CSR activity report
Improve and maintain governance structures by further disseminating an open, fair and clear corporate culture.
Aim for zero cases of misconduct and major legal violations by disseminating an open, fair and clear corporate culture.
Outline of Activities in FY2019
- Revised Fujifilm Group Charter for Corporate Behavior and Code of Conduct, and the related policies such as Environment Policy, and Procurement Policy.
- Provided the programs worldwide through e-learning courses according to revision of the Charter for Corporate Behavior and Code of Conduct
- Conducted the Fujifilm Group Harassment Awareness Survey in Japan. Reported the results on our intranet.
- Held the training program on compliance for our employees in Japan.
- Published the training materials for 2018 disaster prevention education (e-learning) on our intranet.
- Offered for sale of stockpiles to prepare for an emergency at FUJIFILM COOP in the Group
Outline of Activities in FY2018
[Target] Develop a governance organization for the entire Fujifilm Group and reinforce the business management process.
- Increased the number of independent outside directors to four to augment deliberations by the Board of Directors and improve transparency of management decision-making by using an independent outside director.
- Established the Nomination and Remuneration Advisory Committee chaired by an independent outside director as an arbitrary advisory body to the Board of Directors.
[Target] Improve compliance awareness across the entire global Group and reinforce risk management.
Revised the Fujifilm Group Charter for Corporate Behavior and Code of Conduct.
Follow-up investigation on the FY2017 compliance awareness survey ⇒ No major issues.
Implemented training programs for risk managers at several overseas regional headquarters.
Introduced the information security reporting system globally.
Implemented disaster prevention education and training to prepare for a wide-area disaster.
[Target] Maintain a fair and independent audit and improve the audit quality level.
Established methods for analysis of financial data and work record etc. as well as an e-mail forensics mechanism; all of which have already been deployed in domestic audits and have led to improving audit completeness and objectivity.
Future Activities and Targets
Strengthen consolidated management of compliance activities by operating companies FUJIFILM & FUJIFILM Business Innovation under an FH initiative and by execution of measures aimed at further improving compliance awareness among all employees.
Enhance deliberations by the Board of Directors and improve transparency of management decisionmaking.
Revision of Charter for Corporate Behavior and Code of Conduct
Covering SDGs, human rights, risk management and other issues in response to changes in the global situation
The Fujifilm Group believes a business corporation as an entity that provides value to society through its business activities and earns profits as fair compensation for its efforts. At the same time, we believe we must function as a member of society to contribute to sustainable development. In view of the ever-growing influence and importance of the role companies must fulfill in society, we introduced in 2017 the Sustainable Value Plan 2030 (SVP 2030) to meet the expectations of society. Furthermore, we have taken action in face of the changing demands of society and revised our Charter for Corporate Behavior and Code of Conduct in April 2019 to clarify how each employee should behave and act in business. The key is our declaration to “make an active contribution to resolving social issues through innovation.” It urges each and every employee to take on their assigned role in the face of many social issues and tackle innovative challenges with the aim of creating the sustainable society envisioned under SVP 2030. Additionally, it communicates to all employees that business activities must be conducted with “an open, fair and clear corporate culture” and explicitly states that compliance is the key to a company continuing to be needed and trusted by society.
To promote greater understanding of the Charter for Relationship between the Fujifilm Group Corporate Philosophy and Vision and the Charter for Corporate Behavior and Code of Conduct
Corporate Behavior and Code of Conduct, education programs will be implemented in a total of 24 languages so that they can reach all the employees in the Fujifilm Group worldwide.
Reinforcement of Governance
Improved audit capabilities through consolidation of audit organizations and introduction of advanced IT-based audit methods
In September 2017, FUJIFILM Holdings established its Global Audit Division, consolidating the existing audit organizations in each Group company, to create a system for the direct auditing of consolidated subsidiaries. This has led to the centralization of information at each company, swift reporting of action, effective utilization of auditing human resources scattered across the Group and other benefits that led to the auditing of all 300 companies in the Group in three years.
