Risk Management

We at the Kyowa Kirin Group (hereafter referred to as "Our Group") have established the "Kyowa Kirin Group Risk Management Policy," based on which we are implementing risk management at all our Group companies. This Policy is enacted with reference to international standards such as ISO 31000 and COSO (The Committee of Sponsoring Organizations of the Treadway Commission).

Kyowa Kirin Group Risk Management PolicyPDF file

Business Risk FactorsOpen in new window

Risk Management System

Business execution lines at the Kyowa Kirin Group identify risks based on changes in the internal and external environment. Steps are also taken to analyze impact and likelihood of identified risks. After discussing and adjusting the results of this analytical assessment of internal and external environmental changes and risk trends while conversing with business execution lines, the CSR Committee secretariat organizes risks by category, assesses and identifies material risks. In addition to deliberating on the appropriateness of identifying material risks, the CSR Committee also monitors measures aimed at mitigating risks as well as progress while supporting the risk management of business execution lines. Moreover, the Group CSR Committee meets once a year to deliberate on the Group's overall risk management strategy and action plan, and to report on the status of activities during the year. Details of material risk mitigation measures and monitoring results discussed by the Committee are reported to the Board of Directors.

Risk Management System Board of Directors Group CSR Committee Held: Annually Regional CSR Committee Japan* Regional CSR Committee North America Regional CSR Committee EMEA Regional CSR Committee Asia/Oceania Held: Quarterly CSR Committee Secretariat: Evaluate and identify material risks Business execution lines: Identify/analyze risks using a risk ledger * Other regions' reports collated and presented in Japan.

Crisis Management

We define "crises" as situations that may have a profound impact on our business and require a rapid response among those that inhibit the achievement of our management goals. In addition, we define "crisis management" as activities that minimize the impact on our business when risks evolve into crises. We prioritize human life and health and act quickly and appropriately to minimize the impact of each crisis while restoring normal business operations as soon as possible. In particular, we believe it is crucial to promptly report any signs of a crisis to senior managers or the relevant department (called "Bad News Fast") at an early stage, establish cross-functional teams to develop an integrated response to the crisis while taking into account the impact on stakeholders, and monitor the implementation of measures to prevent any reoccurrence after the response to the crisis has been completed.

Crisis Management System Board of Directors Audit & Supervisory Board Report Group Crisis Response Headquarters Group CSR Committee Chairperson (The Head of the Group Crisis Response Headquarters) • Determine the tentative crisis level • Give instruction Report Instruct Head of CSR Management Head of Legal and Intellectual Property Head of Corporate Communications Head of General Affairs Head of responsible Dept for the crisis CSR Management Dept (The Secretariat of the Group Crisis Response Headquarters) Report Instruct A scene where a potential crisis has happened Local Headquarters

Business Continuity Plan

We have a Business Continuity Plan (BCP) as a means of fulfilling our CSR by ensuring continued merchandise production and shipment even in the event of difficulties faced in continuing our normal business activities due to a disaster or accident. New ideas and know-how gained through our disaster drills and workshops are reflected in our company-wide BCP guideline, BCP basic plans and BCP action plans for constant improvement.

Information Security

To manage the information assets appropriately, the Kyowa Kirin Group has established the "Group Information Security Policy," under which it has established the "Group Information Security Management Regulations" Pursuant to such policies and regulations, we designate a manager to oversee our information security across our Group, as well as departmental managers in charge of information security at each department. We also implement education and training to raise awareness of information security risks among employees and make rigorous efforts to ensure appropriate management of information.