Risk Management
Basic Views
The Meiji Group recognizes that risk management is not just for responding when emergencies or disasters occur and severely impact business activities. It is also important to take preventive measures to control and mitigate/avert risks.
Risk Management System
The Group established a risk management structure that supports further growth to achieve the Meiji Group 2026 Vision. Under this risk management structure, we identify overall Group management risks, reduce risks, and manage appropriate risk-taking.
In April 2021, we established the Risk Management Department, which is independent of the Audit & Supervisory Board, to strengthen Group-wide risk management, and appointed an executive officer in charge of the department. The Executive Committee evaluates and confirms Group-wide management risks in line with the Group Vision and the risk control status and reports them to the Board of Directors, which evaluates and supervises the system. Thus, we can manage risks by adapting to changes in our operating environment.
Furthermore, we have established risk management systems that are suited to the Food and Pharmaceutical businesses, respectively. We regularly share risk information across the company, which includes risks common to all of our businesses and risks that have impacts on the whole Group. Accordingly, we identify, evaluate, address, and solve risks promptly. The executive officer in charge of the Risk Management Department reports information to the CEO & President and Representative Director.
Strengthen business continuity plans
The Meiji Group recognizes that risk management is not just for responding when emergencies or disasters occur and severely impact business activities. It is also important to take preventive measures to control and mitigate/avert risks.
In addition, as a company responsible for "food and health", we are maintaining and improving our business continuity plan (BCP) so that pharmaceuticals and food can be delivered to those who need it even in an emergency.
We provide employees with ongoing awareness training and regular training to confirm their safety.
In terms of business infrastructure and systems, we work to strengthen BCP in the entire value chain by reinforcing the earthquake resistance of facilities, establishing multiple production bases, duplicating procurement of raw materials, and reinforcing IT system backups.
Basic Policies for Business Continuity Plans
Meiji Group's mission is to continue supplying the products and services our customers need, even in the event of a large-scale disaster. In order to ensure this is possible, we have implemented our BCP in line with the following policies:
- Protect the lives of people involved in Meiji Group's business operations, as well as their families
- Fulfil Meiji Group's social responsibilities
- Minimize damage to business caused by stoppage of operations, or similar causes
The Group Business Management Risks
We appropriately identify risks and develop countermeasures considering the risk impact from a company-wide business management perspective. In this way, we not only minimize risks, but we also achieve sustainable growth and gain new growth opportunities. We outlined the three visions - the Business Vision, Sustainability Vision and Management Foundation Vision - in the Meiji Group 2026 Vision. We have identified the Meiji Group Business Management Risks based on those three Visions.
Among the matters related to the status of business, accounting, etc. as described in this annual securities report, the main risks that management recognizes as having a significant impact on the financial position, operating results and cash flows of the consolidated company are as follows.
(As of June 29, 2023)
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Sale and supply of products and services |
|
|
→ | $$ |
The majority of profits comes from specific products |
|
|
↗︎ | $$ |
Supply chains |
|
|
↑ | $$ |
Technological advances |
|
|
↗︎ | $ |
Laws and regulations |
|
|
→ | $ |
Overseas expansion and overseas Group companies |
|
|
↗︎ | $ |
Business plans, etc. |
|
|
↗︎ | $ |
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Caring for the Earth |
|
|
→ | $ |
Climate change |
|
|
↗︎ | $ |
Thriving Communities |
|
|
↗︎ | $ |
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Corporate Governance |
|
|
→ | $ |
Damage to the Meiji brand |
|
|
→ | $ |
Human capital and culture |
|
|
↗︎ | $ |
Information asset leaks |
|
|
↑ | $$ |
Disaster, emergency or other unforeseen circumstances |
|
|
→ | $ |
The Board of Directors selected the priority initiative topics for FYE March 2023 relating to Group business management risks and confirmed the initiatives of each operating company.
Priority initiative topics for FYE March 2023
1. Identification of risks in China
Given the drastic changes in social circumstances, war and terrorism overseas, we confirmed the details of key risks that threaten the continuity of Chinese business the Meiji Group focuses on and the response system for situations when material risks arise, the level of dependency on China for procurement and the relevant response system.
