St

Policy

MC has a basic policy of identifying various risks involved with its business activities, classifying them by their characteristics, and managing them in order to maintain and improve its financial soundness and corporate value. In particular, risks that significantly affect MC’s financial position and social standing are identified and managed on a consolidated basis.

MC SIM事務局, 主計部 リスク管理チーム(PC-U)

Risk Management System

Overview

MC maintains the following Risk Management System under the aforementioned policy.

  • The Executive Committee, a management decision-making body, determines basic policies on risk management as well as individual and integrated risk management items. It also makes decisions about advancing individual projects, and presents matters for the Board of Directors’ agenda based on prescribed standards.
  • MC has established and maintains an overall system to review individual projects and internal systems in relation to specific types of risk through deliberative bodies under the Executive Committee including the Investment Committee, the Sustainability & CSR Committee, the Compliance Committee and the Human Resources Development (HRD) Committee.
  • MC has designated categories of business activity risk corresponding to the details and scale of each risk, including credit, market, business investment, country, compliance, legal, information management, environmental and natural disaster- related risks, and has specified departments responsible for each category.
  • With respect to individual projects, personnel responsible for the applicable department in charge of a project make decisions within the scope of their prescribed authority after analyzing and assessing the risk-return profile of each project in accordance with Company-wide policies and procedures. Projects are executed and managed on an individual basis in accordance with this approach. Further, in response to the progress of projects or changes in the external environment, MC conducts periodic verification of risk-return profiles.
  • In addition to managing risk on an individual project basis, MC assesses risk on a consolidated basis with respect to risks that are capable of being monitored quantitatively and manages these risks properly, making reassessments as necessary.
Risk Type Director in Charge Duties Overseen
Credit risk, market risk, business investment risk Kazuyuki Masu Corporate Functional Officer, CFO
Information management risk, legal risk, environmental risk Akira Murakoshi Corporate Functional Officer, CDO, CAO, Corporate Communications, Corporate Sustainability & CSR
Country risk, compliance risk, employee safety risks such as natural disasters/terrorism/emerging infectious diseases, etc, business continuity risk Yasuteru Hirai Corporate Functional Officer, Global Strategy, Chief Compliance Officer, Officer for Emergency Crisis Management Headquarters

Risk Management Framework

Supervising organization Matters for supervision
Business Investment Management Department Business Investment risk (investment asset evaluation systems, new business investment, actions involving existing subsidiaries and affiliates, actions by subsidiaries and affiliates)
Corporate Sustainability & CSR Department Climate risk
Corporate Administration Department Risk of natural disasters, etc.
Legal Department Compliance risk (litigation/government investigations, laws and regulations, scandals/ compliance issues)
Global Risk & Insurance Management Department Country risk
Corporate Accounting Department (Risk Management Team) Credit risks and market risk (rating systems, accrual (other than foreign exchange accrual), granting loans/ guaranty, acquisition/disposal of non-affiliated investments, acquisition/disposal of fixed assets)
Finance Department Market risk (foreign exchange risk, interest rate risk, etc.)
Mitsubishi Corporation Financial & Management Services Credit risk (contracts, transaction credits, deposition, payment extension)

* The above list excludes those items that are related to major risks.

MC SIM事務局, 主計部 リスク管理チーム(PC-U)

Responding to Business Investment Risk

To manage business investment risk properly, MC has established a screening process to review and make decisions on new, existing, re-profiling and each other type of projects.

