Risk Management

Mission

While recognizing the various risk factors that hinder the sustainable growth and development of the Group and society, clarify risks and opportunities in the formulation and implementation of management strategies, and help optimize the allocation of resources by connecting them to management decisions.

Policies

We will promote comprehensive risk management, including the management of hazard risks and operational risks, in consideration of changes in the external environment, including in the international situation and climate.
For sustainable corporate growth, it is essential that we take risks appropriately with a focus on growth and profit-making opportunities while at the same time engaging risk avoidance and mitigation. This means that we must both suppress and tolerate risks and thus need to evaluate them appropriately across our business activities. 

Management

Risk management system

Resonac has put in place an ISO 31000-compliant risk management system and made it an integral part of our internal control. The Board of Directors uses this risk management system to make decisions.
For important issues related to risk management, including responses to material risks posed to the Group’s management, we have the Risk Management Committee chaired by the CEO, which facilities cross-organizational deliberations by top management. Matters deliberated by the Risk Management Committee are discussed and approved by the Management Committee and then reported to the Board of Directors. The Board of Directors monitors the corporate risk management system and supervises its implementation.
In addition, we have assigned risk owners, risk officers and risk managers at each of our business units, plants and major Group companies in Japan. These roles are responsible for identifying and assessing risks at each business/worksite and promoting countermeasures against them. We have thereby clarified how risk-related measures are to be promoted by the departments in charge.

Crisis management system

In the event of an accident, disaster, compliance violation or other incident in which risk becomes apparent, the relevant business unit or plant reports to the CRO and the CXO organization responsible for that risk, and they work together in responding to the incident. Should the incident be capable of threatening the Group’s existence or developing into a situation that could seriously impede the Group’s normal business operations, a Crisis Response Headquarters headed by the CEO will be established to assess the situation and its impact, issue instructions on containing the damage/loss, consider how to disseminate information to the public, and promptly take other appropriate initial actions.

If a significant impact on business continuity is anticipated after the initial response, we will activate the BCP (Business Continuity Plan) for products that have been previously defined as subject to maintenance in order to maintain and quickly restore business activities to fulfill our responsibility to continue supplying products to customers, especially those necessary for maintaining social infrastructure.​

For our overseas bases, we also plan to roll out risk/crisis management systems similar to those used in Japan in and after fiscal 2025.

Related link

Risk management system diagram

Strategy for Realizing the Long-Term Vision

Roadmap for 2030

Vision for the future (2030) Issues to be addressed Results in 2023 Plans for 2024
  • Understand and practice risk management principles and approaches (all employees)
  • Achieve world-class management by establishing and improving risk management structure and system that support the three lines of defense
  • Develop and operate an effective administrative structure that also covers BCM&BCP formulation
  • Conduct risk management and strengthen management systems amid high uncertainty
  • Make BCP more effective and standardized
  • Introduced control implementation and assessment processes
  • Based on BCM&BCP guidelines, fully revised and established BCPs for products for which BCPs have been established
  • Identify companywide key risks and develop a monitoring (management review) process
  • Advance risk plotting (visualization tools) using generative AI and more standardized risk control through the control implementation and assessment processes
  • Begin preparation for overseas deployment of risk assessment
  • Complete revision and establishment of product selections for which BCPs are to be established
  • Start preparations for companywide deployment of simulation training to study BCP effectiveness

Non-financial KPI Results and Targets

Resonac regards sustainability as the basis for its companywide strategies and has set three material issues for sustainability. Accordingly, for risk management, we will work on the non-financial KPIs and measures that were set to “Gain credibility through responsible business management” toward the achievement of our long-term vision.

KPIs on material issues 2025 targets 2023 results
Development and operation of comprehensive
risk management systems		 Development of a new comprehensive risk
management system		 Development of policies for handling overall
risks, including methods for assessing
strategic risks
Reinforcing the function of the second line of defense
  • Expansion of the Group’s internal control
    framework
  • Launch of expansion outside Japan and
    centralization of risk data
 Establishment of Risk Control Standards, and
performance of checks and assessments of
the status of control implementation in the
implementing departments

Risk management processes

Our business environment is constantly evolving and increasing in complexity amid technological innovation, market changes, and changes in policy. We believe that to maximize corporate value under such circumstances it is best to combine two approaches. Through bottom-up activities, we minimize day-to-day risks by tapping into on-site wisdom and experience. Through top-down activities, senior management takes the viewpoint of the entire organization and its goals, ranking business risks in order of priority and optimizing resource allocation.

