RISK MANAGEMENT



Basic Approach

Mazda makes continuous efforts to identify and reduce various internal and external risks in accordance with the Basic Policy on Risk Management, Risk Management Regulations, and other related internal regulations, so as to ensure the continuous and stable progress of business activities. Considering the level of importance, individual business risks among the risks identified are managed by the department in charge of that business area while Companywide risks are handled by departments responsible for Companywide processes. These departments manage the risks appropriately through the implementation of a plan–do–check–act (PDCA) cycle. In the event of an emergency, such as a natural disaster or situation that creates serious managerial consequences, Mazda takes appropriate measures based on its internal regulations, which may include establishing an emergency response taskforce to respond to the situation where necessary.

 

Moreover, Mazda has created the Risk & Compliance Committee to further enhance and strengthen risk management at the Company and its affiliates. The committee selects risks that are to be prioritized in a Companywide manner based on major risks identified by individual departments and information on risk trends. Then, every six months, it checks to confirm that progress is being made on risk countermeasures. The Risk & Compliance Committee reports to the Board of Directors on its activities every six months. Also, Mazda is working to enhance its business continuity plan (BCP) to ensure that society would not be severely impacted by a halt to its operations.

 

For more information, please refer to Business Risks on page 24-27 of Mazda’s Annual Securities Report for FY March 2024.

 

【Statistics from FY March 2024】

Formulation of shared rules for Group companies to enhance their risk management activities, assessment of conditions at Group companies based on rules, and pursuit of improvements

Frameworks

Risk Management Framework


Risk Management Structure in Normal Times

Emergency Risk Management Structure

For incidents that fall outside the scope of existing risk management organizations and require a coordinated interdepartmental response, the executive officer in charge of risk management will consult with the president, establish an emergency response taskforce, and appoint a general manager for this taskforce.

Basic Policies for Risk Management

 

Concept

With the advance of IT and globalization and the growing awareness of environmental issues and legal compliance, the environment surrounding Mazda’s activities is rapidly changing, and it can be expected to change even further in the future. There is a need to accurately respond to such changes in the environment and to minimize the potential risks that threaten to interfere with the continuity and stability of our business activities. The Company must also create a system that will allow a rapid recovery when abnormal circumstances or emergencies occur and enable it to gain the strong trust of its customers, shareholders, and the community. The entire Mazda Group shall promote risk management and strive to maintain the earnest trust of society.

 

Goals

Through the following measures, Mazda shall strive to enhance corporate value and maintain harmony with the community.

  1. Ensure the health and safety of all those who make up the Mazda Group as well as community members
  2. Maintain and increase trust from the community
  3. Make appropriate use of the tangible and intangible corporate assets of the Mazda Group
  4. Protect the interests of the stakeholders, earn their trust, and meet their expectations
  5. Maintain the functions of the organization and seek a rapid restoration of business activities at the time of abnormal circumstances or emergencies

 

Action Policy

All corporate officers and all employees shall have responsibility for carrying out risk management based on the understanding that risk exists in every facet of business activities. Risk management shall be addressed from all angles at every stage of operations.

 

Methods

Risk management activities shall be divided into two types:

  1. Continuous efforts to prevent and mitigate potential risks existing in everyday duties and the proactive utilization of such measures (risk management)
  2. Minimization of damage resulting from crisis and rapid recovery (crisis management)

 

Scope of Application

  1. Shall include the control of all types of business risk
  2. Shall apply to the entire Mazda Group including subsidiaries and related companies

Response to Accidents and Other Emergencies

Mazda has been continuously implementing measures to respond to natural disasters in preparation for major earthquakes, such as the projected potential Nankai Trough earthquake, and the tsunamis that may follow such earthquakes. Examples of such measures include infrastructure-related measures, such as quake-proofing buildings and facilities and raising embankments, but also the systematic development of framework-related measures by introducing an employee safety confirmation system, organizing self-disaster-defense teams, and conducting training for the operations of these systems. Furthermore, the Company holds disaster drills jointly with fire authorities in preparation for disasters. In addition to simultaneous evacuation drills, the Company has been conducting practical disaster drills to prevent the spread of damage to neighboring areas due to a secondary disaster by incorporating disaster simulation exercises to respond to various emergency situations, such as the leakage of high-pressure gas or hazardous substances, as well as practical skills training.

Information Security

Mazda manages and protects personal information and other important information appropriately based on its established information management policies and internal regulations. The Company also checks the implementation status of information security measures and the management system each year so as to ensure information security.As for the system to promote information security, a Companywide information security officer is appointed from among the officers. Under the guidance of this officer, the Information Security Committee*1 recognizes cybersecurity risks across the entire supply chain, submits improvement plans to the Executive Committee Meeting, and discusses and implements ongoing improvement measures. In addition, Mazda works together with suppliers to enhance the quality of cybersecurity measures for its products by participating in the Automotive Information Sharing and Analysis Centers (Auto-ISACs) of Japan and the United States,*2 responding to information on security incidents detected within the industry, and adopting best practices. The Company also complies with the cybersecurity standards instituted in July 2022.

