Our Company has established the TOKYO KEIKI Group Code of Ethical Conduct as a
code for acting in compliance with laws, regulations, our Articles of
Incorporation, and social norms. We recognize that the awareness of every
employee is of utmost importance in the establishment of corporate ethics, and
strive to uphold corporate ethics in our everyday activities. We also refuse
any relationships with antisocial forces that threaten order and security in
civil society.
Concepts and policies regarding compliance
To manage corporate ethics activities across the organization, we have
established a permanent Corporate Ethics Committee chaired by the Chief
Legal Governance Officer.
Corporate ethics-related organizational chart
Code of Conduct
The TOKYO KEIKI Group Code of Ethical Conduct* forms a basis for
encouraging sound behavior by every employee. Working from basic stances
that include the avoidance of words and acts in violation of laws and
regulations, and appropriate response to acts that violate corporate
ethics, the Code of Ethical Conduct sets out our responsibilities to all
stakeholders, including the provision of products and services of benefit
to society, contribution to society through our corporate activities, and
the creation of safe and comfortable working environments. By complying
with this code of conduct, we will fulfill our responsibilities to
society.
Note that we also translate the Code of Ethical Conduct into local
languages and ensure that our overseas subsidiaries are thoroughly versed
in the code.
*https://www.tokyokeiki.jp/company/rinri.html
Initiatives aimed at raising awareness of compliance
Under the recognition that the awareness of all employees is of utmost
importance in establishing corporate ethics, every year in April we carry out
education on our code of conduct (the Code of Ethical Conduct) for all
employees.
Status of training implementation
In response to the COVID-19 pandemic, we changed the way we ran our Code
of Ethical Conduct education, which had previously focused on
classroom-based group training. In order to enable all employees to take
and complete the education, training is primarily conducted via e-learning
and online meetings, and the period over which education is provided is
also lengthened. Following completion of the course, all employees submit
an Affidavit Concerning the Code of Ethical Conduct.
Internal audits
Our internal audits consist of “regular audits,” which are conducted
periodically based on a predetermined annual audit plan, and
“extraordinary audits,” which are conducted at the direction of the
President and CEO and the Audit and Supervisory Committee, or whenever
needed. Both types of audit are conducted by the Internal Auditors Office.
The Internal Auditors Office investigates the appropriateness and
effectiveness of Group internal control systems from a standpoint that is
independent of the division, department, or consolidated subsidiary being
audited, and by implementing improvements based on the results, helps to
increase Group management soundness and efficiency.
Our directors ensure that employees are fully aware of the significance of
internal audits, as well as the duties, authority, and responsibilities of
the Internal Auditors Office, and make every effort to ensure that
internal audits are conducted smoothly and efficiently. Audits by the
Internal Auditors Office cover all aspects of the Group’s corporate ethics
and activities. The Company’s directors ensure that the Manager of the
Internal Auditors Office and audit staff are able to conduct internal
audits without undue interference from employees. Audit personnel
appointed by the Manager of the Internal Auditors Office are prohibited
from engaging in the operations of their departments, divisions, or
consolidated subsidiaries during the internal audit period, whether or not
they are serving concurrently in the Internal Auditors Office. In
addition, employees who receive instructions from the Audit and
Supervisory Committee as necessary for their audit duties are not to
receive instructions or direction from any other party with respect to
such instructions. Furthermore, any personnel transfers, evaluations, or
disciplinary actions involving employees belonging to the Internal
Auditors Office must be approved by the Audit and Supervisory Committee.
The Manager of the Internal Auditors Office and audit staff may request
that a department being audited submit forms and other materials necessary
for conducting the internal audit, explain facts, and otherwise cooperate
in the audit as required. If necessary, they may also inquire about
details and request explanations of facts from related departments,
divisions, consolidated subsidiaries, and external parties other than the
department being audited. Furthermore, only when deemed necessary for the
execution of internal audits, access to the minutes of various meetings
may be requested.
The audit staff objectively evaluate the content of the audit and prepare
an audit report within one month after its completion. The Manager of the
Internal Auditors Office reports the results of the audit to the President
and CEO, and delivers copies of the audit report to all directors as well
as to the Chief of Legal Governance, the Audit and Supervisory Committee,
and the audited department. If the President and CEO deems it necessary to
report to the Management Conference, the Manager of the Internal Auditors
Office reports the results of such audit to the Management Conference. In
addition, if the Audit and Supervisory Committee determines that a report
to the Board of Directors is necessary, the Manager of the Internal
Auditors Office reports the results of such audit to the Board of
Directors. In the event that a matter requires urgent attention or is
deemed to have a significant impact on the management of the company, the
Manager of the Internal Auditors Office promptly reports to the President
and CEO and all directors without waiting for the internal audit to be
completed or for the audit report to be produced.
