1. Home
  3. Compliance and Risk Management
  4. Risk Management

Risk Management

The risk management of the Group is primarily focused on “building trust with multiple stakeholders and achieving our medium-to-long-term strategies”. We thus consider risks as “uncertainties” that may impact achievement, both potential threats to business as well as potential opportunities. Based on this approach, we have established a risk management structure and have put into place measures for managing such risks proactively and expeditiously.
We have placed the Risk Management Department in the Global HQ which reports to CLO (Chief Legal Officer), and RMO(Risk Management Officer) in each regional headquarters to centrally manage related information. The Global Risk Management & Compliance Committee, composed of Executive Officers/Regional CEOs and chaired by the CEO, meets on a regular basis to discuss risks and countermeasures. In addition to this, we have identified “risk owners” for each risk category to clarify responsibility for countermeasures. Moreover, we have implemented a transparent monitoring and communicative framework within the Global Risk Management & Compliance Committee and the Board of Directors to regularly discuss and assess our progress in addressing these risks.

Company-wide Material Risk Assessment Result

In 2022, material risks were identified through a holistic approach combining multiple and comprehensive methods. Specifically, the HQ Risk Management Department interviewed HQ Executive Officers, Regional CEOs, and External Directors for their view on Group risks. Regional risk assessments and input from relevant functions were also taken into consideration as the HQ Risk Management Department identified material risks affecting the key areas of our medium-term strategy, SHIFT 2025 and Beyond, with input from external advisors.
As shown in Table 1 below, the identified material risks were evaluated with the three measurements of “Impact on business,” “Likelihood,” and “Vulnerability,” followed by confirmation of prioritization and countermeasures through the above committee meetings and other individual meetings.

Table 1 <Risk evaluation methodology>

Impact on business
  • ・Quantitative impact on business performance (e.g. topline sales) in case of manifestation
  • ・Qualitative impact on our corporate/brand image and culture
  • ・Likelihood and timing of risk manifestation
  • ・Preparedness against risk
  • ・Controllability of the manifestation of the risk due to external factors

Reflecting our corporate policies, risk assessment plans have been designed to attach due weight to issues related to personal health (and safety), company assets, business continuity, and reputation.

Total 21 material risks identified through our risk assessment have been organized into three risk categories: “Consumer and Social-related Risks,” “Operation & Fundamental Risks,” and “Other Risks,” as shown in Table 2 below.
We have identified “Risk Owners” for each risk category in an effort to clarify responsibility for countermeasures. Moreover, we have implemented a transparent monitoring and communicative framework within the Global Risk Management & Compliance Committee and the Board of Directors to regularly discuss and assess our progress in addressing these risks.

Table 2 <Summary of Shiseido Group material risks>

Consumer and Social-related Risks
  • ・Changes in Consumer Values
  • ・Speed of Digital Acceleration
  • ・Pace of Cutting-Edge Innovation
  • ・Corporate and Brand Reputation
  • ・Environment and Climate Change
  • ・Diversity & Inclusion
  • ・Natural and Human-Made Disasters
  • ・Infectious Disease
  • ・Geopolitical Tensions
Operation & Fundamental Risks
  • ・Corporate Culture and Acquisition/Securing Outstanding Talent
  • ・Business Structure Transformation
  • ・Operating Infrastructure
  • ・Supply Network
  • ・Compliance
  • ・Regulatory
  • ・Quality Assurance
  • ・Governance Structure
  • ・Information Security and Privacy
Other Risks
  • ・Exchange Rate Fluctuations
  • ・Business Investment
  • ・Material Litigation

As a noteworthy point of the risk assessment results mentioned above, the individual risks identified are more interlinked than in the past and interdependency of the countermeasures is increasing. In addition to that, we have identified five key risks that have significantly increased in level compared to the previous fiscal year: "Changes in Consumer Values," "Geopolitical Tensions," "Corporate Culture and Acquisition/Securing Outstanding Talent," "Quality Assurance," and "Information Security and Privacy." We have also added "Regulatory" as a new material risk, which is becoming increasingly important as we cultivate brands with unique value and develop new businesses such as beauty devices and the inner beauty category.

For details on Business and Other Risks, please refer to the URL link below.

