NISSIN FOODS GROUP

Reset

Risk Management

Policies

Of late, the business environment changes significantly and the types of risks in business activities span a broad range. The NISSIN FOODS Group properly understands all kinds of internal and external risks and works to prevent risks from manifesting and mitigate damage when they do to seek sustainable growth while protecting corporate value.
For risk management, we aim to meet the expectations of a wide range of stakeholders, and our basic policy is to build a resilient corporate foundation.

Structure

Risk Management Structure

The NISSIN FOODS Group has put in place a Comprehensive Risk Management Committee chaired by the Executive Vice President/COO to prevent, identify, manage, and address a wide variety of risks. Based on the NISSIN FOODS Group Code of Risk Management, the risk management departments take on the role as secretariat, and persons responsible for risk measures are appointed at major NISSIN FOODS HOLDINGS departments as well as at Group companies in Japan. Besides managing risks in an integrated manner, the Comprehensive Risk Management Committee instructs major NISSIN FOODS HOLDINGS departments and business corporations to identify hidden and manifested risks in our value chain and to establish mechanisms to prevent risks and minimize damage. If an event occurs and has a severe impact on the Group, the chairperson of the Comprehensive Risk Management Committee sets up a Group serious incident taskforce headed by the CEO to quickly address the incident and put forward measures to prevent a recurrence.
In addition, product accidents, business continuity planning (BCP), compliance, and information security are positioned as our four key risks, and each key risk has its own committee to study the mitigation of manifested risks and measure to prevent risks. Risks related to the environment and safety are addressed by establishing the Environment Working Group established under the Sustainability Committee, and the Environment Working Group collaborates with the Comprehensive Risk Management Committee to manage and reduce risks.

To manage Group-wide risks, the Group undertakes early discovery of risks and proper response to them based on the framework of the Three Line Model*. We identify, analyze, and evaluate Group-wide risks to understand the risks to prioritized by the Group and build systems that generate self-discipline within our organizations.

  • * A model that proves that the governing body, management, and internal audit play three key roles in governance
    First line: Business divisions (including associates in Japan and overseas)
    The first line carries out daily operations based on stipulated regulations and internal procedures. Regarding risks and such accompanying the execution of duties, independent governance activities (identification, evaluation, management, and control of risks and such) are conducted as the risk owner.
    Second line: Comprehensive Risk Management Committee as well as departments for risk management, compliance, and information security
    The second line monitors, measures, and evaluates the independent governance activities undertaken by the first line, and at the same time, has the responsibility of formulating and promoting basic policies related to risk management and governance of compliance.
    Third line: Internal Auditing Division
    The third line evaluates the activities of the first and second lines from an independent position as well as provides advice and undertakes correction to ensure effectiveness of risk governance.

Risk Management Process

The Group annually creates a risk map—with likelihood and impact as the two axes—based on the results of interviewing presidents and chief officers of the Group’s business corporations regarding the state of risk management. In the risk map, each risk is assessed and classified into one of four stages to identify important risks. For each identified risk, specific policies are stipulated and measures are implemented in an effort to reduce the risk. In particular, for risks that have high Group-wide impact and span several departments, we establish subcommittees comprising staff from the relevant departments for monitoring of the management state and implementing responses. In addition, the management state of each risk and the effects of risk measures are reported annually at meetings of the Board of Directors.
In FY 3/2024, disasters and accidents, personnel and labor affairs, information leaks and unauthorized access, and human resources were identified as four key risks.

FY 3/2024 Risk Map

Category Subcategory
(1) Product liability Product liability (product accident)
Food safety and security
(2) Business continuity plan Disasters and accidents
(3) Compliance Violation of laws, regulations, etc.
Insider trading
Personnel and labor affairs
Infringement of intellectual property rights
(4) Information security Information leaks and unauthorized access
Information systems
(5) Environment Environment
(6) Reputation Loss of brand value
Damage to corporate image and bad reputation
(7) Finance and accounting Accounting and tax affairs
Finance
Resignation payment accounting supplementation
(8) Corporate Human resources
Corporate blackmail
Shareholders
(9) Supply chain management Raw material procurement
Production asset maintenance
Logistics
Bad debts in supply chain