New
projects

Application for policy/Application for implementation

Narrow down new investment and finance proposals by comprehensively evaluating quantitative aspects in terms of the invested capital and its return determined on the basis of the characteristics of each business, in addition to evaluation of qualitative aspects, including consistency with the business strategy of each Business Group, as well as risk locations and countermeasures

Existing
projects

Business plan formulation

Once a year, review subsidiaries and affiliates’ management issues and initiatives as well as MC’s functions and business life cycle; select subsidiaries and affiliates for companywide review to follow-up on the business management of each Business Group and report results to the Executive Committee

Replacement projects

Application for policy/Application for implementation

Conduct qualitative and quantitative evaluations of new investment and finance proposals based on the priority order of Business Group strategies and promote a healthy business metabolism

MC SIM事務局, (PX)

Crisis Management on a consolidated basis/Business Continuity Management (BCM)

Structure and Concept
Crisis Management Structure on a Consolidated Basis

MC has built up a structure for securing the lives and safety of employees and their families as we respond on a consolidated basis to all crises that impact our profit and business continuity (all-hazard approach) by linking together each Business Group and Regional and National Crisis Management Offices under the management and supervision of the Emergency Crisis Management Officer.

All-Hazard Approach

Based on the all-hazard approach, MC has built up an internal structure that anticipates all kinds of risks, such as major natural disasters, acts of terrorism, riots, emerging infectious diseases, supply chain disruptions, legal transgressions, and cyber incidents, etc. Under usual conditions, we build up and establish various crisis management measures and structures needed in the event that a crisis does occur, so that we can ensure the safety and ascertain the status of all concerned as part of our initial response, and then act promptly to maintain and recover the infrastructure necessary for business continuity.
In particular, in the event of a serious incident impacting the lives and safety of our employees, as well as continuity of critical business operations, we will respond under MCwide direction of the Emergency Crisis Management Officer, while moving forward with our consolidated Business Continuity Management (BCM) process established for major crises.

* While companywide action to deal with serious incidents shall be taken under the direction of the Emergency Crisis Management Officer, compliance-related incidents shall be dealt with under the direction of the Chief Compliance Officer.

Status of initiatives in normal conditions
Crisis management

Even in normal times, MC makes necessary preparations in anticipation of natural disasters, acts of terrorism, riots, labor disputes, accidents and any other crises in Japan or overseas that could affect the safety of our employees or the continuity of our earnings, assets and businesses.

Specifically, in addition to our various frameworks, regulations, manuals and systems, we conduct a number of initiatives to increase their effectiveness. As well as organizing earthquake simulation training at the Emergency Crisis Management Headquarters and safety confirmation drills on a consolidated basis, we have also established training on crisis management and safety measures for employees assigned to new posts in order to raise employee awareness.

(Examples of main crisis management initiatives)
  Internal Rules and Regulations BCP / Manual Other specific measures In-house education and training, etc.
Common
  • Crisis Management Policy
  • MC Group Crisis Management Guidelines
     
Japan
  • Standard for Japan Crisis Management
  • Emergency Crisis Response Headquarters Manual
  • EOC/EOC Support Headquarters Manual
  • BCP (head office, domestic/overseas offices)
  • Emerging Infectious Disease Response Manual
  • Development of IT systems to implement various responses in case of emergencies

    -Safety confirmation for officers and employees

    -Emergency communication tools

    -Safety confirmation of officers and employees / facility damage at MC Group companies

  • Maintenance of stockpiles (food, etc.)
  • Earthquake simulation training
  • EOC drills
  • Safety confirmation training (consolidated basis)
  • Desktop exercises (consolidated basis)
  • Crisis Management Orientation for Employees
Overseas
  • Standard for Overseas Crisis Management
  • Individual alerts/travel restrictions for overseas business trips
  • Overseas safety surveys
  • Establishment of a safety confirmation IT system for overseas workers and overseas business travelers (including some MC Group companies)
  • Overseas Crisis Management Orientation for Employees
  • Desktop exercises (consolidated basis)
Emerging infectious diseases
  • Standard for Emerging Infectious Diseases
  • Working from Home (WFH)
  • Provision of stockpiles (masks, disinfectant, etc.)
  • Various measures to be taken in the office and during commuting / work (for details, refer to “Status of Response to COVID-19”)
  • Various warning notices
  • Display of in-house awareness-raising materials

* MC also provides individual support to Group companies

* EOC stands for Emergency Operation Center. In the event of a major disruption to the functions of the Head Office, EOCs and EOC Support Office have been established in the Kansai Branch, Mitsubishi Corporation International (Europe) and Corporate Management Support Office (EMEA), respectively, to act in place of the Emergency Crisis Management Headquarters.