Areas identified for improvement or correction in the audit report are
addressed by the audited department, which develops remedial or corrective
measures under the guidance of the Legal Governance Affairs Office. The
audited department promptly implements internally any improvements or
corrective measures decided upon. The Manager of the Internal Auditors
Office confirms the status of the implementation of improvements or
corrective measures in a timely manner, reports to the President and CEO,
and delivers copies to all directors, the Chief of Legal Governance, and
the audited department. If the President and CEO deems it necessary to
report at the Management Conference, the Manager of the Internal Auditors
Office reports the confirmed status of the implementation to the
Management Conference. In addition, if the Audit and Supervisory Committee
determines that a report at the Board of Directors is necessary, the
Manager of the Internal Auditors Office reports the confirmed status of
the implementation to the Board of Directors.
Whistleblowing system
Our Group has set up contact points inside and outside the company for
directly accepting information on legally suspect acts or similar
information, with the guarantee that no disadvantage will befall
whistleblowers.
Two contact points inside the company are the Internal Auditors Office and
the Audit and Supervisory Committee. The latter handles violations of laws
and regulations by directors and executive officers, playing a role in
preventing the concealment of violations by officers.
In fiscal 2022, there was one case of whistleblowing, which involved a
minor issue, handled by the company’s internal points of contact. We will
continue working to entrench this system and enforce compliance with laws
and regulations.
Security Export Control Initiatives
In order to properly implement security export control for the purpose of
maintaining international peace and security, the TOKYO KEIKI Group has
established a set of Security Export Control Regulations and is implementing
them appropriately. The Representative Director acts as chief responsible
officer, and the Legal Governance Affairs Office, as the department in charge
of export control under the Chief responsible officer’s direct supervision,
controls export control for the entire Group. In addition, an export control
supervisor and an export control manager have been appointed in each
department to ensure compliance with the relevant rules and regulations and to
properly implement export control operations.
Periodic audits are conducted after the end of each fiscal year to ensure that
security export controls have been properly implemented. The results of the
audit are reported to the department in charge of export control, and if the
results indicate that there are areas in need of improvement, the department
in charge of export control instructs the export control supervisor of the
relevant department to take the necessary corrective measures. The department
in charge of export control reports the results of the audit, including such
corrective measures, to the chief responsible officer after confirming the
results of the corrective measures taken by the department concerned.
Initiatives to prevent corruption
Our Group’s Code of Ethical Conduct stipulates that we will not pursue profits
through improper means, and that we will conduct dealings in accordance with
domestic and foreign laws and rules.
To address overseas dealings, we have established Regulations for the
Prevention of Bribery of Foreign Public Officials, and offer education every
year to deepen understanding of laws and regulations related to the prevention
of bribery in key countries. The regulations stipulate the appropriate method
of approval for gifts and entertainment to foreign public officials, etc.,
depending on the nature of the gift or entertainment. When signing a contract
with a new overseas distributor, etc., the Legal Affairs Governance Office
conducts a review in advance to ensure that payment of compensation to the
distributor does not constitute bribery and that there are reasonable grounds
not to suspect bribery, in addition to the normal contract review process.
Furthermore, we thoroughly ensure that Group employees do not provide
instructions, encouragement, or assistance to overseas distributors or any
other party in bribing foreign public officials, etc. Education is conducted
mainly as hierarchy-specific education for managerial-class employees in
e-learning and classroom formats regarding overviews of laws on the prevention
of bribery of foreign civil servants, the US Foreign Corrupt Practices Act,
and cases of exposure of bribery of foreign public servants in Japan.
In Japan, since many of the Group’s projects are for public agencies, the
Group strictly prohibits so-called bid rigging, which is prohibited by the Act
for Promoting Proper Tendering and Contracting for Public Works.
Concepts, policies, and structures for risk management
In our business activities, we face risks that must be identified,
evaluated, and analyzed at the management level, and for which the priority
of responses must be made clear. Our Group’s risk management system is
organized into a Legal Governance Affairs Office, Internal Auditors Office,
Audit and Supervisory Committee, and other bodies, centered on the
Management Conference and with the President & CEO as the chief officer
responsible for company-wide risk management.
Risk management implementation
We have established Risk Management Rules that are shared Group-wide and
that apply to the entire Group.
We implement risk management separately for “serious management risks” and
for all other risks.
