Skip to main content

Risk Management

 

Risk Management

At Renesas we understand that early identification and analysis of Group-wide risks and early responses to resolve them are vitally important management issues, and we are continually working on strengthening our risk management.

Risk Management System

We have established a group-wide risk management system based on the “Renesas Electronics Group Risk and Crisis Management Regulations”. We regularly maintain our risk management system for possible risks that may occur, and for each one a department will be put in charge of crisis management according to the type of risk, and that department will conduct the day-to-day risk management. We also attempt to identify and group risks in advance that are then represented realistically in our Risk Map, while at the same time formulating contingency measures to prevent those risks, as well as systems and response policies in the event of such risks happening. Furthermore, in the event of an emergency, we establish an Emergency Response Headquarters (ERHQ) led by our CEO, which brings information together, proposes countermeasures, and takes measures to minimize losses.

Establishment of Emergency Response Headquarters (ERHQ) in the event of a company-wide emergency

(taken from the “Renesas Electronics Group Risks and Crisis Management Regulations”)

  1. An ERHQ will automatically be set up in the event of an earthquake with a seismic intensity of lower 6 or higher
  2. Other than the above, our CEO will make the decision to call for an ERHQ (if there are risks such as accidents, disasters, or incidents that are recognized as having a major social impact on the group, or when he feels it is especially necessary).

 

Renesas Group's Risk Management System

Image
Renesas Risk Management System

Emergency Task Force

Image

 

Renesas Group Risk Management Control Flow

Image


We disclose business risks identified by Renesas' Risk Management System led by our CEO in the “Business Risks” section of our 21st Annual Securities Report (in Japanese). Please refer to the table below for detailed descriptions of emerging risks we expect to have the greatest impact and our planned actions to minimize the impact on our business operation. 

Name of the Emerging RiskNatural disaster/accident risk
(Large-scale earthquake)
Production-related risks
(Fires and explosions
at production sites)
Intellectual property
related risks
Product quality
related risks 
CategoryDisasterDisasterComplianceManagement
DescriptionLarge-scale earthquakes can not only damage Renesas Group’s facilities and equipment but also can disrupt and even stop our operations. A fire, explosion, or other problems at our production sites can delay product shipments, reduce the shipment volume, and even suspend shipments.  Renesas Group or its customers may be sued for patent infringement by a third party. The result of the lawsuit may prevent the Group from manufacturing and selling its products in certain countries or regions and make Renesas liable for damages to third parties or customers.Defects, anomalies, or failures in the product that cannot be discovered at the time of shipment may result in the return or replacement of the product, compensation for loss, or discontinuation of use of the product, which could adversely affect our business results and financial condition.
ImpactSeriousSeriousSeriousSignificant
Mitigating Actions
  • Anti-earthquake reinforcement has been implemented in preparation for the largest scale earthquakes with the highest occurrence probability published by public institutions in each region, trench-shaped gigantic earthquake, Nankai Trough, Tokyo metropolitan/underground earthquake and active fault earthquakes labeled “S rank.”
  • In the event of an earthquake, we will implement Business Continuity Management (BCM) Plan and establish Emergency Response Headquarters (ERHQ) and an emergency task force.
  • We are investing in high-sensitivity detectors, sprinklers, production equipment and transportation fire prevention measures in compliance with national standards.
  • In the event of an incident or an issue at any of our production site, we will implement Business Continuity Management (BCM) Plan and establish Emergency Response Headquarters (ERHQ) and an emergency task force.
  • We are calling attention on our website etc., to avoid intentionally infringing on the intellectual property rights of other companies.
  • If we find other companies’ patent that may cause issues, we will implement the countermeasures according to our internal rules, working with our legal department and related business and technical departments.
  • In the event of an incident, we will investigate, decide how to respond, and take necessary actions (responding to lawsuits, settlement negotiations, etc.)
  • We establish and operate a quality management system from the product development to shipment and after-sales service, ensure continuous quality improvement, and implement risk management at the product development and modification stage. We also confirm the compliance with product safety standards through reliability tests and product evaluations.
  • When quality issues occur,  we will quickly resolve them through market defect analysis, correction, and by escalating the issue promptly.

