Compliance and Risk Management

Basic Approach of Compliance and Risk Management

At the Fujifilm Group, the following four steps have been implemented in the STPD (See-Think-Plan-Do) cycle in the drive to maintain and increase awareness of employees’ compliance.

With the growing speed of social change, our previous business experience and accumulated knowledge no longer apply to a growing range of our business activities. For this reason, the Fujifilm Group has upgraded its existing approach to PDCA and established STPD (See-Think-Plan-Do) independently to facilitate action from new perspectives.

See phase is to assess conditions both inside and outside the company from social conditions, reports received etc./Think phase is to analyze information and consider points to be strengthened/Plan phase is to conduct awareness survey, etc. to confirm the effectiveness of measures/Do phase is to declaration of compliance with the Charter of Corporate Behavior and Code of Conduct by all officers and employees, etc.

Promotion of Compliance and Risk Management

Promotion Structure

The Fujifilm Group appoints officers in charge of compliance and risk management at each of its operating companies and group companies, and implements a variety of measures to penetrate the spirit of an “open, fair and clear” corporate culture throughout the Group. Status on implementation of these measures is reported regularly from each company to the ESG Committee of FUJIFILM Holdings via the ESG Division, and from the ESG committee to the Board of Directors. The Board of Directors is responsible for supervising compliance and risk management for the entire Group. The Board also provides direction and advice on the report from the ESG Committee appropriately to assure the effectiveness of the processes. Furthermore, the Audit & Supervisory Board conducts audits to ensure that the internal control systems are functioning appropriately.

Fujifilm Group Compliance and Risk Management System

Compliance Promotion Policy

We have formulated the Fujifilm Group Charter for Corporate Behavior and Code of Conduct as the basic policies of the corporate activities. With these policies, we strive to ensure our activities to be carried out in compliance with laws and social ethics, as well as to communicate the priority of compliance in business operations to all employees of the Fujifilm Group through  Compliance Statement.

  • Charter for Corporate Behavior
    Document defining the corporate philosophy and principles that are to be regarded as important for the entire Fujifilm Group and to be complied with by all Group companies and their employees.
  • Code of Conduct
    Document establishing what action each employee should take in their daily operations when implementing the Fujifilm Group’s business activities.

Risk Management Promotion Policy

The Fujifilm Group employs Risk Management Regulations that specify the group-wide basic policy and risk management system. Based on these regulations, we identify the tasks required to counter various risks related to our business and are fully prepared to make appropriate responses in the event of a critical incident.

The decision-making process for priority risks

The Fujifilm Group has identified 60 items as risks that are likely to have a significant impact on the business management and has organized them into five areas: strategy risks, financial and taxation risks, operation risks, natural disasters & infectious diseases, and climate change. Each risk has been evaluated quantitatively based on the level of the impact multiplied by the occurrence probability. Priority risks that require preferential action are decided by the ESG Committee, and the action status on these risks is reported to the Board of Directors semiannually.

Priority risk issues that are related to our groupwide business environment are deliberated on and approved by the ESG Committee each year. 

Priority risks in FY2023

We recognize that the following major risks might affect our financial condition and the results of our business operations.

On the page for Risks on business. etc. of the Yuka Shoken Hokokusho, in addition to the following items, economic risks such as loss of business opportunities are described.

