Risks Associated with Business Activities

At the Subaru Group, Subaru believes that Subaru can minimize the impact of risks associated with our business activities by gaining an understanding of those risks and addressing them appropriately. Accordingly, Subaru identifies key risks and consider measures to combat them.
The risks relating to the state of our business and accounting that could have a major impact on investor decisions are listed below.
Please note that this is not an exhaustive list of all risks relating to the Subaru Group.

(1) Economic trends
(2) Exchange rate fluctuations
(3) Dependence on specific businesses
(4) Fluctuations in market valuation
(5) Purchase of specific raw materials and parts
(6) Protection of intellectual property
(7) Product defects
(8) Retirement benefit obligation
(9) Environment-related legal regulations
(10) Impact of disasters, war, terrorism, strikes, etc.
(11) International business activities
(12) Information security impacts
(13) Compliance and reputation

Status of Development of Risk Management System

At Subaru, the Corporate Planning Department, which plays a central role in the common functions of each business, and other company-wide shared corporate operations departments maintain close links with each department and company to enhance risk management.
In addition, the Audit Department performs planned audits of each department and Group company. Subaru has also created and operates a system and organization to ensure compliance, which is the foundation of risk management, in order to assist with the development of the internal control system.
Subaru has established the Compliance Committee which deliberates, discusses, determines, exchanges information, and liaises on important compliance issues to promote the implementation of company-wide compliance.
Subaru has assigned a compliance officer and compliance staff for each department and company to organize a system that meticulously implements compliance at each workplace. Subaru also systematically provides education and training for officers and employees on a routine basis as well as raising awareness about compliance through such means as in-house publications as necessary.
Furthermore, in order to promote the implementation of compliance in the Subaru Group, Subaru conducts education and training and provide information through in-house publications for Group companies in addition to raising the effectiveness of these activities through the participation of Group companies in the Subaru internal reporting system (Compliance Hotline.)

On April 1, 2018, Subaru established the “Tadashii-Kaisha” Promotion Department (Tadashii-Kaisha: A company doing the right thing in the right way) and the Compliance Office with the objective of enhancing initiatives to address the legislative compliance and corporate culture reform issues faced by Subaru.

Crisis-level Risks

Subaru defines risk as uncertain elements with the potential for negative impact on our business operations. While there are many types of risk, Subaru calls those risks that are particularly dangerous to our business operations and that Subaru cannot handle through regular decision-making channels “crisis-level risks” and categorize them as follows: natural disaster, accident, internal human factors, external human factors, social factors (domestic, overseas), and compliance. Subaru has created manuals for dealing with each type of emergency, which delineate what communication channels are to be used once a risk is recognized, how to form crisis management headquarters, and other methods to follow to respond optimally to the situation.

Our emergency response procedure manual and crisis management (disaster prevention) guidelines

Establishment of Location-specific BCP

With the goal of minimizing any reduction of service to customers and preventing loss of market share and corporate value, Subaru has created a Business Continuity Plan (BCP) for each business unit to maintain Subaru’s business operations or to restore them as quickly as possible in the event of an emergency.
In FY2017, our Emergency Task Force has conducted an initial response training in cooperation between our Head Office and other offices assuming the occurrence of large scale earthquake. In FY2018, Subaru reviewed and recompiled manuals concerning the initial response at the time of emergency. Subaru will continue the training and confirm and review our BCPs. By doing this, should our resources (employees, physical assets, monetary assets) be affected by an emergency, Subaru will be able to leverage our remaining resources to minimize the shutdown of priority operations and restore all operations to their original state as quickly as possible.

* BCP:Business Continuity Plan

Emergency Response Policy

  1. Give first priority to people’s survival and physical safety.
  2. Minimize loss of stakeholder interests and corporate value.
  3. Act always with honesty, fairness, and transparency, even in an emergency.

Information Security Protection Initiatives

In promoting the Subaru Group’s CSR, the use of digital data is essential to our sustainable development. They are used in diverse realms, from conventional IT systems to facilities, products, and the whole range of services that Subaru offers.

As Subaru is aware of our social responsibility to handle digital data in these realms safely, Subaru has established our Basic Cybersecurity Policy to earn the trust of our customers and society as a whole and are undertaking information security protection activities.

