MITSUISOKO_HOLDINGS

Governance

Risk Management

Basic Approach

We have stipulated basic matters concerning the recognition and management of risks in the Group's business activities in the Risk Management Regulations, and the Risk Management Committee meets quarterly to improve and strengthen our risk management capabilities. The Risk Management Committee, consisting of the persons responsible for risk management at major Group companies, in addition to MITSUI-SOKO HOLDINGS, deliberates on the status of risk management for the entire Group and establishes basic items to be addressed and policies. With regard to individual risks related to compliance, environment, disaster, quality, finance, accounting, and information security, the respective departments of each company in charge of risk management establish rules and guidelines, conduct training, and prepare and distribute manuals. To promote cross-group risk assessment and responses, under the supervision of the director in charge of risk management of MITSUI-SOKO HOLDINGS, the Risk Management Division conducts internal audits to mitigate corporate risks.

Risk Management Framework Chart

Initiatives to Address Major Risks

Identification of business and other risks

The Group conducts logistics business globally, mainly in Japan, North America, Europe, Northeast Asia, and Southeast Asia, as well as real estate business in Japan. Matters that may have a significant impact on investors' investment decisions are as shown below.
  • Changes in economic environment
  • Changes in public regulations
  • Changes in industry structure
  • Exchange rate fluctuations
  • Changes in interest rates
  • Increasing importance of ESG
  • Occurrence of disasters and damage to social infrastructure
  • Potential risks from international activities and overseas expansion
  • System-related risks
  • Information leakage risks
  • Dependence on specific customers
  • Changes in market value of owned assets
  • Retirement benefit obligation
  • Impairment of fixed assets
  • Financial covenants for debt cover
  • The above is a specific example of the major risks that could be anticipated as of the date of submission of the Annual Securities Report (June 23, 2023) in connection with the Group's business and other matters, and does not represent all of the Group's risks.

BCP Measures

The Group considers BCP as one of the crucial risk management measures in its business infrastructure, and each company conducts training from reviewing BCP-related documents under the Risk Management Committee. We also promote and improve the BCP for the entire Group, including the formulation of the MITSUI-SOKO Group Hazard Map.

Information Security

We work to protect personal and corporate information by establishing a system for information security management and promoting and reviewing activities and other measures.

Mitsui-Soko Group Basic Policy for Information Security

The Company Group is strongly aware of the fact that the confidential information that the Company Group possesses, customers’ confidential information received from customers, and personal information are information assets that should be protected, it is building an information security management system, and it is implementing and improving the measures stated below in order to maintain that information security management system.
  • Establishment and maintenance of an information security management system
    In order to have the board members and employees (including temporary employees and part-time employees) who use the Company Group’s information assets understand and adhere to the Basic Policy for Information Security, the Company Group will establish an information security management system, and prepare an organization system for the purpose of maintaining that information security management system and a system for conducting risk management.
  • Formulation of security measure standards
    The Company Group will formulate the Regulations for Information Security Management and Detailed Regulations for Information Security Management that stipulate basic requirements and judgment criteria that are necessary for adhering to the Basic Policy for Information Security.
  • Other compliance with related laws and ordinances
    The Company Group will adhere to related laws and ordinances and confidentiality obligations that are stipulated in agreements, formulate voluntary management standards as necessary, and conduct maintenance and management for security. It will also, through agreements, take the necessary measures in order to have external consigned business operators also adhere to the Basic Policy for Information Security, Regulations for Information Security Management and Detailed Regulations for Information Security Management that are stipulated by the Company Group. In addition, for protection of personal information, it will separately stipulate Provisions for Protection of Personal Information and take the necessary measures.
  • Maintenance of promotion organizations and systems
    The Company Group will stipulate a Chief Information Security Officer (CISO), maintain information security management organizations and operation systems, and strive to clarify roles and responsibilities.
  • Education for employees, etc.
    In order to strive to make employees aware of the Basic Policy for Information Security, Regulations for Information Security Management and Detailed Regulations for Information Security Management and improve awareness about information security, the Company Group will formulate and implement education plans related to information security.
July 2, 2019.