After companywide risks are identified through these two approaches, they are visualized by being entered into a heat map. After verifying and analyzin risk data using generative AI, the Risk Management Committee reports its findings as companywide key risk themes. These are later discussed intensively in a deep dive at senior executives study sessions.

Identification of bottom-up type report-level risks

The process for departments to identify and evaluate risks is implemented through a centralized data-intensive management using a standardized Enterprise Risk Management (ERM) system. Personnel in positions of manager or above throughout the Company continually share results on the system, enabling day-to-day risks to be reduced at on-site level.

The oversight divisions (CXO organizations) in charge of each risk area review the identified risk events and evaluation results from each department as well as related data such as current responses to risks and plans for addressing them. They also promote communication on matters such as the need for support. Individual risk events that are highly significant from the viewpoint of frequency of occurrence and degree of impact are positioned as top risks, and they are shared with and verified at each department, while being deliberated at management level. The total number of registered risks in 2023 was 5,976. Of these, 15 were subject to individual deliberations by the Risk Management Committee.

Identification of top-down type alarm-level risks

The outlook has become highly uncertain in recent years due to changes in the external environment that have rapidly become more diverse and complex. These include elevated country risks, changes in economic security policy in countries around the world, countries’ responses to climate change, and rapid advances in digital technology.

In 2023 we launched a project to identify among these megatrends the external environmental factors and changes that the Group should focus on. The project is run as a joint initiative between the Corporate Planning Department, the Sustainability Department, and the Risk Management Department. Using a scenario-based approach that takes into account external perspectives and environmental changes, we will improve risk awareness and reflect it into our management strategies.

TOPICSFor the sophistication of risk management -Discussion on management risks by the Basic Chemicals Business Unit -

Resonac’s Basic Chemicals Business Unit held an event to provide a forum for the heads of its organizations, including the general manager of the Unit and the head of the Kawasaki Plant, to discuss management risks. The Risk Management Department of the head office supported the organization of the event. At the beginning of the event, participants were briefed on the importance of risk management and introduced to some cases from across the company involving a failure to prevent the materialization of risks. They were then divided into groups to identify the most impactful risks posed to their organizations in each of the following risk categories: accidents and disasters, legal and regulatory compliance, personnel and labor issues, information security, supply chains, and the external environment. Through the process they identified the material risks facing the Business Unit from cross-organizational and management perspectives and held in-depth discussions on how to deal with such risks.

The identified material risks will be registered with the risk management system for the execution of the PDCA cycle toward the sophistication of risk management including monitoring of countermeasures.

Identifying and prioritizing “companywide key risks themes”

Resonac has organized the Risk Management Committee chaired by the CEO. The Committee facilitates cross-organizational deliberations by senior executives on the risk management system, key risks facing the Group, and countermeasures for addressing them. Based on the deliberations of the Risk Management Committee, at a senior executives study session held in June 2024, companywide key risk themes were identified and ranked in order of priority.

Matters discussed by senior executives (June 2024 senior executives study session)

1 Goals
  • Understanding individual risk events arising from the external environment and examining risks and countermeasures side by side
  • Reexamining areas of corporate support
Implementation

The Risk Management Committee held preliminary discussions based on its meetings with the CXO organization and with the business side. Based on these discussions, risks arising from the external environment that are significant to Resonac were identified, such as concerns about country risks, concerns about the protection of corporate secrets, and further heightened environmental awareness. The status of countermeasures and concerns about each risk were identified, and the direction of countermeasures was shared with senior executives.
Approach
  1. 1. . Method for identifying risks arising from the external environment (top-down type x bottom-up type)
  2. 2. Detailed explanatin and discussion of external environmental events
  3. 3. Confirmation of BU countermeasures status and countermeasure gaps for each risk
2 Goals
  • Redefined companywide key risk themes after reflecting the insights of senior executives
  • Assessing the significance and urgency of each risk and set an appropriate level of monitoring
Implementation

Key risks such as operations and hazards were added. A full overview was presented again based on a tentative plot diagram of the eight key risks, and a question and answer session was held. Each member of senior executives then plotted risks of concern on a risk map. The discussion then focused on which of these risks could be incorporated and which should be eliminated. Regarding the risks left on the map, the possibility of occurrence and the impact of the business were re-examined, monitoring levels were set, and future flag bearers (CXO) were determined.
Approach
  1. 1. Alignment discussion on the eight risks and risks arising from the external environment
  2. 2. Identifying risks related to the concerns of senior executives
  3. 3. Plotting risks on a bubble chart
  4. 4. Setting the monitoring level
  5. 5. Determining the flag-bearer for each risk

The Resonac companywide key risk map developed through this process

Following the discussions by senior management, companywide key risks were plotted based on their likelihood of occurrence (vertical axis), impact on business (horizontal axis), and degree of impact (size of the bubble), as shown in the figure on the right.

