Risk Management
Basic Views
The Group recognizes that risk management is not just for responding when emergencies or disasters occur and severely impact business activities. It is also important to take preventive measures to control and avert/mitigate management risks.
Risk Management System
The Group established a risk management structure that supports further growth to achieve the Meiji Group 2026 Vision. Under this risk management structure, we identify overall Group management risks, reduce risks, and manage decisive risk-taking.
We established the Risk Management Department, which is separated from the Audit & Supervisory Board, to strengthen Group-wide risk management, and appointed an executive officer in charge of the department. The Executive Committee evaluates and confirms Group-wide management risks in line with the Group Vision and the risk control status and reports them to the Board of Directors, which evaluates and supervises the system. Thus, we can manage risks by adapting to changes in our operating environment.
Furthermore, to establish risk management systems that are suited to the Food Segment and Pharmaceutical Segment, respectively, we periodically share information, identify issues, and address them appropriately. We regularly share risk information across the Group, which includes risks common to all of our segments and risks that have impacts on the whole Group. Accordingly, we identify, evaluate, address, and solve risks promptly. The executive officer in charge of the Risk Management Department reports, as needed, information to the CEO, President and Representative Director.
Strengthen business continuity plans
The Meiji Group recognizes that risk management is not just for responding when emergencies or disasters occur and severely impact business activities. It is also important to take preventive measures to control and mitigate/avert risks.
In addition, as a company responsible for "food and health", we are maintaining and improving our business continuity plan (BCP) so that pharmaceuticals and food can be delivered to those who need it even in an emergency.
We provide employees with ongoing awareness training and regular training to confirm their safety.
In terms of business infrastructure and systems, we work to strengthen BCP in the entire value chain by reinforcing the earthquake resistance of facilities, establishing multiple production bases, duplicating procurement of raw materials, and reinforcing IT system backups.
Basic Policies for Business Continuity Plans
Meiji Group's mission is to continue supplying the products and services our customers need, even in the event of a large-scale disaster. In order to ensure this is possible, we have implemented our BCP in line with the following policies:
- Protect the lives of people involved in Meiji Group's business operations, as well as their families
- Fulfil Meiji Group's social responsibilities
- Minimize damage to business caused by stoppage of operations, or similar causes
The Group Business Management Risks
We appropriately identify risks and develop countermeasures considering the risk impact from a company-wide business management perspective. In this way, we not only minimize risks, but we also achieve sustainable growth and gain new growth opportunities. We outlined the three visions — the Business Vision, Sustainability Vision, and Management Foundation Vision — in the Meiji Group 2026 Vision. We have identified the Meiji Group Business Management Risks based on those three Visions.
Among the matters related to the status of business, accounting, etc. as described in this annual securities report, the main risks that management recognizes as having a significant impact on the financial position, operating results, and cash flows of the consolidated company are as follows.
The future risks outlined in the table below are categorized based on the Group's medium- and long-term management strategies. We have assessed their importance to the Group, taking into account the likelihood of occurrence and the level of impact on the Group.
The information represents risks recognized by the Group as of the date of submission of this annual securities report. These risks are not a comprehensive representation of all the risks related to our businesses.
(As of June 27, 2024)
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Sale and supply of products and services |
|
|
↗︎ | $$ |
The majority of profits comes from specific products |
|
|
↗︎ | $$ |
Supply chains |
|
|
↗︎ | $$ |
Technological advances |
|
|
↑ | $$ |
Laws and regulations |
|
|
→ | $ |
Overseas expansion and overseas Group companies |
|
|
↗︎ | $ |
Business plans, etc. |
|
|
↗︎ | $ |
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Caring for the Earth |
|
|
↗︎ | $ |
Climate change |
|
|
→ | $ |
Thriving Communities |
|
|
→ | $ |
Risks | Countermeasures | Change in risk recognition from previous year | Importance to the Group | |
---|---|---|---|---|
Corporate Governance |
|
|
→ | $ |
Damage to the Meiji brand |
|
|
↗︎ | $$ |
Human capital and culture |
|
|
↗︎ | $ |
Information asset leaks |
|
|
→ | $$ |
Disaster, emergency or other unforeseen circumstances |
|
|
↗︎ | $$ |
The Board of Directors selected the priority initiative topics for FYE March 2024 relating to Group business management risks and confirmed the initiatives of each operating company.
Priority initiative topics for FYE March 2024
1. Information leaks and system shutdowns due to unauthorized access, etc.
Damage suffered by companies due to ransomware and targeted email attacks have become more prominent, and therefore, we confirmed our countermeasures against cyberattacks, especially such as unauthorized access targeting overseas subsidiaries, under usual conditions and responses when such incidents occur.
