Risk Management

Daifuku Group
Risk Management Policy
Promotion System
Major Initiatives
Daifuku Group
Information Security Policy

Daifuku Group Risk Management Policy

Basic Approach

The Group is surrounded by a variety of risks, including natural disasters, law violations, climate change, political unrest, wars and disputes, and cyberattacks. Even in these circumstances, we aspire to be a corporation that continues to achieve sustainable growth and enhance corporate value by tackling each challenge with flexible ideas and the persistence we have cultivated over the Group’s history.
In addition, automated material handling systems are becoming an important social infrastructure that contributes to solving labor shortages and increasing productivity. We recognize that the Group has a social responsibility to provide a stable and continuous supply of such products and services, and we must avoid situations in which the impact of risk causes interruption of the Group’s business activities.
Therefore, based on this policy, we will identify and assess risks, work to prevent them from materializing, and respond promptly and appropriately to minimize damage in the event of a crisis.

1. Objectives

We will engage in risk management with the following objectives:

Secure and maintain the trust of customers and other stakeholders
Implement the Group’s management philosophy and achieve the Group’s management objectives
Ensure sustainable growth of the Group and improve our corporate value

2. Risk management activity principles

We will promote risk management based on the following activity principles in order to achieve our basic objectives:

The Group’s management will be actively involved in the assessment of, response to, and monitoring of risks that may affect the achievement of the Group’s management objectives
The Risk Management Committee will manage Group-wide risks centrally and cross-departmentally, and we will implement a risk management process based on the PDCA cycle
We will establish regulations and manuals related to risk management, and we will continue our efforts to foster risk management awareness among officers and employees
We will operate risk management not only as a defensive measure, but also as an offensive measure to strengthen the management base and ensure sound risk-taking, leading to the Group’s sustainable growth
In considering risk-taking, we will abide by our Group Code of Conduct, and we will not take any risk that would impede compliance with the Code

3. Guidelines for action in the event of a crisis

In the event of a crisis, we will act as follows:

We will act ensuring life, health, and safety as our highest priorities
We will strive to continue and quickly restore the supply of material handling systems, which are part of society’s infrastructure
We will take measures to minimize damage, preserve our assets, and continue our business

Established: April 1, 2024

Promotion System

Based on our activity policies for risk management, the Group has established the Risk Management Committee, which is chaired by the Executive Vice President and COO and includes the Corporate Functions Head, Global Business Heads, division managers, and Group chief officers as members. The committee meets several times throughout the year and reports to the Board of Directors on the status of the committee's initiatives and other matters as necessary. in fiscal 2024, committee meetings were held three times.
This Committee promotes activities during normal times to control risks before they materialize; however, we also have a BCP promotion system in place to respond to crises after risk have emerged in the event of an emergency. In addition, the Audit Division has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Group refers to a standard framework (COSO).

FY2024 promotion system

The main roles of each committee

In order to strengthen the risk management system, the Central Safety and Health Committee, the Information Security Committee, and the International Trade Control Committee work in cooperation with the Risk Management Committee, effective starting fiscal 2023. The main roles of each committee are as follows.

Risk Management Committee

Planning and development of risk management systems and related regulations
Selection of critical risks based on risk assessment results, and decision making, direction, and progress management of response policies
Determining and directing the action policy for training and awareness activities related to risk management
Determining policies for and direction of education, training, and drills related to crisis response

Central Safety and Health Committee

Promotion and dissemination of efforts to ensure compliance with relevant laws and regulations, elimination of occupational accidents, and elimination of traffic accidents

Information Security Committee

Planning and scheduling of information security management and implementation of in-house training
Establishing and revising information security rules and assessing compliance with them
Studying countermeasures for cyber-attacks and information security risks

International Trade Control Committee

Compliance management system and internal awareness-raising activities to ensure thorough compliance with laws and regulations (including those related to security) regarding all international transactions

Major Initiatives

Risk assessment

The Group conducts regular Group-wide risk assessments, and the Risk Management Committee identifies and evaluates key risks that may have a significant impact on our business activities. We formulate policies to address the key risks that are identified, and we systematically promote initiatives while confirming their progress.

Overview of significant risks

The following is a list of risks that we recognize as having the potential to significantly affect our business performance as of May 2025. However, this is not an exhaustive list of all risks to the Group, and there are unforeseen risks other than those listed. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.

