The Suntory Group strives to understand and analyze the risks to the Group as a whole and take measures to resolve the issues so that we may continue our business operations and contribute to society.
In response to the expansion of global business of the Group, the Global Risk Management Committee (GRMC) was established in April 2015 in order to carry out risk management throughout the entire Group, including overseas Group companies. Under the GRMC, risk management committees and risk management teams have been established at each operating company (Risk Management Committee at Suntory Beverage & Foods Ltd., the Global Risk & Compliance Committee at Beam Suntory, and the Risk Management Team at Suntory Spirits Ltd.). The objectives of these committees and teams are to identify our risks, execute countermeasures, engage in activities related to the establishment of crisis management systems, and fulfill responsibilities towards customers and other stakeholders,
Enterprise Risk Management (ERM)
The risk surrounding companies is becoming more diverse and complex due to the globalization and informatization of the economy and growing public awareness of corporate social responsibility. Every year, the Suntory Group assess the materiality of important business risks, including environmental issues such as climate change and social issues such as human rights, and defines risks that may have a significant impact on our stakeholders, in order to take specific countermeasures against those risks. Monitoring is carried out by departments responsible for responding to risks and each risk management committee to reduce and eliminate risks by identifying the priority areas that we should address as an entire Group. Since 2016, we have been identifying and developing measures to counteract risks occurring in each group company. Additionally, we identify risks we are exposed to as a group. The results of risk assessment are reported to the Board of Directors.
Establishing Infrastructure for Crises Response
The risks companies face are becoming ever more complex, diverse and significant and the enhancement of risk management is a necessity in management. Therefore it becomes especially important to establish Business Continuity Plan (BCP) based on the estimation of potential damage in case of crisis. The Suntory Group has built an infrastructure to respond to crises by establishing the Risk and Crisis First-Response Manual for each company in Japan and the Major Incident Management Manual for each overseas company. We aim to minimize impact and damage in case of disaster through timely sharing information and decision-making when a major crisis occurs to maintain the trust from society.
Building/Strengthening System Platforms of Group Companies in Japan
We continue to organize Risk Management Steering Conferences with the help of departments responsible for risk response at each Group company and Suntory Holdings Ltd. with the goal to build and strengthen the risk management system platforms of Group companies in Japan. We share challenges related to risks and assess the response measures carried out by each company through bilateral discussions.
Business Continuity Plan (BCP) Formulation and Implementation
In recent years there has been a string of unanticipated disasters, including both natural disasters such as major earthquakes, flooding caused by typhoons and torrential rainfall, landslides, heavy snow and volcano eruptions, and the spread of infectious diseases such as COVID-19 since early 2020, new influenza and noroviruses, which continually threaten both society and the economy. The Suntory Group has formulated a Business Continuity Plan (BCP) that will enable us to continue doing business as much as possible without interruption in the event of a disaster, to securely provide high quality products and services to customers, thus fulfilling our responsibilities to provide supplies.
The plan we have formulated goes beyond manufacturing at Suntory Group plants to include raw ingredient procurement and distribution as well as sales activities. We have taken steps to be able to decentralize our head office functions and infrastructure in an emergency and continue to strengthen our response structure to cope with contingencies.
Large-scale Natural Disaster Measures
Establishment of Safety Confirmation System and Emergency Drills
In preparation for natural disasters such as major earthquakes in Japan, we have in place a system that uses mobile phones, PCs, landlines, etc., to confirm the whereabouts and safety of employees.
We hold safety confirmation drills twice a year and work to raise awareness to ensure that the system operates smoothly. We also conduct regular disaster prevention drills based on the scenario of a major earthquake and drills focusing on how to get home from work on foot.
