Skip to Main Contents

Risk Management

An introduction to the Yamaha Motor Group’s initiatives in the areas of risk management, crisis management, and business continuity

Risk Management Structure

Based on the Rules of Risk Management, the risk management structure works toward the thorough reduction of risks on a Groupwide basis, and is led by the Risk Management and Compliance Committee and its subordinate council, the Risk Management and Compliance Promotion Meeting, which comprises the risk management supervising section and divisions in charge of risk management. The Committee, chaired by the President and Chief Executive Officer, monitors risk on a Groupwide basis while also designating significant risks at the Group level to be tackled as priorities and checking on activities to address risk.

Furthermore, the divisions in charge of risk management formulate response policies and rules for the risks under their charge, promote activities to address risk based on these response policies, etc., and monitor activities at headquarters divisions and Group companies.

From Risk Assessment to Response

Risk Management Activity Cycle

Risk management activities are promoted through the repetition of the following PDCA (plan, do, check, and act) cycle. The Yamaha Motor Group has prepared a risk management ledger of all risks that need to be covered, and works to reduce risk by appropriately managing and operating the risk management ledger.

Significant Risks at the Group Level

Each year, risks that need to be prevented and addressed as special priorities are determined to be significant risks at the Group level. In addition to the results of risk assessment at the Group level, significant risks at the Group level can be comprehensively determined and designated based on the Group's business strategy, legal and regulatory changes inside or outside the Group, or other developments including information concerning the likelihood of a risk event occurring or the operating environment.

Fiscal 2019 Significant Risks at the Group Level Background Measures
Natural disasters The main Group manufacturing plants in Japan are concentrated near the epicenter of the predicted Nankai Trough Megaquake, and measures must be taken to prepare for typhoons and other natural disasters. Natural disasters have, therefore, been designated as significant risks.   The Group is promoting measures to deal with the scenario of a Nankai Trough Megaquake as well as measures to address other earthquakes, typhoons, and other natural disasters.
Violation of laws and regulations concerning product quality Compliance with regard to product quality is a fundamental and important issue for manufacturers. Further strengthening the structures put in place by the Group to prevent the violation of laws and regulations is necessary. Violation of laws and regulations concerning product quality has, therefore, been designated a significant risk. The Group strives to gain information regarding the establishment of and changes to laws and regulations concerning product quality. In addition, the Group works to create mechanisms that reflect this information appropriately in in-house regulations and standards, while pursuing improvement activities and other efforts.
Major accidents involving a Yamaha product A major accident involving a Yamaha product is one of the causes of market penalties such as large-scale recalls. The Group must make continual efforts to ensure zero incidence of such incidents. Major accidents involving a Yamaha product have, therefore, been designated significant risks. The Group is promoting information-gathering activities linked to product accidents and making efforts to raise quality awareness among all employees.
Cybersecurity The degree of reliance on and the importance of information systems within the Group's business activities is increasing. Measures are needed to prevent leaks of personal or confidential information, information system damage, etc., caused by cyberattacks and computer virus infections. Cybersecurity has, therefore, been designated a significant risk. The Group is taking measures covering both tangible and intangible aspects of cybersecurity to increase protection against external attacks, to detect an attack at an early stage, and to minimize the damage in the event an attack were to occur.

Crisis Management Structure and Activities

The Yamaha Motor Group works to minimize the damage from and quickly resolve crisis situations as per the “Rules for Initial Response to an Emergency.”

In the event of a disaster, accident, or compliance-related incident at the Group, the division involved will report to the risk management supervising section or the divisions in charge of risk management as per standards for determining the level of reporting, which are set in advance. If the reported event is of a scale significant enough to warrant the involvement of Group management or multiple divisions and/or companies, the risk management supervising section will refer the matter to a response team designated in advance, and an Emergency Countermeasure Headquarters, chaired by the President, will be established. The headquarters will work to understand the situation and formulate a provisional response, and, if necessary, will promptly report on the matter to customers and related parties.

Management of Information

The Yamaha Motor Group formulated the Yamaha Motor Group – Privacy Policy in 2003 and complies with the local laws and regulations related to the protection of personal information in each of the countries in which it operates. In Japan, we responded proactively to the introduction of the My Number system in 2016 by formulating the Yamaha Motor Group Detailed Operational Guidelines relating to the Protection of Designated Personal Information in 2015. We have also reflected the 2017 revisions to the Act on the Protection of Personal Information in the previously formulated Group Operational Guidelines for Protecting Personal Information and expanded coverage to the Group's subsidiaries in Japan. As for the GDPR (General Data Protection Regulation) enacted in Europe in 2018, Yamaha Motor Europe N.V. and the parent company are working together toward global compliance.

Employees handling personal information undergo training and education via compliance seminars held by the risk management supervising section and e-training. The divisions in charge of risk management also provide direct advice and guidance and other measures to ensure that customer information is handled appropriately.

In fiscal 2018, there were no complaints about violations of our customers’ privacy.

Cybersecurity

The Yamaha Motor Group has implemented IT-related information security measures for the entire Group, covering areas including access management, malware countermeasures, and disaster responses.

Group employees also undergo IT risk training annually, and assessments are carried out every year at Group companies as we strive to strengthen security.

In addition, given the increasing sophistication of cyberattacks in recent years, Yamaha Motor implements measures covering both tangible and intangible aspects of cybersecurity to increase our protection against external attacks, and to detect an attack at an early stage and to minimize the damage in the event an attack were to occur. A Groupwide Computer Security Incident Response Team has also been established to prepare against unforeseen events and also to function for receiving and transmitting security information inside and outside the Company.

Business Continuity Planning

To prepare against envisioned risks that could impact the continuity of our business, Yamaha Motor has formulated “Rules of Business Continuity” and responds as per those Rules.

Yamaha Motor's primary operations are concentrated in Shizuoka Prefecture, and could be affected if a major earthquake were to occur in the Nankai Trough. To prepare for this, we have formulated a Business Continuity Plan to maintain the continuity of business operations, based on the damage projected by government bodies and are placing foremost priority on the lives and safety of our employees.

Specifically, buildings and equipment have been made earthquake and tsunami resistant, emergency stockpiles of food, water, and other essentials are maintained, emergency methods for telecommunications are in place, and Companywide evacuation drills (including at Group companies located nearby and night drills) and safety confirmation drills are carried out regularly. Also, regular initial response drills are carried out at the headquarters and individual business units, procedures to restore operations have been clarified, and a system for gathering supply chain information is in place. These and other measures addressing both tangible and intangible effects are carried out comprehensively and continuously.

Another concern is the outbreak of a potentially global pandemic. To prepare for this possibility, Group companies identify issues that could affect the continuity of their operations and formulate response plans. Drills simulating actions to be taken at various stages prior to the full-scale outbreak of a pandemic are carried out regularly, and a structure is in place to guarantee that businesses are able to continue operating.

Back to
Top