Compliance and Risk Management

Reinforcing Group Governance and Reforming Organizational Culture
(Practicing Integrated Risk Management)

As an important part of operating the organizations within the Shimadzu Group, we will promote risk management (countermeasures for risks related to Shimadzu businesses) and compliance/internal controls (mitigation of the risks to execution of duties) in an organic and integrated manner, in order to achieve our management strategies, business objectives, and so on, and maximize our corporate value.

Ensuring Compliance

Basic Policy

The Shimadzu Group is committed to obtaining applicable permits and licenses and complying with applicable laws and regulations, such as security trade controls, anti-bribery laws, and competition laws, established by governments in respective regions and countries for Shimadzu’s various businesses deployed around the world.
In addition to compliance with laws and regulations, Shimadzu is also committed to behavior consistent with international norms. We have established the Shimadzu Group Corporate Code of Ethics that specifies ethical standards to be shared and complied with by directors and employees, in accordance with Shimadzu’s corporate philosophy, management principle, and Shimadzu Group Sustainability Charter. We practice the Shimadzu President’s policy of “prioritize compliance above all else.”

Provision of Corporate Ethics Consultation and Notification Contact Points

To prevent corporate ethics problems, or identify and address them as early as possible, all Shimadzu Group employees (including former employees), temporary personnel, and contractor personnel working within Shimadzu are notified that Shimadzu has established special contact points within and outside the company for consultation and notification regarding corporate ethics issues. To provide a system that is independent from normal executive management channels, “External Hotlines” are provided as contact points outside Shimadzu, where personnel can notify or consult an outside lawyer for investigation by an Audit & Supervisory Board member. In FY2023, there were 165 cases of the contact points being used for consultation or notification. In addition to protecting whistleblowers, we have also established measures to conduct necessary investigations, implement corrective actions, and prevent recurrence.

Promotional Activities

The Shimadzu Group has created a Shimadzu Group Corporate Ethics and Code of Conduct Handbook that summarizes the essential elements of the Corporate Code of Ethics in an easy-to-understand form and prevents compliance problems through group training, e-learning, and other teaching activities to teach and instill the content of the handbook.
In addition, we also conduct compliance training at the Head Office and Group Companies worldwide, not only by using annual e-learning classes (the participation rate in 2023: 100%) or educational booklets, for example, but also by conducting group training sessions.

Corporate Ethics Study Booklet
(From LRN Catalyst)
Corporate Ethics and Code of Conduct Handbook

Assessing Awareness of Ethics/Compliance

Periodic questionnaire surveys are conducted by external experts (every 3 years) to assess how mindful personnel are about ethics and compliance in respective organizations and workplaces. Then respective organizations and workplaces will discuss the results from that analysis and implement corresponding improvements. Improvement measures to be applied broadly to all organizations throughout the Shimadzu Group are included within control activities by the departments specifically responsible for the respective risks and various committees.

Measures at Respective Workplaces

On the “Shimadzu Group Compliance Day” held every July since 2011, employees reflect on incidents that have occurred during the past year. On that day, employees discuss things they noticed during their daily work in order to identify any issues that could grow into compliance violations and prevent corresponding problems before they occur.
In FY2022, a learning system was introduced at Shimadzu Corporation and Group companies in Japan. This system helps personnel at each workplace learn the knowledge (methods, regulations, procedures, etc.) and values required to perform their work properly, improve the quality of their work, and build their capacities. With each workplace team learning from teaching materials provided by departments responsible for respective risks, the Shimadzu Group conducted over 18,000 workplace learning sessions in FY2023. By continuing such learning sessions for many years, we aim to foster a positive culture within Shimadzu Group organizations.

Internal Controls (Addressing Risks to Execution of Job Duties)

Basic Policy

The Shimadzu Group has established internal control systems that ensure executives and other employees perform their job duties appropriately and efficiently in accordance with applicable laws/regulations and Shimadzu Articles of Incorporation. We will continue to strengthen internal control systems by constantly identifying changes in the business environment and making improvements without concern for previous ways of thinking or methods.

