Risk Management

Daifuku Group
Risk Management Policy
Promotion System
Major Initiatives
Daifuku Group
Information Security Policy

Daifuku Group Risk Management Policy

Basic Approach

The Group is surrounded by a variety of risks, including natural disasters, law violations, climate change, political unrest, wars and disputes, and cyberattacks. Even in these circumstances, we aspire to be a corporation that continues to achieve sustainable growth and enhance corporate value by tackling each challenge with flexible ideas and the persistence we have cultivated over the Group’s history.
In addition, automated material handling systems are becoming an important social infrastructure that contributes to solving labor shortages and increasing productivity. We recognize that the Group has a social responsibility to provide a stable and continuous supply of such products and services, and we must avoid situations in which the impact of risk causes interruption of the Group’s business activities.
Therefore, based on this Policy, we will identify and assess risks, work to prevent them from materializing, and respond promptly and appropriately to minimize damage in the event of a crisis.

1. Objectives

We will engage in risk management with the following objectives:

Secure and maintain the trust of customers and other stakeholders
Implement the Group’s management philosophy and achieve the Group’s management objectives
Ensure sustainable growth of the Group and improve our corporate value

2. Risk management activity principles

We will promote risk management based on the following activity principles in order to achieve our basic objectives:

The Group’s management will be actively involved in the assessment of, response to, and monitoring of risks that may affect the achievement of the Group’s management objectives
The Risk Management Committee will manage Group-wide risks centrally and cross-departmentally, and we will implement a risk management process based on the PDCA cycle
We will establish regulations and manuals related to risk management, and we will continue our efforts to foster risk management awareness among officers and employees
We will operate risk management not only as a defensive measure, but also as an offensive measure to strengthen the management base and ensure sound risk-taking, leading to the Group’s sustainable growth
In considering risk-taking, we will abide by our Group Code of Conduct, and we will not take any risk that would impede compliance with the Code

3. Guidelines for action in the event of a crisis

In the event of a crisis, we will act as follows:

We will act ensuring life, health, and safety as our highest priorities
We will strive to continue and quickly restore the supply of material handling systems, which are part of society’s infrastructure
We will take measures to minimize damage, preserve our assets, and continue our business

Established: April 1st, 2024

Promotion System

The Group has established a risk management system based on a three-line model with the President and CEO as the chief executive. Corporate Functions and other units in charge of risk management (second line) provide support, guidance, and supervision for risk management conducted by the global business units (first line), which are the entities responsible for responding to risks. In addition, the Audit Division (third line) inspects the risk management initiatives of the first and second lines.
We have established the Risk Management Committee, which is chaired by the President and CEO and includes the Global Business Heads, division managers, Corporate Functions, and other units, to monitor these initiatives from a company-wide perspective, issue instructions for action, and manage progress. The Committee met five times in fiscal 2023 and reports to the Board of Directors on the status of the Committee’s initiatives and other matters as necessary.
This Committee promotes activities during normal times to control risks before they materialize; however, in the event of an emergency, the BCP promotion system is in place to respond to crises after risks have emerged. The BCP promotion system works with the Risk Management Committee to consider and prepare for crises starting from normal operations. When faced with a crisis such as a large-scale disaster, we will quickly establish a framework and take initial actions to prevent secondary disasters, placing the highest priority on human lives.
In addition, the Audit Division, which is tasked with establishing and operating an internal audit system, has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Group refers to a standard framework (COSO).

FY2024 promotion system

The main roles of each committee

In order to strengthen the risk management system, the Central Safety and Health Committee, the Information Security Committee, and the International Trade Control Committee work in cooperation with the Risk Management Committee, effective starting fiscal 2023. The main roles of each committee are as follows.

Risk Management Committee

Planning and development of risk management systems and related regulations
Selection of critical risks based on risk assessment results, and decision making, direction, and progress management of response policies
Determining and directing the action policy for training and awareness activities related to risk management
Determining policies for and direction of education, training, and drills related to crisis response

Central Safety and Health Committee

Promotion and dissemination of efforts to ensure compliance with relevant laws and regulations, elimination of occupational accidents, and elimination of traffic accidents

Information Security Committee

Planning and scheduling of information security management and implementation of in-house training
Establish and revise information security rules and assess compliance with them
Study of countermeasures for cyber-attacks and information security risks

International Trade Control Committee

Compliance management system and internal awareness-raising activities to ensure thorough compliance with laws and regulations (including those related to security) regarding all overseas transactions

Major Initiatives

Risk assessment

The Group conducts regular Group-wide risk assessments, and the Risk Management Committee identifies and evaluates key risks that may have a significant impact on our business activities. We formulate policies to address the key risks that are identified, and we systematically promote initiatives while confirming their progress.