What is deemed serious management risks is reviewed and re-drafted annually
by the Legal Governance Affairs Office in accordance with the Risk
Management Rules as a report titled “Serious Management Risks and Key
Measures.” The Chief Legal Governance Officer submits this report for
approval to the Management Conference and the Board of Directors. Various
divisions, departments, and subsidiaries are identified as being in charge
in “Serious Management Risks and Key Measures.” Based on the ideal
situations and key measures described in the report, these divisions,
departments, and subsidiaries create “Serious Risk Measure Programs” for
each specific measure that are submitted to the Legal Governance Affairs
Office by the end of each year. The Legal Governance Affairs Office verifies
the content of the “Serious Risk Measure Programs” submitted by the various
departments in charge and, in the event of any deficiencies, indicates
improvements to the relevant department. Each department integrates the
determined risk measures into their medium-term business plans, and those
measures that can be put into effect immediately are implemented as
required.
Risks other than serious management risks are handled in accordance with the
Risk Management Rules. Each department, etc. follows a risk questionnaire to
discover and identify risks that pose the possibility of causing a loss to
the department. Departments conduct this process by investigating each risk
category identified in the rules for that department’s own business goals.
Even when risks may not be applicable at the current time, full
consideration is given to enumerating risks that can be expected to arise in
the future due to environmental changes.
Each department then engages in evaluation and calculation of all identified
risks. This evaluation and calculation includes an evaluation of the
frequency of occurrence and the impact of each risk. These values are in
turn multiplied to produce an overall evaluation. Risks whose overall
evaluation score is 10 or more points are identified as serious risks.
Measures for these serious risks are recorded according to a set format and
submitted to the Legal Governance Affairs Office. They are also integrated
into the department’s own medium-term business plan. In addition, those
measures that can be put into effect immediately are implemented as
required. Those risks whose overall evaluation score is less than 10 points
are, based on the respective department’s controls (measures, practices, and
self-evaluation), tackled as part of work efficiency improvement activities,
etc.
At the end of each term, the departments evaluate the status of the
implementation of the risk measures they formulated in the preceding fiscal
year and report the results to the Legal Governance Affairs Office.
The Internal Auditors Office evaluates the “Serious Risk Measure Programs”
from an independent perspective and, as necessary, conducts internal audits
(inspections) and indicates corrections and improvements.
1. Domestic and foreign economic changes |
7. Transactions with public agencies |
2. Natural disasters and epidemics |
8. Increasing competition |
3. Development of new products |
9. Material and component procurement |
4. Product quality |
10. Information security |
5.Securing human resources |
11. Intellectual property rights |
6.Interest rate fluctuations |
12. Retirement benefit liabilities |
*Details regarding the above risks are provided in our Annual Securities
Report.
BCP (Business Continuity Plan)
Overview of BCP
In the event of emergencies, we place utmost priority on ensuring the safety
of human life and promptly resolving the situation. The foundation of our
response is minimization of losses and quick recovery from damage to ensure
business continuity.
Toward this end, we maintain and improve regulations and work manuals common
across our Group, namely, the Crisis Management Regulations that set forth
basic matters concerning crisis management, and the Crisis Management Manual
that describes procedures for responding to specific incidents.
BCP system
The chief officer responsible for crisis management is the President & CEO,
or a director or executive officer who is appointed to the position by the
President & CEO. The organization that actually responds to an emergency is
generally the department in charge involved in the crisis situation, with
the Legal Governance Affairs Office providing support. When deemed necessary
by the chief responsible officer, an emergency response task force is set up
with the chief responsible officer as the task force head and the department
in charge as the secretariat.
In 2020, we established a COVID-19 Emergency Response Task Force with the
President & CEO as the chief responsible officer, and this task force is
still in operation in fiscal 2023.
Ongoing review of BCPs
The rapid increase in extreme weather events and natural disasters in recent
years has contributed to the heightened need to review BCPs. There have been
frequent occurrences of natural disasters caused by abnormal or extreme
weather phenomena, such as flooding and river overflows caused by localized
downpours and linear rainbands, heavy snowstorms caused by bomb cyclones, and
widespread wind and flood damage caused by super typhoons. Such disasters pose
increased risks to business continuity for companies and organizations by
impacting production activities, logistics, and supply chains. In densely
populated areas, the impact of disasters is more pronounced. In particular,
metropolitan areas such as the Tokyo metropolitan area, where the TOKYO KEIKI
Group’s head office functions are located, are densely populated and have high
concentrations of infrastructure, making the effects of disasters particularly
severe. Natural disasters such as earthquakes and floods can be expected to
cause complex and wide-ranging problems, such as interruptions in business
activities, transportation, and power supply, factors that make it important
to review the BCPs that have been put in place so far.
