Tokuyama sees internal control as the basis for CSR and works to strengthen corporate governance in order to further increase the confidence of stakeholders and enhance corporate value. For details, please refer to Corporate Governance (About Tokuyama).
Tokuyama manages risk through the Risk Management and Compliance Committee, which operates under the CSR Promotion Council. It also has expert committees focused on risk management and compliance in seven critical and specialized areas to ensure management through the deliberation of key issues. The Company has designated a unit responsible for regulations concerning management of the risk of loss and conducts activities based on the management regulations. It also works to mitigate compliance risk by establishing management systems for understanding important laws and regulations that are relevant to business execution and keeping track of trends in amendments to these laws and regulations. The Company also has established a business continuity plan (BCP) and other measures in order to ensure an appropriate response for the type and severity of any crisis.
Tokuyama understands "compliance" to have a broad meaning, including not only compliance with laws and internal rules but also behaving sensibly in a manner that conforms with corporate ethics and meets social expectations. To communicate and spread awareness of compliance throughout the Group, the Company has put together a handbook presenting the Tokuyama Group Code of Conduct, the responsibilities of Senior Management under the Tokuyama Group Code of Conduct, and the Tokuyama Group's Five Conscience Clauses. It is distributed to all Group employees.
Compliance Education & Training
To reduce compliance risk, Tokuyama provides training on legal obligations for new directors and auditors of Group companies and a variety of compliance training programs for employees. In 2019, these training programs were held on 57 occasions. The Company also implemented e-learning programs for managers focused on preventing workplace harassment and covering the basics of socially responsible management and its proactive CSR initiatives.
An internal helpline has been established to enable safe, anonymous reporting and consultation regarding compliance violations involving the Tokuyama Group (including potential violations) without fear of unfavorable treatment. Reporting and consultation can be carried out by post, email, or phone. Eight reports were made in 2019, and all were addressed satisfactorily. The helpline is operated with due consideration for the protection of whistleblowers. Employees can use the helpline without disclosing their name or department to the Company, and women are able to consult with a female attorney.
Information security policy
Security incidents, such as cyber-attacks and unauthorized access, present serious risks to internal control system and have the real potential to compromise business continuity and adversely impact society’s trust in a company. The Tokuyama Group therefore considers responses to information security risks and cyber security risks (hereinafter referred to as “security risks”) as important management issues common to the entire Group and makes concerted efforts to reduce these security risks.
Development of a security risk management structure
Tokuyama shall establish an organizational structure and internal rules for security risk management capable of handling normal operations and emergencies, in order to address any security incidents that could potentially arise at the company, Group companies, or in the supply chain, as and when they occur. In addition, management shall ensure the effectiveness of the security risk management system by gaining a full understanding of security risks before they occur and appropriately allocating management resources, such as securing and training personnel with appropriate skills, and allocating the necessary budget.
Implementation of security risk management
Recognizing that changes in the business environment and the adoption of new technologies give rise to new security risks, Tokuyama regularly assesses the security risk management status of all Group companies and comprehensively implements security risk countermeasures as and when appropriate, and ensures the effectiveness of such countermeasures.
Compliance with laws, ordinances and regulations
Tokuyama complies with security risk-related laws, ordinances and guidelines, and ensures the effectiveness of security risk management.
Education and training
Tokuyama provides the necessary education and training to enable Group employees (including, where necessary, those involved in the supply chain) to recognize the importance of security risk management, and to engage in appropriate use and management of the internet, cloud services, and information devices, etc.
Detection and response to security incidents
In order to minimize the damage caused by a security incident, Tokuyama makes efforts to detect security incidents and signs of security incidents at an early stage, and in the event that a security incident is detected or identified, appropriate response measures are taken immediately, and appropriate measures to prevent reoccurrence are taken after the incident is resolved.