Overview of significant risks

The following is a list of risks that we recognize as having the potential to significantly affect our business performance as of June 2024. However, this is not an exhaustive list of all risks to the Group, and there are unforeseen risks other than those listed. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.

List of assessments of key risks

Risk theme	Risk item	Impact	Likelihood	Likely timing of risk materialization
① Changes in the business environment	Changes in the market environment	Large	High	Within one year
	Economic crises and business fluctuation	Large	Medium	Within one year
	Loss of important customers	Large	Relatively high	No specific timing
	Political upheaval, revolution, war, civil war, conflict, riots, terrorism	Large	Low	Within one year
② Procurement/supply chain	Delays, shortages, or inability to procure raw materials, parts, purchased goods, etc.	Relatively large	High	Within one year
③ Growth strategy	New domain creation and technology development	Large	High	Within five years
④ Human resources-related	Lack of human resources development initiatives	Relatively large	High	Within three years
	Shortage of employees (workers)	Relatively large	High	Within three years
	Education of successors (management positions)	Large	Medium	Within five years
	Securing human resources; employee turnover	Relatively large	High	Within one year
⑤ Group governance	Inadequate management of subsidiaries	Large	Relatively high	No specific timing
⑤ Group governance	Scandals involving Group companies	Large	Medium	No specific timing
⑥ Natural disasters	Large-scale natural disasters (e.g., large-scale earthquakes, tsunamis, storms, floods, etc.)	Large	Low	No specific timing
⑦ Information security	Leakage of confidential information due to human factors	Large	Medium	No specific timing
⑦ Information security	Cyberattacks	Large	Medium	No specific timing

① Changes in the business environment

Description	The impact of changes in the business environment, whether positive or negative, represented by the following. Trends in the global economy and business climate, policy shifts in various countries, and conflicts and political upheavals around the world Changes in the market environment, such as fluctuations in capital investment trends, and trends among customers and competitors Changes in economic and social trends, such as the increasing need for automation and labor-saving measures due to the declining birthrate, aging population, and labor shortages, and economic development in the countries of the so-called Global South
Countermeasures	Monitor economic conditions, the market environment, customer industry needs, and trends, and reflect them flexibly in our management and business plans

Description

The impact of changes in the business environment, whether positive or negative, represented by the following.

Trends in the global economy and business climate, policy shifts in various countries, and conflicts and political upheavals around the world
Changes in the market environment, such as fluctuations in capital investment trends, and trends among customers and competitors
Changes in economic and social trends, such as the increasing need for automation and labor-saving measures due to the declining birthrate, aging population, and labor shortages, and economic development in the countries of the so-called Global South

Countermeasures

Monitor economic conditions, the market environment, customer industry needs, and trends, and reflect them flexibly in our management and business plans

② Procurement/supply chain

Description	Increase in energy prices, prices of parts and raw materials; increase in logistics costs triggered by the so-called “2024 problem in logistics” in Japan Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials Deterioration of the Group’s social credibility and failure to build and maintain medium- to long-term relationships in the supply chain as a result of a lack of initiatives regarding sustainable procurement and compliance with the Subcontract Act
Countermeasures	Manage costs and deadlines; review the contract terms and conditions for various kinds of transactions Form a cross-divisional logistics task force and address the risks associated with the 2024 problem in logistics Formulate and review the Sustainable Procurement Guidelines and the Daifuku Group Procurement Policy Began operation of the Supply Chain Management Committee in fiscal 2024 to ensure compliance with the Subcontract Act in production and installation-related operations; implement measures for sustainable procurement activities and supply chain optimization across our businesses Supply Chain Management

Description

Increase in energy prices, prices of parts and raw materials; increase in logistics costs triggered by the so-called “2024 problem in logistics” in Japan
Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials
Deterioration of the Group’s social credibility and failure to build and maintain medium- to long-term relationships in the supply chain as a result of a lack of initiatives regarding sustainable procurement and compliance with the Subcontract Act

Countermeasures

Manage costs and deadlines; review the contract terms and conditions for various kinds of transactions
Form a cross-divisional logistics task force and address the risks associated with the 2024 problem in logistics
Formulate and review the Sustainable Procurement Guidelines and the Daifuku Group Procurement Policy
Began operation of the Supply Chain Management Committee in fiscal 2024 to ensure compliance with the Subcontract Act in production and installation-related operations; implement measures for sustainable procurement activities and supply chain optimization across our businesses

