Status of Development of Risk Management System

At Subaru, the Corporate Planning Department, which plays a central role in the common functions of each business, and other company-wide shared corporate operations departments maintain close links with each department and company to enhance risk management.
In addition, the Audit Department performs planned audits of each department and affiliated companies. Subaru has also created and operates a system and organization to ensure compliance, which is the foundation of risk management, in order to assist with the development of the internal control system. Subaru has established the Compliance Committee which deliberates, discusses, determines, exchanges information, and liaises on important compliance issues to promote the implementation of company-wide compliance. Subaru has assigned a compliance officer and compliance staff for each department and company to organize a system that meticulously implements compliance at each workplace. Subaru also systematically provides education and training for officers and employees on a routine basis as well as raising awareness about compliance through such means as in-house publications as necessary. Furthermore, in order to promote the implementation of compliance in the Subaru Group, Subaru conducts education and training and provide information through in-house publications for affiliated companies in addition to raising the effectiveness of these activities through the participation of affiliated companies in the Subaru internal reporting system (Compliance Hotline.)

With the objective of bolstering efforts to address compliance issues and change the culture, Subaru established the new Risk Management and Compliance Office on April 1, 2019, and also created the new position of Chief Risk Management Officer (CRMO) to oversee the newly formed Risk Management Group, which includes the new Risk Management & Compliance Office, along with the General Administration Department, the Group Company Management Department, the Sustainability Promotion Department, the Legal Department, and the Internal Audit Department.

Message from the CRMO

In an organizational change effective April 1, 2019, SUBARU newly established the Risk Management Group and the position of Chief Risk Management Officer (CRMO), who oversees this Group.
Although this reorganization is part of efforts to strengthen internal control, which has been strongly required of companies in Japan and abroad since the 2000s, I consider this a matter of particular importance for SUBARU, which was shaken by final vehicle inspection problems.
Although to date SUBARU has taken several measures to strengthen internal control, such as establishment of the Corporate Administration Division, by once again clarifying reporting lines concerning risk management and internal control and clearly defining the communication route between workplaces and management, SUBARU is attempting to reduce the sense of distance between them and enhance and strengthen management involvement in internal control, in both form and substance. Since there were serious concerns about the risk management response level under the previous organizational structure, SUBARU newly established the Risk Management & Compliance Office to put in place a system for systematically engaging in Group-wide risk management.
SUBARU combined the Risk Management & Compliance Office with the Legal Department, the Sustainability Promotion Department (the former CSR & Environment Department), and other departments closely involved with risk management and with the General Administration Department, which serves as the secretariat office of the Emergency Response Headquarters, to form an organization overseen by the CRMO.
The automotive industry is said to be facing a once-in-a-century transition period. Managing a business in such turbulent circumstances is like navigating a ship in a fog that limits visibility. I believe that at such a time risk management fulfills the role of a sea captain who helps keep the ship on a steady and sure course.
I will devote myself each day to ensuring that the Risk Management Group provides guidance to enable maintenance of sustainable management.

Yoichi Kato
Director of the board, Executive Vice President and CRMO

Risks Associated with Business Activities

At the Subaru Group, Subaru believes that Subaru can minimize the impact of risks associated with our business activities by gaining an understanding of those risks and addressing them appropriately. Accordingly, Subaru identifies key risks and consider measures to combat them.
The risks relating to the state of our business and accounting that could have a major impact on investor decisions are listed below.
Please note that this is not an exhaustive list of all risks relating to the Subaru Group.

(1) Economic trends
(2) Exchange rate fluctuations
(3) Dependence on specific businesses
(4) Fluctuations in market valuation
(5) Purchase of specific raw materials and parts
(6) Protection of intellectual property
(7) Product defects
(8) Retirement benefit obligation
(9) Environment-related legal regulations
(10) Impact of disasters, war, terrorism, strikes, etc.
(11) International business activities
(12) Information security impacts
(13) Compliance and reputation

Crisis-level Risks

Subaru defines risk as uncertain elements with the potential for negative impact on our business operations. While there are many types of risk, Subaru calls those risks that are particularly dangerous to our business operations and that Subaru cannot handle through regular decision-making channels “crisis-level risks” and categorize them as follows: natural disaster, accident, internal human factors, external human factors, social factors (domestic, overseas), and compliance. Subaru has created manuals for dealing with each type of emergency, which delineate what communication channels are to be used once a risk is recognized, how to form crisis management headquarters, and other methods to follow to respond optimally to the situation.