 

To raise employee awareness about information security, Mazda requires its employees to take part in training on the management of confidential information, protection of personal information, and IT security. Other educational efforts are conducted on an ongoing basis, including the provision of an intranet site dedicated to insight and knowledge on information security. In addition, the Company provides guidelines and educational tools regarding information security to Group companies as part of Groupwide efforts to ensure rigorous information security.

 

*1 An organization that manages Companywide information security on a global basis. The committee regularly holds Companywide information security meetings as the decision-making body regarding information security issues on a Companywide level.

*2 In addition to participating in the U.S. Auto-ISAC, Mazda has participated in the establishment and operation of the Auto-ISAC of Japan (J-Auto-ISAC).

Protection of Personal Information

Mazda rigorously protects personal information in line with its own Personal Information Protection Policy. Handling rules are set out in order to ensure appropriate management of personal information, regular examination of management records for retained personal data is conducted, and management statuses are checked once a year. In cases in which the handling of personal information is entrusted to outside parties, such contractors are carefully selected based on a checklist for confirming security management and other necessary provisions. The Mazda Call Center responds to customers who wish to inquire about the Company’s handling of personal information and those who request disclosure regarding privacy issues. In response to the establishment and revision of laws and regulations concerning personal information in countries of operation and changes to the ways in which personal information is handled through the application of IT, the Company reviews its rules and mechanisms to enable more proper management of personal information.

Intellectual Property

Basic Policy on Intellectual Property

Mazda’s overall vision for intellectual property is to use intellectual property as a management resource in support of its business management and corporate activities, prefaced on respect for its own and others’ intellectual property rights. Based on this vision, Mazda has established the Intellectual Property Committee to discuss and decide key items regarding intellectual property. The committee is comprised of division general managers from related divisions and chaired by an executive officer responsible for intellectual property issues. Also, an invention incentive system has been put in place to increase motivation for inventions among employees working at the forefront of research and development. The Company supports Group companies in Japan and overseas in developing and implementing policies and establishing systems for handling intellectual property with the aim of enhancing the intellectual property management functions of the entire Mazda Group.

Invention and Device Awards

Once a year, on the anniversary of Mazda’s foundation, certificates of commendation, commemorative medals, prize money, and other honors are presented to selected recipients through the manager of their department. No limit is set for the amount of prize money so that inventors can be fully rewarded for their contribution.

Protection of Intellectual Property and Intellectual Property Risk Management

Mazda’s dedicated Intellectual Property Department leads internal activities regarding intellectual properties so as not to infringe upon the intellectual property rights of other companies, and conducts strategic activities aimed at fiercely protecting, accumulating, and making optimal use of the intellectual properties generated through these in-house activities.

  1. Globally obtains rights concerning intellectual properties created by business activities, including new technologies, markings, model names, and vehicle designs, and protects Mazda technologies, designs, and the Mazda brand
  2. Takes steps to exhaustively uncover as well as prevent and resolve any issues regarding intellectual properties that may obstruct business activities, such as infringement of other parties’ patent rights, trademark rights, design rights, and copyrights, and violations of the Unfair Competition Prevention Act

Awareness-Raising Activities

The Mazda Corporate Ethics Code of Conduct stipulates “Keep confidential information. Never infringe on any intellectual property rights, whether belonging to Mazda or another party,” so as to clearly convey a relevant code of conduct to all employees and guide their behavior. The Intellectual Property Department is responsible for the overall management of intellectual property, and also regularly conducts awareness-raising activities to instill respect for intellectual property law. Based on periodic review of risks according to changes in the operating environment, this department offers awareness-raising programs tailored to the management level and position of each employee and executive at Mazda and at Mazda Group companies in Japan and overseas as well as programs based on specific intellectual properties with the potential to give rise to social issues. For example, we provide education on intellectual property risks that can emerge from joint development in light of the rise in co-creation activities for developing new technologies and services together with external partners. Also, in response to an increase in communication through social media, the Company has recently been providing education with particular focus on intellectual property risks in the internet environment, thereby promoting information sharing and awareness raising to prevent intellectual property-related issues.

Examples of Awareness-Raising Activities

  • Offering webinars and e-learning programs on intellectual property risks
  • Preparing manuals for creating and publishing materials
  • Developing the Mazda-Shared Image-Collection that compiles communication materials free of risks of intellectual property infringements

Brand Protection (Measures to Combat Imitation Products)

To protect customers, Mazda strives to eliminate the risk posed to customers by the purchase of imitation products. Mazda is prioritizing components related to safety in particular. These activities are aimed at improving the strength of the Mazda brand and its trustworthiness as a brand that continues to be relied on by customers.

Details of Activities

  1. Mazda develops and implements its own measures against the sale of imitation products.
  2. Mazda actively participates in programs organized by the private and public sectors against imitation products.
  3. To promote brand protection activities in countries and regions that are major sources of imitation products, Mazda implements constructive and systematic measures through local affiliates and in close cooperation with industry peers and government and other agencies tasked with exposing imitation products.