In addition, the Audit Planning Group was established to introduce new auditing methods utilizing IT. One such method is the e-mail forensics system, which is very often outsourced to external service providers in an emergency but not in a normal internal audit. At FUJIFILM Holdings, however, the original system was developed internally, utilizing our own AI and other internal systems. This led to analysis that combined more detailed internal data and produced greater accuracy, making it possible to detect problems and signs of wrongdoing as well as to save costs through internal development. The system has already been implemented at sites in other countries as well as in Japan, and we are going to expand its application in the future.
Disaster Prevention Training
Training conducted to raise disaster prevention awareness among all employees
Fujifilm implements various activities to raise disaster prevention awareness in each and every employee. In FY2018, the first e-learning program for disaster prevention was implemented for all employees. Each participant studies for approximately 15 minutes to solidify their knowledge of disaster prevention, including the “basic information of disaster” and “the importance of preparation at home” through their responses to a Q&A checklist. Additionally, stockpiles to prepare for an emergency are being offered for sale at corporate cooperative unions in the Group. They come in the form of “original sets” consisting of foodstuffs, drinking water and supplies needed in an emergency. The items were selected by employees who experienced the Great East Japan Earthquake and the Kumamoto Earthquake. Each set comes with a service notifying the purchaser of the expiration date of the set six months in advance.
We will continue disaster prevention activities, based on the conviction that the safety and security of the lives of employees and their families will lead to the company’s early recovery and business continuity in the event of a disaster.
Compliance and Risk Management
Fujifilm Group Compliance and Risk Management Promotion Structure
Charter for Corporate Behavior and Code of Conduct
In step with changes in social conditions and our business operations, the Fujifilm Group has revised its Charter for Corporate Behavior and Code of Conduct and has disseminated the changes made to its employees.
In April 2019, revisions were made from a perspective more global in scale than previously, in step with the changes in our policy on corporate social responsibility taking place in recent years. To ensure that our employees have an accurate understanding of the changes, the Charter and the Code of Conduct were translated into 23 languages and disseminated in 24 languages through the entire Group.
To establish compliance awareness widely among its employees, the Fujifilm Group has been organizing annual training courses on the Fujifilm Charter for Corporate Behavior and Code of Conduct since fiscal 2019. At the same time, we ask all employees to pledge compliance with “understand, observe and act” in accordance with the provisions set out in the Charter and the Code of Conduct.
Additionally, workplace discussions are organized on a regular basis for employees in each workplace for exchanges on concrete issues related to compliance and risks that are closer to home for them, such as harassment and preventing misconduct.
Training is also conducted for specific job levels and functions to ensure that the necessary information is disseminated to those who require it and comprehensive compliance is implemented.
|All employees||Charter for Corporate Behavior and Code of Conduct and declaration of compliance (Global)||Gaining a greater understanding of the Charter for Corporate Behavior and Code of Conduct
Declaration of understanding, complying with and behaving according to the Code of Conduct
|Compliance in general (Prevention of misconduct, prevention of harassment, whistle-blowing, etc.)||Application of the Charter for Corporate Behavior and Code of Conduct to concrete behavior in compliance|
|Information security||Acquire a correct understanding of the information security rules and prevent leaks of confidential information|
|New employees(New executive officers,new managerial personnel, new general employees)||Compliance and risk management in general||Establish awareness of compliance and risk management pertaining to each employee's job level and function, to assure appropriate behavior.|
|Officers in charge of compliance/risk management at each organization||Risk management in general Handling harassment inquiries and current topics on information security, etc.||Promotion and guidance on compliance/risk management activities in each organization, in accordance with the groupwide policy.|
|Managerial personnel and general employees of organizations to be strengthened||Program content focused on key points in preventing misconduct, workplace discussions, preventing harassment, etc.||Education and training focused on key points to be strengthened in each organization, to ensure deeper knowledge and greater awareness and improvement|
- Training on the Charter for Corporate Behavior and Code of Conduct revised in April 2019 and request for pledge of compliance were implemented for approximately 80,000 global employees. They have been completed for 99% of the global workforce by the end of March 31, 2020.
- In January and February 2020, we held training programs for employees to learn about compliance and risk management, including workplace discussions about identifying potential risks and their countermeasures. The programs were provided for all 47,000 employees in Japan, and with a 94% attendance rate.