DFF Inc., MC SIM事務局, 総務部 危機管理室(PH-K)

Business Continuity Management (BCM)

In 2018, MC adopted “Business Continuity Management (BCM)” for its core MC Group business companies (selected from among Unlisted MC Group companies) to establish and strengthen our consolidated framework designed to equip us with the business continuity capabilities needed to respond appropriately to major crisis situations.
BCM refers to the comprehensive management and implementation of a continuous PDCA cycle, including the formulation of a first response and Business Continuity Plan (BCP) based on risk/impact analysis of each crisis, the establishment of appropriate systems, and education/training. It takes into account the specific local conditions, operational circumstances and business characteristics of operational companies.

Overview of BCM Initiatives

BCM approach whole statue

Business Impact Analysis Framework

MC conducts analyses of the “cause incidents” that disrupt core operations and trigger “result incidents,” while taking into consideration the characteristics of operations at each company.

  • Cause incidents:

    Natural disasters, infectious diseases, technology-related, external incidents, internal faults, legal issues, third-party-related

  • Result incidents:

    Human resources (death/unconfirmed safety, inability to report/commute to work), physical resources (damage of manufacturing/distribution or other facilities), supply chains (disruption of distribution channels, disruption of material/fuel supply), information (breakdown of IT systems or damage to electronic data, data manipulation/ alteration, information leakage), reputation (product or service quality issues, environmental problems, administrative penalties), money (suspension of cash withdrawals, suspension of remittance or payments)

BCM Follow-up Structure

Based on the premise that MC Group companies should develop their own BCM systems, we also provide lateral support by developing BCM development tools, such as BCM guidebooks and BCP samples, and by holding BCM liaison meetings.

Internal Rules and Regulations Guidelines Lateral BCM development support for MC Group companies
  • Business Continuity Management Policy
  • Standard for the Business Continuity Management
  • MC Group BCM Guidebook
  • BCM development status self-assessment tools (heat maps, checklists)
  • BCM development plans
  • BCM development tools (First response manual / BCP samples, etc.)
  • BCM liaison meetings for core MC Group Companies, etc.
Implementation status monitoring

With regard to the above-mentioned crisis management and business continuity management (BCM) initiatives, we are working to improve our crisis management and business continuity capabilities by monitoring and providing various types of feedback, including implementation status at Group companies, using the business plans and other documents from each company (unlisted subsidiaries).

Preparations for Large-scale Natural Disasters

In the event of an earthquake directly below the Tokyo metropolitan area, MC has established, based on a certain damage scenario derived from published government data, a system that enables the launch of an Emergency Crisis Management Headquarters (including remote response), safety confirmation of officers and employees / facility damage at MC Group companies on a consolidated basis. Various stockpiles have also been arranged. In addition, we are preparing for an earthquake directly below the Tokyo metropolitan area by preparing and updating BCPs and manuals in each organization, conducting earthquake simulations and other trainings on a regular basis, and reviewing areas for improvement. In addition, through the promotion of BCM on a consolidated basis, we are working to continuously strengthen the business continuity capabilities of each company.