Disaster Response Systems
In the event of a large-scale disaster, we will provide a quick initial response by setting up a task force, mainly consist of the General Affairs Department of Suntory Holdings Limited and the Corporate Management Division of Suntory Beverage & Food Limited, to oversee the entire Suntory Group, and placing emergency response teams for each department under its control. The initial response of the task force will begin with confirming the safety of employees and their families and collecting and organizing information on damage from a disaster. The task force will also oversee the “restoration of office functions” “restoration of information systems”, and the “arrangement of relief supplies,” which will be carried out according to the action policies of each department, while also "restoring production operations" and "supporting customers and local communities.” These systems and procedures are posted on the intranet so that employees can review them at any time. We have regularly reviewed our disaster response manuals, enhanced communication means and disaster supplies, and strengthened our disaster preparedness system, including that of our group companies. In addition, given the increasing number of people working from home amid the coronavirus pandemic, the task force has also a remote response system in place to ensure a prompt and appropriate initial response in the event of an emergency, in line with global circumstances.
Measures Against Infectious Diseases
Since the influenza pandemic in 2009, we have been taking measures to avoid the disruption of business operations by creating a manual on response process during a pandemic based on our Influenza Prevention Manual, disseminating information among employees, clarifying reporting system during pandemic, and strengthening measures to prevent the spread of infection. In addition, we created a course of action related to highly pathogenic diseases to handle all diseases (revised 2015). Furthermore, we have established a BCP that enables operations to continue even during a pandemic, highly-virulent influenza or other diseases.
New Coronavirus Countermeasures
We have established a New Coronavirus Task Force, which places the highest priority on employee safety, consolidates information on a disaster’s impact on our supply chain and business performance, and quickly makes decisions and implements countermeasures. The system and environment that allows employees to work from home was in place before the coronavirus outbreak, enabling employees to work from home smoothly even during the pandemic. To ensure safety and security of employees working on site, we have implemented measures such as the installation of thermometers, acrylic boards, and disinfectant in various locations. In 2021 and 2022, a total of 3 vaccinations will be conducted for employees, cooperating companies, and their families. Since the 7th wave in 2022, we have been gradually reviewing infection control measures, lifting restrictions on business trips and going to work, as well as restrictions on the number of people who can have dinner together. In order to change to Category 5 in the future, we plan to review infection control measures such as wearing masks and change the response to infection in accordance with government policy.
Safety Management for Overseas Business Travel
As globalization continues to progress, safety management for overseas business travelers has become a major challenge. In 2013, Suntory Holdings Limited launched a system that allows the company to centrally keep track of all employees traveling from Japan to overseas countries on business. Furthermore, in 2017, we introduced a group-wide infrastructure system that enables centralized management of overseas business trip arrangements, applications, and post-business trip reimbursement, to confirm the safety of employees on overseas business trips in a short period of time.
For Group companies in regions with high incidence of malaria, tuberculosis, HIV/AIDS, and other infectious diseases, we distribute handbooks and other materials to raise awareness of these diseases and provide opportunities for health consultations with industrial physicians to prevent infection among employees stationed in or visiting on business such places. In order to prevent the spread of the new coronavirus infection and to prevent infection, overseas business trips that had been postponed have been resumed after confirming the infection status of the business trip destination and complying with the entry rules of each country and the rules when returning home.
We promote awareness and understanding by establishing guidelines for entertainment and gift-giving in-line with global standards. We have declared the basic approach of the Suntory Group for anti-bribery activities of directors and employees of the Suntory Group worldwide (Anti-Bribery Measures) in 2015 as our response to global enhancement of anti-corruption regulations, such as the Foreign Corrupt Practices Act (FCPA). Each initiative conducted by the Global Risk Management Committee is reported to the Board of Directors. We have formulated a global Anti-Bribery Policy in 2016, which includes new provisions on donations and political contributions in addition to entertainment and bribery. The Suntory Group’s Code of Business Ethics is a set of rules which do not tolerate any improprieties or unfair practices. The Suntory Group actively works to raise awareness and conduct training related to global anti-bribery policies and guidelines for employees while regularly conducting monitoring. Moreover, we have put in place a global Compliance Hotline to create and utilize a system for receiving reports and carrying out consultations.
