1. Home
  2. SUSTAINABILITY
  3. Compliance and Risk Management
  4. Risk Management

Risk Management

The risk management of the Group is primarily focused on “building trust with multiple stakeholders and achieving our medium-to-long-term strategies.” We thus consider risks as “uncertainties” that may impact achievement, both potential threats to business as well as potential opportunities. Based on this approach, we have established a risk management structure and have put into place measures for managing such risks proactively and expeditiously.
We manage risk-related information centrally through establishing the Risk Management Department at the Company’s global headquarters, which reports into the Chief Legal Officer (CLO), and assigning a Risk Management Officer (RMO) in each regional headquarters to ensure implementation of risk countermeasures across the Group. The Global Risk Management & Compliance Committee, chaired by the Global CEO and composed of Executive Officers/Regional CEOs, meets on a regular basis to discuss risks and countermeasures. In addition to this, we have identified “risk owners” for each risk category to clarify responsibility for countermeasures. Moreover, we have implemented a transparent monitoring and communicative framework within members of the above-mentioned Committee and Directors to regularly discuss and assess our progress in addressing these risks.

Company-wide Material Risk Assessment Result

As part of our Enterprise Risk Management activities, we annually identify and assess group material risks. These material risks are incorporated into the Group's business plan.
In fiscal year 2023, material risks were identified through a holistic approach combining multiple and comprehensive methods. Specifically, the HQ Risk Management Department interviewed and discussed with HQ Executive Officers, Regional CEOs, and Directors for their view on Group risks. Regional risk assessments and input from relevant functions, as well as insight from external advisors, were also taken into consideration. As a result, the Risk Management Department identified material risks affecting the key areas of our medium-term strategy, SHIFT 2025 and Beyond.
As shown in Table 1 below, the identified material risks were evaluated with the three metrics: “Impact on business,” “Likelihood,” and “Vulnerability.” Subsequently, prioritization and countermeasures were confirmed through the above aforementioned committee meetings and additional individual meetings. Reflecting our corporate policies, personal health (and safety), company assets, business continuity, and impacts to our company reputation are also considered as critical point of views.

Table 1 <Risk evaluation methodology>

Impact on business
  • ・Quantitative impact on business performance (e.g. topline sales) in case of manifestation
  • ・Qualitative impact on our corporate/brand image and culture
Likelihood
  • ・Likelihood and timing of risk manifestation
Vulnerability
  • ・Preparedness against risk
  • ・Controllability of the manifestation of the risk due to external factors

The total of 20 material risks identified through our risk assessment have been organized into three risk categories: “Consumer and Social-related Risks,” “Operation & Fundamental Risks,” and “Other Risks,” as shown in Table 2 below.

Table 2 <Summary of Shiseido Group material risks> ★: Risks that should be prioritized

Consumer and Social-related Risks
  • ・Changes in Consumer Values★
  • ・New Technology and Speed of Digital Acceleration★
  • ・Pace of Cutting-Edge Innovation★
  • ・Corporate and Brand Reputation★
  • ・Environment (Climate Change, Biodiversity, etc.)
  • ・Diversity, Equity & Inclusion (DE&I)
  • ・Natural Disaster, Infectious Disease, and Terrorism
  • ・Geopolitical Tensions★
Operation & Fundamental Risks
  • ・Corporate Culture and Acquisition/Securing Outstanding People★
  • ・Business Structure Transformation★
  • ・Operating Infrastructure★
  • ・Supply Network
  • ・Compliance
  • ・Regulatory
  • ・Quality Assurance
  • ・Governance Structure
  • ・ Information Security★
Other Risks
  • ・Exchange Rate Fluctuations
  • ・Business Investment
  • ・Material Litigation, etc.

As a noteworthy point of the risk assessment results mentioned above, the individual risks identified are more interlinked than in the past and interdependency of the countermeasures is increasing. In addition to that, we have identified risks that have increased in levels compared to the previous fiscal year: “Changes in Consumer Values,” “New Technology and Speed of Digital Acceleration,” “Pace of Cutting-Edge Innovation,” “Corporate and Brand Reputation,” “Geopolitical Tensions,” “Corporate Culture and Acquisition/Securing Outstanding People,” “Business Structure Transformation,” “Operating Infrastructure,” and “Information Security.” For details on Business and Other Risks, please refer to the URL link below.

