The Otsuka group recognizes that pursuing management efficiency and controlling the risks inherent in business activities are important for improving corporate value. For this reason, it is vital to establish a group-wide system that enables all executives and employees to swiftly uncover, identify, and deal with risks related to their work. The Otsuka group manages risk via the initiatives outlined below, under the supervision of top management.
Risk Management System
The Otsuka group introduced Enterprise Risk Management (ERM) in 2020 to further enhance companywide risk management at Otsuka Holdings (the Company) and its main operating companies, including the recognition and evaluation of risks comprehensively from a company-wide perspective and the prioritization of management resources to control important risks. In 2022, the Otsuka Group Global ERM Policy was established by referencing global standards such as ISO31000 and COSO.
In the initiatives of ERM, we define “risks” as uncertainties that significantly impact the fulfillment of our corporate philosophy and the achievement of our business strategy goals, and we have established a group-wide risk management framework and a system for risk assessment. Under the framework and system, we identify and evaluate significant risks in the group through the risk assessments performed at main operating companies, determine whether to mitigate, transfer, avoid, or accept those risks, formulate management policies, and continuously execute and monitor these activities to effectively and efficiently manage the risks in the group.
The Company has established the Global Risk Oversight Committee, composed of the Director/Operating Officer in charge of finance, corporate planning, and administration. The committee participates in deliberations on significant risks and reports on them at meetings of the Board of Directors, formulates and monitors the implementation of policies for the management of significant risks, and provides instructions and support to the main operating companies when needed. The Board of Directors receives reports on committee activities, issues instructions as necessary, and oversees the effectiveness and efficacy of the group’s ERM structure.
Details of Risk Management Activities
Identification of significant risks begins with the sharing of risk awareness by senior management through interviews at the Company and the main operating companies (top-down approach), as well as assessments of risks and controls by frontline employees (bottom-up approach). This enables us to comprehensively identify the risks that exist in the group. Each group company develops risk management policies and risk management action plans for the risks that are judged to be significant risks and regularly monitors and reviews the status of those risks and the progress of action plans.
The Company aggregates and visualizes the significant risks faced by each group company to grasp a comprehensive understanding of the existing risks and the status of controls in the group. Common risks that apply to the whole group are studied closely and the significant risks are gathered and identified. Based on the results of this process, the Global Risk Oversight Committee assigns priority to significant risks that could a have significant impact on the group’s business, such as financial losses or business continuity.
The Company and the main operating companies develop and implement countermeasures to each significant risk based on the characteristics and risk tolerance. The Company provides the guidance and support to the main operating companies, which submit reports and seek advice from the Company, as appropriate. In these activities, the whole group coordinates closely to promote and practice ERM. Moreover, the Company and the main operating companies regularly monitor risks to prevent their occurrence to the extent possible and ensure that they remain within their respective tolerance levels.
ERM Initiatives in 2024
In order to not only build a highly effective risk management system that supports the Otsuka group’s management foundation but also further improve that system, we moved forward with introducing ERM in regions throughout the world, including Japan, North America, Europe, Asia, using a standardized process based on the Otsuka Group Global ERM Policy and Otsuka Group Global ERM Implementation Guidelines.
Furthermore, we conduct monitoring activities and hold risk management-related study sessions while regularly sharing with ERM staff of major operating companies information on risks that are growing more complex and advanced as the global situation continues to change.
Here, we look at workplace opinions that promoted initiatives in various regions.
Andy Hodge
President and CEO
Otsuka Pharmaceutical Europe
① Embedding ERM in our European Strategy
In partnership with the European Audit&Risk Team, we have embedded risk management in our European operations. We regularly update our list of significant risks, define scenarios of how these could play out, and develop possible contingency plans.
Liu Libin
Risk Management Director
Compliance Department
Otsuka (China) Investment Co., Ltd.
② Evolution of Risk Management Systems and Sustainable Growth through ERM
By utilizing ERM, we identify and prioritize the company’s significant risks, establish response measures and monitoring indicators, and allocate resources appropriately to effectively implement risk management. As a result, our risk management systems are steadily evolving. Going forward, we will expand the use of ERM across our Chinese companies to drive longterm sustainable growth for Otsuka group’s China operations.
Takashi Ichikawa
Deputy Director
Corporate Planning Department
Taiho Pharmaceutical Co., Ltd.
③ Effective Risk Management System
We consider risk management to be a key management issue. Specifically, we have established a Risk Management Committee, which conducts risk assessments to identify important risks and implements measures to mitigate them, as well as monitors Key Risk Indicators (KRIs). Additionally, we utilize Business Intelligence (BI) tools to enhance risk visibility and promote the implementation of ERM across domestic and overseas subsidiaries, thereby advancing effective management tailored to the VUCA era.
Christine Burdick-Bell
E.V.P., General Counsel & Corporate Secretary
Legal Department
Pharmavite
④ Leveraging ERM for Enhanced Risk Awareness/Mitigation and Resource Optimization
Pharmavite’s ERM program helps identify, communicate, and mitigate risks by prioritizing them and allocating resources effectively, taking into account the Company’s risk appetite. This ensures that on an ongoing basis the Company focuses its mitigation efforts on the most critical areas to help it achieve its strategic objectives.
Business Continuity Planning and Management
The Otsuka group has business continuity plans (BCPs) in place to minimize the impact on our business activities and ensure that the group continues to operate as effectively as possible in order to maintain the stable supply of products, even when largescale earthquakes and disasters strike.
In terms of business continuity management (BCM), Otsuka Holdings and all major group companies (Otsuka Pharmaceutical, Otsuka Pharmaceutical Factory, Taiho Pharmaceutical, Otsuka Warehouse, Otsuka Chemical, etc.) have partnered to create a system to tackle business continuity on a group-wide scale. Since acquiring ISO 22301 certification for the production and stable supply of pharmaceutical products, beverages, and foods in 2012, we have gradually expanded the scope of certification to include the stable supply of intravenous solutions (in 2015) and the stable supply of anticancer agents (in 2016). The acquisition of ISO 22301 certification demonstrates that our organization complies with international standards and is fully covered, from a BCP standpoint. In addition, the Otsuka group as a whole is working to strengthen measures and systems to minimize the impact on business activities in the event of an emergency. Every year, we conduct joint simulation drills for different scenarios, such as natural disasters and the spread of infectious diseases. These drills provide the opportunity to test our framework for cooperation under close-to-realistic conditions, with a focus on ensuring stable product supply.
Risk Management Training
Risk management training is held annually for directors, Audit & Supervisory Board members, executive officers, and department heads of major group companies. Training includes simulation drills and lectures by outside experts, and involves discussions and reviews on domestic and overseas risks, referencing serious incidents and other matters. Topics include the initial response and coordination of information among the group when a crisis occurs, measures to ensure business continuity, and corporate social responsibility.
Information Security
The Otsuka group has established the "Otsuka Group Global Information Security Policy" as a fundamental part of its approach to information security, striving to unify awareness across all group companies, including overseas subsidiaries.
We set up the Otsuka Group Information Security Committee to examine specific measures and to share up-to-date information with the aim of elevating and continuously enhancing the group's overall security posture.
To mitigate the risk of cyberattacks, we conduct continuous assessments for improvement, address high-risk vulnerabilities, provide phishing simulation training and countermeasures, and monitor endpoints. In addition, we have built capabilities for responding to cybersecurity emergency situations, including the establishment of the Computer Security Incident Response Team (CSIRT), which preempts the occurrence of damage from cyberattacks targeting personal information and trade secrets held by respective group companies.