Senior executives’ opinions on identified companywide key risks

S rank risks:
The most significant risks to the Company’s operations (requires the strictest monitoring and/or immediate countermeasures)

  1. 1. Risks related to human resources management and loss of talented employees (flag bearer: CHRO)
  2. 2. Country risks (flag bearer: CSO/CRO)
  3. 3. AI-driven technological innovation, risks arising from market changes (flag bearer: CTO)
  • Human resources risks are linked to everything. In particular, with regard to risk of brain drain, amid intense competition for talent around the world, we are investigating what reasons and conditions lead employees to quit, and planning to strengthen countermeasures (CHRO)
  • Even if each business deals with country risk, preparing adequately is hard and business could be halted immediately. It should therefore be tackled one of the most significant risks (CMO)
  • Market changes due to AI-driven technological innovations could have a dramatic and significant impact on Resonac’s business. We must constantly monitor what is happening (CTO)
  • When considering information leakage, we need to consider not only cyberattacks, but also that individual employees could be poached by other companies or other countries. Many risks have human resources at their root, so a coordinated response is necessary (CSO/CRO)

A rank risks:
Key risks to the achievement of company goals (regular review and preparation of a rapid response plan)

  1. 1. Risks related to supply chain instability (flag bearers: CMEO/CQO)
  2. 2. Information leakage and cyberattack risks (flag bearer: CDO-IT Supervisor)
  3. 3. Misconduct, corruption, compliance issues, or scandals risks (flag bearer: CSuO)
  4. 4. Human rights/environmental regulations risks (flag bearer: CSuO)
  • Supply chain risk is a critical issue that we deal with in our daily operations. While various perspectives have been included, I expect continued and coordinated responses (CEO)
  • In terms of information leakage risks, we need to reinforce our countermeasures for human resources as well as working to prevent cyberattacks. (General Manager of the IT Departmen)
  • Incidents related to misconduct or corruption, including product quality irregularities, must not be allowed to occur. In light of the product quality labeling irregularities that the Company has had in the past and recent misconduct issues at other companies, we must work together as one team to take countermeasures (General Manager)
  • Human rights risks and environmental risks pose challenges both in terms of our future response to changes and our existing responsibilities, including the supply chain. We will make plans, and respond to both opportunities and risks at Sustainability Promotion Council meetings (CSuO)
Other opinions
  • As times have changed, the risk events that could occur have also changed dramatically. We need to prepare by understanding the risks in advance and take countermeasures. (CSO/CRO)
  • Risks must be assessed and dealt with at two levels: surface phenomena and their underlying causes. (CHRO)
  • There are various reasons behind the unpredictable market changes. We will analyze the underlying factors from various angles and respond accordingly (CMO)
  • I would like to take into account issues in areas such as reputation risk and strive to prevent them before they occur, bearing in mind that they would have immediate impact on the stock price (CFO)
  • We would like to collaborate with business units, business sites, and CXO organizations to manage and respond to each risk (CEO, General Manager)

BCM Promotion

In accordance with the BCM&BCP guidelines we formulated in 2023, we set target recovery times and target recovery levels using BIA (business impact analysis), and are preparing a BCP. Each year we review the products for which BCPs are to be established based not only on sales and profit, but also on whether the products are needed for social infrastructure.
We have also begun considering formulating BCPs not only for responding to conventional hazard risks and operational risks, but also for strategic risks caused by changes in the external environment, such as an incident in Taiwan.

In addition, we have begun piloting using a new method of BCP training. By 2025. we aim to prepare BCP training guidelines, with a system to support the implementation of training at each site.
We will be periodically reviewing our BIA and BCPs, while following BCM’s PDCA cycle by verifying effectiveness through trainings, as we endeavor to deepen employees’ understanding of BCP to make them more effective and standardized.

BCP training

Sustainability: Site Map

ESG Information