We strive to understand and analyze the risks to the Group as a whole and take measures to resolve the issues so that we may continue our business operations and contribute to society.
Risk Management Promotion System
In response to the expansion of global business of the Group, the Global Risk Management Committee (GRMC) was established in April 2015 in order to carry out risk management throughout the entire Group, including overseas Group companies. We have established a risk management committee and risk management team based on this GRMC (e.g. installation of a Risk Management Committee at Suntory Beverage & Foods Ltd., the Global Risk & Compliance Committee at Beam Suntory, and the Risk Management Team at Suntory Beer Ltd.). The objectives of these committees and teams are to identify our risks, execute countermeasures, engage in activities related to the establishment of crisis management systems, and fulfill responsibilities towards customers and other stakeholders,
Enterprise Risk Management (ERM)
The risk surrounding companies is becoming more diverse and complex due to the globalization and informatization of the economy and growing public awareness of corporate social responsibility. Every year, we send out a questionnaire to all Suntory Group companies to determine business, environmental and social risks at each company that could significantly impact all our stakeholders in order to formulate countermeasures. Monitoring is carried out by departments responsible for responding to risks and each risk management committee to reduce and eliminate risks by identifying the priority areas that we should address as an entire Group. In FY2016, we identified and developed measures to counteract risks occurring in each group company; additionally, we identified risks we are exposed to as a group. The results of risk assessment are reported to the Board of Directors.
Establishing Infrastructure for Crises Response
The risks companies face are becoming ever more complex, diverse and significant and the enhancement of risk management is a necessity in management. Therefore it becomes especially important to establish Business Continuity Plan (BCP) based on the estimation of potential damage in case of crisis. The Suntory Group has built an infrastructure to respond to crises by establishing the Risk and Crisis First-Response Manual for each company in Japan and the Major Incident Management Manual for each overseas company. We aim to minimize impact and damage in case of disaster through timely decision-making and sharing information when a major crisis occurs to maintain the trust from society. While enhancing crisis management through these initiatives, we will keep prioritizing the safety and comfort of our customers and other stakeholders, disclose appropriate information, and ensure that every employee has a mindset that allows him or her to act promptly and with integrity.
Building/Strengthening System Platforms of Group Companies in Japan
We continue to organize Risk Management Steering Conferences with the help of departments responsible for risk response at each Group company and Suntory Holdings Ltd. with the goal to build and strengthen the risk management system platforms of Group companies in Japan. We share challenges related to risks and assess the response measures carried out by each company through bilateral discussions.
Business Continuity Plan (BCP) Formulation and Implementation
In recent years there has been a string of unanticipated disasters, including both natural disasters such as major earthquakes, flooding caused by typhoons and torrential rainfall, landslides, heavy snow and volcano eruptions, and the spread of infectious diseases such as new influenza and noroviruses, which continually threaten both society and the economy. The Suntory Group has formulated a Business Continuity Plan (BCP) that will enable us to continue doing business as much as possible without interruption in the event of a disaster, to securely provide high quality products and services to customers, thus fulfilling our responsibilities to provide supplies.
The plan we have formulated goes beyond manufacturing at Suntory Group plants to include raw material procurement and distribution as well as sales activities. We have taken steps to be able to decentralize our head office functions and infrastructure in an emergency and continue to strengthen our response structure to cope with contingencies.
Large-scale Natural Disaster Measures
Establishment of Safety Confirmation System and Emergency Drills
In preparation for natural disasters such as major earthquakes in Japan, we have in place a system that uses mobile phones, PCs, landlines, etc., to confirm the whereabouts and safety of employees.
We hold safety confirmation drills twice a year and work to raise awareness to ensure that the system operates smoothly. We also conduct regular disaster prevention drills based on the scenario of a major earthquake and drills focusing on how to get home from work on foot.
Disaster Response Systems
After a major disaster occurs, our first response procedures entail rapidly establishing a Response Task Force centered on the General Affairs Department of Suntory Holdings Limited, with Response Teams in each division placed under it. The Response Task Force handles all matters including confirming the safety and whereabouts of employees and their families, collection and coordination of disaster-related information, functional recovery of business offices, recovery of information systems, distribution of relief supplies, functional recovery of production, and provision of assistance to clients and the local community. These activities are conducted in line with each division's activity policy. These systems and procedures are made accessible on the Intranet so that employees can review them at any time. Since the Great East Japan Earthquake in 2011, we have revised our response manuals, further fortified our disaster relief stock pile and have strengthened our systems for when a disaster occurs. When the Kumamoto Earthquake struck in April 2016, these systems enabled prompt confirmation of the employees’ safety, assisted the employees in need, and were instrumental during the recovery period.
