Shiseido promotes risk management in order to increase its ability to execute its mid-to-long term strategies. In this light, we define risk as uncertainty that can affect the execution of strategies, spanning downside (threats to success) to upside (opportunities), and develop appropriate structures and systems to control these risks and take necessary actions.
We have installed Risk Management Department in the head office, and Risk Management Officers (RMOs) in each regional headquarters to centrally manage related information. The Global Risk Management & Compliance Committee, composed of corporate officers/regional CEOs and chaired by the CEO, meets on a regular basis to recognize risks and discuss countermeasures.
To implement the five priority strategies for 2020, we have carried out risk management plans according to the following steps: 1. Perform risk-awareness surveys (interview and questionnaire) for HQ corporate officers/ regional CEOs and questionnaires for regional RMOs to identify risk factors 2. Set risk assessment criteria for the following three areas: extent of impact the risk may have on business and other performance; likelihood and timing of the risk having an actual impact; and adequacy of countermeasures against the risk; and 3. Identify and prioritize relevant risks that can affect the execution of the 2020 strategies and examine current risk control situations at the Global Risk Management & Compliance Committee. Reflecting our corporate policies, risk assessment plans have been designed to attach due weight to issues related to personal health (& safety), corporate property, business continuity, and reputation.
Risk factors identified from risk assessment results have been categorized into four parameter groups, according to risk characteristics: Strategies, Business Foundations, Operations, and Others. We have also adopted risk ownership approach, appointing owner to each risk category to take on clearly defined responsibilities of implementing countermeasures and mechanism to enable regular monitoring by the Global Risk Management & Compliance Committee/ Board of Directors.
|Business Strategy Risks||Core Business Risks||Operational Risks||Other Risks|
| || || || |
At the same time, compliance programs are being prepared for four priority areas: personal data protection, anti-bribery*, anti-cartel, and supplier risk reduction.
*We prohibit bribery not only in the form of entertainment or gifts that may raise suspicion of gaining illegal profits, but also in the form of political donations, sponsorships, and charitable activities.
Shiseido has established the Shiseido Group Crisis Management Policy, a guide for incident response to enable swift and appropriate actions, effective damage control, and early recovery. In Japan, departments in which an incident occurs take initial actions to understand the situation and prevent damage from spreading while promptly reporting to Risk Management Department. The department determines incident level from the perspective of severity of damage, possibility of the damage spreading, social impact, and other factors, and assigns members from necessary HQ functions to organize a task force. The task force examines a range of actions to prevent damage from spreading, respond to victims, and disclose information, while continuously monitoring investigation into cause, progress and response results, and implementation of recurrence prevention measures. Outside of Japan, regional CEOs and RMOs are responsible for leading incident response activities. Any incidents exceeding a certain level, such as those posing high risk of affecting operations in other regions, will be immediately reported to the Risk Management Department at the head office so necessary actions are taken without delay.
1．Ensure the safety of employees and their families
2．Preserve company assets
4．Earn the trust of stakeholders
We have formulated business continuity plan (BCP) to prepare for major natural disasters and other emergency situations. To enable prompt and appropriate actions by employees according to the BCP in the event of an emergency, we provide periodic training and education programs and use the findings from these programs to revise the BCP periodically.
Our BCP is formulated based on the Shiseido Group Crisis Management Policy and the Shiseido Group BCP Concept as described below.
1. Protecting peoples' lives is the most important thing. Place the highest priority on ensuring the safety of employees and their families and confirm if they are safe.
After this, when conducting business operations, consider the safety of employees and prevent secondary disasters.
2. Protect finances, IT systems, buildings, equipment, and other company assets.
3. Perform operations essential to recovery and operations that should be continued in the event of an emergency by the target time, without fail.
4. Through the above, minimize the impact on customers, business partners (clients and suppliers, etc.), shareholders, employees, society, and other stakeholders; prevent damage to corporate value; and earn the trust of society by providing various forms of support to the local community, etc.
Our BCP consists of basic plan to provide a general guide, and action plans to specifically describe recovery activities to be carried out by each department.
The BCP is designed primarily for natural disasters and other emergency situations, such as large earthquakes, that can seriously affect business continuity. In order to minimize damage and facilitate early recovery, the plan describes “restoration tasks” (necessary actions to restore basic operations) and “business continuity tasks during an emergency” (actions that must be taken to keep business operations going during disaster situations) and set “recovery time objectives” to complete the said tasks. The plan also specifies information to collect, items to decide on, and reporting lines for each phase set in the timeline. This plan is executed under the leadership of the HQ Emergency Task Force and activated as required, with the risk management corporate officer appointed as director and members from necessary divisions to address issues related to employee relations, facilities, information and communication systems, public relations, funding, and consumer relations. The task force undertakes overall management in cooperation with two other special functions: The Product Supply Continuity Task Force (to recover and sustain supply networks) and the SJ Emergency Task Force (to be responsible for Japan Region operations). In addition to the BCP for sudden and unexpected incidents such as earthquakes, we have separately developed BCP for emergencies with gradual/long-term impact, such as infectious disease outbreaks, which sets forth items to be considered and implemented by each phase (infectious disease BCP).
HQ Emergency Task Force Drill is held on regular basis as training for effective command center and appropriate execution of the BCP. Findings from the drill are used to review and revise existing action plans and BCP related documents. Relevant parties are notified of the changes, keeping BCP up-to-date and preparing all for immediate action.
To promote individual employee awareness and knowledge of emergency preparedness, we run various trainings and education programs. Briefings on the BCP are given to heads of departments/offices to increase their understanding and ensure that all staff under their leadership act swiftly according to HQ Emergency Task Force instructions in the event of a major emergency. Also, safety confirmation system is tested for all employees twice a year, and new hire orientation programs include lectures to raise awareness of emergency preparedness.