Material Issues / Governance

Risk Management

Approach and Action Principles

Approach

The definition of risk at our Group includes both that which is beneficial to our goals and that which is detrimental to them. We see risk as something that will have an effect on the achievement of business and organizational goals and that makes the protection or creation of value uncertain. Through risk management, we are able to revise goals and measures to maximize those risks which are beneficial, and inspect and improve processes to minimize those risks which are detrimental. This helps us achieve our 3-Year Business Plan, and ties into further ensuring the realization of our Vision for 2030 and our long-term vision.

Action Principles

The SMM Group established the following Six Principles in the Basic Risk Management Regulations, which were formulated based on ISO 31000, a standard on risk management issued by the International Organization for Standardization, and engages in risk management (RM) to achieve our long-term vision of becoming the world leader in the non-ferrous metals industry.

  1. The organizational leader confronting the risk is the responsible party
  2. Compliance is the foundation
  3. Recognize that potential risks can materialize and take necessary risk countermeasures
  4. Risks recognized as a result of change are shared among all parties involved
  5. Implement RM in daily operations, considering the organization’s hierarchy, size, role, and maturity, regional and cultural factors, and the knowledge, views, and values of stakeholders
  6. Conduct ongoing reviews and improvements of management framework and initiatives

Management Framework

We took the criticality accident that occurred at JCO in 1999 very seriously and established the Risk Management Working Group as a body for implementing and monitoring risk management including Group-wide initiatives relating to risk management policies and priority measures. We established a structure with the president having the highest level of responsibility to respond to risks that the Group faces and changes in those risks. The risk management structure operated under this structure comprises three frameworks.

■ Group-wide Risk Management and Monitoring Framework Chart
  • 1If any changes, etc. occur
■ Company-Wide Risk Management Framework

Business Risk Management

Among the management and business risks associated with execution of the Group’s growth and business strategies, we have a mechanism to define critical Group-wide risks, which are particularly like to affect the achievement of our strategic goals (3-Year Business Plan), and address them. The critical Group-wide risks are discussed in management meetings attended by executive officers, including the president, and deliberated by the Board of Directors. To address the critical Groupwide risks, we establish response policies, designate the responsible department, and take action. The Risk Management Working Group monitors the status of actions to address critical Group-wide risks.
Also, management and business risk other than Group-wide critical risks are addressed through monitoring and implementing initiatives by management meetings, various committee meetings, medium-term plans, budgets, monthly reports, and so on.

Operational Risk Management

At each business site, in addition to focusing on specific risks addressed annually (focus areas), risks inherent in regular operations are also identified and assessed based on internal and external conditions, and are managed as individual risks (see serious risk categories). There are over 1,300 individual risks and we conduct risk mitigation on a daily basis by reviewing risk-management measures, when there are any changes to or variations in the environments and conditions that serve as prerequisites for identified risks (business environments, work environments, people, equipment, work procedures, quality standards, etc.), and taking measures against new risks. A periodic risk review is also undertaken company-wide during “RM Promotion Month” every September.

■ Serious Risk Categories
  • Explosions and fires
  • Environmental pollution
  • Legal violations
  • Quality failure
  • Occupational accidents
  • Supply chain disruptions
  • Information leaks
  • Damage from harmful rumors
  • Violation of intellectual property rights
  • Other risks include those originating from moral misconduct, such as fraudulent accounting, human rights issues, and malfeasance

Crisis Management

In preparation for crises beyond assumed scenarios of management and site-risk management, as well as instances where on-site handling is challenging, a standing Crisis Management Committee chaired by the officer responsible for crisis management was established as a permanent body. The committee works toward the sharing of crisis information, the formulation and improvement of proactive measures, and the maintenance and strengthening of crisis management functions through drills. It also deliberates on initial response to emergencies, and transition into Group-wide response headquarters which takes appropriate actions and provides support based on the level of crisis. The president has ultimate responsibility for crisis management as a whole.
At each business site, we are promoting measures against natural disasters, such as earthquakes, tsunamis, flooding, soil liquefaction, landslides, volcanic eruptions, in line with the hazard level of each site. Such measures include seismic reinforcement of buildings, improvement of seawalls, strengthening of wastewater treatment capacity, expansion of water storage tanks, and stockpiling of food, and drinks, and enhancement of emergency supplies. We also conduct drills to simulate earthquakes, fires, environmental accidents, and overseas terrorism, riots, and kidnappings, among other scenarios. We are working to address issues such as unfamiliarity with materials and the operation of equipment, lack of understanding of rules and procedures, and inadequate manuals, and to improve the decision-making capabilities of local task force members.

Future Initiatives

In FY2024, we identify two priority initiatives: “improving the effectiveness of risk mitigation measures and crisis management systems through internal audits and self-inspections” and identifying and responding to cybersecurity risks.
For the first priority initiative, we will review the re-identification of risks implemented in FY2023 and the crisis management systems used at each site to respond to accidents, disasters, and so on. Based on the results, we will implement measures to improve the effectiveness of risk management.
For the second, we will respond to the occurrence of incidents at companies in Japan that have had a major impact on corporate management, such as the interruption of business and leaks of information due to system outages caused by cyberattacks, by implementing cybersecurity measures throughout the Group and reinforcing responses in accordance with on our business continuity plan (BCP).
In parallel with these initiatives, in addition to risk management in new business and projects, we are taking action under the leadership of top management so that we can achieve our business goals without causing any compliance violations, environmental accidents, occupational accidents, quality issues, or the like. Also, in the context of heightened security-related risks, such as a Taiwan contingency or unlawful detentions in China, we will work to not only prevent overseas incidents but also reinforce our responses when they occur. Concerning natural disasters, we will strengthen our earthquake countermeasures in response to ongoing threats including an earthquake with a seismic intensity of 7 on the Japanese scale in January 2024 on the Noto Peninsula and an earthquake measuring a low 6 in April 2024 in the Bungo Channel.
Furthermore, we will identify risks in the next 3-Year Business Plan and discuss policies for responding to those risks.

Back to Material Issues / Governance