Expected Risks and Mitigation Measures

NISSIN FOODS Group risk category Type of risk and acceptable range Response to risk
Human resources
  • Risk of manpower shortage due to tighter management of working hours
  • Risk of not achieving well-being due to deterioration in working environment and mental health
  • Risk of being unable to secure the necessary human resources and manpower for business activities
  • Risk of hindrance to business succession and business growth due to shortage of human resources for management executives
  • Risk that brings about a reduction in the Group’s social confidence and trust due to being unable to meet the requirements for human capital
  • Risk that brings about a reduction in the Group’s social confidence and trust due to being unable to meet the social requirements for recognizing, accepting, and applying diversity
  • Promote Smart Work project as part of work style reform
  • Formulate multi-stakeholder policy
  • Introduce NISSIN-style job-based model
  • Formalize responsibility for respecting human rights in the NISSIN FOODS Group Policy on Human Rights and NISSIN FOODS Group Ethics Regulations
  • Build human rights due diligence process and conduct risk assessment
  • Set up the Human Rights Working Group under the auspices of the Sustainability Committee and promote business activities that take human rights into account
  • Ensure thorough awareness internally about initiatives related to diversity, equity, and inclusion, and create workplace environments where employees with diverse attributes and values can fully demonstrate their capabilities
  • Strengthen human resource development by conducting Group philosophy training and establishing the in-house university NISSIN ACADEMY
Information leaks and unauthorized access
  • Risk that brings about a reduction in the Group’s social confidence and trust due to being unable to properly respond to rising social concern and awareness regarding the protection of personal information and privacy
  • Risk that brings about a loss of customers or a reduction in the Group’s social confidence and trust due to concern or detriment brought about by errors in the management and use of personal information
  • Risk that brings about loss of the Group’s social confidence and trust due to erroneous use of information assets in possession of the Group resulting in the violation of laws and regulations
  • Risk of information outflow and loss as well as monetary damage and such being incurred due to unauthorized access, including intentional action or mistake by the Group’s employees and cyberattacks from a third party
  • Risk that brings about a reduction in the Group’s social confidence and trust due to improper acquisition of the Group’s information, use of such information for purposes other than intended, and such by external contractors
  • Manage and operate various types of information assets based on the Basic Policy on Information Security
  • Stipulate a privacy policy and make it known internally
  • Comply with laws and regulations regarding personal information and guidelines issued by the concerned authorities
  • Establish the Information Security Committee
  • Promote information security measures with reference to the international standard ISO 27001 and the Cybersecurity Management Guidelines established by the Ministry of Economy, Trade and Industry
  • Establish NISSIN-CSIRT, which analyzes the cause and investigates the scope of impact, and strengthen the ability to respond to incidents through external exercises and tabletop training
  • Strengthen the recruitment of human resources with specialized IT skills such as registered information security specialists
  • Conduct regular e-learning-based knowledge checks and security drills
  • Conduct third-party vulnerability assessments for internal infrastructure and websites operated by the Group

Annual Securities Report (Business and Other Risks) p.36 [PDF 8.3MB]

Emerging Risks

Risks that are expected to have severe long-term impact on the Group’s business activities—and which have yet to manifest but may appear in the future depending on changes in the external environment—are positioned as emerging risks. The Group evaluates medium- to long-term (three to five years or more) impact to business and responds to emerging risks.

Emerging Risks Related to the International Situation and Their Countermeasures

Explanation of risks

The worsening of relations and heightening of tension between countries—against a backdrop of political, social, military, and cultural factors around the world—may impact companies’ business continuity. In particular, the risks related to the international situation in the regions listed below may have severe impact on business continuity by disrupting the Group’s supply chains (paralyzing commercial logistics) and causing delays in procurement and the implementation of production strategies. They are therefore recognized as emerging risks.

The Americas
  • Expansion of China decoupling measures by the United States
  • Economic recession due to stagnant economy and political turmoil in Central and South America
China
  • China’s interference in Taiwan’s politics and worsening of relations between the United States, China, and Taiwan
Asia
  • China’s interference in Taiwan’s politics and worsening of relations between the United States, China, and Taiwan
Europe
  • Prolongation of conflict between Russia and Ukraine
Impact to the Group’s business activities
  • Procurement delays and increase in procurement prices due to changes in raw material transport routes in Japan and overseas, as well as difficulty in supplying products caused by inability to procure raw materials
  • Delays in product supply due to delays or difficulty in procurement of development materials in Japan and overseas
  • Malfunction of communication systems when cyberattacks occur due to worsening of relations between countries
  • Malfunction of communication systems when cyberattacks occur due to worsening of relations between countries
  • Worsening of relations between countries leading to exclusion or restriction (boycott) of Japanese companies (foreign products) and difficulty in business continuity (safety of local employees, paralysis of commercial logistics, communication disruptions) of business corporations at overseas locations
Risk countermeasures
  • Monitor and collect information regarding legal systems and regulations of countries where overseas Group companies are located
  • Obtain advice from external consultants
  • Promote supplier distribution and diversification toward strengthening of supply chains
  • Collaborate with external agencies, industrial groups, and such, as well as study the reduction of risks related to the international situation, including geopolitical risks