The Group has established incident response procedures with the aim of preventing incidents when security threats are detected and mitigating the impact of incidents when they occur. Specifically, each operating company has built a CSIRT structure, based on which each develops response flows, conducts training, and strengthens cooperation with other operating companies. These measures support business continuity and enhance trust from society. Additionally, we continuously strengthen our cybersecurity by conducting vulnerability tests, including simulated hacker attacks by third parties, on our website servers, networks, and other IT environments.
2. Unstable product supplies due to distribution problems
As part of the "Work style reform laws" implemented in stages since April 2019, regulations such as limiting truck drivers' overtime work to 960 hours per year will be enforced starting from April 2024. Along with this, concerns have been raised regarding potential logistics challenges, so called the "logistics 2024 problem," due to the anticipated decrease in truck drivers' working hours leading to potential transportation capacity shortages. In light of this, we have reviewed the current situation, challenges, and responses related to the Group's product logistics.
The Group has subsidiary companies in charge of logistics functions, through which we maintain close communication with transportation providers and are working on measures aimed at optimizing logistics and enhancing its productivity in line with the government's "Policy Package for Logistics Innovation" and its associated guidelines.
Information Security
We work to strengthen information security, including the management of personal information and confidential information. In addition to enhancing and implementing intellectual property protection and other information management in accordance with guidelines and rules related to various information management, we ensure employee education and training are provided, and work to strengthen our continuously evolving IT technology.
We provide necessary information to customers through helpdesks and websites established for each business division. For shareholders and investors, we provide information disclosure through our IR activities and a dedicated website.
Basic policy
The Meiji Group understands the importance of ensuring the security of customer personal information and other information assets. With this in mind, we have outlined the Meiji Group Information Security Policy along with various related rules and guidelines that we apply towards ensuring and enhancing information security.
Management structure
The Meiji Group recognizes information security as a business risk. As an information security structure, the Meiji Holdings Co., Ltd. Executive Committee evaluates and confirms the state of information security management, and submits reports to the Board of Directors, which oversees the evaluation and monitoring of this structure. We also establish relevant committees within each operating company to strengthen information security and ensure an effective information security structure. In the event of a serious incident or other emergency situations related to information security, the executive officer in charge of the Risk Management Department at Meiji Holdings Co., Ltd. submits reports directly to the CEO, President and Representative Director.
Initiatives
Employee education
To improve information security awareness, we regularly conduct employee education and training concerning information security.
Information Security Employee Education Implementation Status
Education / training content | FYE March 2022 | FYE March 2023 | FYE March 2024 |
---|---|---|---|
results | results | results | |
Rate of new employee training | 100% (162 people) | 100% (168 people) | 100% (159 people) |
Rate of e-learning education | 85% (10,315 of 12,137) | 88% (10,727 of 12,222) | 83% (11,703 of 14,061) |
E-learning details | About risks and measures related to email and internet use | Importance of initial response to information security incidents and accidents | |
Suspicious email / targeted email attack response training numbers | 11,217 people | 3,578 people* | 14,273 people |
Other initiatives | Companywide warnings and information security one-point lessons |
Strengthening incident response
The Meiji Group has created an Incident Response Procedure to prevent incidents before they occur if a security threat is detected as well as to prevent the spread of damage in the event an incident occurs. Specifically, we have established a CSIRT* structure within each operating company and implemented various measures, including outlining a response flow, conducting training, and working to further strengthen coordination between operating companies. This helps ensure business continuity and increase society's trust in the Meiji Group.
CSIRT Structure Example: Meiji Co., Ltd.
Incident response details
We implement various measures to prevent incidents, including electronic media and PC encryption, IT asset management, and log monitoring. In the event of an incident, we prevent information leaks by taking measures such as locking accounts, conducting remote wipes, and investigating logs.
In cases where we suspect an organization has been subject to a cyberattack, we systemically prepare to conduct detection, isolation, and recovery.
Incident Response Procedure
Incident response training
The Meiji Group implements a regular annual training program on incident response. The results of training are reported to the supervising officers of each operating company, and structures are reviewed regularly based on those results.
Cybersecurity response
The Meiji Group continuously works to strengthen the cybersecurity of our IT environment, which includes our website servers and networks. These efforts include third-party vulnerability diagnosis using cyberattack simulations.
Social media risk reduction initiatives
The Meiji Group has established various rules for the use of social networking services in order to reduce social media risks. We also use a company portal website to educate our employees.
Intellectual property rights initiatives
The importance of intellectual property protection is increasing year by year due to the growing awareness of intellectual property rights, including trademark rights such as copyright and design registration, and various measures taken by the government. We have rights to the results obtained through research and development of products and technologies as intellectual property, and utilizes them to continuously supply high value-added products that are unique to the Meiji Group.