Risk Management
An introduction to the Yamaha Motor Group’s initiatives in the areas of risk management, crisis management, and business continuity
We are working to reduce risk through various mechanisms and activities. During normal times, we clarify the departments in charge of handling specific risks and conduct measures by implementing the PDCA cycle. In the event of a major crisis, we establish an emergency task force with the President and Chief Executive Officer as the chief general manager to minimize damage and impact.
Risk Management Structure
The Yamaha Motor Group, as part of its risk management framework, appoints a Chief Risk and Compliance Officer (CRCO) who, based on the Rules of Risk Management, serves as the chair of the Global Risk and Compliance Management Committee, which is composed of executive officers appointed by the CRCO, and monitors risks on a Groupwide basis while also designating significant risks at the Group level to be tackled as priorities and checking on activities to address risks.
In addition, as a subordinate committee, the Group has established the Global Risk and Compliance Steering Committee, which is composed of Risk and Compliance Officers overseeing major regions appointed by the CRCO, and the Risk and Compliance Promotion Meeting, which is composed of division managers of divisions responsible for risk at the headquarters, to deliberate on policies, plans, monitoring, and countermeasures for risk management from a specialized perspective. The results of these discussions are reported to the Board of Directors by the CRCO as appropriate, and a system that ensures effectiveness is in place.
Furthermore, the divisions in charge of each individual risks, based on the deliberations of the Global Risk and Compliance Management Committee, establish risk response policies and regulations for their respective risks. Additionally, they shall promote countermeasure activities, monitor activities, etc., based on the response policies, directed towards the relevant departments at headquarters and group companies.
To ensure effectiveness, the integrated auditing division carries out audits of the divisions in charge of risk management.
Risk Management Activity Cycle
Risk management activities are promoted through the repetition of the following PDCA (plan, do, check, and act) cycle. The Yamaha Motor Group has prepared a risk management ledger of all risks that need to be covered, and works to reduce risk by appropriately managing and operating the risk management ledger.
Significant Risks at the Group Level
Each year, risks that need to be prevented and addressed as special priorities are determined to be significant risks at the Group level. In addition to the results of risk assessment at the Group level, significant risks at the Group level can be comprehensively determined and designated based on the Group's business strategy, legal and regulatory changes inside or outside the Group, or other developments including information concerning the likelihood of a risk event occurring or the operating environment.
2026 Group Major Risks
| Risk Items | Background | Measures |
|---|---|---|
| Cybersecurity | As cyber attacks become more sophisticated, in addition to the measures led by the IT department, it is necessary to take measures for the supply chain, including factory equipment and business partners, and to collaborate with other companies and departments. Even In the event of a cyber attack, it is crucial to implement company-wide actions, including establishing a response and recovery system that ensures business continuity. | Implement measures on both the hardware and software fronts based on a cyber security policy that complies with global standard cyber security frameworks. These measures will improve our ability to defend against and respond to increasingly sophisticated attacks. We will also incorporate measures to detect attacks as early as possible and minimize damage as well as recovery time in the event of an attack. |
| Violation of Human Rights | In recent years, conflicts and poverty have become more serious, and human rights violations and the opportunities for violations are on the rise. On the other hand, our business is involved in multiple industries, and the supply chain involved is wide, and globalization is expanding and the risk environment is increasing. | We will promote the incorporation of human rights provisions and the acquisition of memorandums of understanding for dealers and direct material suppliers, aiming for 100% by 2027. We promote human rights due diligence in the Group, identify negative impacts, and strive to reduce, correct, and prevent such risks. In particular, we will promote the expansion of the supply chain and support the promotion of improvement through on-site confirmation of business partners selected based on risk assessments, SAQs, etc. At the same time, we will develop secondary and tertiary business partners. |
| Confidential Information Leakage | We have conducted various activities to minimize the risks so far. However, considering the economic security as well as information security enhancement, it is necessary to promote our activities further across the Group. | - Implement the Group Guidelines globally, and promote confidential information management activities within the Group companies. - Expand the area for which the information management structure is verified. - Increase cooperation with regional Group companies. - Global measures to minimize the risks of information leakage. |
