Skip to Main Contents

Risk Management

An introduction to the Yamaha Motor Group’s initiatives in the areas of risk management, crisis management, and business continuity

Risk Management Structure

The risk management structure works toward the thorough reduction of risks on a Groupwide basis, and is led by the Risk Management and Compliance Committee. The Committee, chaired by the President and Chief Executive Officer, monitors risks on a Groupwide basis while also implementing measures to address any significant risks imposed on the Group.

Specific activities are carried out as per the Rules of Risk Management, and the risk management supervising section manages Groupwide risk management activities.

From Risk Assessment to Response

Risk responses are carried out repeating a PDCA cycle based on the following steps.

リスク評価
*1
Risks specific to operating divisions and Group companies can be added to the risk management ledger as appropriate, and assessed.
*2
In addition to the results of risk assessment at the Group level, significant risks at the Group level can be comprehensively determined and designated based on the Group’s business strategy, legal and regulatory changes inside or outside the Group, or other developments including information concerning the likelihood of a risk event occurring or the operating environment.
*3
Operating divisions and Group companies also carry out activities to address risks that they have identified themselves that are not designated significant risks at the Group level.

Significant Risks at the Group Level

Significant risks to the Yamaha Motor Group at the Group level are as follows, and are addressed under the guidance of the risk management supervising section.

“Cyber security” has been newly added as a significant risk at the Group level from 2018, and is being addressed Groupwide.

2017 Significant Risks at the Group Level 2018 Significant Risks at the Group Level
Natural disaster Natural disaster
Labor dispute Labor dispute
Major accident involving a Yamaha product Major accident involving a Yamaha product
Fire or explosion* Cyber security
Risk related to transfer pricing*  
Violation of antimonopoly law*  

* The risk management supervising section has addressed the three risks of “Fire or explosion,” “Risk related to transfer pricing,” and “Violation of antimonopoly law” by establishing a structure to address these risks at the Group level, and with the establishment of this framework for continuous monitoring, these risks have been transferred from significant risk at the Group level designation to risks managed at the division level.

Crisis Management Structure and Activities

The Yamaha Motor Group works to minimize the damage from and quickly resolve crisis situations as per the “Rules for Initial Response to an Emergency.”

In the event of a disaster, accident, or compliance-related incident at the Group, the division involved will report to the risk management supervising section at the head office as per standards for determining the level of reporting, which are set in advance. If the reported event is of a scale significant enough to warrant the involvement of Group management or multiple divisions and/or companies, the risk management supervising section will refer the matter to a response team designated in advance, and an Emergency Countermeasure Headquarters, chaired by the Company President, will be established. The Headquarters will work to understand the situation and formulate a provisional response, and if necessary will promptly report on the matter to customers and related parties.

Business Continuity Planning

To prepare against envisioned risks that could impact the continuity of our business, Yamaha Motor has formulated “Rules of Business Continuity” and responds as per those Rules.

Yamaha Motor’s primary operations are concentrated in Shizuoka Prefecture, and could be affected if a major earthquake were to occur in the Nankai Trough. To prepare for this, we have formulated a Business Continuity Plan to maintain the continuity of business operations, based on the damage projected by government bodies and placing foremost priority on the lives and safety of our employees.

Specifically, buildings and equipment have been made earthquake and tsunami resistant, emergency stockpiles of food, water, and other essentials are maintained, emergency methods for telecommunications are in place, Companywide evacuation drills (including Group companies located nearby and night drills) and safety confirmation drills are carried out regularly, regular initial response drills are carried out at the headquarters and individual business units, procedures to restore operations have been clarified, and a system for gathering supply chain information is in place. These and other measures addressing both tangible and intangible effects are carried out comprehensively and continuously.

Another concern is the outbreak of a potentially global pandemic. To prepare for this possibility, Group companies identify issues that could affect the continuity of their operations and formulate response plans. Drills simulating actions to be taken at various stages prior to the full-scale outbreak of a pandemic are carried out regularly, and a structure is in place to guarantee that businesses are able to continue operating.

Structure for and Initiatives in Information Security

Management of information

The Yamaha Motor Group has formulated the Group Operational Guidelines for Information Management to ensure the proper handling of confidential information, including information received from customers and employees, and the Company’s financial and technical information. We aim to increase the awareness and understanding of these Guidelines at Group companies by sharing educational materials and other template tools with employees at those companies.

Organizations handling important information involving the Yamaha Motor Group regularly inspect the status of management and this information becomes the basis for reviews and revisions of information management. The results of these inspections are communicated to the employees in positions of each organization as a way to raise awareness of information management.

Heightened awareness and efforts to strengthen regulations regarding privacy has been a major global theme in recent years, and at the Yamaha Motor Group we formulated the Yamaha Motor Group - Privacy Policy in 2003 and comply with the local laws and regulations related to the protection of personal information in each of the countries in which we operate. In Japan, we responded proactively to the introduction of the My Number system in 2016 by formulating the Yamaha Motor Group Detailed Operational Guidelines relating to the Protection of Designated Personal Information in 2015. We have also revised the previously formulated Group Operational Guidelines for Protecting Personal Information to reflect the 2017 revisions to the Act on the Protection of Personal Information and to expand coverage to the Group’s subsidiaries in Japan in addition to the parent company. As for the regulatory changes being enacted in Europe in 2018, Yamaha Motor Europe N.V. and the parent company are working together toward global compliance.

Employees handling personal information received from customers undergo training and education via compliance seminars held by the risk management supervising section and e-training. The risk management supervising section of the parent company also provides direct advice and guidance and other measures to ensure that customer information is handled appropriately.

No complaints were filed with regard to infringements of personal privacy in fiscal 2017.

Cybersecurity

Based on the IT Risk Management Group Guidelines, the Yamaha Motor Group has implemented IT-related information security measures for the entire Group, covering areas including access management, malware countermeasures, and disaster responses. Group employees also undergo IT risk training annually, and assessments are carried out every year at Group companies as we strive to strengthen security. In addition, given the increasing sophistication of cyberattacks in recent years, a set of new Cybersecurity Group Guidelines has been formulated covering both tangible and intangible aspects of cybersecurity to increase our protection against external attacks, and to detect an attack at an early stage and to minimize the damage in the event an attack were to occur. A Groupwide Computer Security Incident Response Team has also been established to prepare against unforeseen events and also to function as a structure for receiving and transmitting security information inside and outside the Company.

Back to
Top