberattacks, information leaks)
  • Evaluate the degree of maturity of security measures and provide guidance for improvements
  • Ensure employee awareness of relevant rules through regular training and confirm observance of rules and provide instructions for improvements via internal audits and audits of subcontractors
15 Risks related to the quality of products and digital services
  • Establishment of quality management systems based on international standards in accordance with basic policies on product safety management and service quality
16 Risks related to the supply chain (raw material supply issues, inappropriate orders, fraudulent acts by business partners, etc.)
  • Formulation of the TOPPAN Group Sustainable Procurement Guidelines
  • Disperse risks through the securing of multiple energy suppliers
  • Operation of the Supplier Hotline consultation desk
17 Risks related to occupational health and safety (fire, industrial accidents, violations of labor-related laws, labor disputes, etc.)
  • Continuously promote measures to reduce working hours, analyze overtime working hours, and consider the introduction and use of new work systems
  • Promote safety awareness by deploying employees in charge of safety and safety experts to TOPPAN Group sites
  • Establishment of safety training facilities called “Anzen Dojo”
18 Infringement of patents, copyrights, and other intellectual property rights
  • Continuously monitor and research the intellectual property rights of other parties from a global perspective
  • Establish a robust intellectual property portfolio by acquiring rights in accordance with the countries and regions in which we conduct business
19 Risks associated with overseas business (legal and regulatory violations, geopolitical risk, legal action, labor disputes, international taxation, and other items not included in preceding paragraphs)
  • Set out guidelines for elements of governance, such as overall management, and work with overseas subsidiaries to advance the establishment, observance, operation, and practical implementation of structures and schemes based on the guidelines
  • Create an effective governance structure by conducting internal and accounting audits
  • Conduct business environment risk assessment using systems provided by third-party organizations

Risk Management Framework

In accordance with the Rules on Risk Management, we have set up a risk management framework where responsibilities for risk management are allotted to specific divisions in the head office (TOPPAN Holdings corporate function divisions) based on the types of risk involved.

When a risk actually arises somewhere in the Group, the responsible corporate function division coordinates with relevant business divisions and administrative departments to minimize the negative impacts on business and reports to the Board of Directors if an incident is significant. When emergency response actions are needed, the president or vice president is responsible for forming an emergency taskforce to properly handle the issue. The taskforce is composed of officers in charge of the relevant corporate function divisions, audit & supervisory board members, legal consultants, and other outside experts.

Risk Management Liaison Meeting

All of the personnel in charge of risk management in the corporate function divisions assemble on a regular basis to share information at the Risk Management Liaison Meeting. When a risk actually arises, the responsible persons from relevant corporate function divisions convene an extraordinary meeting to take necessary actions and develop preventive measures.

Alerting Officers and Employees on Risk ManagementBack to Top

TOPPAN’s internal website posts a set of Rules on Risk Management along with a list of risks facing the Group, details on the division-specific regimes set up to address individual risks, and various other risk management materials. This site is constantly updated to keep Group employees apprised of the latest risk-related information.

Based on the division-specific risk management framework, the responsible corporate function divisions spearhead Groupwide efforts to organize regular training and audits to foster employee awareness of the risks to be addressed. The impending risks facing us include information and cyber security incidents, natural disasters, infectious disease outbreaks, occupational accidents, environmental issues, and compliance violations.

The TOPPAN Group ESG Management Promotion Committee is a forum where officers from Group companies share and pool their experience to deepen their understanding of ESG and SDG issues. Experts from outside of the Group present risk management lectures for the committee members. External directors also attend the committee to gain insight into risk management and draw senior managers into discussions. We will continue to hold annual risk management lectures at the committee.

Back to Top