Special Feature 2022 - Integrated Report 2022
Corporate Governance - Create a solid governance system
Follow Thorough Compliance with Laws and Regulations, Build a Risk Management System, Promote Information Security Measures
Follow thorough compliance with laws and regulations
Basic stance
The Nidec Group sees non-compliance as a material risk that may lead to a loss of social trust and economic damage. Therefore, the Nidec Group comprehensively follows applicable laws, regulations, internal rules and standards, social ethical standards, etc. to raise executives’ and regular employees’ ethical awareness, develop conscience as a company, and win society’s trust as we continue our compliance activities.
At present, we are working to establish and enhance a global compliance system that will enable us to address individual issues and cases arising in different regions more promptly and appropriately. We will also strengthen compliance education for employees to further raise their compliance awareness, thereby reducing compliance-related risks.
Efforts made in FY2021
The Nidec Group currently has 345 group companies in 43 countries around the world. We recognize that building a governance system for these globally distributed group companies is a crucial task in ensuring compliance. In particular, based on our past experience, we see difficulty in identifying the risks of small companies located far from major bases.
Therefore, we launched a hazard map project in FY2021 with the aim of preventing compliance risks from arising at these remote small sites. In this project, we identified high-risk group companies based on their distance from major sites and the information on the risk of corruption in countries where they are operating and implemented specific prevention measures in consultation with the management of such companies and other risk reduction activities.
Toward the future
We will continue the hazard map project for a certain period of time to identify high-risk companies in order from those with the highest risk and implement necessary measures, thereby reducing the governance risk at remote small sites.
Organization
Nidec’s Legal & Compliance Department, working in partnership with Regional Compliance Officers of the individual regions where the Nidec Group’s business bases operate (the Americas, China, Europe, and Southeast Asia) and Compliance Managers and Promoters of individual business departments and group companies, builds and operates a global compliance system. Compliance Managers implement and operate compliance-related measures to raise the compliance awareness of the organizations under their supervision, and bear responsibility for preventing compliance violations. Compliance Promoters promote the specific compliance measures of such organizations, while serving as a liaison with the Legal & Compliance Department and Regional Compliance Officers, who provide support for individual regions’ Compliance Managers and accept whistleblowing cases.
Internal reporting system
As part of the comprehensive, group-wide compliance system, we have established an internal reporting section (the Nidec Global Compliance Hotline) available for all board members, executives and employees (including regular and part-time employees, those dispatched from outside agencies, limited-term employees, and those who have retired from the Nidec Group within a year), and a third-party contact point outside the company. Fiscal 2021 saw a total of 124 cases of whistleblowing and consultations made on suspected misconduct and harassment, among others, an increase of 8 cases from the previous fiscal year. The status of internal reports is reported to the Board of Directors and the Audit and Supervisory Committee on a regular basis.
Compliance seminars
As part of the compliance promotion activities, we hold compliance seminars for our group’s executives and employees to maintain and improve their level of compliance awareness. For example, seminars and discussions are held on such topics as cartels, bribery and human rights issues, with the Regional Compliance Officers serving as lecturers using the Nidec Compliance Handbook as teaching material. The compliance seminar for board members and executives is also held once a year, with the invitation of an outside lecturer.
Build a risk management system
Basic stance
It is necessary and important to identify and manage risks for the purpose of preventing the expansion of losses due to lack of readiness for possible risks, loss of business opportunities, decline of ratings, and other negative impacts. Nidec has identified risks facing the Nidec Group, clarified the relevant departments, and determined the risks that should be reduced in order of priority. The company manages the progress of reducing the impact of such risks on our business, while working to enhance its initiatives to identify signs of risks.
Efforts made in FY2021
We reviewed our risk management system and established a framework in which risk surveys are conducted for each of the levels illustrated below and the survey results are shared and mutually used. In FY2021, we conducted risk assessment of the head offices of the group companies positioned in the Business Unit level (L2), and identified their priority risks and considered risk reduction activities. The identified risks were also examined for the corporate level (L3), and the company-wide issues that should be addressed in L3 were reflected in the risk management activities for L3 as necessary.
Toward the future
In FY2022, we will start operating a new risk management system at all Business Units. For serious contingent risks that may lead to business interruption, the Business Unit level (L2) organizations will periodically check the status of the formulation of BCPs (Business Continuity Plans) of the major business site* level (L1) organizations under their control, thereby ensuring that improvement activities are continuously conducted for risk reduction.