Subaru’s emergency response procedure manual and crisis management (disaster prevention) guidelines

Establishment of Location-specific BCP

Subaru formulates location-specific BCPs*1 to ensure that the correct actions are taken swiftly for the continuity of Subaru’s business and its recovery as soon as possible in the event of various emergencies. Subaru’s objective in doing so is to minimize the loss of business opportunities or corporate value due to any decline in customer service or reduction in market share. Subaru also promotes business continuity on the basis of our Emergency Response Policy. In FYE2019, the Head Office General Administration Department held periodic interviews with risk owners*2 from each department to facilitate the sharing of information about departmental issues and is addressing those issues based on the results of its reviews. The department also compiled a report for senior executive management on the results of its review of the seismic safety of buildings built to older earthquake resistance standards at each location. In addition, the department conducted a survey of the current state of each location’s emergency response systems for dealing with major natural disasters and accidents, and shared details of the issues it identified. Subaru will continue to check and revise its BCPs so that it can make full use of any remaining capacity in the event of an emergency that damages Subaru’s business resources (human, physical, and financial), minimize any interruption to prioritized business activities, and return to the pre-emergency operational status as soon as possible.

*1
BCP: Business Continuity Plan
*2
Risk owner: An individual (or organization) with responsibility and authority regarding risk management and accountability.

Emergency Response Policy

  1. Give first priority to people’s survival and physical safety.
  2. Minimize loss of stakeholder interests and corporate value.
  3. Act always with honesty, fairness, and transparency, even in an emergency.

Efforts to Ensure Business Continuity

The Gunma Plant has installed a storm water detention tank with a capacity of some 1,000 m2 beneath the pavement of the Main Plant’s visitors’ car park, to combat flooding of the plant at times of heavy rainfall. This also helps to curb flooding of the surrounding area. Grass has been planted in the car park to reduce the total area of asphalt, thereby alleviating issues caused by heat reflection due to the heat island effect.

The Utsunomiya Plant has frequently suffered damage due to flooding of the plant at times of intense heavy rain. Accordingly, storm water channels at the plant were revised and drainage work was carried out in FYE2018 to combat flooding due to intense heavy rain. In addition, storm water gutter sizes and routes were revised and new facilities were installed to facilitate discharge into the river (culvert) to the east of the plant, thereby bolstering storm water drainage capacity. As a result, the plant suffered no flooding in FYE2019. The measures also helped to combat flooding of the surrounding area.

Car park with a flood prevention measure (Gunma Plant)
Flood prevention measure (drainage grid) (Utsunomiya Plant)

Information Security Protection Initiatives

In carrying out business operations, the use of digital data is essential for Subaru and Subaru Group companies for our sustainable development. They are used in diverse realms, from conventional IT systems to facilities, products, and the whole range of services that Subaru offers.
Being aware of our social responsibility to handle digital data in these realms safely, Subaru has established the Basic Cybersecurity Policy to earn the trust of our customers and society as a whole and the Subaru Group as a whole is undertaking information security protection activities.

Basic Cybersecurity Policy

[Objective]

Subaru Corporation and its group companies (hereinafter referred to as “the Subaru Group”) put in place a Basic Cybersecurity Policy to protect all our conceivable products, services, and information assets from threats arising in the course of our business activities and earn the trust of our customers and society as a whole.


[Scope]

This basic policy applies to all executives and employees of the Subaru Group, and also to the employees and other staff of Subaru’s subcontractors.


[Initiatives]

  1. The Subaru Group will comply with laws, regulations, and standards, as well as security-related contractual obligations to our customers.
  2. The Subaru Group will put in place and operate management systems and internal regulations concerning cybersecurity.
  3. The Subaru Group will establish information security measures tailored to our information assets and strive to prevent and minimize information security incidents. Should such an incident occur, Subaru will address it swiftly and appropriately, taking steps to prevent recurrence.
  4. The Subaru Group will strive to ensure information security by providing both executives and employees with education and training, as well as undertaking other efforts to raise their awareness of this issue.
  5. The Subaru Group will continually review and strive to improve the aforementioned activities.