In today’s business environment, many companies, including our Group, have
global supply chains and close relationships with suppliers, manufacturers,
and logistics networks in Japan and abroad. A major natural disaster or
extreme weather event somewhere in the world could have a serious impact on
the supply chain, which could cause a chain reaction of production stoppages
and parts shortages for the Group, increasing risks related to business
continuity.
Furthermore, in recent years, digital technology and information systems have
become important risk factors for the Group. Many business processes today
rely on IT infrastructure, including network computing, online trading with
business partners, and integrated data management. As such, power outages and
communication disruptions caused by natural disasters and extreme weather
conditions can have a direct impact on the Group’s business activities.
Recognizing that these factors require the development of more effective BCPs
and periodic reviews, the Group has begun reviewing its continuous business
operations, including improving disaster response capabilities, conducting
risk assessments, and establishing appropriate preventive measures and
recovery processes. In order to provide continuous support, as a manufacturer,
for measurement, cognition, and control in each of the industries we deal
with, even in the event of a disaster, we have begun reviewing our disaster
response manual, starting with our main production sites, under the direction
of the Legal Governance Affairs Office, the department responsible for risk
management within the TOKYO KEIKI Group. In fiscal 2023, we began this task
for the Yaita Plant, the main production plant for various navigational
instruments for large commercial vessels and other ships, electronic equipment
for construction machinery, and printing quality inspection devices. The Yaita
Plant incorporates multiple operative functions for various businesses,
including a product design department, a production department including
material procurement and production control, a quality assurance department,
an information system management department to support production, and a
general affairs department to manage the plant as a whole. In conducting the
review, we first convened line managers from each department and conducted
desktop training. Through this training, managers familiar with practical
operations discussed in a workshop style what each workplace must prioritize
in the event of an emergency, what is currently being done and what is not
being done, and identified problems at the plant and the necessary
countermeasures. Going forward, we will use the results of this review to
prioritize the manuals that need to be developed or revised. We plan to
implement similar initiatives at our major sites, including the Nasu Plant,
Sano Plant, and the headquarters.
Information security
Information security policy
Our Information Security Basic Policy is aimed at ensuring the
confidentiality, integrity, and availability of the information that
constitutes a vital asset of ours, as well as protecting that information
from threats including disasters and accidents. The appropriate
discretionary measures that we undertake in this area are grounded in the
aims of this Basic Policy.
The Information Security Basic Policy consists of the following four
categories.
- Information security initiatives
- Compliance with laws and regulations, etc.
- Protection of information assets
- Incident response
System for promoting information security
We have established an Information Security Management Conference (ISMC),
chaired by the Chief Information Officer and composed of members selected
from departments. Our Strategic Information Planning Department under the
Corporate Planning & Administration Office oversees formulation of measures
related to information security. When formulating key measures, the
department submits these to the ISMC and, depending on the content, consults
with the Management Conference. In addition, TOKYO KEIKI INFORMATION SYSTEMS
INC. (TIS), a subsidiary of ours, is in charge of our Group’s information
system development and operation. TIS has acquired ISO/ IEC 27001
certification, an international standard for an information security
management system (ISMS).
Information security incident response
We have created flowcharts and made these available on our intranet
explaining in an easy-to-understand way what actions a user should
immediately take in order to respond quickly when the risk of an information
leak occurs due to the loss of a PC or smartphone, or when there is a
serious information asset threat due to a computer virus infection, etc.
Depending on the scope of the incident as reported by the chairperson of the
ISMC, in accordance with the Crisis Management Regulations and per the
judgment of the President & CEO, an emergency response task force for the
information security incident may be established with the aim of swiftly
bringing the incident under control and resolving it.
Information system user support
User education is extremely important in order to increase the effectiveness
of information security management. The Strategic Information Planning
Department under the Corporate Planning & Administration Office holds
briefings for users when new systems and services are implemented. The
department also conducts e-learning classes on basic information security.
Since fiscal 2022, we have conducted security training for all employees
regarding email, one major source of infection by computer viruses wreaking
havoc. Specifically, we issued an alert to employees on how to deal with
suspicious emails so that they can recognize suspicious content and avoid
risky behavior such as opening attachments or clicking on URLs in the email
body.
In addition, in order to achieve a “new normal” way of working after the
COVID-19 pandemic, we are continuing to improve the remote access
environment and expanding the range of eligible employees. In parallel,
security assessments by specialized outside contractors are being conducted
on IT infrastructure, and feedback on the results of these assessments is
being used to strengthen cybersecurity measures.