Risk Management

Daifuku Group Risk Management Policy

Basic Approach

The Group is surrounded by a variety of risks, including natural disasters, law violations, climate change, political unrest, wars and disputes, and cyberattacks. Even in these circumstances, we aspire to be a corporation that continues to achieve sustainable growth and enhance corporate value by tackling each challenge with flexible ideas and the persistence we have cultivated over the Group’s history.
In addition, automated material handling systems are becoming an important social infrastructure that contributes to solving labor shortages and increasing productivity. We recognize that the Group has a social responsibility to provide a stable and continuous supply of such products and services, and we must avoid situations in which the impact of risk causes interruption of the Group’s business activities.
Therefore, based on this policy, we will identify and assess risks, work to prevent them from materializing, and respond promptly and appropriately to minimize damage in the event of a crisis.

1. Objectives

We will engage in risk management with the following objectives:

  • Secure and maintain the trust of customers and other stakeholders
  • Implement the Group’s management philosophy and achieve the Group’s management objectives
  • Ensure sustainable growth of the Group and improve our corporate value

2. Risk management activity principles

We will promote risk management based on the following activity principles in order to achieve our basic objectives:

  • The Group’s management will be actively involved in the assessment of, response to, and monitoring of risks that may affect the achievement of the Group’s management objectives
  • The Risk Management Committee will manage Group-wide risks centrally and cross-departmentally, and we will implement a risk management process based on the PDCA cycle
  • We will establish regulations and manuals related to risk management, and we will continue our efforts to foster risk management awareness among officers and employees
  • We will operate risk management not only as a defensive measure, but also as an offensive measure to strengthen the management base and ensure sound risk-taking, leading to the Group’s sustainable growth
  • In considering risk-taking, we will abide by our Group Code of Conduct, and we will not take any risk that would impede compliance with the Code

3. Guidelines for action in the event of a crisis

In the event of a crisis, we will act as follows:

  • We will act ensuring life, health, and safety as our highest priorities
  • We will strive to continue and quickly restore the supply of material handling systems, which are part of society’s infrastructure
  • We will take measures to minimize damage, preserve our assets, and continue our business

Established: April 1, 2024

Promotion System

The Group has established a risk management system based on a three-line model with the President and CEO as the chief executive. Corporate Functions and other units in charge of risk management (second line) provide support, guidance, and supervision for risk management conducted by the global business units (first line), which are the entities responsible for responding to risks. In addition, the Audit Division (third line) inspects the risk management initiatives of the first and second lines.
We have established the Risk Management Committee, which is chaired by the President and CEO and includes the Global Business Heads, division managers, Corporate Functions, and other units, to monitor these initiatives from a company-wide perspective, issue instructions for action, and manage progress. The Committee met five times in fiscal 2023 and reports to the Board of Directors on the status of the Committee’s initiatives and other matters as necessary.
This Committee promotes activities during normal times to control risks before they materialize; however, in the event of an emergency, the BCP promotion system is in place to respond to crises after risks have emerged. The BCP promotion system works with the Risk Management Committee to consider and prepare for crises starting from normal operations. When faced with a crisis such as a large-scale disaster, we will quickly establish a framework and take initial actions to prevent secondary disasters, placing the highest priority on human lives.
In addition, the Audit Division, which is tasked with establishing and operating an internal audit system, has been established under the direct control of the Board of Directors, and the Board of Directors receives regular reports from the Audit Division. One of its functions is to verify and evaluate the effectiveness of risk management and the maintenance and operation of internal control systems, and to facilitate their improvement. In the development and operation of the internal control system, the Group refers to a standard framework (COSO).

FY2024 promotion system

Please enlarge the screen to view

Risk Management Committee

The main roles of each committee

In order to strengthen the risk management system, the Central Safety and Health Committee, the Information Security Committee, and the International Trade Control Committee work in cooperation with the Risk Management Committee, effective starting fiscal 2023. The main roles of each committee are as follows.

Risk Management Committee
  • Planning and development of risk management systems and related regulations
  • Selection of critical risks based on risk assessment results, and decision making, direction, and progress management of response policies
  • Determining and directing the action policy for training and awareness activities related to risk management
  • Determining policies for and direction of education, training, and drills related to crisis response
Central Safety and Health Committee
  • Promotion and dissemination of efforts to ensure compliance with relevant laws and regulations, elimination of occupational accidents, and elimination of traffic accidents
Information Security Committee
  • Planning and scheduling of information security management and implementation of in-house training
  • Establishing and revising information security rules and assessing compliance with them
  • Studying countermeasures for cyber-attacks and information security risks
International Trade Control Committee
  • Compliance management system and internal awareness-raising activities to ensure thorough compliance with laws and regulations (including those related to security) regarding all international transactions

Major Initiatives

Risk assessment

The Group conducts regular Group-wide risk assessments, and the Risk Management Committee identifies and evaluates key risks that may have a significant impact on our business activities. We formulate policies to address the key risks that are identified, and we systematically promote initiatives while confirming their progress.

