本文へスキップします。

【全・英】メガメニュー
H1

Compliance and Risk Management

承認:エディタ

Our Company has established the TOKYO KEIKI Group Code of Ethical Conduct as a code for acting in compliance with laws, regulations, our Articles of Incorporation, and social norms. We recognize that the awareness of every employee is of utmost importance in the establishment of corporate ethics, and strive to uphold corporate ethics in our everyday activities. We also refuse any relationships with antisocial forces that threaten order and security in civil society.

Concepts and policies regarding compliance

To manage corporate ethics activities across the organization, we have established a permanent Corporate Ethics Committee chaired by the Chief Legal Governance Officer.

Corporate ethics-related organizational chart

Code of Conduct

The TOKYO KEIKI Group Code of Ethical Conduct* forms a basis for encouraging sound behavior by every employee. Working from basic stances that include the avoidance of words and acts in violation of laws and regulations, and appropriate response to acts that violate corporate ethics, the Code of Ethical Conduct sets out our responsibilities to all stakeholders, including the provision of products and services of benefit to society, contribution to society through our corporate activities, and the creation of safe and comfortable working environments. By complying with this code of conduct, we will fulfill our responsibilities to society.
  Note that we also translate the Code of Ethical Conduct into local languages and ensure that our overseas subsidiaries are thoroughly versed in the code.

*https://www.tokyokeiki.jp/company/rinri.html

 

Initiatives aimed at raising awareness of compliance

Under the recognition that the awareness of all employees is of utmost importance in establishing corporate ethics, every year in April we carry out education on our code of conduct (the Code of Ethical Conduct) for all employees.


Status of training implementation

In response to the COVID-19 pandemic, we changed the way we ran our Code of Ethical Conduct education, which had previously focused on classroom-based group training. In order to enable all employees to take and complete the education, training is primarily conducted via e-learning and online meetings, and the period over which education is provided is also lengthened. Following completion of the course, all employees submit an Affidavit Concerning the Code of Ethical Conduct.


Internal audits

Our internal audits consist of “regular audits,” which are conducted periodically based on a predetermined annual audit plan, and “extraordinary audits,” which are conducted at the direction of the President and CEO and the Audit and Supervisory Committee, or whenever needed. Both types of audit are conducted by the Internal Auditors Office. The Internal Auditors Office investigates the appropriateness and effectiveness of Group internal control systems from a standpoint that is independent of the division, department, or consolidated subsidiary being audited, and by implementing improvements based on the results, helps to increase Group management soundness and efficiency.
  Our directors ensure that employees are fully aware of the significance of internal audits, as well as the duties, authority, and responsibilities of the Internal Auditors Office, and make every effort to ensure that internal audits are conducted smoothly and efficiently. Audits by the Internal Auditors Office cover all aspects of the Group’s corporate ethics and activities. The Company’s directors ensure that the Manager of the Internal Auditors Office and audit staff are able to conduct internal audits without undue interference from employees. Audit personnel appointed by the Manager of the Internal Auditors Office are prohibited from engaging in the operations of their departments, divisions, or consolidated subsidiaries during the internal audit period, whether or not they are serving concurrently in the Internal Auditors Office. In addition, employees who receive instructions from the Audit and Supervisory Committee as necessary for their audit duties are not to receive instructions or direction from any other party with respect to such instructions. Furthermore, any personnel transfers, evaluations, or disciplinary actions involving employees belonging to the Internal Auditors Office must be approved by the Audit and Supervisory Committee.
  The Manager of the Internal Auditors Office and audit staff may request that a department being audited submit forms and other materials necessary for conducting the internal audit, explain facts, and otherwise cooperate in the audit as required. If necessary, they may also inquire about details and request explanations of facts from related departments, divisions, consolidated subsidiaries, and external parties other than the department being audited. Furthermore, only when deemed necessary for the execution of internal audits, access to the minutes of various meetings may be requested.