Business and Other Risks[ PDF : 4.20MB ]

At the same time, compliance programs are being or have been prepared for four priority areas: personal data protection, anti-bribery, anti-cartel, and supplier risk reduction.

Shiseido Group Compliance Initiatives[ PDF : 129KB ]

Incident Response

Shiseido has established the Shiseido Group Crisis Management Policy, a guide for incident response to enable swift and appropriate actions, effective damage control, and early recovery. In Japan, departments in which an incident occurs take initial actions to understand the situation and prevent damage from spreading while promptly reporting to the Risk Management Department. After determining the incident level from the perspectives of severity of damage, possibility of spread, social impact, and other factors, the Risk Management Department assigns members from necessary HQ functions to organize a task force. The task force examines a range of actions to prevent damage from spreading, respond to those affected, and disclose information, while continuously monitoring investigation into cause, progress, and response results and implements reoccurrence prevention measures. Outside of Japan, regional CEOs and RMOs are responsible for leading incident response activities. Significant incidents, such as those which pose a high risk of affecting operations in other regions, are immediately reported to the Risk Management Department at headquarters to enable quick action.

<Shiseido Group Crisis Management Policy>

1.Ensure the safety of employees and their families

2.Preserve company assets

3.Continue operations

4.Earn the trust of stakeholders

Business Continuity Management (BCM)

We have formulated a Business Continuity Plan (BCP) to prepare for major natural disasters and other emergency situations. To enable prompt and appropriate actions by employees according to the BCP in the event of an emergency, we provide regular training and education programs and use the findings from these programs to periodically revise the BCP.

Business Continuity Plan (BCP)

Our BCP is formulated based on the Shiseido Group Crisis Management Policy and the Shiseido Group BCP Concept as described below.

Shiseido Group basic approach to formation of BCP

  • 1. Protecting peoples' lives is the most important thing. Place the highest priority on ensuring the safety of employees and their families and confirm whether they are safe.
    After this, when conducting business operations, consider the safety of employees, and prevent secondary disasters.
  • 2. Protect finances, IT systems, buildings, equipment, and other company assets.
  • 3. Perform operations essential to recovery and operations that should be continued in the event of an emergency by the target time, without fail.
  • 4. Through the above, minimize the impact on customers, business partners (clients and suppliers, etc.), shareholders, employees, society, and other stakeholders; prevent damage to corporate value, and earn the trust of society by providing various forms of support to the local community, etc.

Our BCP consists of a “basic plan” serving as a general guide and “action plans” to specifically describe recovery activities to be carried out by each department.
The BCP is designed primarily for natural disasters and other emergency situations, such as large earthquakes, that can seriously affect business continuity. In order to minimize damage and facilitate early recovery, the plan describes “restoration tasks” (necessary actions to restore basic operations) and “business continuity tasks during an emergency” (actions that must be taken to maintain business operations during disaster situations) and sets “recovery time objectives” to complete said tasks. The plan also specifies in phases the information to be collected, items to be decided, and reporting lines. This plan is executed under the leadership of the HQ Emergency Task Force, with members appointed from necessary divisions to address issues related to employees, facilities, communication systems, information disclosure, funding, and consumer relations. The task force undertakes overall management in cooperation with two other special functions: the Product Supply Continuity Task Force (to recover and sustain supply networks) and the SJ Emergency Task Force (to be responsible for Japan Region operations). In addition to the BCP, for sudden and unexpected incidents such as earthquakes, we have separately developed a business continuity plan for emergencies with gradual/long-term impact, such as infectious disease outbreaks, which sets out matters to be considered and implemented by each phase (infectious disease BCP).

HQ Emergency Task Force Drill

The HQ Emergency Task Force Drill is held on a regular basis as training for effective command and appropriate execution of the BCP. Findings from the drill are used to review and revise existing action plans and BCP-related documents. Relevant parties are notified of changes, ensuring the BCP is updated and all are prepared for immediate action.

Emergency education for employees

To promote individual employee awareness and knowledge of emergency preparedness, we run various training and education programs. BCP briefings are given to heads of departments/offices to increase their understanding and ensure swift action by all staff under their leadership in the event of major emergency, under HQ Emergency Task Force instructions. Additionally, safety confirmation drills are conducted for all employees twice a year, and new hire orientation programs include lectures to raise knowledge and awareness of emergency preparedness.

 

CAREERS