| Death or Serious Injury During Business Activities due to Equipment, Machinery, etc. | A fatal occupational accident occurred due to equipment and machinery at YMC factory in the first half of year 2023. We have selected this theme because many group companies also have similar equipment and machinery in conducting business activities and it is necessary to raise the level of occupational safety and health by entire group, so that such serious occupational accidents never occur again. | In order to foster a safety first culture throughout the Group and to continuously promote initiatives aimed at zero occupational accidents, we have established a Group policy and targets and developed a governance system, etc. in 2024. In this medium-term period, we will minimize the risks of occupational accidents by thoroughly eliminating and reducing risks through the development and operation of Occupational Health and Safety Management System, ISO45001, in major manufacturing companies. In addition, we will strengthen governance and efforts to prevent recurrence of occupational accidents by understanding and analyzing the occurrence status of all Group companies. |
| Violation of Laws and Regulations Concerning Product Quality | Compliance with laws and regulations related to product quality is directly linked to the trust of customers and local communities, and strict management is increasingly required. In addition, it is expected that new laws and regulations will be established in line with the spread and diversification of CASE-related products and services in the world and the realization of a recycling society, and that such laws and regulations will be expanded to each country. We have selected this system because it is necessary for the entire company to respond to these changes without delay. |
We will work to ensure that we comply with product quality-related regulations through means such as collecting and disseminating regulatory information, and confirming that regulatory requirements are incorporated. We will also conduct strategic regulatory activities for new businesses. At the same time, we will strengthen the foundations of the legal management processes of each business, with the Quality Assurance Center Corporate Quality Section, as the hub for company-wide activities, in conjunction with the development of the Yamaha Motor Group Quality Assurance Regulations, which are based on ISO 9001. |
| Factory Closedown Due to Interruption of Supply Chain | In the recent procurement environment, geopolitical risks have become apparent, and the risk of supply chain disruptions for rare earths and other materials has increased. Therefore, we will strengthen supply chain resilience while also taking geopolitical risks into account. | We will advance short-term measures to strengthen contract arrangements with suppliers for securing materials and components, as well as systems for maintaining raw material inventories, alongside medium- to long-term measures including the development of alternatives and specification changes. |
| AI Governance | We recognize the ethical, legal, and social risks associated with the use of AI technology and the associated security risks peculiar to AI use as a global management issue. Taking into account international trends, we will strive to establish and continuously strengthen our AI governance framework, aiming to achieve sustainable growth and fulfill our social responsibilities. | We evaluate AI-powered systems and services based on a risk-based approach. We implement appropriate countermeasures commensurate with the risks. Furthermore, we promote the appropriate use of AI through employee training and awareness activities. |
Crisis Management Structure and Activities
The Yamaha Motor Group works to minimize the damage from and quickly resolve crisis situations as per the “Rules for Initial Response to an Emergency.”
In the event of a disaster, accident, or compliance-related incident at the Group, the division involved will report to the risk supervising section and the divisions in charge of risk management as per standards for determining the level of reporting, which are set in advance. If the reported event is of a scale significant enough to warrant the involvement of Group management or multiple divisions and/or companies, the risk supervising section will refer the matter to a response team designated in advance, and an Emergency Countermeasure Headquarters, chaired by the President, will be established. The headquarters will work to understand the situation and formulate a provisional response, and, if necessary, will promptly report on the matter to customers and related parties.
Business Continuity Planning
To prepare against envisioned risks that could impact the continuity of our business, Yamaha Motor has formulated “Rules of Business Continuity” and responds as per those Rules.
Yamaha Motor's primary operations are concentrated in Shizuoka Prefecture, and could be affected if a major earthquake were to occur in the Nankai Trough.