Basic Cybersecurity Policy


Subaru Corporation and its group companies (referred to below as “the Subaru Group”) put in place a Basic Cybersecurity Policy to protect all our conceivable products, services, and information assets from threats arising in the course of our business activities and earn the trust of our customers and society as a whole.


This basic policy applies to all executives and employees of the Subaru Group, and also to the employees and other staff of Subaru’s subcontractors.


  1. The Subaru Group will comply with laws, regulations, standards, and security-related contractual obligations to our customers.
  2. The Subaru Group will put in place and operate management systems and internal regulations concerning cybersecurity.
  3. The Subaru Group will establish information security measures tailored to our information assets and strive to prevent and minimize information security incidents. Should such an incident occur, Subaru will address it swiftly and appropriately, taking steps to prevent recurrence.
  4. The Subaru Group will strive to ensure information security by providing both executives and employees with education and training, as well as undertaking other efforts to raise their awareness of this issue.
  5. The Subaru Group will continually review and strive to improve the aforementioned activities.

Established in June 2018

Personal Information Protection Initiatives

To comply with the Personal Information Protection Act, Subaru has reviewed its internal systems and rules and publicly disclosed its privacy policy.

In particular, since Subaru dealers in Japan handle a wide range of customer information, Subaru has reviewed the compliance of each of the 44 dealers, including affiliated companies, with our rules and created a Personal Information Protection Handbook for Subaru Dealers. In this way, Subaru is working to ensure that all employees understand the importance of protecting personal information.

Also in accordance with implementation of the revised Personal Information Protection Act in May 2017, Subaru reviewed our existing systems and regulations, and decision-making method regarding personal information protection and changed our operation. Subaru is still now in the process of reviewing the systems of personal information protection and of creating different tools.

In addition, at our headquarters in Europe, in accordance with the implementation of General Data Protection Regulation (GDPR), Subaru is in the process of reviewing our privacy policy, compiling rules and regulations, and establishing systems.

Compliance Handbook for the Staff of Subaru Dealers

Intellectual Property Protection Initiatives

After identifying our strengths and weaknesses, Subaru has put together a vision for Subaru’s intellectual property activities that focuses on tapping into our strengths in mass-production niches. Using this approach, Subaru is promoting intellectual property activities that make a positive contribution to our earnings, guided by the following three-point basic policy.

Basic Intellectual Property Policy

  1. Throughout Subaru, Subaru will dedicate ourselves to creating intellectual property that generates turnover and deploying effective intellectual property rights
  2. Subaru will respect the intellectual property rights of others and work thoroughly for patent clearance in product development
  3. Subaru will appropriately manage our intellectual property portfolio to protect and enhance our brand

Established in April 2017

Intellectual Property Protection and Risk Management

Our Intellectual Property Department makes full use of the Subaru Group’s intellectual property rights and protects them against infringement. It also promotes various in-house activities to ensure that Subaru does not infringe the intellectual property rights of others.

  1. The department will protect our technology and brand by establishing and managing development and creative output (technology, marks, naming, designs, etc.) as intellectual property
  2. The department will undertake exhaustive investigations to identify any problems that could be detrimental to our business and will prevent or resolve them
  3. The department will tackle counterfeit goods via monitoring of online sales and seeking for border enforcement measures by customs authorities
  4. The department will secure ownership of intellectual property and usage rights in technology agreements

In March 2016, Subaru joined the License on Transfer Network, with the objective of curbing patent litigation by NPEs*, which has been on the rise in recent years.

* NPEs: Non-practicing entities. These are organizations or groups that collect patents for technologies developed by others without any intention to make use of those patents other than for the purpose of making a profit from the exercise of rights against third-parties working related technologies (via patent royalties or out-of-court financial settlements, etc.).

Intellectual Property Promotion System

Intellectual Property Management Awareness Activities

As well as managing intellectual property in general, the Intellectual Property Department regularly undertakes awareness activities aimed at ensuring that compliance with the law is firmly established as standard practice.

  1. Implementation of rank-specific training for employees involved in development, tailored to their year of entry into the company and their position
  2. Establishment of a patent promotion committee to promote invention and patent application activities in each department, and implementation of awareness activities through this committee
  3. Promotion of reviews aimed at investigating the intellectual property rights of others and securing patent clearance in development departments

The department also makes ongoing donations to charitable organizations of funds raised at charity bazaars utilizing merchandising rights.