- The workplace discussions have been held only in Japan. To expand them to overseas Group companies, the first session was provided to managers in the US under the theme of misconduct prevention.
- We provided training programs about compliance and the mindset of a corporate person for our new employees in April 2019. In January 2020, another training programs about compliance and risk management from the managerial viewpoint was held for new managers.
- In September 2019, risk management officers in each Group company joined training programs to learn about the Group’s priority risk issues, the appropriate attitude as an responsible officer, and information security.
Compliance Awareness Survey
The Fujifilm Group conducts regular awareness surveys to examine the degree of awareness of compliance and comprehension among employees and to review the effectiveness of the Code of Conduct. The survey results are reported to the Board of Directors, ESG Committee and top management at each company. At the same time, feedback is given to various organizations and all employees for training purposes and measures are implemented in each organization to maintain and upgrade compliance awareness and prevent violations.
- Compliance awareness surveys (global): Conducted in alternate years Objective: Examine the level of dissemination of awareness and comprehension of compliance in general
- Harassment awareness survey (Japan): Conducted in alternate years Objective: Examine the level of comprehension of harassment and current conditions
Whistle-Blowing Office and Consultation Office
The Fujifilm Group has a separate whistle-blowing system. One is in FUJIFILM Holdings that can be accessed directly by all Fujifilm Group employees across the world (consultation available in Japanese, English and other 23 languages), and the other enables employees to report to each regional headquarter.
Anonymous reporting is possible to the various reporting systems. Privacy of the reporting person is protected by the regulations, to ensure that the person does not suffer any discrimination as a result of the report. We are promoting this whistle-blowing system among all employees through posters and the intranet to ensure that they can make contact whenever necessary.
The offices handle each report and consultation promptly and appropriately to lead to a resolution. In the case that a possible infringement of the Code of Conduct becomes known through whistle blowing or an internal audit, a compliance division takes responsibility for factual investigation and making an appropriate response.
For external stakeholders, we provide “Contact Sustainability” form on our official website to listen to the feedbacks on our sustainability activities including those related to human rights from the public at large, both anonymously and otherwise. All complaints and suggestions will be considered and handled appropriately after investigating the facts.
Whistle-blowing and consultation results
- Number of whistle-blowing reports and consultations in fiscal 2019: 136 (112 in Japan and 24 in overseas) Among the whistle-blowing reports and consultations received, issues related to human relationships, personnel and labor affairs and harassment accounted for 60% of the total. We have handled each case appropriately. There have been no incidents that could lead to a serious situation for the Group.
- In fiscal 2019, we did not experience any critical violation of Code of Conduct that we needed to make public.
Risk Prevention Activities
Under the risk management regulations of Fujifilm Group, we identify issues for risk prevention and take action in the event of a risk incident.
To strengthen our risk prevention activities, especially in normal circumstances, we implement the following process every year on a global scale, covering all companies controlled by FUJIFILM Holdings, to identify the risks at each company and develop action plans to address them.
Risk Extraction and Process for Establishing an Action Plan
Priority risks in FY2019
Please refer to the Yuka Shoken Hokokusho (Securities Report) for risk issues not listed below.
|Risk item||Reason for selection||Countermeasures|
Personal data management
In the face of the growing reinforcement of local regulations in each country, the effects of violations and information leaks are growing. Therefore, more comprehensive management is necessary.
In response to the expansion of ICT in products, services and manufacturing, enhancement of our conventional system is necessary.
Compliance of healthcare business (Securing ethics and transparency)
In the healthcare business, ethical conduct and transparency are requested by the regulation authorities in each country. Meeting social requirements as well as compliance with laws and regulations are necessary.
Eliminating misconducts and fraud
Incidents are declining; however, more comprehensive management and education mainly for overseas are necessary.
In line with the Work Style Reform Law that was enacted in April 2019, we manage working hours to suitable lengths to prevent long working hours.
With society’s increasing interest in harassment issues, harassing behavior must be prevented.