List of assessments of key risks

Risk theme	Risk item	Impact	Likelihood	Likely timing of risk materialization
① Changes in the business environment	Changes in the market environment	Large	High	Within one year
	Economic crises and business fluctuation	Large	Medium	Within one year
	Loss of important customers	Large	Relatively high	No specific timing
	Political upheaval, revolution, war, civil war, conflict, riots, terrorism	Large	Low	Within one year
② Procurement/supply chain	Delays, shortages, or inability to procure raw materials, parts, purchased goods, etc.	Relatively large	High	Within one year
③ Growth strategy	New domain creation and technology development	Large	High	Within five years
④ Human resources-related	Lack of human resources development initiatives	Relatively large	High	Within three years
	Shortage of employees (workers)	Relatively large	High	Within three years
	Education of successors (management positions)	Large	Medium	Within five years
	Securing human resources; employee turnover	Relatively large	High	Within one year
⑤ Group governance	Inadequate management of subsidiaries	Large	Relatively high	No specific timing
⑤ Group governance	Scandals involving Group companies	Large	Medium	No specific timing
⑥ Natural disasters	Large-scale natural disasters (e.g., large-scale earthquakes, tsunamis, storms, floods, etc.)	Large	Low	No specific timing
⑦ Information security	Leakage of confidential information due to human factors	Large	Medium	No specific timing
⑦ Information security	Cyberattacks	Large	Medium	No specific timing

① Changes in the business environment

Description	The impact of changes in the business environment represented by the following. Trends in the global economy and business climate, policy shifts in various countries, and conflicts and political upheavals around the world Customer capital investment trends, changes in the market environment, and trends among competitors Changes in mid- to long-term economic and social trends due to an increasing need for automation and labor-saving measures caused by the declining birthrate, aging population, and labor shortages, and economic development in the countries of the Global South
Countermeasures	Monitor changes in economic conditions, the market environment, and customer needs as well as investment trends and reflect them flexibly in our management and business plans

Description

The impact of changes in the business environment represented by the following.

Trends in the global economy and business climate, policy shifts in various countries, and conflicts and political upheavals around the world
Customer capital investment trends, changes in the market environment, and trends among competitors
Changes in mid- to long-term economic and social trends due to an increasing need for automation and labor-saving measures caused by the declining birthrate, aging population, and labor shortages, and economic development in the countries of the Global South

Countermeasures

Monitor changes in economic conditions, the market environment, and customer needs as well as investment trends and reflect them flexibly in our management and business plans

② Procurement/supply chain

Description	Increase in prices of energy, parts, and raw materials; increase in logistics costs Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials Deterioration of the Group’s social credibility and failure to build and maintain medium- to long-term relationships in the supply chain as a result of a lack of initiatives regarding sustainable procurement and compliance with the Subcontract Act
Countermeasures	Manage costs and deadlines; review the contract terms and conditions for various kinds of transactions Introduce a system that visualizes the procurement status of parts and materials Formulate and review the Sustainable Procurement Guidelines and the Daifuku Group Procurement Policy Through the Supply Chain Management Committee, enhance the credit management system and ensure compliance with the Subcontract Act in operations related to production and installation Supply Chain Management

Description

Increase in prices of energy, parts, and raw materials; increase in logistics costs
Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials
Deterioration of the Group’s social credibility and failure to build and maintain medium- to long-term relationships in the supply chain as a result of a lack of initiatives regarding sustainable procurement and compliance with the Subcontract Act

Countermeasures

Manage costs and deadlines; review the contract terms and conditions for various kinds of transactions
Introduce a system that visualizes the procurement status of parts and materials
Formulate and review the Sustainable Procurement Guidelines and the Daifuku Group Procurement Policy
Through the Supply Chain Management Committee, enhance the credit management system and ensure compliance with the Subcontract Act in operations related to production and installation

Supply Chain Management

③ Growth strategy

Description	Inability to create new domains and new businesses in timely response to changes in industrial structures and social conditions Delays in the development of technologies that address the optimization of logistics and manufacturin gprocesses through the advancement of AI and IoT technologies
Countermeasures	Create a new business promotion department; consider new businesses Establish a development department for advanced technologies and promote development Call for ideas for new technologies and businesses through in-house open appeals

④ Human resources-related

Description	Stagnation of business operations due to lack of initiatives to cultivate successors (officers, management positions) Failure to secure sufficient human resources for the next generation; increase employee turnover Decline of competitiveness due to shortages of human resources with specialized knowledge and skills
Countermeasures	Update the succession plans for key positions; expand the successor training program Carry out organization improvement activities utilizing the engagement survey (research on job satisfaction and ease of work) Diversify the recruitment methods for new graduates and mid-career hires Actively recruit women and foreign national employees; implement measures to retain mid-career hires Talent Development Workplace Environment

Description

Stagnation of business operations due to lack of initiatives to cultivate successors (officers, management positions)
Failure to secure sufficient human resources for the next generation; increase employee turnover
Decline of competitiveness due to shortages of human resources with specialized knowledge and skills

Countermeasures

Update the succession plans for key positions; expand the successor training program
Carry out organization improvement activities utilizing the engagement survey (research on job satisfaction and ease of work)
Diversify the recruitment methods for new graduates and mid-career hires
Actively recruit women and foreign national employees; implement measures to retain mid-career hires

Talent Development

Workplace Environment

⑤ Group governance

Description	Mismanagement of subsidiaries due to expansion of the Group Decline in social credibility and adverse effects on business performance due to fraud and scandals or organizational management failure
Countermeasures	Continue to understand and support the maintenance of management structures at subsidiaries Strengthen contract risk management in large-scale projects at subsidiaries Build lines of communication with subsidiaries online or through on-site visits Compliance