  The audit staff objectively evaluate the content of the audit and prepare an audit report within one month after its completion. The Manager of the Internal Auditors Office reports the results of the audit to the President and CEO, and delivers copies of the audit report to all directors as well as to the Chief of Legal Governance, the Audit and Supervisory Committee, and the audited department. If the President and CEO deems it necessary to report to the Management Conference, the Manager of the Internal Auditors Office reports the results of such audit to the Management Conference. In addition, if the Audit and Supervisory Committee determines that a report to the Board of Directors is necessary, the Manager of the Internal Auditors Office reports the results of such audit to the Board of Directors. In the event that a matter requires urgent attention or is deemed to have a significant impact on the management of the company, the Manager of the Internal Auditors Office promptly reports to the President and CEO and all directors without waiting for the internal audit to be completed or for the audit report to be produced.
  Areas identified for improvement or correction in the audit report are addressed by the audited department, which develops remedial or corrective measures under the guidance of the Legal Governance Affairs Office. The audited department promptly implements internally any improvements or corrective measures decided upon. The Manager of the Internal Auditors Office confirms the status of the implementation of improvements or corrective measures in a timely manner, reports to the President and CEO, and delivers copies to all directors, the Chief of Legal Governance, and the audited department. If the President and CEO deems it necessary to report at the Management Conference, the Manager of the Internal Auditors Office reports the confirmed status of the implementation to the Management Conference. In addition, if the Audit and Supervisory Committee determines that a report at the Board of Directors is necessary, the Manager of the Internal Auditors Office reports the confirmed status of the implementation to the Board of Directors.

Whistleblowing system

Our Group has set up contact points inside and outside the company for directly accepting information on legally suspect acts or similar information, with the guarantee that no disadvantage will befall whistleblowers.
  Two contact points inside the company are the Internal Auditors Office and the Audit and Supervisory Committee. The latter handles violations of laws and regulations by directors and executive officers, playing a role in preventing the concealment of violations by officers.
  In fiscal 2022, there was one case of whistleblowing, which involved a minor issue, handled by the company’s internal points of contact. We will continue working to entrench this system and enforce compliance with laws and regulations.

Security Export Control Initiatives

In order to properly implement security export control for the purpose of maintaining international peace and security, the TOKYO KEIKI Group has established a set of Security Export Control Regulations and is implementing them appropriately. The Representative Director acts as chief responsible officer, and the Legal Governance Affairs Office, as the department in charge of export control under the Chief responsible officer’s direct supervision, controls export control for the entire Group. In addition, an export control supervisor and an export control manager have been appointed in each department to ensure compliance with the relevant rules and regulations and to properly implement export control operations.
  Periodic audits are conducted after the end of each fiscal year to ensure that security export controls have been properly implemented. The results of the audit are reported to the department in charge of export control, and if the results indicate that there are areas in need of improvement, the department in charge of export control instructs the export control supervisor of the relevant department to take the necessary corrective measures. The department in charge of export control reports the results of the audit, including such corrective measures, to the chief responsible officer after confirming the results of the corrective measures taken by the department concerned.

Initiatives to prevent corruption

Our Group’s Code of Ethical Conduct stipulates that we will not pursue profits through improper means, and that we will conduct dealings in accordance with domestic and foreign laws and rules.
  To address overseas dealings, we have established Regulations for the Prevention of Bribery of Foreign Public Officials, and offer education every year to deepen understanding of laws and regulations related to the prevention of bribery in key countries. The regulations stipulate the appropriate method of approval for gifts and entertainment to foreign public officials, etc., depending on the nature of the gift or entertainment. When signing a contract with a new overseas distributor, etc., the Legal Affairs Governance Office conducts a review in advance to ensure that payment of compensation to the distributor does not constitute bribery and that there are reasonable grounds not to suspect bribery, in addition to the normal contract review process. Furthermore, we thoroughly ensure that Group employees do not provide instructions, encouragement, or assistance to overseas distributors or any other party in bribing foreign public officials, etc. Education is conducted mainly as hierarchy-specific education for managerial-class employees in e-learning and classroom formats regarding overviews of laws on the prevention of bribery of foreign civil servants, the US Foreign Corrupt Practices Act, and cases of exposure of bribery of foreign public servants in Japan.
  In Japan, since many of the Group’s projects are for public agencies, the Group strictly prohibits so-called bid rigging, which is prohibited by the Act for Promoting Proper Tendering and Contracting for Public Works.

Concepts, policies, and structures for risk management

In our business activities, we face risks that must be identified, evaluated, and analyzed at the management level, and for which the priority of responses must be made clear. Our Group’s risk management system is organized into a Legal Governance Affairs Office, Internal Auditors Office, Audit and Supervisory Committee, and other bodies, centered on the Management Conference and with the President & CEO as the chief officer responsible for company-wide risk management.