Response to crises
Any crisis that takes place in a Group company is handled by the Compliance and Risk Management promotion structure described in 2.2.3 and in accordance with the procedures set out in our risk management regulations. When found, it is reported to each business company and ESG Division of FUJIFILM Holdings, and at the same time addressed swiftly to prevent further propagation of the risk.
Each business company supervises the execution of recurrence prevention measures at the Group company in question and takes exhaustive action to prevent any recurrence through group-wide dissemination and application of the measures throughout the Group.
Serving as Secretariat, the ESG Division of FUJIFILM Holdings reports incidents received through our business companies to the ESG Committee and at the same time takes action to strengthen and promote risk management for the entire Group, based on the information received.
In the event of a serious incident, reports to the ESG Committee do not only include a summary of the incident, but also detailed information. We monitor the effectiveness of risk management in the Group through such information reports from the ESG Committee to the Board of Directors in every quarter.
Status for FY2019
No major crisis worthy of public announcement took place in fiscal 2019.
Efforts to prevent corruption (bribery)
In the Charter for Corporate Behavior and Code of Conduct, the Fujifilm Group has declared that we will refuse any involvement in corruption or in any dubious action that could cause suspicion of fraud with suppliers, business partners, public officials and government representatives. Also, each Group company implements the Corruption Prevention Regulations and conducts regular on-site audits in areas where the risk is deemed to be high.
The Corruption Prevention Regulations prohibit actions that are for inappropriate purposes or lacking in propriety by general social norms, involving provision, request or promise of monetary and other benefits. Both the Corruption Prevention Guidelines and the Regulations specify the procedure to make advanced application for the provision of benefits within a scope that is socially acceptable, to obtain approval and record the procedure, to conduct self audits at least once a year, to report the results of the self audit to the Secretariat of FUJIFILM Holdings and to report to the Secretariat if violations are found. These measures are implemented appropriately at each company.
Relationships with middlemen such as sales agents require advanced inspection prior to starting to trade, inclusion of corruption prevention stipulations in contracts and submission of reports once a year.
Status for FY2019
- Self audits have been carried out by each Group company worldwide and no serious incidents were found. The results were reported to the Secretariat at FUJIFILM Holdings.
- The Fujifilm Group never had a corruption or bribery, and we have never been investigated by administrative authorities concerning any corruption matters.
Efforts to prevent anti-competitive practices, etc.
The Fujifilm Group is working hard to observe anti-trust laws and have developed manuals and guidebooks that provide basic knowledge of anti-trust laws, standards of conduct to be observed and important points to be noted. We maintain regular employee education systems, and introduce annual self audits.
For compliance with Japan's subcontractor law (Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors), regular training sessions are organized for personnel responsible for order management at business divisions where subcontractor business volumes are large. At the same time, divisions are monitored for their state of compliance with the subcontractor law in response to inspections conducted once a year either by the Japan Fair Trade Commission or the Small and Medium Enterprise Agency.
Status for FY2019
- Anti-trust Laws:
Internal audits were carried out at each Group company worldwide and no serious violations were found. Since 2003, we have never been subject to a penalty concerning antitrust/anti-competitive practice nor are there any ongoing antitrust lawsuits.
- Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors:
Internal inspections were carried out in fiscal 2019 based on the written survey conducted by the regulatory authorities and no serious violations were found. In response to the domestic consumption tax hike in October 2019, the purchasing system was modified, and transaction partners were notified of the changes in the consumption tax rate, in order to prevent violations. The Fujifilm Group never had a case pointed out by administrative authorities concerning the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors.
Export and Import Control
The Fujifilm Group has created the Global Security Trade Control Policy, one of the basic policies commonly shared across the Fujifilm Group, and control our exports based on this policy. This is our means of preventing products and goods that could be converted into arms or be adapted for military use from being obtained by terrorists or nations that could threaten international security. We can therefore state that we contribute to maintaining international safety not only by observing the related laws. The Fujifilm Group has established Regulations on Export Security Control based on its Export Security Control Policy for export control in compliance with laws and regulations by an export control organization chaired by the President.
We have prepared an e-learning program to train employees in the purpose and outline of export and import control to facilitate acquisition of the necessary knowledge.