Description

Mismanagement of subsidiaries due to expansion of the Group
Decline in social credibility and adverse effects on business performance due to fraud and scandals or organizational management failure

Countermeasures

Continue to understand and support the maintenance of management structures at subsidiaries
Strengthen contract risk management in large-scale projects at subsidiaries
Build lines of communication with subsidiaries online or through on-site visits

Compliance

⑥ Natural disasters

Description	Interruption of corporate activities due to large-scale natural disasters such as earthquakes, typhoons, and tsunamis
Countermeasures	Establish a headquarters preparation room for use in the event of a large-scale natural disaster Equip each site with emergency stockpile reserves Formulate response plans to be implemented in chronological order (timeline) in the event of a natural disaster and conduct drills and training such as safety confirmation

⑦ Information security

Description	Leakage or unauthorized use of important information assets, suspension of business activities, and deterioration of the Group’s reputation due to cyberattacks or internal fraud
Countermeasures	Expand information security audits globally to strengthen information security management In-house cultivation of information security auditors Establish a CSIRT system in advance preparation for cyberattacks

Business continuity plan

We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations. In addition, in order to enable prompt management decisions in the event of a disaster or accident, we have created a disaster and accident reporting route, which will be reviewed annually.

*Clicking on the image will open a new window

Daifuku Group Information Security Policy

Basic Approach

The Daifuku Group regards the information entrusted to us by our customers and business partners as well as trade secrets, personal information, and systems that the Group possesses regarding this information (hereinafter referred to as information assets) as important management assets in our business. We will strive to earn the trust of all members of society, including our customers, and enhance our corporate value by systematically and continuously making efforts in information security as denoted below.

Basic Policy

Compliance with laws and regulations

We will implement measures in each country and region to comply with the requirements of laws, national guidelines, contractual obligations, and other social standards related to information security.

Establishment of an appropriate platform for information management

In order to ensure the security of information assets, we will clarify our system responsible for information security and implement appropriate measures as follows in accordance with the importance and risks of the information assets.

Establish an information security governance system: We will establish a centralized management system led by the Information Security Committee, and a person responsible for the handling of information will be appointed within each division and company.
Establish regulations for information security: We will establish regulations and guidelines for information security, and we will strive to continuously improve our initiatives to ensure information security.
Implement safety management measures: Appropriate management measures, including personnel and physical management as well as system, server, and network management, will be implemented throughout the life cycle of information in accordance with its level of importance.
Education and training: We will continuously provide education and training on information security to all Group officers and employees in an effort to raise awareness and ensure compliance with rules and regulations. Any violations of these rules and regulations will be dealt with strictly, including disciplinary action against the offending party.
Information security audits: We will conduct internal audits throughout the entire Group on the status of information security measures, regularly confirm the status of compliance with information security rules and operation of information security management systems, and continuously make improvements. Additionally, we will monitor for new threats and changes in risks to prevent new vulnerabilities from emerging.

Establishment of an information security incident response system

We will establish a management system that enables the prompt resumption and continuation of business activities should an information security incident result in an interruption of operations. In the event that an incident occurs, we will make efforts to identify the cause and prevent recurrences.

Established: September 1, 2024

Strengthening information security

The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.

IT countermeasures	IT security measures with multi-layered protection (entrance, exit, and internal) Confirmation of activities through logs
Organizational countermeasures	Implementation of company-wide information security management activities based on global rules and guidelines Development of information security management activities in the supply chain
Human countermeasures	Cultivation of a corporate culture of information security by providing various types of education and training to all employees Prevention of negligence and fraud through human risk countermeasures such as written pledges and a variety of checks
Physical countermeasures	Implementation of zone classification and thorough risk management by zone management officers Promotion of the prevention of unauthorized entry and theft by implementing physical measures corresponding to zone classifications

Personal information initiatives

We have established the Group Basic Policy for the Protection of Personal Information in order to define basic rules for the handling of personal information. This policy is implemented globally to ensure proper processing of personal information throughout the Group. Additionally, in order to specify the obligations we must comply with in handling personal information, we established the Personal Information Protection Regulations in 2015 as well as a system of regulations and related guidelines in 2023, and we are working to ensure the proper handling of personal information. In particular, we take additional precautions to manage sensitive personal information that requires special care in processing.
For more information regarding the Group’s handling of personal information obtained from customers and other parties, please refer to our Privacy Notice.

Information security education

Regarding employee training, we conduct regular global training using video content available in more than 30 languages and e-mail drills that simulate targeted attacks.

	Target	Description
Awareness-raising month	Officers and all employees (global)	A designated annual Information Security Awareness-Raising Month during which messages from the president and other top officers are distributed and lectures by experts are held.
Rank-based training	Newly graduated employees, newly promoted employees, mid-career hires, etc.	Conduct training on essential information security knowledge at the time of hiring, promotion, etc.
E-learning courses	Officers and all employees (global)	Conducted multiple times per year. Fosters awareness of information security throughout the entire global company.
E-mail drills	Officers and all employees (global)	Conducted multiple times per year, including follow-up training.