Strengthening Risk Management

Basic Concept for Risk Management

The CITIZEN Group is engaged in activities to identify, analyze, and evaluate risks while appropriately addressing and managing them to ensure the achievement of the Group-wide business targets and sound and sustainable development.

The CITIZEN Group considers risk management as a management concept that combines two processes: risk management to prevent crises from occurring and crisis management to minimize risks when crises do occur.

Group Risk Management

Strengthening Group Risk Management

The CITIZEN Group has established a Group risk and crisis management system to consolidate and promptly address risks throughout the Group to promote sustainable management and ensure the achievement of the Group-wide business goals and sustainable development. This system includes sub-committees of the Sustainability Committee that address operational risks in normal times and related ESG risks, as well as committees that address legal and compliance, information security, disaster, and other risks.

The CSR Office of CITIZEN WATCH, which plays a central role in the Group risk and crisis management, cooperates with the departments of CITIZEN WATCH and domestic and overseas Group companies to strengthen Group governance, check the progress of quality compliance enhancement measures and the state of significant risks for the Group, and identify and respond to emerging risks.

ESG risks and materiality risks, like other significant risks, must also be addressed to ensure the Group’s sustainable existence. Therefore, the Sustainability Committee has taken the lead in examining the impact of these risks on the Group and countermeasures for them, and the entire Group is working to foster awareness of risks, including risks specific to each Group company. We are also discussing preventive measures and other measures for emerging risks such as cyber-attacks, information leaks, and revision to laws and regulations overseas, which could have a significant impact on the Group in the medium term.

Group Risk Management Organizational Structure
Figure

Key Initiatives for Significant Risks

In FY2024, we reviewed significant risks that may affect the business of the entire CITIZEN Group and society, and formulated 11 risk fields (accounting/finance, information systems, human resources, general affairs, fair trade, safety assurance trade, intellectual property, environment, information management, CSR, and quality). Going forward, top management will address such risk areas while incorporating the opinions of third-party experts. In addition, we aim for uniform risk management across the Group by sharing information on significant risks common to the Group and risks specific to each Group company to share knowledge and know-how. This includes, for example, incorporating violations of safety considerations for the working environment into Group-wide risks (of human resources field).

In FY2024, among the significant risks, we regard the two items of “environment” and “information management” as the most important risks, and work to identify these risks and strengthen countermeasures for them. Regarding the environment, we will strengthen measures for handling hazardous chemical substances, including the development of a reporting line based on the concept of a process safety management system that aims to thoroughly prevent unexpected leaks and potential problems in the event of large-scale disasters. Regarding information management, in response to the increasing risk of violations of the EU General Data Protection Regulation (GDPR) and personal data protection regulations in each country and region, we will review the event-specific criteria for information security incidents, focusing mainly on leaks of personal information.

FY2024 Group Significant Risks
Field Group Significant Risks
Accounting/Finance Errors and Fraud Risks of Disclosed Information (1) Accounting Standards for Overseas Subsidiaries
Errors and Fraud Risks of Disclosed Information (2) Development of Internal Controls
BEPS compliance / Taxation risk due to transfer pricing
Information Systems Software license violation
Damage caused by business email fraud
Information leakage due to internal fraud
Suspension of operations due to information system outage
Information leakage due to cyber-attacks
Human Resources Violation of laws and regulations concerning foreign technical internship programs and specified skilled workers
Discriminatory treatment regarding nationality, LGBTQ, etc.
Violation of safety consideration obligation
General Affairs Response to business suspension risk (BCM system)
Fair Trade Violation of bribery regulations
Violation of Antitrust Laws
False contracting
Safety Assurance Trade Violation of the U.S. Economic Sanctions Act
Violation of import/export related regulations
Intellectual Property Infringement of intellectual property rights by the Company
Environment Delayed response to climate change
Leakage or spillage of hazardous substances from plant facilities, and environmental violations
Violation of the control of chemical substances contained in products (RoHS, REACH, etc.)
Information Management Violation of privacy regulations including EU General Data Protection Regulation (GDPR), and data breaches
CSR Violation of the Modern Slavery Act
Violation of the California Transparency in Supply Chains Act
Failure to fulfill social responsibilities
Quality Quality compliance violations

Actions Taken Against Group Risks

Response to Crises

In preparation for major crises (natural disasters, terrorism, incidents/accidents, pandemics, etc.) that could occur in various parts of the world, the CITIZEN Group is working to construct a global crisis management system.

To promptly and appropriately collect, judge, and disclose crisis information, the CITIZEN Group has established a system to minimize the impact on its business and stakeholders in the event of a major incident by clarifying reporting standards to CITIZEN WATCH, holding emergency recognition meetings to judge the importance of the incident, and establishing a crisis response headquarters to consider specific responsive measures.

All crisis information, including information related to health, safety, and occupational accidents, is gathered in CITIZEN WATCH's Crisis Office, and reported to the Bimonthly Reporting Meeting for the President, the Executive Committee, and the Board of Directors as appropriate, depending on the severity of risks concerning finance, human damage, or damage to corporate value, etc.

Crisis Report Line

Criteria for notification to Group companies and headquarters functional divisions
Crisis Level
  • IV: Consideration on a case-by-case basis (*serious case involving risks in easy notification)
  • III: Notification on the same day as the report is received
  • II: Monthly summary notification
  • I: No notification required
Figure
  • * Crisis levels are determined in accordance with the Crisis Level Criteria Table (by event/impact), provided separately.

Overseas Safety Management System

Terrorism, political unrest, natural disasters, pandemics, and other unforeseen events around the world can cause significant damage to employees and companies serving abroad. Regarding the overseas safety management of employees, the CITIZEN Group has a system in place whereby the Overseas Safety Management Office constantly keeps track of the whereabouts of business travelers and expatriates of the Group, including those who travel to multiple countries and regions, confirms their safety in the event of an unexpected incident or accident, and provides appropriate instructions according to the situation. The Office also monitors overseas safety information daily while proactively disseminating information to business travelers and expatriates.

Business Continuity Plan (BCP)

To prepare for the case of a major disaster, pandemic, accident, or other event that has a significant impact on management resources and causes or is expected to cause business suspension or interruption, the CITIZEN Group has formulated Business Continuity Plans (BCPs) that defines the systems, roles, and response procedures necessary for business continuity and ensures the continuation of product and service supply or early restoration of operations.

Regarding such established BCPs, we are working on the maintenance of BCPs to deal with issues that become apparent through disaster drills, while aiming to increase their effectiveness and sophistication by adapting to changes in risks.

We are preparing for disaster risk throughout the entire value chain through not only BCPs at production sites but also disaster training at domestic and overseas logistics sites, including fire drills.

In FY2023, CITIZEN WATCH's Office visited each Group company to conduct a fact-finding survey, which was followed by a Group committee meeting to strengthen the system.

FY2024 is the time to review the Group BCP system. To get started, a lecture meeting was held in April, inviting outside experts.

Trade Secret Management

To protect trade secrets, which are information crucial to business activities, the CITIZEN Group promotes management and operations concerning trade secrets and works to share information and address issues through the Group Information Governance Committee. Officers and employee training are also provided to ensure that all employees are fully aware of the importance of trade secret management. In FY2023, the Committee meetings continued to be held, and e-learning courses on trade secrets were conducted at domestic Group companies, with the participation rate of 97.2%. We will continue these activities in the future.

In addition, CITIZEN WATCH receives annual reports on trade secrets from each department within the Company, and internal audits based on the reports are conducted to correct the situation as appropriate. In FY2023, there were no events falling under the category of serious incidents.