Risk Management Activities

Initiatives for main risk

After deliberation by the Risk and Crisis Management Committee and the Management Board, Kao has selected the 14 particularly significant risks as the main risks that could have a negative impact on its sustained profitable growth and contribution to the sustainability of the world. We also review these main risks at least once every six months based on changes in the business environment.
The division in charge formulates countermeasures for main risks and manages its progress. Details of main risks are disclosed in the Annual Securities Report*1 .

Initiatives for corporate risk

We conducted a risk survey for Genba from the on-site operations perspective, interviews with management from the management perspective and analysis of the external environment to identify and assess the major risks and action issues that could hinder the achievement of the Mid-term Plan (K27). Among these, we have defined “corporate risks” as the risks that would have a major impact on management and require an enhanced response. The Risk and Crisis Management Committee examines the themes of these risks, and the Management Board decides upon risk themes and risk owners (Executive Officers). Each owner establishes a countermeasure team to carry out initiatives.
The Risk and Crisis Management Committee deliberates on the effectiveness of countermeasures and manages its progress, and the Management Board reviews themes every year. In its reviews, we also consider new corporate risks and make changes to the content of our priority efforts, and continuously strengthen our responses. For corporate risks that have been addressed to a certain level of success, they are shifted to a day-to-day management system by the department in charge.

This shows the corporate risks initiative process conducted in three stages throughout the year. From January to August, we conduct risk survey and external environment analysis, and from September to October, we conduct interviews with  management to assess important risks and issues to be addressed. From November to December, we examine and determine corporate risks themes based on annual report.

“Risk surveys”
We conduct risk surveys of divisions and subsidiaries in Japan, as well as subsidiaries in Asia, Europe and the US, regarding risks that may impede the achievement of the Mid-Term Plan (K27), and identifies important risks and issues to address them from the perspective of the on-site operations. The number of risks that come up in risk surveys is in the hundreds. We analyze and assess these risks, addressing those that can be managed at the operational level through on-site responses. For risks that require a company-wide approach, such as cross-organizational risks, we strengthen our responses in collaboration with the relevant departments.

“Analysis of the external environment”
We continuously analyze risks that are rapidly changing, complex, and diverse, such as the international situation, the business environment, and social issues, in collaboration with internal and external experts. We also conduct analysis with reference to reports on risks from think tanks around the world.

“Interviews with executives“
Based on “risk surveys” and “analysis of the external environment”, we conduct interviews with members of the Management Board and others to deepen discussions on important risks for the Kao Group from a management perspective and risks that we should strengthen our response to. By discussing risks and issues identified in the field with management priorities and strategic perspectives, we reconcile the risk perceptions of the on-site operations and management.

In this way, “On-site operations” and “management” work together to promote ERM.

Main themes and its actions regarding corporate risks

Theme Details of risks Response
Large-scale earthquakes and other natural disasters and BCP response
  • Risk of harm to employees, damage to facilities, the supply chain, and difficulties in supplying products to markets resulting from large-scale earthquakes or other natural disasters such as large typhoons and floods brought on by climate change.
  • Enhancing hardware and software measures based on flood risk studies at each site, and providing disaster prevention education to protect employees and their families.
  • Formulating BCP for long-term suspension of operations in Japan and strengthening BCPs at sites outside Japan.
Geopolitics
  • Risk of human casualties, temporary suspensions of operations due to supply chain disruptions, or changes in consumer purchasing due to the destabilization of political and social conditions, diplomatic tensions, conflicts or other reasons.
  • Developing risk scenarios and response systems, and monitoring political and social situations.
  • Establishment of guidelines for ensuring employee safety.
  • Strengthening the supply chain networks for raw material procurement, etc..
Risk of cyberattacks
  • Risk of temporary suspensions of business activities, such as supply chain activities, due to cyberattacks targeting manufacturing facilities or business partners.
  • Reinforcement of security measures and response system in case of incidents.
Responsiveness to social Issues
  • Risk of initiatives to resolve social issues being inadequate or being perceived as inadequate.
  • Risk of a failure to demonstrate adequate progress toward the KPIs outlined in the KLP may be perceived as “greenwashing” or avoiding information disclosure out of the fear of being labeled as “greenwashing*2 ” will be perceived as “greenhushing*3 .”

  • *
    2 Greenwashing: Exaggerating or overstating the environmental and sustainability aspects of a company’s products or services, or making unsupported claims about the environmental or sustainability actions it takes.
  • *
    3 Greenhushing: Refraining from disclosing or disseminating information about a company’s environmental initiatives and climate change measures for fear of greenwashing.
    • Reduce reputational risk by understanding and responding globally to the evaluations and demands of stakeholders regarding initiatives to address social issues.
    Product quality issues
    • Risk of serious product quality issues arising that would result in loss of social credibility.
    • Strengthen internal awareness-raising to prevent serious product quality issues from arising.
    • Strengthen company-wide responses in the event of serious damage arising due to product quality issues.
    Reputation management
    • Risk that brand value and social credibility will decline due to the spread of negative evaluations or misunderstandings about our initiatives on social media and other platforms.
    • Strengthen the emergency response system in the event of contingencies.
    • Strengthen the social media monitoring system.
    • Disclose correct information and corporate stance when risks materialize.
    Pandemic response
    • Risk of temporary suspension of operations due to pandemic outbreak
    • Risk of shrinking cosmetics market, etc., due to changes in purchasing behavior
    • Revise the guidelines and formulate action plans for each country, and review stockpiles, etc. based on the experience during the COVID-19 pandemic.