2. Spread of innovative treatment methods, manufacturing methods, and formulation methods
In responding to the rise of mRNA vaccines as COVID-19 vaccines, we confirmed recognition and evaluation of and response to the technology as we did in the previous fiscal year, and the status of development of replicon vaccine (next-generation mRNA vaccine) against COVID-19.
Information Security
We work to strengthen information security, including the management of personal information and confidential information. In addition to enhancing and implementing intellectual property protection and other information management in accordance with guidelines and rules related to various information management, we ensure employee education and training are provided, and work to strengthen our continuously evolving IT technology.
We provide necessary information to customers through helpdesks and websites established for each business division. For shareholders and investors, we provide information disclosure through our IR activities and a dedicated website.
Basic policy
The Meiji Group understands the importance of ensuring the security of customer personal information and other information assets. With this in mind, we have outlined the Meiji Group Information Security Policy along with various related rules and guidelines that we apply towards ensuring and enhancing information security.
Management structure
The Meiji Group recognizes information security as a business risk. As an information security structure, the Meiji Holdings Co., Ltd. Executive Committee evaluates and confirms the state of information security management, and submits reports to the Board of Directors, which oversees the evaluation and monitoring of this structure. We also establish relevant committees within each operating company to strengthen information security and ensure an effective information security structure. In the event of a serious incident or other emergency situations related to information security, the executive officer in charge of the Risk Management Department at Meiji Holdings Co., Ltd. submits reports directly to the CEO, President and Representative Director.
Initiatives
Employee education
To improve information security awareness, we regularly conduct employee education and training concerning information security.
Information Security Employee Education Implementation Status
Education / training content | FYE March 2022 results |
FYE March 2023 results |
---|---|---|
Rate of new employee training | 100% (162 people) | 100% (168 people) |
Rate of e-learning education | 85% (10,315 of 12,137) | 88% (10,727 of 12,222) |
E-learning details | About risks and measures related to email and internet use (Example) Targeted attack email and cyberattacks that occur at other companies | |
Suspicious email / targeted email attack response training numbers | 11,217 people | 3,578 people* |
Other initiatives | Companywide warnings and one-point lessons about matters such as suspicious emails pretending to be a business partner or Meiji Group employee |
Strengthening incident response
The Meiji Group has created an Incident Response Procedure to prevent incidents before they occur if a security threat is detected as well as to prevent the spread of damage in the event an incident occurs. Specifically, we have established a CSIRT* structure within each operating company and implemented various measures, including outlining a response flow, conducting training, and working to further strengthen coordination between operating companies. This helps ensure business continuity and increase society's trust in the Meiji Group.
CSIRT Structure Example: Meiji Co., Ltd.
Incident response details
We implement various measures to prevent incidents, including electronic media and PC encryption, IT asset management, and log monitoring. In the event of an incident, we prevent information leaks by taking measures such as locking accounts, conducting remote wipes, and investigating logs.
In cases where we suspect an organization has been subject to a cyberattack, we systemically prepare to conduct detection, isolation, and recovery.
Incident Response Procedure
Incident response training
The Meiji Group implements a regular annual training program on incident response. The results of training are reported to the supervising officers of each operating company, and structures are reviewed regularly based on those results.
Cybersecurity response
The Meiji Group continuously works to strengthen the cybersecurity of our IT environment, which includes our website servers and networks. These efforts include third-party vulnerability diagnosis using cyberattack simulations.
Social media risk reduction initiatives
The Meiji Group has established various rules for the use of social networking services in order to reduce social media risks. We also use a company portal website to educate our employees.
Intellectual property rights initiatives
The importance of intellectual property protection is increasing year by year due to the growing awareness of intellectual property rights, including trademark rights such as copyright and design registration, and various measures taken by the government. We have rights to the results obtained through research and development of products and technologies as intellectual property, and utilizes them to continuously supply high value-added products that are unique to the Meiji Group.