Mitsubishi Corporation Sustainability Website

Governance

Risk Management

Policy

Policy

MC has a basic policy of identifying various risks involved with its business activities, classifying them by their characteristics, and managing them in order to maintain and improve its financial soundness and corporate value. In particular, risks that significantly affect MC’s financial position and social standing are identified and managed on a consolidated basis.

MC SIM事務局, サステナビリティ部(PQ), 財務部(PT)

Risk Management System

Risk Management System

Overview

MC maintains the following Risk Management System under the aforementioned policy.

  • The Executive Committee, a management decision-making body, determines basic policies on risk management as well as individual and integrated risk management items. It also makes decisions about advancing individual projects, and presents matters for the Board of Directors’ agenda based on prescribed standards.
  • MC has designated categories of business activity risk corresponding to the details and scale of each risk, including credit, market, business investment, country, compliance, legal, information management, environmental and natural disaster-related risks, and has designated directors in charge and specified departments responsible for each category.
  • MC has established and maintains an overall system to review individual projects and internal systems in relation to specific types of risk through deliberative bodies under the Executive Committee including the Investment Committee, the Sustainability Committee, the Compliance Committee and the Human Resources Development (HRD) Committee. Matters deliberated by these committees are presented or reported by the director in charge to the Executive Committee chaired by the President and CEO.
  • In order for the Board of Directors to effectively supervise specific types of risk, a system has been established whereby matters deliberated by each committee are reported to the Board of Directors as necessary. Each risk is then broadly classified into financial and non-financial risks, with the effectiveness of each risk management system reviewed and monitored by the Board of Directors on a regular basis each year.
    • *The Internal Audit Department, which reports directly to the President and CEO, is separate and independent from the directors in charge and responsible departments mentioned above and handles auditing and risk management.
  • With respect to individual projects, personnel responsible for the applicable department in charge of a project make decisions within the scope of their prescribed authority after analyzing and assessing the risk-return profile of each project in accordance withcompanywide policies and procedures. Projects are executed and managed on an individual basis in accordance with this approach. Further, in response to the progress of projects or changes in the external environment, MC conducts periodic verification of risk-return profiles.

    In addition to managing risk on an individual project basis, MC assesses risk on a consolidated basis with respect to risks that are capable of being monitored quantitatively and manages these risks properly, making reassessments as necessary.
Risk Type Director in Charge Duties Overseen
Credit risk, market risk, business investment risk, country risk Yuzo Nouchi Corporate Functional Officer, CFO
Information management risk, legal risk, compliance risk, employee safety risks such as natural disasters/terrorism/emerging infectious diseases, etc, business continuity risk Yutaka Kashiwagi Corporate Functional Officer, Human Resources, Global Planning & Coordination, IT
Environmental risk Kenji Kobayashi Corporate Functional Officer, CSEO

Risk Management Framework

Supervising Organization Matters for Supervision
Business Investment Management Department Business Investment risk and market risk (Investment Return Valuation System, new business investments, actions for existing business investees, transactions by business investees, granting loans/guaranty, acquisition and disposal of fixed assets, mikoshi, acquisition and disposal of non-affiliated investments, etc.)
Sustainability Department Climate risk, etc.
Corporate Administration Department
(Security & Crisis Management Office)		 Risk of natural disasters, etc. (risks related to employee safety, including natural disasters, terrorism, new infectious diseases, and business continuity risks)
Legal Department Compliance risk (litigation/government investigations, laws and regulations, scandals/ compliance issues)
Finance Department Credit risk, Market risk (foreign exchange, interest rate, stock price,foreign exchange mikoshi*The Structured Finance, M&A Advisory Dept. also manages foreign exchange mikoshi.*, etc.) , Country risk
Mitsubishi Corporation Financial & Management Services (Japan) Ltd. Credit risk (rating systems, conclusion of contracts, trade credits, bailment, payment extension, etc.)
  • *The above list excludes those items that are related to major risks.

Responding to Business Investment Risk

To manage business investment risk properly, MC has established a screening process to review and make decisions on new, existing, re-profiling and each other type of projects.

