Governance

Risk Management & BCP

In order to respond to changes in the business environment surrounding the Group and various business risks, we are strengthening our risk management structure and related initiatives. In order to build a highly effective and prompt companywide risk management structure aimed at further enhancing corporate value, we established a Risk Management Committee in October 2025. In companywide risk management, risk owners autonomously promote risk response activities, and each function, departments, and individual employee strengthens autonomous risk response capabilities through their daily operations, with a sense of ownership. The Risk Management Committee supervises the direction and status of risk response activities for particularly significant risks and cross-group risks, and further promotes highly effective risk management.

Risk Management Promotion System

The Risk Management Committee is chaired by the Chief Risk Officer (CRO), and considers a wide range of risks with reference to ISO 31000 and other relevant frameworks, including not only business risks but also those related to the Code of Conduct, ethical standards, and ESG. It also identifies significant risks, monitors the status of risk response activities, and provides related instructions and guidance. It also enhances incident reporting and sharing, evaluates risk responses, and reports to the Board of Directors as needed.
The Board of Directors receives regular reports from the Risk Management Committee and supervises risk management initiatives, while also reviewing the effectiveness of risk management processes. If a risk materializes, the Board of Directors will promptly shift to a crisis management framework, including the establishment of a response headquarters, under the direction of the CRO.

Leveraging Cultivated Values and Organizational Strength

We will incorporate our long-established corporate values, such as our Management Philosophy and Compliance Guidelines, into our Risk Management Policy to more actively reflect them in our business operations. Furthermore, we will maximize the utilization of existing risk management functions, such as quality response, cybersecurity response, accident and disaster response, and infectious disease response, to achieve both business continuity and enhanced capabilities.

Risk Management Fundamental Policy

Our basic risk management policy is as follows:

Basic Approach	In order to contribute to society by achieving corporate prosperity and creating a rich environment through business activities based on our Management Principles, we aim to fulfill our responsibilities as a part of the automotive industry supply chain and enhance corporate value by meeting the expectations of our stakeholders. To that end, in order to respond appropriately to uncertainties (risks) that could impede the attainment of our business objectives and realize appropriate risk-taking, enhance our companywide risk management system with reference to ISO 310000 and other relevant frameworks, and engage in ongoing risk management activities based on the goals and policies set forth below.
Goals	Enhance corporate value Protect company assets Stable business continuity Establishment and maintenance of trust with stakeholders Pursuit of efficiency, accuracy, effectiveness in operations
Policies	Recognize risk management as a key management issue, establish a companywide risk management structure under the leadership of the CRO, and promote ongoing risk management activities. Identify, analyze, and evaluate risks arising from global business activities, including ESG, implement efficient, effective risk responses, carry out regular monitoring of implementation status, and adopt necessary improvements. Proactively promote risk management activity, disseminate risk management awareness across all directors and employees, and promote the continuous improvement of risk response capabilities. Promptly share risk-related information with key members across the company and all business entities. If a risk materializes (crisis management), promptly establish a response headquarters based on the principle of on-site, hands-on management, and under the direction of the response headquarters chief, work together across the Company to minimize impact and prevent recurrence.
Action Agenda	Make decisions and take actions based on the Management Principles and the values we have cultivated^* Keep the rules, and eliminate rules that are not or cannot be kept Respond promptly and efficiently, prioritizing “bad news first and bad news fast”, “on-site management”, and “hands-on management” Take on challenges without fearing change, and commit to continuous improvement As laid out in documents such as Management Policy, Vision, Group Action Agenda, Compliance Guidelines, Sustainability Guidelines
Scope of Application	This Agenda applies to Aisan Industry and all Aisan Group companies Aisan Group companies shall, based on this agenda, promote risk management in a manner consistent with this agenda and bear responsibility for developing the necessary structures. Aisan Group companies shall, in addition to fulfilling the responsibilities in the previous item, establish their own risk management and establish structures that are consistent with this agenda and with situations specific to each company and country of operation.

Risk Management Activity Cycle

We define risks as factors that may have an impact on the corporate value of the Group, and identify risks related to the entire company in terms of “strategic risks” and “company-wide risks,” and evaluate them in terms of “impact” and “likelihood of occurrence.” In addition to the results of this evaluation, we determine the priority risks that should be managed, taking into account management strategies, business issues, and perspectives on the external risk environment.
For priority risks, we continue to implement the PDCA cycle, including implementation of countermeasures, monitoring, and identification of areas for improvement, in order to minimize risks.

Identification of Priority Risks

To identify companywide priority risks, risks are aggregated from various departments across the company, and a risk map is prepared based on an assessment of “impact” and “frequency of occurrence” to identify priority risks.

Priority risks

Impact level guideline

		Risk level guideline by evaluation axis
Level	Definition	Financial	Human life	Impact on business activities at one location	Reputation
4	Large impact	1 billion yen or more (10% or more of profit)	Serious accidents	Lasting one month or longer	An extremely substantial loss of trust
3	Medium impact	500 million yen to less than 1 billion yen (5% to less than 10% of profit)	Semi-serious accidents	Lasting a few weeks or longer	A substantial loss of trust (5years or more to restore trust)
2	Small impact	100 million yen to less than 500 million yen (1% to less than 5% of profit)	Accidents resulting in absence from work	Lasting a few days	Loss of trust (2 to 3 years or more to restore trust)
1	Minor impact	Less than 100 million yen (Less than 1% of profit)	Accidents not resulting in absence from work/Covered-up accidents	Lasting a few hours	Low likelihood of a loss of trust

Occurrence frequency guideline

Level	Definition (occurrence)	Risk level guideline by occurrence frequency
4	Frequent	Once or more a year
3	Moderate	Once or more in 2 to 5 years
2	Occasional	Once or more in 5 to 10 years or the likelihood of occurrence is nearly zero
1	Rare	Once every 10 years or longer

Specific initiatives

BCP (Business Continuity Plan)

We promote BCP activities to prepare for large-scale disaster risks related to ESG factors, based on scenario planning not only for major natural disasters such as earthquakes and floods in the areas where we and our Group companies operate, but also for accidents and fires, cybersecurity incidents, infectious diseases, and supply chain disruptions.
Placing top priority on human life, contributing to the recovery of local communities, and emphasizing the prompt resumption of production, we have established systems to address specific risks, including employee safety confirmation and equipment failure responses.

Flow of Major Disaster BCP

Disaster prevention and reduction, Education and training, Inspection, Stockpiling, and other preparatory measures are taken. Evacuation and taking attendance, Initial fire extinguishing , Information gathering, and other initial responses are triggered during a disaster. Establishment of a Task force , Recruiting personnel, Infrastructure and production , and other recovery countermeasures are deployed within 12 hours of the event. Completion of recovery is targeted for within 30 days of the disaster.

Information security

We recognize that the information we hold on technology and sales is a valuable asset and foundation of the Company, and that the appropriate management and prevention of leaks of information related to customers and business partners is an important responsibility of the Company.
Under the Confidentiality Management Regulations, we have established an information security promotion system and are strengthening our efforts not only in terms of hard measures, such as the introduction of systems, but also in terms of soft measures, such as employee education and awareness and the maintenance of related regulations, in order to appropriately utilize and protect the information assets held by the Company.

Main Hard Initiatives	Main Soft Initiatives
Introduction of network monitoring structure security monitoring center Vulnerability countermeasures for servers and client PCs Introduction of EDR for early detection and response to cyber attacks	E-learning to raise security awareness Targeted e-mail attack drills Security incident response drills

We are also working with domestic and overseas Group companies to continuously improve the level of security measures throughout the Aisan Group.

Return to ESG top