Basic Approach

The Toppan Group views the accurate detection and appropriate management of impending risks as a corporate social responsibility.

In keeping with this view, the Group has identified and taken steps to mitigate quality-related incidents, natural disasters, and other types of risk requiring action to limit the possibility of adverse impact on business operations. When a risk actually arises, Toppan immediately collects necessary information and takes comprehensive and strategic countermeasures under the Group’s risk management structure to minimize losses, ensure business continuity, and maintain the trust of society.In keeping with this view, the Group has identified and taken steps to mitigate quality-related incidents, natural disasters, and other types of risk requiring action to limit the possibility of adverse impact on business operations. When a risk actually arises, Toppan immediately collects necessary information and takes comprehensive and strategic countermeasures under the Group’s risk management structure to minimize losses, ensure business continuity, and maintain the trust of society.

Division-specific Risk Management Structure

In accordance with the Rules on Risk Management, the Toppan Group has identified risks that require action and set up a risk management structure under which the responsibilities for risk management are allotted to specific divisions in the head office based on the types of risk identified. When a risk requiring action arises somewhere in the Group, the responsible division reports it to the Board of Directors. When emergency response actions are needed, the President & Representative Director or the Executive Vice President & Representative Director is responsible for forming an emergency taskforce to properly handle the issue. The taskforce is composed of directors in charge of the relevant head office divisions, audit & supervisory board members, legal consultants, and other external experts.

Fostering Risk Awareness

Toppan’s internal portal site posts the Group’s Rules on Risk Management, details on the division-specific risk management structure, and a list of risks requiring action. This site is constantly updated to present the latest risk-related information for Group employees.

Based on the division-specific risk management structure, responsible head office divisions proactively develop measures to prevent or avoid impending risks such as information and cyber security incidents, natural disasters, outbreaks of infectious disease, occupational accidents, environmental problems, and compliance violations. The divisions also carry out regular training and audits to foster employee awareness of risks facing the Group.

Risks Requiring Action and the Responsible Head Office Divisions in Charge

Click to enlarge

Risk Management Liaison Meeting

All of the personnel in charge of risk management in the head office divisions assemble on a regular basis to share information at the Risk Management Liaison Meeting. When a risk actually arises, the responsible persons from relevant head office divisions convene an extraordinary meeting to take necessary management actions and develop preventive measures.

Risk Management

  • The Toppan Group manages individual risks specific to organizations such as business divisions, subsidiaries, and Group companies.

    Specifically, the Group performs annual risk surveys to determine all types of risk that require action. The frequency and severity of possible risks are assessed, and countermeasures are formulated based on the assessment results. Midway through the fiscal year, the Group monitors the progress of mitigation measures designed at the beginning of the year.

    Among the risks requiring action, Toppan defines those that can exert significant adverse impacts on management as “significant risks.” Working in an administrative capacity, the Compliance Department in the Legal Affairs & Intellectual Property Division identifies the significant risks for the current year in accordance with survey results reported by the responsible head office divisions. To finalize the significant risk designation, the compliance department reviews the results of risk assessments performed by relevant business divisions, subsidiaries, and Group companies, as well as social conditions, the possibility of risks arising over the medium-to-long term, and various other risk-related circumstances in and around the Group. The responsible head office divisions then spearhead efforts to plan countermeasures and take comprehensive measures required for the management of the risks determined to be significant. The Director in charge of Risk Management regularly reports the outcomes of those measures to the Board of Directors.

    The Toppan Group designated 17 significant risks for fiscal 2020 (presented below).

  • Management Structure
Significant Risks for Fiscal 2020
    • Fires or occupational accidents
    • Risks associated with control of the Group
    • Risks associated with overseas business
    • Non-performing or long-term retained inventory assets, etc. due to inadequate asset management
    • Incidents related to receivables (bad debt, customer bankruptcy, etc.)
    • Damage to Toppan’s brand image caused by leakage, improper handling, etc. of information
    • Information leakage or shutdown of ICT infrastructure, production lines, digital service businesses, etc. caused by cyber-attacks
    • Quality-related incidents or self-imposed product recalls that can develop into issues in wider society (legal violations, fluid leaks, discharge of odor or foreign matter)
    • Impact of environment-related legislation (e.g., legislation on the pollution of soil, groundwater, or the public water supply caused by the leakage of toxic substances)
    • Climate change risks
    • Violations of labor standard acts
    • Harassment
    • Human injury or damage to physical assets caused by infectious diseases or earthquakes, storms, floods, or other natural disasters
    • Risks associated with research and development
    • Infringements of patents, copyrights, or other intellectual property rights
    • Violations of subcontract laws, antitrust acts, or other legislation
    • Risks encountered in business transactions with public offices

The Toppan Group established a Risk Management Working Group (Leader: Director in charge of Risk Management. Members: Persons in charge of risk management at the responsible head office divisions. Administration office: Compliance Department in the Legal Affairs & Intellectual Property Division) under the Sustainability Promotion Committee in September 2020. The working group began determining which risks were expected to be significant in fiscal 2021. In its deliberations, the working group assessed impending risks for the Group by integrating the significant risks identified for fiscal 2020 with the significant risks noted in the securities report. The Sustainability Promotion Committee reviewed and approved the working group’s assessment results in a meeting held on February 9, 2021. The 26 significant risks identified for fiscal 2021 are presented below.

Significant Risks for Fiscal 2021
    • Human injury or damage to physical assets caused by infectious diseases or earthquakes, storms, floods, or other natural disasters
    • Climate change risks
    • Characteristics of the printing business
    • Risks associated with strategic partnerships, investments, or acquisitions
    • Risks associated with research and development
    • Securing of human resources to sustain business growth
    • Securing of financing
    • Risks associated with control of the Group
    • Risks associated with overseas business
    • Intense market and price competition
    • Non-performing or long-term retained inventory assets, etc. due to inadequate asset management
    • Incidents related to receivables (bad debt, customer bankruptcy, etc.)
    • Fluctuations in the current value of marketable securities
    • Fluctuations in foreign exchange rates
    • Damage to Toppan’s brand image caused by leakage, improper handling, etc. of information
    • Negative impact on business caused by cyber-attacks
    • Loss of social trust resulting from shutdowns of production lines, digital service businesses, etc. caused by faulty ICT infrastructure
    • Quality-related incidents or self-imposed product recalls that can develop into issues in wider society (legal violations, fluid leaks, discharge of odor or foreign matter)
    • Risks encountered in raw material procurement
    • Impact of environment-related legislation (e.g., legislation on the pollution of soil, groundwater, or the public water supply caused by the leakage of toxic substances)
    • Risks associated with waste
    • Fires or occupational accidents
    • Risks associated with labor issues (violations of labor-related laws, labor disputes, etc.)
    • Harassment
    • Infringements of patents, copyrights, or other intellectual property rights
    • Misconduct (serious improper conduct or inappropriate actions, etc.) or compliance violations (collusion, bribery, or other legal or regulatory violations)