Risk Management | Sustainability | Sumitomo Metal Mining Co., Ltd.

Approach and Action Principles

Approach

The definition of risk at our Group includes both that which is beneficial to our goals and that which is detrimental to them. We see risk as something that will affect the achievement of business and organizational goals, and that makes the protection or creation of value uncertain. Through risk management, we are able to revise goals and measures to maximize beneficial risks and inspect and improve processes to minimize detrimental risks. This helps us achieve our 3-Year Business Plan, and ties into further tackling the material issues and ensuring the realization of our Vision for 2030 and our long-term vision.

Action Principles

The SMM Group established the following Six Principles in the Basic Risk Management Regulations, which were formulated based on ISO 31000, a standard on risk management issued by the International Organization for Standardization, and engages in risk management (RM) to achieve our long-term vision of becoming the world leader in the non-ferrous metals industry.

The organizational leader confronting the risk is the responsible party
Compliance is the foundation
Recognize that potential risks can materialize and take necessary risk countermeasures
Risks recognized as a result of change are shared among all parties involved
Implement risk management in daily operations, considering the organization’s hierarchy, size, role, and maturity, regional and cultural factors, and the knowledge, views, and values of stakeholders
Conduct ongoing reviews and improvements of management framework and initiatives

Management Framework

We took the criticality accident that occurred at JCO in 1999 very seriously and established the Risk Management Working Group as a body for implementing and monitoring risk management, including Group-wide initiatives relating to risk management policies and priority measures. We established a structure with the president having the highest level of responsibility to respond to risks that the Group faces and changes in those risks. The risk management structure operated under this structure comprises three frameworks.

■ Group-Wide Risk Management and Monitoring Framework Chart

1If any changes, etc., occur

■ Company-Wide Risk Management Framework

Business Risk Management

Among the management and business risks associated with the execution of the Group’s growth and business strategies, we have a mechanism to define critical Group-wide risks that are particularly likely to affect the achievement of our strategic goals (3-Year Business Plan) and address them. The critical Group-wide risks are discussed in management meetings attended by executive officers, including the president, and deliberated by the Board of Directors. To address the critical Groupwide risks, we establish response policies, designate the responsible department, and take action. The Risk Management Working Group monitors the status of actions to address critical Group-wide risks.
Also, we address management and business risks that are not Group-wide critical risks through monitoring and implementing initiatives at management meetings, various committee meetings, 3-Year Business Plans, budgets, financial results, monthly reports, and other means.

Operational Risk Management

At each business site, in addition to focusing on specific risks addressed annually (focus areas), risks inherent in regular operations are also identified and assessed based on internal and external conditions, and are managed as individual risks (see Serious Risk Categories). Currently, there are over 1,300 individual risks. We conduct risk mitigation daily by reviewing risk-management measures when there are any changes to or variations in the environments and conditions that serve as prerequisites for identified risks (business environments, work environments, people, equipment, work procedures, quality standards, etc.), and taking measures against new risks. A periodic risk review is also undertaken company-wide during “RM Promotion Month” every September.

■ Serious Risk Categories

Explosions and fires
Environmental pollution
Legal violations
Quality failure

Occupational accidents
Supply chain disruptions
Information leaks
Damage from harmful rumors

Violation of intellectual property rights
Other risks include those originating from moral misconduct, such as fraudulent accounting, human rights issues, and malfeasance

Crisis Management

In preparation for crises beyond assumed scenarios of management and site-risk management, or situations that sites will have difficulty in handling alone, the Crisis Management Committee, chaired by the officer responsible for crisis management, was established as a permanent body. The committee works toward the sharing of crisis information, the formulation and improvement of proactive measures, and the maintenance and strengthening of crisis management functions through drills. It also deliberates on the initial response to emergencies and the transition to the Group-wide response headquarters, which takes appropriate actions and provides support based on the level of crisis. The President is ultimately responsible for crisis management and oversees the overall management of such matters.
At each business site, we are promoting measures against natural disasters, such as earthquakes, tsunamis, flooding, soil liquefaction, landslides, and volcanic eruptions, in line with the hazard level of each site. Such measures include seismic reinforcement of buildings, improvement of seawalls, strengthening of wastewater treatment capacity, expansion of water storage tanks, stockpiling of food and drinks, and enhancement of emergency supplies. We also conduct drills to simulate earthquakes, fires, environmental accidents, and overseas terrorism, riots, and kidnappings, among other scenarios. We are working to address issues such as unfamiliarity with materials and the operation of equipment, lack of understanding of rules and procedures, and inadequate manuals, and to improve the decision-making capabilities of local task force members.

Future Initiatives

In FY2025, we identified two priority initiatives: “improving the effectiveness of risk mitigation measures and crisis management systems through internal audits and self-inspections,” and “identifying and responding to cybersecurity risks.”
For the first priority initiative, we will revise and improve the effectiveness of earthquake countermeasures in light of more severe damage estimates. This is due to the fact that the current earthquake business continuity plans (BCP) at each site may not be sufficiently adapted to recent diversification in work styles, changes in social norms and values, and advances in communication technology. It may also be inadequate to respond to a situation where communication systems were unavailable during the New Year’s Holidays, as was the case during the Noto Peninsula Earthquake. In addition to revising measures at individual sites, we will further enhance our BCP capabilities by revising coordination systems with the Head Office and neighboring sites.
For the second, we will improve the effectiveness of our BCPs and address system vulnerabilities by continuing to work on cybersecurity countermeasures initiated in FY2024.
In parallel with these initiatives, in addition to risk management in new business and projects, we are taking action under the leadership of top management so that we can achieve our business goals without causing any compliance violations, environmental accidents, occupational accidents, quality issues, or the like. Additionally, we are working to quickly identify and address potential risks by closely monitoring how changes in the social, economic landscape, and geopolitical risks may affect business continuity and performance. Further, we are striving to strengthen our initial response capability during crises and enhance employee training and drills in preparation for security risks and natural disasters.