Supply Chain Management

③ Growth strategy

Description	Inability to create new domains and new businesses in timely response to changes in industrial structures and social conditions Inability to sufficiently secure and train human resources in technical fields resulting in hindered technical development and reduced competitiveness
Countermeasures	Established the Business Innovation Division, headed by the CTO (Chief Technology Officer), in fiscal 2024 Promote the introduction of advanced technologies such as AI and build development systems across our businesses to strengthen our technological competitiveness Introduce e-learning systems and AI education programs for officers and employees to improve skills and literacy related to DX and AI

Description

Inability to create new domains and new businesses in timely response to changes in industrial structures and social conditions
Inability to sufficiently secure and train human resources in technical fields resulting in hindered technical development and reduced competitiveness

Countermeasures

Established the Business Innovation Division, headed by the CTO (Chief Technology Officer), in fiscal 2024
Promote the introduction of advanced technologies such as AI and build development systems across our businesses to strengthen our technological competitiveness
Introduce e-learning systems and AI education programs for officers and employees to improve skills and literacy related to DX and AI

④ Human resources-related

Description	Lack of initiatives to cultivate successors (officers, management positions) Securing the next generation of human resources; employee turnover Decline of competitiveness and losses of continuity in business operations, technological and technical expertise, and superiority due to shortages of human resources with specialized knowledge and skills
Countermeasures	Establish a systematic successor training program through the clarification of key positions and definition of Group-wide competencies (desired behavioral traits and attitudes) Conduct an engagement survey (research on job satisfaction and ease of work) Actively recruit women and foreign national employees; implement measures to retain mid-career hires Talent Development

Description

Lack of initiatives to cultivate successors (officers, management positions)
Securing the next generation of human resources; employee turnover
Decline of competitiveness and losses of continuity in business operations, technological and technical expertise, and superiority due to shortages of human resources with specialized knowledge and skills

Countermeasures

Establish a systematic successor training program through the clarification of key positions and definition of Group-wide competencies (desired behavioral traits and attitudes)
Conduct an engagement survey (research on job satisfaction and ease of work)
Actively recruit women and foreign national employees; implement measures to retain mid-career hires

Talent Development

⑤ Group governance

Description	Mismanagement due to rapid growth of the Group and increase in subsidiaries and employees Decline in social credibility and adverse effects on business performance due to fraud and scandals or organizational management failure
Countermeasures	Establish the Group Code of Conduct and set out guidelines for actions to be taken by officers and employees of the Group Distribute the Compliance Guidebook in multiple languages and conduct compliance education such as e-learning courses and rank-based training Review and disseminate various policies and regulations Plan and implement measures to reduce the risk of losses, especially in large-scale projects Compliance

Description

Mismanagement due to rapid growth of the Group and increase in subsidiaries and employees
Decline in social credibility and adverse effects on business performance due to fraud and scandals or organizational management failure

Countermeasures

Establish the Group Code of Conduct and set out guidelines for actions to be taken by officers and employees of the Group
Distribute the Compliance Guidebook in multiple languages and conduct compliance education such as e-learning courses and rank-based training
Review and disseminate various policies and regulations
Plan and implement measures to reduce the risk of losses, especially in large-scale projects

Compliance

⑥ Natural disasters

Description	Interruption of corporate activities due to large-scale natural disasters such as earthquakes, typhoons, and tsunamis
Countermeasures	Conduct natural disaster hazard surveys for each site and increase emergency stockpile reserves Formulate response plans to be implemented in chronological order (timeline) in the event of a natural disaster and conduct drills and training such as safety confirmation Conduct business impact analyses and reviews of the system table of each business unit to improve the effectiveness of the business continuity plan (BCP)

Description

Interruption of corporate activities due to large-scale natural disasters such as earthquakes, typhoons, and tsunamis

Countermeasures

Conduct natural disaster hazard surveys for each site and increase emergency stockpile reserves
Formulate response plans to be implemented in chronological order (timeline) in the event of a natural disaster and conduct drills and training such as safety confirmation
Conduct business impact analyses and reviews of the system table of each business unit to improve the effectiveness of the business continuity plan (BCP)

⑦ Information security

Description	Leakage or unauthorized use of important information assets, suspension of business activities, and deterioration of the Group’s reputation due to cyberattacks or internal fraud
Countermeasures	Enhance information security measures across the Group, centered on the Information Security Committee, which is chaired by the CIO (Chief Information Officer) Identify the extent of impact and damage in the event of a cyberattack Provide initial responses to prevent the spread of damage and examine measures to prevent recurrence Conduct regular education and drills for employees

Business continuity plan

We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. In formulating our BCP, we followed the ISO 22301 international standard for its development and operation.
With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations.