Overview of significant risks

The following is a list of risks that we recognize as having the potential to significantly affect our business performance as of June 2024. However, this is not an exhaustive list of all risks to the Group, and there are unforeseen risks other than those listed. While we are taking measures to mitigate each of these risks, it is difficult to completely predict or address all of them.

List of assessments of key risks
Risk theme Risk item Impact Likelihood Likely timing of risk materialization
① Changes in the business environment Changes in the market environment Large High Within one year
Economic crises and business fluctuation Large Medium Within one year
Loss of important customers Large Relatively
high
No specific timing
Political upheaval, revolution, war, civil war, conflict, riots, terrorism Large Low Within one year
② Procurement/supply chain Delays, shortages, or inability to procure raw materials, parts, purchased goods, etc. Relatively
large
High Within one year
③ Growth strategy New domain creation and technology development Large High Within five years
④ Human resources-related Lack of human resources development initiatives Relatively
large
High Within three years
Shortage of employees (workers) Relatively
large
High Within three years
Education of successors (management positions) Large Medium Within five years
Securing human resources; employee turnover Relatively
large
High Within one year
⑤ Group governance Inadequate management of subsidiaries Large Relatively
high
No specific timing
Scandals involving Group companies Large Medium No specific timing
⑥ Natural disasters Large-scale natural disasters (e.g., large-scale earthquakes, tsunamis, storms, floods, etc.) Large Low No specific timing
⑦ Information security Leakage of confidential information due to human factors Large Medium No specific timing
Cyberattacks Large Medium No specific timing
① Changes in the business environment
Description

The impact of changes in the business environment, whether positive or negative, represented by the following.

  • Trends in the global economy and business climate, policy shifts in various countries, and conflicts and political upheavals around the world
  • Changes in the market environment, such as fluctuations in capital investment trends, and trends among customers and competitors
  • Changes in economic and social trends, such as the increasing need for automation and labor-saving measures due to the declining birthrate, aging population, and labor shortages, and economic development in the countries of the so-called Global South
Countermeasures
  • Monitor economic conditions, the market environment, customer industry needs, and trends, and reflect them flexibly in our management and business plans
② Procurement/supply chain
Description
  • Increase in energy prices, prices of parts and raw materials; increase in logistics costs triggered by the so-called “2024 problem in logistics” in Japan
  • Delays in the production of our products, installation operations, and provision of services due to stagnation or failure in the procurement of parts and materials
  • Deterioration of the Group’s social credibility and failure to build and maintain medium- to long-term relationships in the supply chain as a result of a lack of initiatives regarding sustainable procurement and compliance with the Subcontract Act
Countermeasures
  • Manage costs and deadlines; review the contract terms and conditions for various kinds of transactions
  • Form a cross-divisional logistics task force and address the risks associated with the 2024 problem in logistics
  • Formulate and review the Sustainable Procurement Guidelines and the Daifuku Group Procurement Policy
  • Began operation of the Supply Chain Management Committee in fiscal 2024 to ensure compliance with the Subcontract Act in production and installation-related operations; implement measures for sustainable procurement activities and supply chain optimization across our businesses

Supply Chain Management

③ Growth strategy
Description
  • Inability to create new domains and new businesses in timely response to changes in industrial structures and social conditions
  • Inability to sufficiently secure and train human resources in technical fields resulting in hindered technical development and reduced competitiveness
Countermeasures
  • Established the Business Innovation Division, headed by the CTO (Chief Technology Officer), in fiscal 2024
  • Promote the introduction of advanced technologies such as AI and build development systems across our businesses to strengthen our technological competitiveness
  • Introduce e-learning systems and AI education programs for officers and employees to improve skills and literacy related to DX and AI
④ Human resources-related
Description
  • Lack of initiatives to cultivate successors (officers, management positions)
  • Securing the next generation of human resources; employee turnover
  • Decline of competitiveness and losses of continuity in business operations, technological and technical expertise, and superiority due to shortages of human resources with specialized knowledge and skills
Countermeasures
  • Establish a systematic successor training program through the clarification of key positions and definition of Group-wide competencies (desired behavioral traits and attitudes)
  • Conduct an engagement survey (research on job satisfaction and ease of work)
  • Actively recruit women and foreign national employees; implement measures to retain mid-career hires

Talent Development

⑤ Group governance
Description
  • Mismanagement due to rapid growth of the Group and increase in subsidiaries and employees
  • Decline in social credibility and adverse effects on business performance due to fraud and scandals or organizational management failure
Countermeasures
  • Establish the Group Code of Conduct and set out guidelines for actions to be taken by officers and employees of the Group
  • Distribute the Compliance Guidebook in multiple languages and conduct compliance education such as e-learning courses and rank-based training
  • Review and disseminate various policies and regulations
  • Plan and implement measures to reduce the risk of losses, especially in large-scale projects

Compliance

⑥ Natural disasters
Description
  • Interruption of corporate activities due to large-scale natural disasters such as earthquakes, typhoons, and tsunamis
Countermeasures
⑦ Information security
Description
  • Leakage or unauthorized use of important information assets, suspension of business activities, and deterioration of the Group’s reputation due to cyberattacks or internal fraud
Countermeasures