Additionally, we hold briefings on revisions to laws and rules, concrete details on export and import control methods, etc., to foster greater understanding among employees.
For each division in Group companies, we conduct on-site audits in addition to annual written audits to check whether improvements are required.
Status for FY2019
We carried out written audits and on-site audits in fiscal 2019 and did not find any serious violations.
The Fujifilm Group never had a case pointed out by administrative authorities concerning export and import control.
Fujifilm Group Export Control Framework
Information Security and Privacy Protection
1. Basic policy
The Fujifilm Group recognizes information security as one of the priority risk issues in management and has laid down its Basic Information Security Policy as a group-wide action policy covering the following six items. All the employees share this Policy.
2. Promotion structure
The Fujifilm Group has appointed the director in charge of ESG-related matters as the corporate executive officer for information security who is to engage in the maintenance and improvement of information security management for the entire Group.
The group-wide information security strategy is determined by the ESG Committee chaired by the President of FUJIFILM Holdings, and strategy-related information is regularly reported from the ESG Committee to the Board of Directors. The Board of Directors is responsible for monitoring group-wide compliance and risk management, including information security and protection of privacy as one of the priority issues. In this way, the effectiveness of the process is secured. Information security and personal information protection activities are implemented by a system in which the policy decisions are made by the ESG Committee, followed by communication of the measures to be implemented from the ESG Division of FUJIFILM Holdings, which is responsible for information security management, to the various Group companies and comprehensive implementation of the measures by the information security manager at each organization.
3. Information security management system
The Fujifilm Group ensures a uniform global security level led by our regional headquarters in Japan, the US, Europe, Southeast Asia, and China, based on the group’s Information Security Guidelines and the Global Information Security Regulations, which complies with ISO/IEC 27001, the standards for an information security management system. The Information Security Guidelines define concrete security management methods that are globally applicable and each company manages their security accordingly. The guidelines include, for example, device encryption, mandating antivirus software installation, ID management and access control by building an authentication platform, and mandating installation of an email filtering system to prevent information leakage.
Structure of Information Security Rules at Fujifilm Group
4. Summary of efforts
(1) Information security training and education
To maintain information security at a high level, it is necessary for each and every employee to maintain a high level of awareness and the knowledge essential to handling information securely each day. We hold e-learning courses on information security and personal information protection each year for all our employees in Japan and overseas.
Additionally, we conduct training on cyberattacks, including sophisticated persistent threats, by actually sending emails posing as phishing emails to employees. This suspicious email handling training, aimed at increasing sensitivity to security through the experience of receiving such emails, has been conducted every year since 2011.
The Fujifilm Group work regulations incorporate an article stipulating the observation of information security. Any employee who breaches this article become subject to disciplinary action. We are keen to prevent the occurrence of information security incidents by raising awareness through sharing near-incident cases both from our own and other companies.
(2) Incident response
To prepare for information security incidents, both Fujifilm and FUJIFILM Business Innovation have set up their respective information security incident response teams to minimize damage from such incidents.
Due to the need to take prompt and comprehensive action in the event of a cyberattack in accordance with the response procedure, the information security incident response team works together with business divisions related to services and products to conduct cyberattack response training (desktop training) every year on a regular basis. This includes activities to improve the actual desktop training procedure and an incident response manual by presenting trainees with training scenarios.
Desktop Training Procedure
(3) Escalation procedure of Security incident case
The Fujifilm Group specifies an escalation procedure in the event of an information security incident or suspicious case. Should such an incident or case occur, we respond quickly and appropriately to minimize any damage or loss that could occur.
Security Incident Reporting Procedure
(4) Coordination with external incident response organizations
To deal with the ever-changing cyber security risks, it is important to cooperate with various cyber security response organizations to share the latest information on cyber threats and system vulnerabilities, along with exchanges of know-how in responding to incidents and improving response skills. For this reason, we participate in international communities of cyber security response teams such as FIRST and Nippon CSIRT Association and we are building cooperative relationship with external parties. At the same time, we are actively participating in various working groups organized by these communities and are working on greater information security not only for us but also for the entire network society.