Daifuku Group Information Security Policy

Basic Approach

The Daifuku Group regards the information entrusted to us by our customers and business partners as well as trade secrets, personal information, and systems that the Group possesses regarding this information (hereinafter referred to as information assets) as important management assets in our business. We will strive to earn the trust of all members of society, including our customers, and enhance our corporate value by systematically and continuously making efforts in information security as denoted below.

Basic Policy

Compliance with laws and regulations

We will implement measures in each country and region to comply with the requirements of laws, national guidelines, contractual obligations, and other social standards related to information security.

Establishment of an appropriate platform for information management

In order to ensure the security of information assets, we will clarify our system responsible for information security and implement appropriate measures as follows in accordance with the importance and risks of the information assets.

Establish an information security governance system: We will establish a centralized management system led by the Information Security Committee, and a person responsible for the handling of information will be appointed within each division and company.
Establish regulations for information security: We will establish regulations and guidelines for information security, and we will strive to continuously improve our initiatives to ensure information security.
Implement safety management measures: Appropriate management measures, including personnel and physical management as well as system, server, and network management, will be implemented throughout the life cycle of information in accordance with its level of importance.
Education and training: We will continuously provide education and training on information security to all Group officers and employees in an effort to raise awareness and ensure compliance with rules and regulations. Any violations of these rules and regulations will be dealt with strictly, including disciplinary action against the offending party.
Information security audits: We will conduct internal audits throughout the entire Group on the status of information security measures, regularly confirm the status of compliance with information security rules and operation of information security management systems, and continuously make improvements. Additionally, we will monitor for new threats and changes in risks to prevent new vulnerabilities from emerging.

Establishment of an information security incident response system

We will establish a management system that enables the prompt resumption and continuation of business activities should an information security incident result in an interruption of operations. In the event that an incident occurs, we will make efforts to identify the cause and prevent recurrences.

Established: September 1, 2024

Strengthening information security

The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.

IT countermeasures	IT security measures with multi-layered protection (entrance, exit, and internal) Confirmation of activities through logs
Organizational countermeasures	Implementation of company-wide information security management activities based on global rules and guidelines Development of information security management activities in the supply chain
Human countermeasures	Cultivation of a corporate culture of information security by providing various types of education and training to all employees Prevention of negligence and fraud through human risk countermeasures such as written pledges and a variety of checks
Physical countermeasures	Implementation of zone classification and thorough risk management by zone management officers Promotion of the prevention of unauthorized entry and theft by implementing physical measures corresponding to zone classifications

Personal information initiatives

We have established the Group Basic Policy for the Protection of Personal Information in order to define basic rules for the handling of personal information. This policy is implemented globally to ensure proper processing of personal information throughout the Group. Additionally, in order to specify the obligations we must comply with in handling personal information, we established the Personal Information Protection Regulations in 2015 as well as a system of regulations and related guidelines in 2023, and we are working to ensure the proper handling of personal information. In particular, we take additional precautions to manage sensitive personal information that requires special care in processing.
For more information regarding the Group’s handline of personal information obtained from customers and other parties, please refer to our Privacy Notice.

Information security education

Regarding employee training, we conduct regular global training using video content available in more than 30 languages and e-mail drills that simulate targeted attacks.

	Target	Description
Awareness-raising month	Officers and all employees (global)	A designated annual Information Security Awareness-Raising Month during which messages from the president and other top officers are distributed and lectures by experts are held.
Rank-based training	Newly graduated employees, newly promoted employees, mid-career hires, etc.	Conduct training on essential information security knowledge at the time of hiring, promotion, etc.
E-learning courses	Officers and all employees (global)	Conducted multiple times per year. Fosters awareness of information security throughout the entire global company.
E-mail drills	Officers and all employees (global)	Conducted multiple times per year, including follow-up training.

KPI

	FY2021	FY2022	FY2023
Global information security training	2 sessions	4 sessions	4 sessions
Global e-mail training	3 sessions	4 sessions	4 sessions