To prepare for disasters, we have taken steps such as earthquake-proofing our buildings and facilities based on damage predictions from government bodies in order to prevent and mitigate disasters. We are prepared to respond to tsunamis and have stockpiled food, water and other necessities and prepared emergency means of communication. We regularly conduct company-wide disaster drills including nearby Group companies (including night drills for some departments), conduct periodic drills in safety confirmation and also hold initial response drills for individual locations. In addition to all this, we have formulated a BCP that seeks to ensure business continuity while prioritizing the lives and safety of our employees.
We have selected our priority businesses, and we implement continuous and comprehensive measures for both tangible and intangible aspects, including identifying and formulating countermeasures to bottlenecks to recovery, clarifying recovery procedures, selecting response personnel in advance and establishing a system for gathering information from the supply chain.
Furthermore, Group companies have developed infection prevention measures, identified issues that could affect the continuity of their operations, and are formulating response plans in case a pandemic should occur.
We responded to COVID-19 in accordance with our Procedure for Business Continuity (Pandemic Influenza Version), setting up a COVID-19 Task Force headed by the President which collected information, determined response policies, and communicated information. Furthermore, to prepare for the possibility of another pandemic occurring in the future, we are engaged in ongoing initiatives that use the experiences and knowledge we gained from dealing with COVID-19.
Additionally, we have also established the “Procedure for Business Continuity (Cybersecurity Incident Version)” to address critical incidents caused by cyberattacks, setting out specific structures and procedures for initial response, business continuity, and recovery measures.
Cybersecurity
To protect the products and services used by our customers, and also protect information assets such as personal and confidential information, the Yamaha Motor Group has established a Cybersecurity Policy and is taking steps to address this issue.
Specifically, in addition to the basic defensive measures already in place, such as anti-malware and anti-vulnerability measures, the Group has a Security Operation Center (SOC) that monitors for irregularities and a Computer Security Incident Response Team (CSIRT) that responds to incidents to prepare for contingencies. The Group also provides training to increase employees' cybersecurity literacy, conducts assessments to ascertain the situation at each Group company and develop improvement plans, and makes other ongoing efforts to reduce cyber risks.
To help ensure product security, we joined Auto-ISAC* in both Japan and the USA, and the company's Product Security Incident Response Team (PSIRT) uses an understanding of the latest security information and of incidents that have occurred, including in the supply chain, to assist in its responses.
*Auto-ISAC(Automotive Information Sharing & Analysis Center)
Management of Information
In 2013, the Yamaha Motor Group established the Group Operations Guidelines, determining the Groupwide policy related to information management in general, including confidentiality management, document control, protection of personal information, and management of disclosed information. With the development of information communication technology and expansion in the use of big data, strict laws and ordinances related to the protection of personal information are being established in various countries. In response, the entire Group, established a system for protecting personal information and setting rules on the handling of personal information (notifying and obtaining consent when acquiring personal information, safety management steps, handling requests involving an individual's rights, dealing with leaks, etc.). Yamaha Motor and its Group companies around the world are cooperating in the promotion of a global response.
Furthermore, the Yamaha Motor Group Privacy Policy states compliance with the laws and regulations regarding personal information protection in each country. In relation to overall information management (including the protection of personal information), each year, we also monitor the status of the handling of information among Group companies. Recommendations are made based on the results. At the same time, we execute group training, e-learning, and other educational and awareness-building activities to thoroughly ensure the appropriate handling of information.
If the Yamaha Motor Group becomes aware of any leak (or the possibility of a leak) of personal information, we will promptly conduct the necessary investigation and take the necessary measures such as reporting to the supervisory authority and notifying the individual in accordance with applicable laws and regulations, as well as taking disciplinary action and other strict measures in accordance with applicable regulations.
There were no significant legal violations, penalties, surcharges, etc. related to the protection of personal information in 2024.
