Risk Management

The risk management of the Group is primarily focused on “building trust with multiple stakeholders and achieving our medium-to-long-term strategies”. We thus consider risks as “uncertainties” that may impact achievement, both potential threats to business as well as potential opportunities. Based on this approach, we have established a risk management structure and have put into place measures for managing such risks proactively and expeditiously.
We have placed the Risk Management Department in the Global HQ which reports to CLO (Chief Legal Officer), and RMO（Risk Management Officer） in each regional headquarters to centrally manage related information. The Global Risk Management & Compliance Committee, composed of Executive Officers/Regional CEOs and chaired by the CEO, meets on a regular basis to discuss risks and countermeasures. In addition to this, we have identified “risk owners” for each risk category to clarify responsibility for countermeasures. Moreover, we have implemented a transparent monitoring and communicative framework within the Global Risk Management & Compliance Committee and the Board of Directors to regularly discuss and assess our progress in addressing these risks.

In 2022, material risks were identified through a holistic approach combining multiple and comprehensive methods. Specifically, the HQ Risk Management Department interviewed HQ Executive Officers, Regional CEOs, and External Directors for their view on Group risks. Regional risk assessments and input from relevant functions were also taken into consideration as the HQ Risk Management Department identified material risks affecting the key areas of our medium-term strategy, SHIFT 2025 and Beyond, with input from external advisors.
As shown in Table 1 below, the identified material risks were evaluated with the three measurements of “Impact on business,” “Likelihood,” and “Vulnerability,” followed by confirmation of prioritization and countermeasures through the above committee meetings and other individual meetings.

Reflecting our corporate policies, risk assessment plans have been designed to attach due weight to issues related to personal health (and safety), company assets, business continuity, and reputation.

Total 21 material risks identified through our risk assessment have been organized into three risk categories: “Consumer and Social-related Risks,” “Operation & Fundamental Risks,” and “Other Risks,” as shown in Table 2 below.
We have identified “Risk Owners” for each risk category in an effort to clarify responsibility for countermeasures. Moreover, we have implemented a transparent monitoring and communicative framework within the Global Risk Management & Compliance Committee and the Board of Directors to regularly discuss and assess our progress in addressing these risks.

Shiseido has established the Shiseido Group Crisis Management Policy, a guide for incident response to enable swift and appropriate actions, effective damage control, and early recovery. In Japan, departments in which an incident occurs take initial actions to understand the situation and prevent damage from spreading while promptly reporting to the Risk Management Department. After determining the incident level from the perspectives of severity of damage, possibility of spread, social impact, and other factors, the Risk Management Department assigns members from necessary HQ functions to organize a task force. The task force examines a range of actions to prevent damage from spreading, respond to those affected, and disclose information, while continuously monitoring investigation into cause, progress, and response results and implements reoccurrence prevention measures. Outside of Japan, regional CEOs and RMOs are responsible for leading incident response activities. Significant incidents, such as those which pose a high risk of affecting operations in other regions, are immediately reported to the Risk Management Department at headquarters to enable quick action.

1．Ensure the safety of employees and their families

2．Preserve company assets

3．Continue operations

4．Earn the trust of stakeholders

We have formulated a Business Continuity Plan (BCP) to prepare for major natural disasters and other emergency situations. To enable prompt and appropriate actions by employees according to the BCP in the event of an emergency, we provide regular training and education programs and use the findings from these programs to periodically revise the BCP.

Our BCP is formulated based on the Shiseido Group Crisis Management Policy and the Shiseido Group BCP Concept as described below.

Our BCP consists of a “basic plan” serving as a general guide and “action plans” to specifically describe recovery activities to be carried out by each department.
The BCP is designed primarily for natural disasters and other emergency situations, such as large earthquakes, that can seriously affect business continuity. In order to minimize damage and facilitate early recovery, the plan describes “restoration tasks” (necessary actions to restore basic operations) and “business continuity tasks during an emergency” (actions that must be taken to maintain business operations during disaster situations) and sets “recovery time objectives” to complete said tasks. The plan also specifies in phases the information to be collected, items to be decided, and reporting lines. This plan is executed under the leadership of the HQ Emergency Task Force, with members appointed from necessary divisions to address issues related to employees, facilities, communication systems, information disclosure, funding, and consumer relations. The task force undertakes overall management in cooperation with two other special functions: the Product Supply Continuity Task Force (to recover and sustain supply networks) and the SJ Emergency Task Force (to be responsible for Japan Region operations). In addition to the BCP, for sudden and unexpected incidents such as earthquakes, we have separately developed a business continuity plan for emergencies with gradual/long-term impact, such as infectious disease outbreaks, which sets out matters to be considered and implemented by each phase (infectious disease BCP).

The HQ Emergency Task Force Drill is held on a regular basis as training for effective command and appropriate execution of the BCP. Findings from the drill are used to review and revise existing action plans and BCP-related documents. Relevant parties are notified of changes, ensuring the BCP is updated and all are prepared for immediate action.

To promote individual employee awareness and knowledge of emergency preparedness, we run various training and education programs. BCP briefings are given to heads of departments/offices to increase their understanding and ensure swift action by all staff under their leadership in the event of major emergency, under HQ Emergency Task Force instructions. Additionally, safety confirmation drills are conducted for all employees twice a year, and new hire orientation programs include lectures to raise knowledge and awareness of emergency preparedness.