Risk management system diagram




Risk management implementation

We have established Risk Management Rules that are shared Group-wide and that apply to the entire Group.
  We implement risk management separately for “serious management risks” and for all other risks.
  What is deemed serious management risks is reviewed and re-drafted annually by the Legal Governance Affairs Office in accordance with the Risk Management Rules as a report titled “Serious Management Risks and Key Measures.” The Chief Legal Governance Officer submits this report for approval to the Management Conference and the Board of Directors. Various divisions, departments, and subsidiaries are identified as being in charge in “Serious Management Risks and Key Measures.” Based on the ideal situations and key measures described in the report, these divisions, departments, and subsidiaries create “Serious Risk Measure Programs” for each specific measure that are submitted to the Legal Governance Affairs Office by the end of each year. The Legal Governance Affairs Office verifies the content of the “Serious Risk Measure Programs” submitted by the various departments in charge and, in the event of any deficiencies, indicates improvements to the relevant department. Each department integrates the determined risk measures into their medium-term business plans, and those measures that can be put into effect immediately are implemented as required.
  Risks other than serious management risks are handled in accordance with the Risk Management Rules. Each department, etc. follows a risk questionnaire to discover and identify risks that pose the possibility of causing a loss to the department. Departments conduct this process by investigating each risk category identified in the rules for that department’s own business goals. Even when risks may not be applicable at the current time, full consideration is given to enumerating risks that can be expected to arise in the future due to environmental changes.
  Each department then engages in evaluation and calculation of all identified risks. This evaluation and calculation includes an evaluation of the frequency of occurrence and the impact of each risk. These values are in turn multiplied to produce an overall evaluation. Risks whose overall evaluation score is 10 or more points are identified as serious risks. Measures for these serious risks are recorded according to a set format and submitted to the Legal Governance Affairs Office. They are also integrated into the department’s own medium-term business plan. In addition, those measures that can be put into effect immediately are implemented as required. Those risks whose overall evaluation score is less than 10 points are, based on the respective department’s controls (measures, practices, and self-evaluation), tackled as part of work efficiency improvement activities, etc.
  At the end of each term, the departments evaluate the status of the implementation of the risk measures they formulated in the preceding fiscal year and report the results to the Legal Governance Affairs Office.
  The Internal Auditors Office evaluates the “Serious Risk Measure Programs” from an independent perspective and, as necessary, conducts internal audits (inspections) and indicates corrections and improvements.

Examples of serious management risks

1. Domestic and foreign economic changes 7. Transactions with public agencies
2. Natural disasters and epidemics 8. Increasing competition
3. Development of new products 9. Material and component procurement
4. Product quality 10. Information security
5.Securing human resources 11. Intellectual property rights
6.Interest rate fluctuations 12. Retirement benefit liabilities
*Details regarding the above risks are provided in our Annual Securities Report.

BCP (Business Continuity Plan)

Overview of BCP

In the event of emergencies, we place utmost priority on ensuring the safety of human life and promptly resolving the situation. The foundation of our response is minimization of losses and quick recovery from damage to ensure business continuity.
  Toward this end, we maintain and improve regulations and work manuals common across our Group, namely, the Crisis Management Regulations that set forth basic matters concerning crisis management, and the Crisis Management Manual that describes procedures for responding to specific incidents.

BCP system

The chief officer responsible for crisis management is the President & CEO, or a director or executive officer who is appointed to the position by the President & CEO. The organization that actually responds to an emergency is generally the department in charge involved in the crisis situation, with the Legal Governance Affairs Office providing support. When deemed necessary by the chief responsible officer, an emergency response task force is set up with the chief responsible officer as the task force head and the department in charge as the secretariat.
  In 2020, we established a COVID-19 Emergency Response Task Force with the President & CEO as the chief responsible officer, and this task force is still in operation in fiscal 2023.