New projects Application for policy/Application for implementation Narrow down new investment and finance proposals by comprehensively evaluating quantitative aspects in terms of the invested capital and its return determined on the basis of the characteristics of each business, in addition to evaluation of qualitative aspects, including consistency with the business strategy of each Business Group, as well as risk locations and countermeasures
Existing projects Business plan formulation Once a year, review subsidiaries and affiliates’ management issues and initiatives as well as MC’s functions and business life cycle
Replacement projects Review regarding continuation of investments Conduct qualitative and quantitative evaluations of new investment and finance proposals based on the priority order of Business Group strategies and promote a healthy business metabolism

Responding to Business Investment Risk

MC SIM事務局, サステナビリティ部(PQ), 財務部(PT), 事業投資総括部(PX), 翻訳会社

Crisis Management on a Consolidated Basis/ Business Continuity Management (BCM)

Crisis Management on a Consolidated Basis/ Business Continuity Management (BCM)

Structure and Concept

Crisis Management Structure on a Consolidated Basis

MC has built up a structure for securing the lives and safety of employees and their families as we respond on a consolidated basis to all crises that impact our profit and business continuity (all-hazard approach) by linking together each Section/Group/Regional and National Crisis Management Offices under the management and supervision of the Emergency Crisis Management Officer.

Crisis Management Structure on a Consolidated Basis

  • *As of January 1, 2024

All-Hazard Approach

Based on the all-hazard approach, MC has built up an internal structure that anticipates all kinds of risks, such as major natural disasters, acts of terrorism, riots, emerging infectious diseases, supply chain disruptions, legal transgressions, and cyber incidents, and etc. Under usual conditions, in cooperation with the organizations in charge (related corporate staff departments and Section/Groups), we build and establish various crisis management measures and structures needed in the event that a crisis does occur, so that we can ensure the safety and ascertain the status of all concerned as part of our initial response, and then act promptly to maintain and recover the infrastructure necessary for business continuity.
In particular, for a serious incident impacting the lives and safety of our employees, as well as continuity of critical business operations, we have a structure in place in which we will respond under the companywide direction of the Emergency Crisis Management Officer, in accordance with our Business Continuity Management (BCM) process on a consolidated basis.

All-Hazard Approach

  • *While companywide action to deal with serious incidents shall be taken under the direction of the Emergency Crisis Management Officer, compliance-related incidents shall be dealt with under the direction of the Chief Compliance Officer.

Status of Initiatives in Normal Conditions

Crisis Management

Even in normal times, MC makes necessary preparations in anticipation of natural disasters, acts of terrorism, riots, labor disputes, accidents and any other crises in Japan or overseas that could affect the safety of our employees or the continuity of our earnings, assets and businesses.

Specifically, in addition to our various frameworks, regulations, manuals and systems, we conduct a number of initiatives to increase their effectiveness. As well as organizing earthquake simulation training at the Emergency Crisis Management Headquarters and safety confirmation drills on a consolidated basis, we have also established training on crisis management and safety measures for employees assigned to new posts in order to raise employee awareness.

(Examples of main crisis management initiatives)

  Internal Rules and Regulations BCP / Manual Other Specific Measures In-House Education and Training, etc.
Common
  • Crisis Management Policy
  • MC Group Crisis Management Guidelines
      
Japan
  • Standard for Japan Crisis Management
  • Emergency Crisis Response Headquarters Manual
  • EOC/EOC Support Headquarters Manual
  • BCP (head office, domestic/overseas offices)
  • Emerging Infectious Disease Response Manual
  • Development of IT systems to implement various responses in case of emergencies
    -Safety confirmation for officers and employees
    -Emergency communication tools
    -Safety confirmation of officers and employees / facility damage at MC Group companies
  • Maintenance of stockpiles (food, etc.)
  • Earthquake simulation training
  • EOC drills
  • Safety confirmation training (consolidated basis)
  • Desktop exercises (consolidated basis)
  • Crisis Management Orientation for Employees
Overseas
  • Standard for Overseas Crisis Management
  • Individual alerts/travel restrictions for overseas business trips
  • Overseas safety surveys
  • Establishment of a safety confirmation IT system for overseas workers and overseas business travelers (including some MC Group companies)
  • Overseas Crisis Management Orientation for Employees
  • Desktop exercises (consolidated basis)
Emerging infectious diseases
  • Standard for Emerging Infectious Diseases
  • Working from Home (WFH)
  • Provision of stockpiles (masks, disinfectant, etc.)
  • Various measures to be taken in the office and during commuting/work
  • Various warning notices
  • Display of in-house awareness-raising materials
  • *MC also provides individual support to Group companies
  • *EOC stands for Emergency Operation Center. In the event of a major disruption to the functions of the head office, the EOC, which is responsible for first response operations, has been established at a location separate from the head office to act in place of the Emergency Crisis Management Headquarters.