Business continuity plan

We have formulated a business continuity plan (BCP) to minimize damage to business assets and to enable business continuity and a rapid recovery in the event of a crisis such as a large-scale disaster, with human life as the top priority. In formulating our BCP, we followed the ISO 22301 international standard for its development and operation.
With the aim of enhancing the effectiveness of our BCP, we are conducting regular risk assessments at our business locations, introducing a safety confirmation system, implementing periodic exercises based on the initial response manual, and upgrading our disaster prevention supplies. Daifuku will, if necessary, establish on-site disaster headquarters in the event of an earthquake with an intensity of 5 or higher (per the Japan Meteorological Agency Seismic Intensity Scale), a disaster requiring prolonged recovery efforts, or other events that have or are expected to have a significant impact on business operations.

Daifuku Group Information Security Policy

Basic Approach

The Daifuku Group regards the information entrusted to us by our customers and business partners as well as trade secrets, personal information, and systems that the Group possesses regarding this information (hereinafter referred to as information assets) as important management assets in our business. We will strive to earn the trust of all members of society, including our customers, and enhance our corporate value by systematically and continuously making efforts in information security as denoted below.

Basic Policy

Compliance with laws and regulations
We will implement measures in each country and region to comply with the requirements of laws, national guidelines, contractual obligations, and other social standards related to information security.
Establishment of an appropriate platform for information management

In order to ensure the security of information assets, we will clarify our system responsible for information security and implement appropriate measures as follows in accordance with the importance and risks of the information assets.

Establish an information security governance system
We will establish a centralized management system led by the Information Security Committee, and a person responsible for the handling of information will be appointed within each division and company.
Establish regulations for information security
We will establish regulations and guidelines for information security, and we will strive to continuously improve our initiatives to ensure information security.
Implement safety management measures
Appropriate management measures, including personnel and physical management as well as system, server, and network management, will be implemented throughout the life cycle of information in accordance with its level of importance.
Education and training
We will continuously provide education and training on information security to all Group officers and employees in an effort to raise awareness and ensure compliance with rules and regulations. Any violations of these rules and regulations will be dealt with strictly, including disciplinary action against the offending party.
Information security audits
We will conduct internal audits throughout the entire Group on the status of information security measures, regularly confirm the status of compliance with information security rules and operation of information security management systems, and continuously make improvements. Additionally, we will monitor for new threats and changes in risks to prevent new vulnerabilities from emerging.
Establishment of an information security incident response system
We will establish a management system that enables the prompt resumption and continuation of business activities should an information security incident result in an interruption of operations. In the event that an incident occurs, we will make efforts to identify the cause and prevent recurrences.

Established: September 1, 2024

Strengthening information security

The Group is promoting specific initiatives in each of the following areas against technical threats such as unauthorized access and cyberattacks, human threats such as internal misconduct and disregard for rules, and physical threats such as disasters and theft.

IT countermeasures
  • IT security measures with multi-layered protection (entrance, exit, and internal)
  • Confirmation of activities through logs
Organizational countermeasures
  • Implementation of company-wide information security management activities based on global rules and guidelines
  • Development of information security management activities in the supply chain
Human countermeasures
  • Cultivation of a corporate culture of information security by providing various types of education and training to all employees
  • Prevention of negligence and fraud through human risk countermeasures such as written pledges and a variety of checks
Physical countermeasures
  • Implementation of zone classification and thorough risk management by zone management officers
  • Promotion of the prevention of unauthorized entry and theft by implementing physical measures corresponding to zone classifications

Personal information initiatives

We have established the Group Basic Policy for the Protection of Personal Information in order to define basic rules for the handling of personal information. This policy is implemented globally to ensure proper processing of personal information throughout the Group. Additionally, in order to specify the obligations we must comply with in handling personal information, we established the Personal Information Protection Regulations in 2015 as well as a system of regulations and related guidelines in 2023, and we are working to ensure the proper handling of personal information. In particular, we take additional precautions to manage sensitive personal information that requires special care in processing.
For more information regarding the Group’s handling of personal information obtained from customers and other parties, please refer to our Privacy Notice.

Information security education

Regarding employee training, we conduct regular global training using video content available in more than 30 languages and e-mail drills that simulate targeted attacks.

  Target Description
Awareness-raising month Officers and all employees
(global)
A designated annual Information Security Awareness-Raising Month during which messages from the president and other top officers are distributed and lectures by experts are held.
Rank-based training Newly graduated employees,
newly promoted employees,
mid-career hires, etc.
Conduct training on essential information security knowledge at the time of hiring, promotion, etc.
E-learning courses Officers and all employees
(global)
Conducted multiple times per year. Fosters awareness of information security throughout the entire global company.
E-mail drills Officers and all employees
(global)
Conducted multiple times per year, including follow-up training.
KPI
  FY2021 FY2022 FY2023
Global information security training 2 sessions 4 sessions 4 sessions
Global e-mail training 3 sessions 4 sessions 4 sessions

Notice

The information you are about to access is not for release, publication or distribution in the United States of America. By proceeding to access the information, you agree and confirm that you are not in the United States of America.