Risk Management Activities

Initiatives for main risk

After deliberation by the Risk and Crisis Management Committee and the Management Board, Kao has selected the 14 particularly significant risks as the main risks that could have a negative impact on its sustained profitable growth and contribution to the sustainability of the world. We also review these main risks at least once every six months based on changes in the business environment.
The division in charge formulates countermeasures for main risks and manages its progress. Details of main risks are disclosed in the Annual Securities Report*1 .

Initiatives for corporate risk

We conducted a risk survey for Genba from the on-site operations perspective, interviews with management from the management perspective and analysis of the external environment to identify and assess the major risks and action issues that could hinder the achievement of the Mid-term Plan (K27). Among main risks, we have defined “corporate risks” as the risks that would have a major impact on management and require an enhanced response. Once a year, the Risk and Crisis Management Committee conducts a review based on its analyses of an internal survey and the external environment as well as interviews with management, and the Management Board decides upon risk themes and risk owners (Executive Officers). Each owner establishes a countermeasure team to propose countermeasures, monitor risks and respond when risks materialize.
The Risk and Crisis Management Committee deliberates on the effectiveness of countermeasures and manages its progress, and the Management Board reviews themes every year. In its reviews, we also consider new corporate risks and make changes to the content of our priority efforts, and continuously strengthen our responses. For corporate risks that have been addressed to a certain level of success, they are shifted to a day-to-day management system by the department in charge.

This shows the corporate risks initiative process conducted in three stages throughout the year. From January to August, we conduct risk survey and external environment analysis, and from September to October, we conduct interviews with management to assess important risks and issues to be addressed. From November to December, we examine and determine corporate risks themes based on annual report.

“Risk surveys”
We conduct risk surveys of divisions and subsidiaries in Japan, as well as subsidiaries in Asia, Europe and the US, regarding risks that may impede the achievement of the Mid-Term Plan (K27), and identifies important risks and issues to address them from the perspective of the on-site operations. The number of risks that come up in risk surveys is in the hundreds. We analyze and assess these risks, addressing those that can be managed at the operational level through on-site responses. For risks that require a company-wide approach, such as cross-organizational risks, we strengthen our responses in collaboration with the relevant departments.

“Analysis of the external environment”
We continuously analyze risks that are rapidly changing, complex, and diverse, such as the international situation, the business environment, and social issues, in collaboration with internal and external experts. We also conduct analysis with reference to reports on risks from think tanks around the world.

“Interviews with executives“
Based on “risk surveys” and “analysis of the external environment”, we conduct interviews with members of the Management Board and others to deepen discussions on important risks for the Kao Group from a management perspective and risks that we should strengthen our response to. By discussing risks and issues identified in the field with management priorities and strategic perspectives, we reconcile the risk perceptions of the on-site operations and management.

In this way, “On-site operations” and “management” work together to promote ERM.

Main themes and its actions regarding corporate risks

Theme Details of risks Response
Large-scale earthquakes and other natural disasters and BCP response
  • Risk of harm to employees, damage to facilities, the supply chain, and difficulties in supplying products to markets resulting from large-scale earthquakes or other natural disasters such as large typhoons and floods brought on by climate change.
  • Enhancing hardware and software measures based on flood risk studies at each site, and providing disaster prevention education to protect employees and their families.
  • Formulating BCP for long-term suspension of operations in Japan and strengthening BCPs at sites outside Japan.
Risk of cyberattacks
  • Risk of temporary suspensions or delayed of business activities due to cyberattacks targeting Kao group or business partners, and subcontractors etc.
  • Risk of unauthorized acquisition or leakage of confidential information and personal information.
  • Establishment of Group-wide regulations and promotion systems, and promotion of awareness-raising activities.
  • Strengthening measures such as access control and monitoring, and developing backup and recovery plans for isolated environments.
  • Strengthen the security of the entire supply chain by confirming the status of measures taken by suppliers and manufacturing contractors, etc., and requesting improvements as necessary.
  • Strengthening incident response capabilities based on BCP (including recovery drills for receiving orders and shipments) and purchasing cyber insurance.
Human Resource Securing
  • Risks that affect the execution of business strategies due to the inability to promote the acquisition and development of human resources with high level of expertise required in each field and human resources who will become leaders.
  • Strategic recruitment activities to enhance social competitiveness
  • Career development to increase engagement
  • Allocation of human resources according to global and departmental issues
Geopolitics
  • Risk of human casualties, temporary suspensions of operations due to supply chain disruptions, or changes in consumer purchasing due to the destabilization of political and social conditions, diplomatic tensions, conflicts or other reasons.
  • Developing risk scenarios and response systems, and monitoring political and social situations.
  • Establishment of guidelines for ensuring employee safety.
  • Strengthening the supply chain networks for raw material procurement, etc.
Reputation Risk
  • Risk of deteriorating brand value and social credibility due to the spread of negative reputations and misunderstandings about information dissemination and marketing activities through social media, etc.
  • Risks that brand value and social credibility will decline due to inadequate response to such risks and reputational risks arising from such risks when risks inherent in business activities materialize.
  • Establishment of a pre-check system for advertising and information dissemination
  • Continuous implementation of internal training
  • Early identification of risks through monitoring of social media and other means.
  • Timely and appropriate disclosure of accurate information and the Kao Group’s approach and response stance when risks materialize.
Pandemic response
  • Risk that the pandemic will disrupt the delivery of products and services
  • Risk of shrinking cosmetics market, etc., due to changes in purchasing behavior
  • The risk that the pandemic will affect the stable operation of business activities due to the impact of the pandemic on employee health management and employment continuity
  • Revise the guidelines and formulate action plans for each country, and review stockpiles, etc. based on the experience during the COVID-19 pandemic.
  • Establishment of a system to ensure the safety of employees and maintain business continuity
Product quality issues
  • Risk of serious product quality issues arising that would result in loss of social credibility.
  • Strengthen internal awareness-raising to prevent serious product quality issues from arising.
  • Strengthen company-wide responses in the event of serious damage arising due to product quality issues.