Status of Response to COVID-19 

From the early stages in January 2020, our Emergency Crisis Management Headquarters, with the help of occupational physicians, was closely scrutinizing the situation both domestically and overseas. We promptly took necessary measures that focused on preventing employee infections and halting the spread of infection, in tandem with maintaining appropriate business continuity.
In Japan, we led other companies by shifting to a system in late February of working from home in principle. I addition, under the official emergency declaration in April and May, we adopted a general approach that placed the priority on the safety of employees, encouraging self-restraint in business travel and group dining while thoroughly implementing working from home for all operations except those essential to maintenance of the corporation. These efforts exceeded those required by government and local administrative authorities (reduction of opportunities for physical contact by 80%, and reduction in number of workplace attendees by 70%), so we think that we responded well to this emergency.
Following the lifting of the emergency declaration, we began a phased easing of restrictions. Starting in July, we adopted a provisional policy for coping with COVID-19, taking ample countermeasures against infection while increasing productivity. We promoted creative business activities and operations by shifting to this new phase aimed at establishing a work structure that optimally combines workplace attendance and working from home for each organization.
In response to the reissuance of the state of emergency in Tokyo in January 2021, MC is implementing a policy of conducting business and operations while giving top priority to the safety of employees. This involves appropriate measures in accordance with the requirements of the Japanese national and local governments, such as refraining from group dining and business travel and controlling the number of employees in workplaces. We will continue to take necessary measures on a case-by-case basis, taking into account infection rates and requests from the authorities.
Of course, if the situation with infections worsens drastically in the future, we will take measures as necessary in light of the policies of government and local administrative authorities.
Overseas as well, we have scrutinized the circumstances in each country concerning the spread of infection and healthcare, promptly taking such measures as removing employees and their families from a given country, or shifting office operations to work-from-home arrangements. Depending on the country, there are cases in which infections are on the way to being controlled, and the various restrictions have begun to ease back. MC will, however, continue to sufficiently confirm the safety of the situation in each country as we work on appropriate business continuity.
* The above describes the status as of the end of February 2021.

[Reference] Key measures to prevent COVID-19 infection and spread

< Points to keep in mind when coming to work (excerpt)>

  1. ①Avoid crowded trains (use of staggered / flexible working hours)
  2. ②Sit at one-seat intervals using empty seats, etc. (after acrylic panels are installed, seating in adjacent or facing positions is also allowed)
  3. ③Avoid unnecessary movement between floors or between buildings
  4. ④To the extent possible, ensure that the number of employees at home and at work is not fixed
  5. ⑤Supervisors shall carefully consider the situation of above-mentioned employees (i.e. whether or not there are circumstances requiring special consideration)
  6. ⑥Supervisors shall communicate fully with their staff regarding working policies and other matters
  7. ⑦As a rule, pregnant women and those with underlying medical conditions shall work from home
  8. ⑧Those with a body temperature of over 37°C or cold symptoms shall stay at home

<In the office (excerpt)>

  1. ①Mandatory wearing of face masks in offices
  2. ②Limits on the number of people using elevators at any one time (in order to reduce congestion, consider spreading out arrival and break periods)
  3. ③Improved ventilation in offices
  4. ④Increased frequency of regular cleaning and disinfection of common areas and equipment
  5. ⑤Installation of acrylic panels in work areas (between seats facing each other) 
  6. ⑥Limits on the number of people using meeting rooms (about 50% capacity)
  7. ⑦Body temperature checks for visitors upon entry (non-contact thermometers, thermal imaging cameras)
  8. ⑧Installation of acrylic panels and vinyl curtains at the reception desk, etc.
MC SIM事務局, 総務部 危機管理室(PH-K)

Information Security and Cyber Security Measures

In order to maintain and improve the information security of our company including our major subsidiaries, we have established an internal system, developed relevant regulations for the safe and appropriate handling and management of information assets, and conduct employee training. Furthermore, in order to address cyber-attacks and e-mail frauds aimed at theft and destruction of information, we have implemented appropriate and effective countermeasures, which are not only control measures for information systems but also employee training and checking/implementation of incident response systems including those of major subsidiaries as well as obtaining the latest information in cooperation with specialized external organizations.

MC SIM事務局, ITサービス部 ITガバナンスチーム(PW-B)

Independent Auditors

The MC Audit & Supervisory Board deliberates on appointments, dismissals, reappointments and non-reappointments of MC’s Independent Auditors, and each year assesses appropriateness of the audit methods and the audit results. If the Audit & Supervisory Board deems it fit to dismiss or to not reappoint Independent Auditors, a proposal for new Independent Auditors shall be submitted to the General Meeting of Shareholders.

MC SIM事務局, 主計部 予・決算管理チーム(PC-B)