Business and Other Risks[ PDF : 1.01MB ]

At the same time, compliance programs are being or have been prepared for four priority areas: personal data protection, anti-bribery, anti-cartel, and supplier risk reduction.

Shiseido Group Compliance Initiatives[ PDF : 129KB ]

Incident Response

Shiseido has established the Shiseido Group Crisis Management Policy, a guide for incident response to enable swift and appropriate actions, effective damage control, and early recovery. In Japan, departments in which an incident occurs take initial actions to understand the situation and prevent damage from spreading while promptly reporting to the Risk Management Department. After determining the incident level from the perspectives of severity of damage, possibility of spread, social impact, and other factors, the Risk Management Department assigns members from necessary HQ functions to organize a task force. The task force examines a range of actions to prevent damage from spreading, respond to those affected, and disclose information, while continuously monitoring investigation into cause, progress, and response results and implements reoccurrence prevention measures. Outside of Japan, regional CEOs and RMOs are responsible for leading incident response activities. Significant incidents, such as those which pose a high risk of affecting operations in other regions, are immediately reported to the Risk Management Department at headquarters to enable quick action.

<Shiseido Group Crisis Management Policy>

1.Ensure the safety of employees and their families

2.Preserve company assets

3.Continue operations

4.Earn the trust of stakeholders

Business Continuity Management (BCM)

We have formulated a Business Continuity Plan (BCP) to prepare for major natural disasters and other emergency situations. To enable prompt and appropriate actions by employees according to the BCP in the event of an emergency, we provide regular training and education programs and use the findings from these programs to periodically revise the BCP.

Business Continuity Plan (BCP)

Our BCP is formulated based on the Shiseido Group Crisis Management Policy and the Shiseido Group BCP Concept as described below.

Shiseido Group basic approach to formation of BCP

  • 1. Protecting peoples' lives is the most important thing. Place the highest priority on ensuring the safety of employees and their families and confirm whether they are safe.
    After this, when conducting business operations, consider the safety of employees, and prevent secondary disasters.
  • 2. Protect finances, IT systems, buildings, equipment, and other company assets.
  • 3. Perform operations essential to recovery and operations that should be continued in the event of an emergency by the target time, without fail.
  • 4. Through the above, minimize the impact on customers, business partners (clients and suppliers, etc.), shareholders, employees, society, and other stakeholders; prevent damage to corporate value, and earn the trust of society by providing various forms of support to the local community, etc.

Our BCP consists of a “basic plan” serving as a general guide and “action plans” to specifically describe recovery activities to be carried out by each department.
The BCP is designed primarily for natural disasters and other emergency situations, such as large earthquakes, that can seriously affect business continuity. In order to minimize damage and facilitate early recovery, the plan describes “restoration tasks” (necessary actions to restore basic operations) and “business continuity tasks during an emergency” (actions that must be taken to maintain business operations during disaster situations) and sets “recovery time objectives” to complete said tasks. The plan also specifies in phases the information to be collected, items to be decided, and reporting lines. This plan is executed under the leadership of the HQ Emergency Task Force, with members appointed from necessary divisions to address issues related to employees, facilities, communication systems, information disclosure, funding, and consumer relations. The task force undertakes overall management in cooperation with two other special functions: the Product Supply Continuity Task Force (to recover and sustain supply networks) and the SJ Emergency Task Force (to be responsible for Japan Region operations). In addition to the BCP, for sudden and unexpected incidents such as earthquakes, we have separately developed a business continuity plan for emergencies with gradual/long-term impact, such as infectious disease outbreaks, which sets out matters to be considered and implemented by each phase (infectious disease BCP).

HQ Emergency Task Force Drill

The HQ Emergency Task Force Drill is held on a regular basis as training for effective command and appropriate execution of the BCP. Findings from the drill are used to review and revise existing action plans and BCP-related documents. Relevant parties are notified of changes, ensuring the BCP is updated and all are prepared for immediate action.

Emergency education for employees

To promote individual employee awareness and knowledge of emergency preparedness, we run various training and education programs. BCP briefings are given to heads of departments/offices to increase their understanding and ensure swift action by all staff under their leadership in the event of major emergency, under HQ Emergency Task Force instructions. Additionally, safety confirmation drills are conducted for all employees twice a year, and new hire orientation programs include lectures to raise knowledge and awareness of emergency preparedness.