Business Continuity Management (BCM)

In FY2018, MC adopted “Business Continuity Management (BCM)” for its core business companies (selected from among MC Group companies) to establish and strengthen our consolidated framework designed to equip us with the business continuity capabilities needed to respond appropriately to major crisis situations.
BCM refers to comprehensive management activities based on an all-hazard risk and impact analysis that takes into account the business characteristics (business type and location) of the operating company, which include the formulation of initial response and BCP, establishment of a structure, and implementation of an ongoing PDCA cycle through education and training.

Overview of BCM Initiatives

Overview of BCM Initiatives

Business Impact Analysis Framework

We conduct analyses of the “cause incidents” that disrupt core operations and trigger “result incidents,” while taking into consideration the characteristics of operations at each company.

  • Cause incidents:
    Natural disasters, infectious diseases, technology-related, external incidents, internal faults, legal issues, third-party related
  • Result incidents:
    Human resources (death/unconfirmed safety, inability to report/commute to work), physical resources (damage of manufacturing/distribution or other facilities), supply chains (disruption of distribution channels, disruption of material/fuel supply), information (breakdown of IT systems or damage to electronic data, data manipulation/alteration, information leakage), reputation (product or service quality issues, environmental problems, administrative penalties, suspension of business), money (suspension of cash withdrawals, remittances and/or payments)

BCM Follow-Up Structure

Based on the premise that MC Group companies should develop their own BCM systems, we also provide lateral support by developing BCM development tools, such as BCM guidebooks and BCP samples, and by holding BCM Re-examination / BCM Dialogue.

Internal Rules and Regulations Guidelines Lateral BCM Development Support for MC Group Companies
  • Business Continuity Management Policy
  • Standard for the Business Continuity Management
  • MC Group BCM Guidebook
  • BCM development status self-assessment tools (heat maps, checklists)
  • BCM development plans
  • BCM development tools (first response manual / BCP samples, etc.)
  • BCM Re-examination / BCM Dialogue, etc.

Implementation Status Monitoring

With regard to the above-mentioned crisis management and BCM initiatives, we are working to improve our crisis management and business continuity capabilities by monitoring and providing various types of feedback, including implementation status at Group companies, using the business plans and other documents from each company (unlisted subsidiaries).

Preparations for Large-Scale Natural Disasters

In the event of a Tokyo Inland Earthquake, MC has established, based on a certain damage scenario derived from data published by the government and local authorities, a system that enables the launch of an Emergency Crisis Management Headquarters (including remote response), safety confirmation of officers and employees / facility damage at MC Group companies on a consolidated basis. Various stockpiles have also been arranged. In addition, we are preparing for a Tokyo Inland Earthquake by drafting and updating BCPs and manuals in each organization, conducting earthquake simulations and other trainings on a regular basis, and reviewing areas for improvement. In addition, through the promotion of BCM on a consolidated basis, we are working to continuously strengthen the business continuity capabilities of each company.

Information Security and Cyber Security Measures

In order to maintain and improve the information security of our company including our major subsidiaries, we have established an internal system, developed relevant regulations for the safe and appropriate handling and management of information assets, and conduct employee training. Furthermore, in order to address cyber-attacks and e-mail frauds aimed at theft and destruction of information, we have implemented appropriate and effective countermeasures, which are not only control measures for information systems but also employee training and checking / implementation of incident response systems including those of major subsidiaries as well as obtaining the latest information in cooperation with specialized external organizations.

Independent Auditors

The MC Audit & Supervisory Board deliberates on appointments, dismissals, reappointments and non-reappointments of MC’s Independent Auditors, and each year assesses appropriateness of the audit methods and the audit results. If the Audit & Supervisory Board deems it fit to dismiss or to not reappoint Independent Auditors, a proposal for new Independent Auditors shall be submitted to the General Meeting of Shareholders.