Risk Items Status of Action
Information security (cyberattacks, confidential data leakage & personal information leakage) To reinforce measures against cyberattacks, installation of sensors to monitor the behavior of PCs, servers and development of a global scale security surveillance centers have been completed.
Rising prices and shortfalls in raw and other materials Procurement from multiple origins for raw and other materials used in priority businesses and products.
Geopolitical risks The manufacturing, development and marketing sites of the Group, as well as our suppliers, are distributed across various countries. The latest information on conditions is collected, and instructions on employee safety, asset protection and economic activities decided as part of the risk management system. The instructions are delivered promptly to minimize damage.
Large-scale natural disasters Risk assessment, monitoring and BCP development have been conducted for each business site and supply chain.
Climate change risks Low-carbon investments are made by reducing CO2 emissions in the product lifecycle, developing manufacturing methods with low environmental impact and the internal carbon pricing scheme.
Reinforcement of chemical substances management Strict regulation requirements are likely to lead to prohibition of the use of existing raw materials. We recognize that PFAS control is a priority issue and plan to minimize the impact by developing substitute or alternative materials.
Corruption and bribery Due to the strict restrictions and the government approval required in the healthcare business, corruption poses a high risk. Preventive measures will be strengthened, chiefly through employee education and monitoring middlemen through outside vendors.
Pandemic and infectious diseases To reduce the impact of infectious diseases spreading through the business, each organization has developed its own BCP for comprehensive prevention of infection within the organization.
Fires and accidents Knowledge and skills on handling chemical substances and facility safety are employed to implement measures to prevent fires and explosions.
Product liability and product defect In the healthcare business, problems with product quality pose risks that lead to customers experiencing health hazards. Accidents are prevented through product design and quality assurance.
Fraud by executive officers or employees Fraud is prevented through the development and appropriate implementation of internal control. Monitoring is also carried out for early detection and prevention.

Report and Response in case of crisis

Any crisis that takes place in a Group company is handled by the Compliance and Risk Management Promotion Structure and in accordance with our risk management regulations. When found, it is reported to each operating company and ESG Division of FUJIFILM Holdings, and at the same time addressed swiftly to prevent further propagation of the risk. If a potentially critical incident occurs, it is immediately reported to the ESG Committee for assessment and to determine the response to the issue.

Each operating company supervises the execution of recurrence prevention measures at the Group company in question. At the same time the operating company shares the incident details and the relevant preventative measures among its Group companies to avoid recurrence of the same or similar incidents.

Serving as Secretariat, the ESG Division of FUJIFILM Holdings reports incidents received through our operating companies to the ESG Committee and at the same time takes action to strengthen and promote risk management for the entire Group, based on the information received.

In the event of a serious incident, reports to the ESG Committee do not only include a summary of the incident, but also detailed information. We monitor the effectiveness of risk management in the Group through such information reports from the ESG Division to the Directors and Auditors in every quarter.

Milestones in Compliance and Risk Management

Since 1997, the Fujifilm Group has been committed to the establishment and enhancement of compliance and risk management frameworks at each group company. After introducing a holding company system in 2006, we have been actively implementing initiatives for both domestic and overseas sites at the entire group level.

Topics in FY2023

Initiatives to Raise Employees’ Awareness and Monitoring

  • Providing education on the Fujifilm Group Charter for Corporate Behavior and Code of Conduct for all executive officers and employees at a global level and obtaining Declaration of Compliance
  • Providing education on healthcare-specific laws and regulations for employees working in the Healthcare business in Japan 
  • Providing anti-corruption education in compliance with laws and regulations in each country at a global level
  • Providing training in order to prevent information security incidents and violations related to handling of personal information. Conducting suspicious e-mail training for all executive officers and employees in Japan
  • Implementation of initial response training for cyber incidents with the participation of executive officers and division heads responsible for information security at a global level
  • Implementation of briefing sessions for risk managers in each organization in Japan on the role of risk managers and priority risks
  • Conducting the Fujifilm Group Employee Engagement Survey for all executive officers and employees at a global level

Enforcement of Charters, Codes and Regulations

  • Updating the message from top management of the Fujifilm Group Charter for Corporate Behavior and Code of Conduct in line with the establishment of the Group’s Purpose
  • Partial revision of the Fujifilm Group Global Healthcare Code of Conduct
  • Revision of FUJIFILM Business Innovation and its subsidiaries for the Anti-corruption Regulations

Plans and Activities Relating to Compliance and Risk Management