Early response to emerging risks

We defines “emerging risks” as risks that are new risks, risks with insufficient data, and a lack of verifiable information and knowledge needed for decision-making. Emerging risks have a significant impact on management over a long period of time. We identify emerging risks every year.

It is essential to strengthen risk intelligence*4 in order to identify and respond to emerging risks at an early stage. In order to strengthen risk intelligence, we are collaborating with a various external experts to enhance risk insight (the ability to read signs of change without relying solely on experience). Additionally, we are enhancing scenario planning, which involves considering responses to potential uncertain future situations.

  • * 4 Ability to quickly detect signs of risk, analyze impacts, and respond

This shows Kao collaborates with a variety of outside experts. In order to strengthen risk intelligence, we enhance risk insight collaborating with experts, relevant ministries, NGOs, etc. for each of the various risks surrounding the company.

In addition, in response to corporate risks such as Large-scale earthquakes/natural disasters, and geopolitical risks, we implement Business Continuity Management (BCM) based on actual emergency responses. We also strengthen scenario planning through simulations and drills that assume long-term supply chain outages aiming to strengthen more concrete preparations and swift responses.

This shows the strengthening of responses to corporate risks such as “Major earthquakes, natural disasters, and BCP responses,” and “Geopolitical risks.” The left shows continuous improvement through the PDCA cycle, in which the BCP is reviewed after drills and training, improvement/examination. The right shows the strengthening of scenario planning planned for each fiscal year on themes such as “Nankai Trough earthquake”, and “Geopolitics.” By linking PDCA cycle on BCM with scenario planning, it represents an effort to strengthen preparedness for and response to emerging risks.

Emerging Risks in Focus

Risk Related to Responsible Raw Material Procurement (Environmental and Human Rights Considerations)

We use a significant amount of naturally derived resources, such as palm oil and paper/pulp, as raw materials in its products. These materials are not only susceptible to external factors such as price fluctuations and climate change, but in recent years, increasing attention has been placed on ensuring environmental and human rights considerations throughout the procurement process. The palm oil and paper/pulp that we use are sourced through multi-layered supply chains (from plantations and farms to processors and suppliers), and it remains a challenge to fully grasp the conditions of smallholder farms and primary producers, particularly in the palm oil supply chain, as well as to ensure full traceability.

If environmental or human rights issues arise at raw material suppliers within the supply chain, or if our efforts to address such issues are deemed inadequate, we may face procurement disruptions, product supply delays, or even suspension of business operations. These outcomes could lead to the loss of brand image or credibility, a decline in business performance, and severe threats to business continuity.

In light of these risks, we recognize risks related to responsible law material procurement in consideration of environment and human rights as an emerging risk that could have a significant impact on future operations. And we are promoting it through the following key initiatives:

  • Supplier selection based on ESG criteria
  • Dialogue and collaboration with suppliers and supplier assessment (environmental and human rights due diligence and third-party audits etc.)
  • Forest monitoring, support for oil palm smallholders, and implementation of grievance mechanisms
  • Ensuring traceability and leveraging third-party certifications (e.g., RSPO, FSC etc.)
  • Monitoring and understanding evaluations of our initiatives from stakeholders and other parties on a global scale

Geopolitics

Geopolitical risks have remained high in Europe and East Asia, where we conduct businesses. In addition, such risks may increase in countries and regions where we procure raw materials.

If destabilization of political and social conditions, diplomatic tensions, or other reasons cause a deterioration in the environment surrounding our business, human casualties, a temporary suspension of operations due to supply chain disruptions, or changes in consumer purchasing behavior, our targets for net sales and profit may be unattainable.

From these situations, we recognize geopolitics as an emerging risk that could have a significant impact on future operations. And we prepare risk scenarios for countries and regions with heightened geopolitical risks, provide systems for response where needed, and monitor the political and social situations. In addition, we have established guidelines for ensuring employee safety and are working to strengthen its supply chain networks. We address geopolitics as a corporate risk.

Cyberattack Risk (Cyberattacks Targeting Production Equipment and Business Partners)

In recent years, cyberattacks leveraging AI and other technologies have become increasingly advanced and targeted, with a growing trend of attacks not only on individual companies but across interconnected supply chains. As global business networks expand, supply chains are becoming more complex, making it structurally difficult for a single company to fully defend itself. In manufacturing environments, efforts to improve efficiency have led to the digitization and networking of control equipment and robots, creating new potential entry points as previously closed control networks become connected to external systems.

Cyberattacks can cause factory shutdowns and system failures at partner companies, which may lead to delays in product supply and interruptions in business operations. Such disruptions can severely affect performance and business continuity.

From these situations, we recognize cyberattacks targeting production facilities and business partners as an emerging risk. To strengthen cybersecurity in factory control systems, we are working to detect risks early and minimize potential damage by implementing centralized management of security logs, promoting real-time monitoring, and introducing systems to detect network anomalies. In particular, we consider the potential impact to be significant in areas where control systems are connected to the internet—such as remote sensing, remote maintenance, and the use of external cloud services—and are taking both technical and operational countermeasures tailored to each connection type. As part of our broader supply chain cybersecurity initiatives, we assess the security measures of key business partners and conduct follow-up activities as needed. We address response to cyberattack risk as a corporate risk.

Through these initiatives, we aim to identify and address risks at an early stage from a global perspective.

Risk and Crisis Management

Risk and Crisis Management

Page Top