Measures Against Infectious Diseases
Since the influenza pandemic in 2009, we have been taking measures to avoid the disruption of business operations by creating a manual on response process during a pandemic based on our Influenza Prevention Manual, disseminating information among employees, clarifying reporting system during pandemic, and strengthening measures to prevent the spread of infection. In addition, we created a course of action related to highly pathogenic diseases to handle all diseases (revised 2015). Furthermore, we have established a BCP that enables operations to continue even during a pandemic of highly-virulent influenza or other diseases.
Safety Management for People Sent Overseas
Dealing with the various risks to employees who are sent overseas is a challenge as globalization advances in recent years. In 2013, we launched a system that allows us to consistently understand the situation of people sent from Japan to overseas offices by linking the General Affairs Department and Human Resource Department of Suntory Holdings Ltd. This system is utilized to quickly confirm whether employees sent overseas are safe and to immediately handle any emergencies when they arise.
In regions where malaria, tuberculosis, HIV/AIDS, and other infectious diseases are prevalent, we strive to prevent communicable diseases by taking measures that include awareness raising through the distribution of handbooks and other materials as well as by providing employees with opportunities to consult with industrial physicians about their health at Group companies.
We promote awareness and understanding by establishing guidelines for entertainment and gift-giving in-line with global standards. We have declared the basic approach of the Suntory Group for anti-bribery activities of directors and employees of the Suntory Group worldwide (Anti-Bribery Measures) in 2015 as our response to global enhancement of anti-corruption regulations, such as the Foreign Corrupt Practices Act (FCPA). Each initiative conducted by the Global Risk Management Committee is reported to the Board of Directors. We have formulated a global Anti-Bribery Policy in 2016, which includes new provisions on donations and political contributions in addition to entertainment and bribery.
The Suntory Group’s Code of Business Ethics is a set of rules which do not tolerate any improprieties or unfair practices. The Suntory Group actively works to raise awareness and conduct training related to global anti-bribery policies and guidelines for employees while regularly conducting monitoring. Moreover, we have put in place a global Compliance Hotline to receive reports and consultations. Employees are encouraged to immediately report any corruption cases or actions thought to be corruption.
1.Suntory Group, as a global group, is firmly committed to compliance with applicable anti-corruption laws and regulations around the world.
2.All Suntory employees worldwide are prohibited from giving or receiving bribes in any form, directly or indirectly, to anyone (public officials and private counterparties).
3.Suntory Group is committed to providing employees with clear guidelines such as Gifts, Entertainment and Hospitality.
4.Suntory Group is committed to maintaining accurate books and records and appropriate internal accounting controls systems, which shall be audited periodically by our independent auditors.
5.Suntory Group will communicate its compliance objectives, including how seriously it takes ethical conduct and compliance, to its employees, business partners, agents and other third parties.
6.Suntory Group will provide its employees comprehensive compliance and prevention of corruption training programs.
7.Suntory Holdings is committed to enhancing centralized monitoring processes worldwide.
8.Suntory Group wants and expects violations and concerns to be reported and will take action to investigate any complaints.
9.Suntory Group will provide employees with the resources to help them with compliance.
Risk Assessment for Corruption
The Suntory Group openly communicates about its due diligence processes and the nature of relationships with its business partners; the Group builds efficient risk management system that includes due diligence of its business partners. If a given business area or a transaction appear to have high risk of corruption, we take decisive actions to mitigate the risk in this business area or a transaction.
Tightening Information Security
We are tightening information security systems in the entire Group to respond to information security risks, which are one of the most serious risks in operations. Global security policies were also formulated in an effort to enhance informational security at a global level.
Strengthening Information Security Systems
Suntory has established governance through preservation and systems for informational assets by defining the Suntory Group’s Basic Principles for Governance of Information Security based on the growing needs of society that demand even stricter management of corporate information security.
We formulated the Suntory Group's Social Media Policy that stipulates the usage approach to social media in Japan (such as Facebook, Twitter, Line, etc.) to respond to risks such as information leak through social media with a very high and constantly growing number of users. We are reinforcing the awareness of each and every employee in the handling of information while advancing the information management of the entire Group based on these policies.
Suntory Group Information Security Basic Policy
Our information assets are a source of the Suntory Group’s competitiveness. During our strategic usage and application of such assets, we must be worthy of our customers’ trust in us and fulfill our corporate social responsibility. Thusly, we have identified the appropriate safeguarding of information assets as being an important management challenge, and have instituted the following basic policy, which promotes information security governance.