DFF Inc., MC SIM事務局, 総務部(PH), 主計部(PC), 翻訳会社

Integrated Risk Management and Monitoring

MC implements integrated risk management and monitoring in addition to responding to risks individually. As an example, we identify operational risks, which have become increasingly important in recent years. Every year, we report our evaluation of these risks to the Board of Directors, which is based on unified standards, as well as on the establishment and operation of risk management systems, taking into account future changes in the external environment. In the fiscal year ended March 31, 2024, we conducted the following three-step evaluation and reported the results to the Board of Directors.

STEP1 Evaluation of the current situation by developing a risk map

MC identifies the major operational risks in the Company and then evaluates the risks on a consolidated basis in accordance with unified standards, before listing them as a risk map as follows. We identify “Risks that require special monitoring” (located in the upper right hand corner of the risk map), and the Board of Directors monitors the countermeasures.

STEP2 Medium-term evaluation taking into account the external environment

In addition to evaluating the current situation (Step 1), MC identifies external environmental factors (geopolitics, economics, the environment, etc.) that may affect major operational risks in order to take into account changes in the external environment over the medium-term. We identify operational risks that are particularly susceptible to such factors as “Risks that require attention over the medium term” since they may shift to “Risks that require special monitoring” in the future (see 5 , 6 , 10 , 14 , 15,and 16 below).

Classification table

Positioning map

STEP3 Addressing risks that require attention over the medium term

In addition to “Risks that require special monitoring,” MC also positions “Risks that require attention over the medium term” as risks for which we should especially strengthen our responses in the future. We arrange the countermeasures for these risks as follows, and the Board of Directors monitors them.

⑤ Risk of damage to business assets due to war, civil unrest, terrorism, etc.
⑥ Government expropriation, nationalization, and violation of rights by authority

Responding to geopolitical uncertainties, we conducted the Global Intelligence Committee based on information gathered from the global network. In addition, we have developed a country risk countermeasure system on a company-wide basis to cope with the deterioration of national financial discipline, particularly in emerging countries.

⑩ Climate-related physical risk

For the two assets (metallurgical coal and copper) determined to have a high level of exposure to physical risks in the physical risk assessment (metallurgical coal and copper; see the Climate Change section for additional details), we check annually whether there are any updates to the current measures and future adaptation strategies already disclosed.

⑭ Natural disaster risk

We have prepared initial response and BCP on a consolidated basis both in Japan and overseas*.

⑮ Life and safety risk due to war, civil unrest, terrorism, etc.

We have built up a structure for securing the lives and safety of our employees on a consolidated basis both in Japan and overseas*.

⑯ Transaction risk

We are preventing negative impacts come from the transaction risk by clarifying the contractual relationship and to mitigate the loss with the support of the legal department when we expose to the risk.

【TOPICS】Risk Management Policy

In the fiscal year ended March 31, 2024, MC determined the risk management policy for each risk and classified them into two categories described below. Among the risk items that is classified to (i), we identified the risk items for which quantitative assessment is to be strengthened and promoted.

Risk management table

A

⑤ Risks of damage to business assets due to war, civil unrest, terrorism, etc.
⑥ Government expropriation, nationalization, and violation of rights by authority
⑦ Currency inconvertibility, foreign remittance restriction due to short-term liquidity

Based on the various risk factors of each country, we set ceilings of acceptable risk (Company-wide Management Framework) for each country and conducts a semi-annual survey to control the accumulation of risk.

B

⑨ Climate-related transition risk

We have already set GHG emissions reduction targets and have disclosed Scope 1, 2, and Scope 3 Category 11 emissions as well as avoided emissions (See Key GHG Metrics and Disclosure Highlights for additional details). Based on these initiatives, in order to comply with sustainability disclosure standards, we are continuously considering and reviewing internally how best to quantify the financial impact of climate-related transition risk and the appropriate disclosure methods.

C

⑬ Emerging infectious disease risk
⑭ Natural disaster risk
⑮ Life and safety risk due to war, civil unrest, terrorism, etc.

We are focused on building a system to mitigate loss in the event of a risk appeared.
MC SIM事務局, サステナビリティ部(PQ), 財務部(PT), 事業投資総括部(PX), 翻訳会社