Established in June 2018

Major Initiatives in FYE2019

Subaru revised relevant regulations in FYE2019 and notified the Subaru Group concerning the revisions.
In addition, Subaru has built a company-wide security system that encompasses its product ranges and is striving to bolster the Subaru Group’s information security.
Subaru provides employees with e-learning courses and group training concerning information security in general, which emphasize the importance of security, and also provides group training for the 20 group companies within Japan.

Personal Information Protection Initiatives

To comply with the Act on the Protection of Personal Information, Subaru has reviewed its internal systems and rules and publicly disclosed its privacy policy.

In particular, since Subaru dealerships in Japan handle a wide range of customer information, Subaru has reviewed the compliance of each of the 44 dealerships, including affiliated companies, with our rules, and created and distributed a Personal Information Protection Handbook for Subaru Dealerships to all dealerships. In this way, Subaru is working to ensure that all employees understand the importance of protecting personal information.

Also in accordance with implementation of the revised Act on the Protection of Personal Information in May 2017, Subaru reviewed our existing systems and regulations, and decision-making method regarding personal information protection and changed our operation. Subaru is still now in the process of creating and reviewing the systems of personal information protection and of different tools.

Our emergency response procedure manual and crisis management (disaster prevention) guidelines

In FYE2019, Subaru implemented the following key initiatives and is engaged in continuous improvement activities via the PDCA cycle.


  • Training for all departmental and office directors concerning the Act on the Protection of Personal Information
  • Identification of management issues through an inventory of personal information held by all departments
  • Formulation of detailed rules on the management of contractors and anonymously processed information

In addition to these actions in response to Japan’s Act on the Protection of Personal Information, the Subaru Group has built a system based on the May 2018 entry into force of the EU’s General Data Protection Regulation (GDPR) and the adequacy decision between Japan and the EU. In addition, the Subaru Group has put in place a privacy policy and regulations, and is conducting training concerning them.

Workshop on the Act on the Protection of Personal Information

Intellectual Property Protection Initiatives

After identifying our strengths and weaknesses, Subaru has put together a vision for Subaru’s intellectual property activities that focuses on tapping into our strengths in mass-production niches. Using this approach, Subaru is promoting intellectual property activities that make a positive contribution to our earnings, guided by the following three-point basic policy.

Basic Intellectual Property Policy

  1. Throughout Subaru, Subaru will dedicate ourselves to creating intellectual property that generates turnover and deploying effective intellectual property rights
  2. Subaru will respect the intellectual property rights of others and work thoroughly for patent clearance in product development
  3. Subaru will appropriately manage our intellectual property portfolio to protect and enhance our brand

Established in April 2017

Intellectual Property Protection and Risk Management

Subaru’s Intellectual Property Department makes full use of the Subaru Group’s intellectual property rights and protects them against infringement. It also promotes various in-house activities such as the following to ensure that Subaru does not infringe the intellectual property rights of others.


  1. The department will acquire rights to technologies, marks, naming, design, and other intellectual property, and will also appropriately manage Subaru’s intellectual property portfolio
  2. The department will undertake exhaustive investigations to identify any problems concerned with intellectual property that could be detrimental to our business and will prevent or resolve them
  3. The department will tackle counterfeit goods via monitoring of online sales and seeking for border enforcement measures by customs authorities
  4. The department will secure ownership of intellectual property and usage rights in technology agreements

Subaru joined the License on Transfer Network, with the objective of curbing patent litigation by NPEs*.

* NPEs (Non-practicing entities): These are organizations or groups that collect patents for technologies developed by others without any intention to make use of those patents other than for the purpose of making a profit from the exercise of rights against third-parties working related technologies (via patent royalties or out-of-court financial settlements, etc.).

Intellectual Property Promotion System

Intellectual Property Management Awareness Activities

At Subaru, in addition to managing intellectual property of the Subaru Group in general, the Intellectual Property Department regularly undertakes awareness activities such as the following aimed at ensuring that compliance with the law is firmly established as standard practice.


  1. Implementation of rank-specific training for employees involved in development, tailored to their year of entry into the company and their position
  2. Establishment of Patent Promotion Committee to promote invention and patent application activities in each department, and implementation of awareness activities through this committee
  3. Promotion of reviews aimed at investigating the intellectual property rights of others and securing patent clearance in development departments

The department also holds charity bazaars utilizing merchandising rights and makes ongoing donations to charitable organizations of funds raised.