Risk Management: Integrated Risk Management and Monitoring

MC implements integrated approach to risk management and monitoring in addition to responding to risks individually. For example, we identify operational risks, which have grown increasingly important in recent years. Every year, we report our assessment of these risks to the Board of Directors. This evaluation is based on unified standards and supported by the establishment and operation of risk management systems, while considering potential changes in the external environment. For the fiscal year ended March 31, 2025, we conducted the following three-step evaluation and reported the results to the Board of Directors.

MC identifies major operational risks across the Company and evaluates them on a consolidated basis using unified standards. These risks are then plotted on a risk map. We identify “Risks that require special monitoring” (located in the upper-right corner of the map), and the Board of Directors monitors the countermeasures for these risks.

In addition to evaluating the current situation (Step 1), MC identifies external environmental factors—such as geopolitical, technology, and environmental conditions—that could influence major operational risks over the medium term. Risks particularly susceptible to such factors are classified as “Risks that require attention over the medium term” since they may escalate to “Risks that require special monitoring” in the future (see 1 , 2, 5, 7, 11, and 12 below).

In addition to “Risks that require special monitoring,” MC also designates “Risks that require attention over the medium term” as areas where we must strengthen future responses. Countermeasures for these risks are as follows, and monitored by the Board of Directors.

We continue to implement and strengthen new information security measures that incorporate advanced technologies. As a top-priority compliance initiative, we also provide ongoing employee education and training programs to ensure readiness against cyberattacks.

In addition to maintaining IT system-related regulations, we utilize high-quality, high-security data centers and actively promote cloud migration. Furthermore, we conduct an annual large-scale disaster response drill for critical systems.

To address geopolitical uncertainties, we hold management meetings informed by data gathered from our global network. We also manage country risk on a company-wide level to mitigate risks such as war, civil unrest, nationalization, and foreign remittance restrictions.

For the two assets—steelmaking coal and copper—determined to have a high level of exposure to physical risks in the physical risk assessment, we conduct annual reviews to confirm updates to current measures and future adaptation strategies.

We have prepared initial response and business continuity plans (BCP) for both Japan and overseas operations on a consolidated basis.

We have established a structure to safeguard the lives and safety of employees globally on a consolidated basis.