Employees are encouraged to immediately report any corruption cases or actions thought to be corruption.
1.Suntory Group, as a global group, is firmly committed to compliance with applicable anti-corruption laws and regulations around the world.
2.All Suntory employees worldwide are prohibited from giving or receiving bribes in any form, directly or indirectly, to anyone (public officials and private counterparties).
3.Suntory Group is committed to providing employees with clear guidelines such as Gifts, Entertainment and Hospitality.
4.Suntory Group is committed to maintaining accurate books and records and appropriate internal accounting controls systems, which shall be audited periodically by our independent auditors.
5.Suntory Group will communicate its compliance objectives, including how seriously it takes ethical conduct and compliance, to its employees, business partners, agents and other third parties.
6.Suntory Group will provide its employees comprehensive compliance and prevention of corruption training programs.
7.Suntory Holdings is committed to enhancing centralized monitoring processes worldwide.
8.Suntory Group wants and expects violations and concerns to be reported and will take action to investigate any complaints.
9.Suntory Group will provide employees with the resources to help them with compliance.
Risk Assessment for Corruption
The Suntory Group openly communicates about its due diligence processes and the nature of relationships with its business partners and builds efficient risk management system that includes due diligence of its business partners. If a given business area or a transaction appear to have high risk of corruption, we take decisive actions to mitigate the risk in this business area or a transaction.
Tightening Information Security
We are tightening information security systems in the entire Group to respond to information security risks, which are one of the most serious risks in operations. Global security policies were also formulated in an effort to enhance informational security at a global level.
Strengthening Information Security Systems
Suntory has established governance through preservation and systems for informational assets by defining the Suntory Group’s Basic Principles for Governance of Information Security based on the growing needs of society that demand even stricter management of corporate information security.
We formulated the Suntory Group’s Social Media Policy that stipulates the rules for using social media in Japan (including social networking service (SNS) such as Facebook, Twitter, Line, etc.) to respond to the risk of information leaks. We are reinforcing the awareness of each and every employee in the handling of information while advancing the information management of the entire Group based on these policies.
Suntory Group Information Security Basic Policy
Our information assets are a source of the Suntory Groupp’s competitiveness. During our strategic usage and application of such assets, we must be worthy of our customersp’ trust in us and fulfill our corporate social responsibility. Thusly, we have identified the appropriate safeguarding of information assets as being an important management challenge, and have instituted the following basic policy, which promotes information security governance.
-By maintaining a chain of responsibility for information security and by formulating and enforcing rules on the handling of information, we will strive for appropriate management as one group.
-By specifying how the information assets that we possess should be handled in accordance with their importance and any risks, we will strive for their secure and proper use and their appropriate safeguarding.
-We will conduct the ongoing education and training of our directors, all employees, and other personnel, and we will commit to awareness-raising regarding this issue and ensure full compliance with rules related to information security.
-We will strive to prevent information security incidents, and in the unlikely event that such an incident occurs, we will swiftly take action to recover and implement corrective measures.
-While complying with laws and regulations in every country we operate in related to information assets, we will continuously improve and enhance the abovementioned information security policies.
Strengthening of Human Resource and Legal Management
We have established rules and regulations for the correct use of information systems and the management of confidential information, and we are raising awareness of that information via our intranet. Moreover, we are raising Group awareness to the fullest at each Group company in Japan through the following measure:
-Improve information management systems that are based on vulnerability analysis
-Introduce e-learning and study sessions to increase awareness of the importance of information security and the handling of information
-Establish rules related to using social media and introduce study sessions for employees
-Conduct training related to targeted email attacks that are growing year after year
-Work with members under the guidance of risk management control supervisors and leaders at each company to improve IT literacy
In 2016, Suntory put in place the Computer Security Incident Response Time (CSIRT) as a specialized organization to response to computer security incidents in an effort to prevent informational security incidents and strengthen its response in times of disasters as a Group.