-By maintaining a chain of responsibility for information security and by formulating and enforcing rules on the handling of information, we will strive for appropriate management as one group.
-By specifying how the information assets that we possess should be handled in accordance with their importance and any risks, we will strive for their secure and proper use and their appropriate safeguarding.
-We will conduct the ongoing education and training of our directors, all employees, and other personnel, and we will commit to awareness-raising regarding this issue and ensure full compliance with rules related to information security.
-We will strive to prevent information security incidents, and in the unlikely event that such an incident occurs, we will swiftly take action to recover and implement corrective measures.
-While complying with laws and regulations in every country we operate in related to information assets, we will continuously improve and enhance the abovementioned information security policies.
Strengthening of Human Resource and Legal Management
We have established rules and regulations for the use of information systems and the management of confidential information, and we are raising awareness of that information via our intranet. Moreover, we are raising Group awareness to the fullest at each Group company in Japan through the following measure:
-Improve information management systems that are based on vulnerability analysis
-Introduce e-learning and study sessions to increase awareness of the importance of information security and the handling of information
-Establish rules related to using social media and introduce study sessions for employees
-Conduct training related to targeted email attacks that are growing year after year
-Work with members under the guidance of risk management control supervisors and leaders at each company
In 2016, Suntory put in place the Computer Security Incident Response Time (CSIRT) as a specialized organization to response to computer security incidents in an effort to prevent informational security incidents and strengthen its response in times of disasters as a Group.
Strengthening of Physical and Technological Management
Suntory has adopted an entry-exit management system that uses security cards at the Odaiba office, Osaka office and each of our other business sites.
We are also strengthening the management of access to information systems throughout the Group via authentication functions that use security cards and passwords.
In addition, to prevent information leak, we put in place preventative measures for overwriting data on information recording mediums and established systems (automated encryption) to safely store vital information (personal/confidential information). We adopted other measures that include measures to disable automatic forwarding of emails, unauthorized access from outside the company as well as setup and monitoring of a firewall to prevent attacks.
Initiatives for SNS Risks
Individuals can now easily distribute information with the rapid popularity of social media (SNS). However, we see the instances when negative information spreads widely through SNS and damages corporate value.
The Suntory Group is conducting activities to make employees more sensitive to SNS risks (awareness raising through e-learning, seminars and an SNS usage guidebook, etc.) by formulating various standards and guidelines for use of SNS, discovering risks as early as possible, and launching response systems to lessen the SNS risks.
Support of the My Number System
We have put in place measures to properly manage personal information safely at each Group company as deemed necessary for identifiable personal information (My Number System) introduced in 2016. We have confirmed that our subcontractors have put these measures in place as well.
Protecting Customers’ Personal Information
Each company in Suntory Group stores personal information of many customers such as of those that applied for product sales promotion campaigns and customers using mail-order of health foods, etc. The Suntory Group works to protect personal information of the entire Group according to the Act on the Protection of Personal Information and Guidelines to protect important customer information.
Employee Education on Personal Information Protection
We hold e-learning and study sessions for all of the employees in the Group to disseminate the importance of personal information protection. We conducted more focused information security education in departments that directly handle personal information.
Sales Promotion Campaign History Management System
All processes from acquiring information to deleting records are managed through Campaign History Management System upon signing non-disclosure agreement with subcontractor for sale promotion campaigns that collect customers’ address, name and other personal information. In addition, personal information that requires being stored is centrally managed in dedicated database in-house to protect customers’ information.
Information Management of Mail-order Customers
Information of mail-order customers at Suntory Wellness Ltd. are centrally managed in a dedicated closed system in communication management center in which access is strictly managed using the finger vein recognition system.
Initiative on Intellectual Property Rights
We are increasing the importance of intellectual assets each year by raising awareness about intellectual assets for society and introducing several measures through the government. The Suntory Group has established an Intellectual Property Department focused on patents as a division that supervises intellectual property as well as a Trademark Office focused on trademarks and corporate guidelines.
Utilization of Intellectual Property
Suntory acquires and utilizes results of product and technological research and development as intellectual property and promotes activities to continuously provide highly value added products unique to Suntory Group. In addition, we implement an incentive scheme based on Invention Regulation in the Group to promote and utilize employee inventions.
Respecting Intellectual Property of Others
While utilizing intellectual properties, we collect information closely with the site of research and development to avoid violating intellectual property owned by others. For example, upon adopting new technology, we survey if a patent is owned by others. Furthermore, when adopting a product name, we survey whether or not it is registered as a trade name and refer to the opinions of experts to decide whether the names are similar.