    Early response to emerging risks

    We defines “emerging risks” as risks that are new risks, risks with insufficient data, and a lack of verifiable information and knowledge needed for decision-making. Emerging risks have a significant impact on management over a long period of time. As part of our annual review of main risks, we also identify emerging risks.

    It is essential to strengthen risk intelligence*4 in order to identify and respond to emerging risks at an early stage. In order to strengthen risk intelligence, we are collaborating with a various external experts to enhance risk insight (the ability to read signs of change without relying solely on experience). Additionally, we are enhancing scenario planning, which involves considering responses to potential uncertain future situations.

    • * 4 Ability to quickly detect signs of risk, analyze impacts, and respond

    This shows Kao collaborates with a variety of outside experts. In order to strengthen risk intelligence, we enhance risk insight collaborating with experts, relevant ministries, NGOs, etc. for each of the various risks surrounding the company.

    In addition, in response to corporate risks such as Large-scale earthquakes/natural disasters, and geopolitical risks, we implement Business Continuity Management (BCM) based on actual emergency responses. We also strengthen scenario planning through simulations and drills that assume long-term supply chain outages aiming to strengthen more concrete preparations and swift responses.

    This shows the strengthening of responses to corporate risks such as “Major earthquakes, natural disasters, and BCP responses,” and “Geopolitical risks.” The left shows continuous improvement through the PDCA cycle, in which the BCP is reviewed after drills and training, improvement/examination. The right shows the strengthening of scenario planning planned for each fiscal year on themes such as “Nankai Trough earthquake”, and “Geopolitics.” By linking PDCA cycle on BCM with scenario planning, it represents an effort to strengthen preparedness for and response to emerging risks.

    Emerging Risks in Focus

    Risk Related to Responsible Raw Material Procurement (Environmental and Human Rights Considerations)

    We use a significant amount of naturally derived resources, such as palm oil and paper/pulp, as raw materials in its products. These materials are not only susceptible to external factors such as price fluctuations and climate change, but in recent years, increasing attention has been placed on ensuring environmental and human rights considerations throughout the procurement process. The palm oil and paper/pulp that we use are sourced through multi-layered supply chains (from plantations and farms to processors and suppliers), and it remains a challenge to fully grasp the conditions of smallholder farms and primary producers, particularly in the palm oil supply chain, as well as to ensure full traceability.

    If environmental or human rights issues arise at raw material suppliers within the supply chain, or if our efforts to address such issues are deemed inadequate, we may face procurement disruptions, product supply delays, or even suspension of business operations. These outcomes could lead to the loss of brand image or credibility, a decline in business performance, and severe threats to business continuity.

    In light of these risks, we recognize risks related to responsible law material procurement in consideration of environment and human rights as an emerging risk that could have a significant impact on future operations. And we are promoting it through the following key initiatives:

    • Supplier selection based on ESG criteria
    • Dialogue and collaboration with suppliers and supplier assessment (environmental and human rights due diligence and third-party audits etc.)
    • Forest monitoring, support for oil palm smallholders, and implementation of grievance mechanisms
    • Ensuring traceability and leveraging third-party certifications (e.g., RSPO, FSC etc.)
    • Monitoring and understanding evaluations of our initiatives from stakeholders and other parties on a global scale

    Geopolitics

    Geopolitical risks have remained high in Europe and East Asia, where we conduct businesses. In addition, such risks may increase in countries and regions where we procure raw materials.

    If destabilization of political and social conditions, diplomatic tensions, or other reasons cause a deterioration in the environment surrounding our business, human casualties, a temporary suspension of operations due to supply chain disruptions, or changes in consumer purchasing behavior, our targets for net sales and profit may be unattainable.

    From these situations, we recognize geopolitics as an emerging risk that could have a significant impact on future operations. And we prepare risk scenarios for countries and regions with heightened geopolitical risks, provide systems for response where needed, and monitor the political and social situations. In addition, we have established guidelines for ensuring employee safety and are working to strengthen its supply chain networks. We address geopolitics as a corporate risk.

    Cyberattack Risk (Cyberattacks Targeting Production Equipment and Business Partners)

    In recent years, cyberattacks leveraging AI and other technologies have become increasingly advanced and targeted, with a growing trend of attacks not only on individual companies but across interconnected supply chains. As global business networks expand, supply chains are becoming more complex, making it structurally difficult for a single company to fully defend itself. In manufacturing environments, efforts to improve efficiency have led to the digitization and networking of control equipment and robots, creating new potential entry points as previously closed control networks become connected to external systems.

    Cyberattacks can cause factory shutdowns and system failures at partner companies, which may lead to delays in product supply and interruptions in business operations. Such disruptions can severely affect performance and business continuity.

    From these situations, we recognize cyberattacks targeting production facilities and business partners as an emerging risk. To strengthen cybersecurity in factory control systems, we are working to detect risks early and minimize potential damage by implementing centralized management of security logs, promoting real-time monitoring, and introducing systems to detect network anomalies. In particular, we consider the potential impact to be significant in areas where control systems are connected to the internet—such as remote sensing, remote maintenance, and the use of external cloud services—and are taking both technical and operational countermeasures tailored to each connection type. As part of our broader supply chain cybersecurity initiatives, we assess the security measures of key business partners and conduct follow-up activities as needed. We address response to cyberattack risk as a corporate risk.

    Through these initiatives, we aim to identify and address risks at an early stage from a global perspective.

    Page Top