Strengthening of Physical and Technological Management
Suntory has adopted an entry-exit management system that uses security cards at the Odaiba office, Osaka office and each of our other business sites.
We are also strengthening the management of access to information systems throughout the Group via authentication functions that use security cards and passwords.
In addition, to prevent information leak, we put in place preventative measures for overwriting data on information recording mediums and established systems (automated encryption) to safely store vital information (personal/confidential information). We adopted other measures that include measures to disable automatic forwarding of emails, unauthorized access from outside the company as well as setup and monitoring of a firewall to prevent attacks.
Initiatives for Minimizing Social Media Risks
Individuals can now easily distribute information with the rise in popularity of social media. However, we see the instances when negative information spreads widely through social media and damages corporate value.
The Suntory Group is conducting activities to make employees more sensitive to social media risks (awareness raising through e-learning, group seminars and promoting use of various education tool, etc.) by formulating various standards and guidelines for use of social media, discovering risks as early as possible, and launching response systems to lessen the social media risks.
Support of the My Number System
We have put in place measures to properly manage personal information safely at each Group company as deemed necessary for identifiable personal information (My Number System) introduced in Japan in 2016. We have confirmed that our subcontractors have put these measures in place as well.
Protecting Customers’ Personal Information
Each company in Suntory Group stores personal information of many customers such as of those that applied for sales promotion campaigns and customers using mail-order of health and wellness foods, etc. The Suntory Group works to protect personal information of the entire Group according to the Act on the Protection of Personal Information and Guidelines to protect important customer information.
Employee Education on Personal Information Protection
We hold e-learning and study sessions for all of the employees in the Group to disseminate the importance of personal information protection. We conducted more focused information security education in departments that directly handle personal information.
Sales Promotion Campaign History Management System
All processes from acquiring information to deleting records are managed through Campaign History Management System upon signing non-disclosure agreement with subcontractor for sales promotion campaigns that collect customers’ address, name and other personal information. In addition, personal information that requires being stored is centrally managed in dedicated database in-house to protect customers’ information.
Information Management of Mail-order Customers
Information of mail-order customers at Suntory Wellness Ltd. are centrally managed in a dedicated closed system at communication management center in which access is strictly managed using the finger vein recognition system.
Initiative on Intellectual Property Rights
The importance of intellectual property is increasing year after year along with the rising social awareness on intellectual property rights and recent movement on Government’s measures and programs for the same. The Suntory Group has established the Intellectual Property Department mainly focusing on patents as well as the Trademark Department focusing on trademarks and our corporate brand “SUNTORY”, as divisions supervising our intellectual property rights of the Suntory Group.
Utilization of Intellectual Property
Suntory acquires and utilizes the outcome of research & development and design activities in connection with our product, service and technology as intellectual property and promotes our corporate activities to continuously provide highly value-added products unique to Suntory Group, which is symbolized by our “Yatte Minahare” spirit. In addition, based on our founders’ spirit “Giving back to society,” we proactively utilize such intellectual property in our sustainability activities and collaborative activities with various stakeholders for cohabitating in our society and solving social problems. Throughout such utilization of intellectual property, we strive to maximize the brand value of ”SUNTORY” as well as our product and service. We implement an incentive scheme based on Invention Regulation in the Group to promote and utilize employee inventions.
Respecting Intellectual Property of Others
While utilizing intellectual properties, we collect information upon working closely with the site of research & development, designing and marketing activities in order not to infringe intellectual property owned by others. For example, upon adopting new technology, we survey whether or not there is a patent owned by others in connection with such new technology. Furthermore, when adopting a new product name, we conduct whether or not it is registered as a trademark owned by others. We sometimes collaborate with the experts to judge whether our use of new technology and names are legally correct and appropriate.