Formulation and Implementation of Our Business Continuity Management (BCM) Plan

There are many risks that threaten economic and social activities, such as the worldwide spread of COVID-19 in 2020, or natural disasters such as frequent large-scale earthquakes and typhoons. We have a Business Continuity Management (BCM) plan as an integral part of our efforts to strengthen our risk management system so that even if such events occur, business activities will not be interrupted and impact the supply chain. All Renesas Group companies work together to formulate and promote our BCM plan in order to ensure the safety of employees, ensure a stable supply of materials and services, and also the conservation of operational resources.

We are currently carrying out a comprehensive inspection and review of our BCM plan, drawing on the experiences from damages to the manufacturing sites caused by the Great East Japan and Kumamoto Earthquakes, as well as the predicted damage scenarios of an earthquake directly beneath the Tokyo metropolitan area and a Nankai Trough Earthquake (note) to further strengthen our BCM plan. Specifically, these measures include the review of the restoration operations after a disaster (restoration procedures, clarification of personnel in charge, etc.) as well as measures to enhance earthquake resistance in manufacturing sites in preparation of large-scale earthquakes, the establishment of alternative production networks in case a manufacturing site is impacted by such disasters, and also strengthened risk communication with our customers even in normal times.

Each department involved in these issues has developed and implemented the aforementioned countermeasures sequentially. These measures are also shared across the entire Group, thus enhancing our business continuity capabilities and fulfilling our social responsibilities.

Note: Based on the estimated impact caused by either a Nankai Trough Earthquake, a Subduction Zone Earthquake around Japan Trench and Chishima Trench, an earthquake directly beneath the Tokyo metropolitan area, or earthquakes directly beneath the Chubu and Kinki areas, which have all been listed by the Japanese Cabinet Office as large-scale earthquakes likely to occur in the near future.

BCM flow

Image

 

Information Security Policy

Society’s trust is vital to any business. We established an Information Security Policy in order to appropriately protect not only information entrusted to us by our customers and business partners, but also all information assets handled by our Group.

  1. Compliance with Laws and Regulations

    We strictly adhere to all laws, national guidelines and regulations related to information security, and company regulations.

  2. Operational System

    We have built an operational system for information security measures and will continue to both maintain the system and implement improvement activities.

  3. Management of Information Assets

    In order to ensure information security, we have established and will continue to manage the correct handling of information assets in accordance with their importance.

  4. Education

    In order to raise the awareness of all our employees and executives, we provide education on items that need to be implemented in everyday operations, including laws and regulations related to information security, governmental guidelines or company regulations. We also share how our information security management system works with our customers.

  5. Accident Prevention and Response in the Event of an Accident

    We strive to prevent information security accidents from happening. In the unlikely event of an accident, we will take measures to minimize its impact, investigate the cause promptly, and take appropriate measures to prevent any recurrences.

Cybersecurity Program

  1. Oversight

    Renesas has robust executive oversight for its ongoing security program.

    • The Security Council led by CEO and the Chairman of the Board
    • Information Systems Division led by Senior Director of Global Information Security
       
  2. Testing and Vulnerability Management

    We conduct penetration tests on a regular basis and benchmark our control maturity with external advisors. In case of a cyber attack or other disaster, we have an information security disaster recovery plan and a specialist playbook in place to ensure business continuity.

    Our most recent assessments include:

    • Annual external infrastructure and web application penetration testing (October 2024)
    • Cybersecurity incidence response exercise (September 2022)
    • Benchmarked quarterly cyber controls assessment
       
  3. Employee Training

    We recognize that employee education is crucial and provide training and refreshers on cybersecurity best practice to all employees of Renesas and its subsidiaries. We have been conducting Cyber Security Awareness Training throughout 2023.