Internal Control Systems

To ensure business processes are executed appropriately and efficiently, we have established systems for ensuring compliance with all applicable regulations governing business operations, clarified job authority, and established systems for quickly and accurately conveying Shimadzu Group information in order to increase management transparency. If a violation occurs, a description of the violation, disciplinary actions, and other information are quickly shared throughout the Shimadzu Group in an effort to prevent a recurrence of similar violations. Furthermore, while strictly protecting personal and confidential information, relevant information is disclosed outside Shimadzu whenever appropriate, either via public relations, investor relations, the website, or other means.
A Shimadzu Group Management Basic Regulation was specified that summarizes the basic principles for Shimadzu Group governance and corresponding management requirements. By continuously establishing and strengthening the systems for understanding and managing the management circumstances throughout the Shimadzu Group, we ensure the Group is operated appropriately and efficiently.

Establishing Internal Controls for Financial Reporting

Based on implementation standards specified by the Japanese Financial Services Agency, the Shimadzu Group has established the “Regulation for Establishing Internal Control over Financial Reporting” to specify a basic framework for internal controls and achieve business objectives by improving the efficacy and effectiveness of business practices, ensuring the reliability of financial reports, promoting compliance with laws, regulations, and other requirements for business activities, and protecting assets. In recognition of the importance of creating and disclosing appropriate financial reports, establishing and implementing internal controls are considered a company-wide challenge. Furthermore, we are constantly evaluating internal controls to maintain and improve their effectiveness and implement improvements (remedial measures) to resolve any deficiencies identified. In terms of the scope of controls, we focus on the most important companies and business processes to improve effectiveness in actual practice.

Activities to Expand the Scope of Controls (to Not-Applicable Group Companies)

After all Group companies have assessed risks based on a checklist of the most important risks in corporate controls and business processes, the Head Office administrative departments cooperate to conduct interviews with each company to verify their assessments. The results are then analyzed, and controls are prepared to reduce the probability of risk occurrence, thereby preventing problems.

Risk Management (Risk Countermeasures Related to Businesses)

Basic Policy

Risk management is an indispensable presence necessary for achieving business continuity and progress, while also fulfilling the social responsibilities of the company. Shimadzu Group activities for appropriately managing business risks include preventing risks from occurring, quickly resolving any urgent risk events, minimizing damages, identifying causes, and deploying recurrence countermeasures horizontally throughout the Group as soon as possible. Those activities are specified in the Shimadzu Group Risk Management Regulation.

Risk Management and Ethics System

To ensure risks are managed throughout the entire Group, a Risk Management and Corporate Ethics Meeting is convened biannually, chaired by the Shimadzu Corporation President. In the meeting, risks at each level (prioritized risks applicable to all organizations in the Group / high risks, key risks of each Group company, and operational risks at each workplace) and the progress of addressing these risks are discussed. The officer in charge of risk management coordinates the implementation of decisions at the meeting so that they can be independently and effectively implemented by each organization and workplace, under the direction and support of the departments or various committees responsible for respective risks.

Risk Management and Ethics System

*RM: Risk management

Promotional Activities

Prevention Activities

We drive the cycle of RM* activities by managing and monitoring risks based on periodic risk identification and assessment results. To prevent serious incidents during Shimadzu Group business activities that might decrease corporate value by violating societal expectations or damaging business operations, mainly management personnel and departments responsible for respective risks engage in identifying, assessing, and ranking the priority order of risks. To ensure each risk is controlled appropriately, Shimadzu is engaged in establishing systems for implementing companywide risk countermeasures against risks with higher priority.

Identify (understand) risks threatening the Shimadzu Group.
Assess the risks identified in Step I (probability of occurrence and potential impact).
Decide which risks should be prioritized.
The department responsible for the risks prioritized in Step II designs and executes risk reduction measures for reducing the remaining risks.
Assess the remaining risks to confirm the state of risk management.
Monitor the overall risk management process.

Responding to Urgent Incidents

An emergency communication system has been established to ensure any urgent incidents are handled appropriately. Based on the general rule to communicate the first report as soon as possible, if necessary a response task force chaired by the President is established for implementing response measures.

Monitoring

Basic Policy

The Shimadzu Group systematically and continuously reviews and assesses the effectiveness of risk management, internal control, and compliance activities at each level of the three lines of defense, which are business practices, controls, and auditing.

Systems for Strengthening Monitoring

The regional corporate head offices established outside Japan in FY2023, especially those in China and Asia, use auditing tools created by the head office in Japan to establish and execute audit plans. In accordance with the Shimadzu Group Management Basic Regulation, the regional corporate head offices verify that each Group company is following the specified rules, in order to prevent inappropriate procedures and other practices.

Related Information