* Major business sites: Business operation sites that make up 80% of sales of the Business Unit or Group company they belong to
Risk management system
The Nidec Group uses a medium-term business plan, which is designed to realize the group’s long-term vision that is defined as a set of specific numerical and qualitative targets, as a basis of the group’s business plan for each fiscal year. The medium-term plan is formulated based on discussions on its feasibility as a medium-term goal, consistency with the long-term vision, and issues and risks to overcome for its achievement. The plan may be revised (rolled) during its execution phase according to changes in the market and the status of progress.
We have also formulated the Risk Management Regulations to establish a risk management system for the entire Nidec Group, and have in place a Risk Management Committee under the Board of Directors. Important information is promptly reported and shared in the risk management meeting held every morning, so that the information can be utilized in our daily operations. It is also discussed and shared in the Management Meeting as necessary.
BCP (Business Continuity Plan)
Starting from March 2014, the Nidec Group has conducted BCP simulation training assuming such risks as an earthquake, flooding, drought, outbreak of an infectious disease, and fire, at its sites both inside and outside Japan. As of March 31, 2021, over 3,100 employees had participated in the training. At the end of January 2020, we set up a COVID-19 Crisis Management Headquarters, working to revise the company’s BCP based on the assumption that the pandemic would be prolonged.
Risk Management Committee
The Risk Management Committee is placed under the Board of Directors and chaired by the executive officer in charge of risk management. The Committee decides risk management policies and measures and submits reports and proposals to the Board of Directors. It also monitors the company-wide risk management status and constantly reviews the adequacy of allocation of resources necessary for risk management. Based on the annual policies established by the Risk Management Committee, department general managers in charge of risk management and Group companies formulate and carry out their respective annual risk management plans.
Promote information security measures
Basic stance
The Nidec Group possesses information that is necessary for conducting its business activities, including not only the information produced or gathered within the Group but also information provided by its business partners. We understand that it is very important to protect and use these information assets properly and appropriately. Information that should be protected includes management information, technical information, financial information and personal information, which are extremely important. Deterioration or leakage of any such information may lead to loss of trust in us from our customers or the market, as well as a decline in our competitiveness. It may also result in a legal penalty.
Based on this understanding, in 2019, Nidec appointed a Chief Information Security Officer and set up an Information Security Committee, under which an Information Security Management Office was placed as a department dedicated to information security. Also, each organization of the Group has an information security manager and an information security promoter in place to support the Group’s information security management.
Since FY2019, information security training has been continuously provided for directors and employees. During the information security enhancement month each year, information on the theme for the year is communicated to raise the awareness of information security of directors and employees.
We will continue to identify and assess rapidly changing and increasing information security risks, and make efforts to ensure the proper protection and use of our information assets by operating effective systems appropriate for individual risks under the Group’s information security structure, with the aim of achieving the target of zero serious security incidents.
Efforts made in FY2021
We introduced a function for detecting intrusion of ransomware and other malicious programs to prevent them from interrupting our corporate activities, separated networks within sites, and formulated an emergency manual and conducted training based thereon.
To prevent important technical information from leaking, we also introduced a dedicated receiving system that allows downloading of such information only with approval of the person in charge and records all the operations on it.
Furthermore, to make the cyber security measures on our automotive products more secure, we have established processes and systems to manage the cyber security risks of the products at all stages from development to production, and after shipment, based on ISO/SAE 21434, an international standard for this field.
Toward the future
- Enhancing information security for the entire Nidec Group
Seeing cyber attacks becoming an everyday event, increasing the associated information security risks, we will work to reduce our vulnerabilities by enhancing and improving the information security of the entire Nidec Group, including companies that joined the Group through M&A.
We will reinforce the information security measures for email, internet access, and storage media, through which intrusion of malicious programs or leakage of information may occur, and install functions to detect signs of malicious programs at end points, control Web access and restrict external storage media at all sites of the Nidec Group.
By installing these functions, we aim to ensure that security measures are implemented evenly at a high level. - Cyber security measures for automotive products
Today, automobiles are expected to evolve significantly. By being connected to society through the Internet, they will be equipped with the ability to grasp accurate traffic information and utilize autonomous driving technology.
On the other hand, the risk of information leakage or malicious cyber attacks is also foreseen. Therefore, we are making efforts to enhance our security technologies. Nidec’s Intelligent Motor for automobiles incorporates technologies not only to make the system smaller and more efficient but also to protect the system from cyber attacks. We will continue to monitor cyber risks in the market, which are expected to change in the future, and deliver safe and reliable products to customers by implementing necessary measures, such as updating software if any risk arises.