(5) Security audits and continual improvement
We are making efforts to eradicating information security incidents and to improve how we manage them, so that we can assure customers that their information assets will be protected securely when they use our solutions and services.
Web servers that are likely to be targeted by external attacks undergo vulnerability tests semiannually, and the necessary security measures are implemented. In addition, we employ external security ventures to conduct security assessments of our major services to ensure that our security assessments are objective.
We examined information security in the course of identifying risks and developing action plans for the entire Group each year as part of our risk management activities, to ensure the effectiveness of our group-wide risk management. We continue to improve our measures with the PDCA cycle, and increase our security levels.
5. Incidents and violations on information security
There were no serious cases related to information security were pointed out by any third parties or administrative authorities and assessed to require public disclosure in the last five years.
- Basic policy
In the Fujifilm Group, the Code of Conduct that sets out how all Fujifilm employees are to conduct themselves, protection of privacy has been defined as an item affecting respect for human rights.
- Promotion structure
The policies and targets related to the group-wide personal information protection are determined by the ESG Committee, chaired by the president of FUJIFILM Holdings, and its report is submitted to the Board of Directors regularly. The Board of Directors is responsible for monitoring group-wide compliance and risk management, including protection of personal information, as one of the priority issues. In this way, we ensure the effectiveness of the process. After the ESG Committee has determined policies concerning personal information protection, The ESG Division of FUJIFILM Holdings takes responsibility for overall management of such policy implementation and other privacy protection. The ESG Division’s tasks include dissemination of the policies and targets, implementation of such policies, inspecting the implementation and management status, promoting details of the Personal Information Management Regulations among employees, and providing instructions and advice to managers of organizations that handle personal information.
Especially, as social awareness of personal information protection rises, we check our security measures in the processes of risk identification and action planning from the viewpoint of risk management. Our risk management structure spans the entire Group.
- Employee training
The Fujifilm Group believes that each and every employee who handles information each day must acquire the necessary knowledge and a high level of awareness of security in handling personal information, to enable them to prevent incidents or violations in this area. For this reason, e-learning programs on personal information protection are being conducted every year for all employees.
Our work regulations specify imposing disciplinary action on employees who take information out from the company without permission. We also raise security awareness by sharing near-incident cases that occurred in our own and other companies across the group to maintain the high level of personal information protection.
- Appropriate handling of personal information
- Incidents and violations in personal information handling
In fiscal 2019, there were no cases related to personal information handling were pointed out by any third parties or administrative authorities and assessed to require public disclosure.
Acquisition of P-Mark and ISMS at Fujifilm Group
As of March, 2020
FUJIFILM Medical Co., Ltd. FUJIFILM Techno Service Co., Ltd. FUJIFILM Imaging Protec Co., Ltd.
FUJIFILM Global Graphic Systems Co., Ltd.
Fuji Xerox Co., Ltd.
The FUJIFILM Group created the “Information Security Case Studies” and “Information Security News” focusing on actual information security incidents. The document is available to their employees through the intranet to promote their understanding.
In addition, we implement e-learning programs to help our employees understand preventive measures and specific activities to be observed through introducing information security incidents.
Regarding personal information management, we also conduct a survey to confirm the security status of electronic data handled internally as well as at our external subcontractors.
Preparations for Large Scale Natural Disasters
As the global environment changes, such as rising sea level by climate change and abnormal weather occurrence, risks concerning natural disasters are increasing.
Based on the damage estimations, we are enhancing and reinforcing the anti-disaster measures as a part of the Business Continuity Plans (BCPs) to further improve the Group response to a wide-area natural disasters in Japan, including preparations for a Tokai-Tonankai-Nankai multiplate earthquake (Nankai megathrust earthquake), Tokyo Metropolitan earthquake, eruption of Mt. Fuji., torrential rain, river floods and rising sea level.
In particular, we are reinforcing preparatory measures for heavy rains, which are increasing in frequency in Japan, and adopting an alert system for early damage prediction to implement damage control measures. We also implement BCPs and reinforce employee safety measures for natural disasters specific to America, Europe, and Southeast Asia, such as earthquakes, tornados, and wildfires.