Ongoing review of BCPs

The rapid increase in extreme weather events and natural disasters in recent years has contributed to the heightened need to review BCPs. There have been frequent occurrences of natural disasters caused by abnormal or extreme weather phenomena, such as flooding and river overflows caused by localized downpours and linear rainbands, heavy snowstorms caused by bomb cyclones, and widespread wind and flood damage caused by super typhoons. Such disasters pose increased risks to business continuity for companies and organizations by impacting production activities, logistics, and supply chains. In densely populated areas, the impact of disasters is more pronounced. In particular, metropolitan areas such as the Tokyo metropolitan area, where the TOKYO KEIKI Group’s head office functions are located, are densely populated and have high concentrations of infrastructure, making the effects of disasters particularly severe. Natural disasters such as earthquakes and floods can be expected to cause complex and wide-ranging problems, such as interruptions in business activities, transportation, and power supply, factors that make it important to review the BCPs that have been put in place so far.
  In today’s business environment, many companies, including our Group, have global supply chains and close relationships with suppliers, manufacturers, and logistics networks in Japan and abroad. A major natural disaster or extreme weather event somewhere in the world could have a serious impact on the supply chain, which could cause a chain reaction of production stoppages and parts shortages for the Group, increasing risks related to business continuity.
  Furthermore, in recent years, digital technology and information systems have become important risk factors for the Group. Many business processes today rely on IT infrastructure, including network computing, online trading with business partners, and integrated data management. As such, power outages and communication disruptions caused by natural disasters and extreme weather conditions can have a direct impact on the Group’s business activities.
  Recognizing that these factors require the development of more effective BCPs and periodic reviews, the Group has begun reviewing its continuous business operations, including improving disaster response capabilities, conducting risk assessments, and establishing appropriate preventive measures and recovery processes. In order to provide continuous support, as a manufacturer, for measurement, cognition, and control in each of the industries we deal with, even in the event of a disaster, we have begun reviewing our disaster response manual, starting with our main production sites, under the direction of the Legal Governance Affairs Office, the department responsible for risk management within the TOKYO KEIKI Group. In fiscal 2023, we began this task for the Yaita Plant, the main production plant for various navigational instruments for large commercial vessels and other ships, electronic equipment for construction machinery, and printing quality inspection devices. The Yaita Plant incorporates multiple operative functions for various businesses, including a product design department, a production department including material procurement and production control, a quality assurance department, an information system management department to support production, and a general affairs department to manage the plant as a whole. In conducting the review, we first convened line managers from each department and conducted desktop training. Through this training, managers familiar with practical operations discussed in a workshop style what each workplace must prioritize in the event of an emergency, what is currently being done and what is not being done, and identified problems at the plant and the necessary countermeasures. Going forward, we will use the results of this review to prioritize the manuals that need to be developed or revised. We plan to implement similar initiatives at our major sites, including the Nasu Plant, Sano Plant, and the headquarters.



BCP workshop at the Yaita Plant

Information security

Information security policy

Our Information Security Basic Policy is aimed at ensuring the confidentiality, integrity, and availability of the information that constitutes a vital asset of ours, as well as protecting that information from threats including disasters and accidents. The appropriate discretionary measures that we undertake in this area are grounded in the aims of this Basic Policy.
  The Information Security Basic Policy consists of the following four categories.

Information Security Basic Policy

  1. Information security initiatives
  2. Compliance with laws and regulations, etc.
  3. Protection of information assets
  4. Incident response

System for promoting information security

We have established an Information Security Management Conference (ISMC), chaired by the Chief Information Officer and composed of members selected from departments. Our Strategic Information Planning Department under the Corporate Planning & Administration Office oversees formulation of measures related to information security. When formulating key measures, the department submits these to the ISMC and, depending on the content, consults with the Management Conference. In addition, TOKYO KEIKI INFORMATION SYSTEMS INC. (TIS), a subsidiary of ours, is in charge of our Group’s information system development and operation. TIS has acquired ISO/ IEC 27001 certification, an international standard for an information security management system (ISMS).

Information security incident response

We have created flowcharts and made these available on our intranet explaining in an easy-to-understand way what actions a user should immediately take in order to respond quickly when the risk of an information leak occurs due to the loss of a PC or smartphone, or when there is a serious information asset threat due to a computer virus infection, etc. Depending on the scope of the incident as reported by the chairperson of the ISMC, in accordance with the Crisis Management Regulations and per the judgment of the President & CEO, an emergency response task force for the information security incident may be established with the aim of swiftly bringing the incident under control and resolving it.

Example of information security incident response flowchart (computer virus)

Information system user support

User education is extremely important in order to increase the effectiveness of information security management. The Strategic Information Planning Department under the Corporate Planning & Administration Office holds briefings for users when new systems and services are implemented. The department also conducts e-learning classes on basic information security. Since fiscal 2022, we have conducted security training for all employees regarding email, one major source of infection by computer viruses wreaking havoc. Specifically, we issued an alert to employees on how to deal with suspicious emails so that they can recognize suspicious content and avoid risky behavior such as opening attachments or clicking on URLs in the email body.
  In addition, in order to achieve a “new normal” way of working after the COVID-19 pandemic, we are continuing to improve the remote access environment and expanding the range of eligible employees. In parallel, security assessments by specialized outside contractors are being conducted on IT infrastructure, and feedback on the results of these assessments is being used to strengthen cybersecurity measures.