Governance
Governance | Risk Management | Ethics and Compliance | Executive Compensation | Tax Policy
Risk Management
At Renesas we understand that early identification and analysis of Group-wide risks and early responses to resolve them are vitally important management issues, and we are continually working on strengthening our risk management.
Risk Management System
We have established a group-wide risk management system based on the “Renesas Electronics Group Risk and Crisis Management Regulations”. We regularly maintain our risk management system for possible risks that may occur, and for each one a department will be put in charge of crisis management according to the type of risk, and that department will conduct the day-to-day risk management. We also attempt to identify and group risks in advance that are then represented realistically in our Risk Map, while at the same time formulating contingency measures to prevent those risks, as well as systems and response policies in the event of such risks happening. Furthermore, in the event of an emergency, we establish an Emergency Response Headquarters (ERHQ) led by our CEO, which brings information together, proposes countermeasures, and takes measures to minimize losses.
Establishment of Emergency Response Headquarters (ERHQ) in the event of a company-wide emergency
(taken from the “Renesas Electronics Group Risks and Crisis Management Regulations”)
- An ERHQ will automatically be set up in the event of an earthquake with a seismic intensity of lower 6 or higher
- Other than the above, our CEO will make the decision to call for an ERHQ (if there are risks such as accidents, disasters, or incidents that are recognized as having a major social impact on the group, or when he feels it is especially necessary).
Renesas Group's Risk Management System
Emergency Task Force
Renesas Group Risk Management Control Flow
We disclose business risks identified by Renesas' Risk Management System led by our CEO in the “Business Risks” section of our 21st Annual Securities Report (in Japanese). Please refer to the table below for detailed descriptions of emerging risks we expect to have the greatest impact and our planned actions to minimize the impact on our business operation.
| Name of the Emerging Risk | Natural disaster/accident risk (Large-scale earthquake) | Production-related risks (Fires and explosions at production sites) | Intellectual property related risks | Product quality related risks |
|---|---|---|---|---|
| Category | Disaster | Disaster | Compliance | Management |
| Description | Large-scale earthquakes can not only damage Renesas Group’s facilities and equipment but also can disrupt and even stop our operations. | A fire, explosion, or other problems at our production sites can delay product shipments, reduce the shipment volume, and even suspend shipments. | Renesas Group or its customers may be sued for patent infringement by a third party. The result of the lawsuit may prevent the Group from manufacturing and selling its products in certain countries or regions and make Renesas liable for damages to third parties or customers. | Defects, anomalies, or failures in the product that cannot be discovered at the time of shipment may result in the return or replacement of the product, compensation for loss, or discontinuation of use of the product, which could adversely affect our business results and financial condition. |
| Impact | Serious | Serious | Serious | Significant |
| Mitigating Actions |
|
|
|
|
Formulation and Implementation of Our Business Continuity Management (BCM) Plan
There are many risks that threaten economic and social activities, such as the worldwide spread of COVID-19 in 2020, or natural disasters such as frequent large-scale earthquakes and typhoons. We have a Business Continuity Management (BCM) plan as an integral part of our efforts to strengthen our risk management system so that even if such events occur, business activities will not be interrupted and impact the supply chain. All Renesas Group companies work together to formulate and promote our BCM plan in order to ensure the safety of employees, ensure a stable supply of materials and services, and also the conservation of operational resources.
We are currently carrying out a comprehensive inspection and review of our BCM plan, drawing on the experiences from damages to the manufacturing sites caused by the Great East Japan and Kumamoto Earthquakes, as well as the predicted damage scenarios of an earthquake directly beneath the Tokyo metropolitan area and a Nankai Trough Earthquake (note) to further strengthen our BCM plan. Specifically, these measures include the review of the restoration operations after a disaster (restoration procedures, clarification of personnel in charge, etc.) as well as measures to enhance earthquake resistance in manufacturing sites in preparation of large-scale earthquakes, the establishment of alternative production networks in case a manufacturing site is impacted by such disasters, and also strengthened risk communication with our customers even in normal times.
Each department involved in these issues has developed and implemented the aforementioned countermeasures sequentially. These measures are also shared across the entire Group, thus enhancing our business continuity capabilities and fulfilling our social responsibilities.
Note: Based on the estimated impact caused by either a Nankai Trough Earthquake, a Subduction Zone Earthquake around Japan Trench and Chishima Trench, an earthquake directly beneath the Tokyo metropolitan area, or earthquakes directly beneath the Chubu and Kinki areas, which have all been listed by the Japanese Cabinet Office as large-scale earthquakes likely to occur in the near future.
BCM flow
Information Security Policy
Society’s trust is vital to any business. We established an Information Security Policy in order to appropriately protect not only information entrusted to us by our customers and business partners, but also all information assets handled by our Group.
Compliance with Laws and Regulations
We strictly adhere to all laws, national guidelines and regulations related to information security, and company regulations.
Operational System
We have built an operational system for information security measures and will continue to both maintain the system and implement improvement activities.
Management of Information Assets
In order to ensure information security, we have established and will continue to manage the correct handling of information assets in accordance with their importance.
Education
In order to raise the awareness of all our employees and executives, we provide education on items that need to be implemented in everyday operations, including laws and regulations related to information security, governmental guidelines or company regulations. We also share how our information security management system works with our customers.
Accident Prevention and Response in the Event of an Accident
We strive to prevent information security accidents from happening. In the unlikely event of an accident, we will take measures to minimize its impact, investigate the cause promptly, and take appropriate measures to prevent any recurrences.
Cybersecurity Program
Oversight
Renesas has robust executive oversight for its ongoing security program.
- The Security Council led by CEO and the Chairman of the Board
- Information Systems Division led by Senior Director of Global Information Security
Testing and Vulnerability Management
We conduct penetration tests on a regular basis and benchmark our control maturity with external advisors. In case of a cyber attack or other disaster, we have an information security disaster recovery plan and a specialist playbook in place to ensure business continuity.
Our most recent assessments include:- Annual external infrastructure and web application penetration testing (October 2024)
- Cybersecurity incidence response exercise (September 2022)
- Benchmarked quarterly cyber controls assessment
Employee Training
We recognize that employee education is crucial and provide training and refreshers on cybersecurity best practice to all employees of Renesas and its subsidiaries. We have been conducting Cyber Security Awareness Training throughout 2023.