Risk Management: Crisis Management on a Consolidated Basis/Business Continuity Management (BCM)
Crisis Management on a Consolidated Basis/Business Continuity Management (BCM)
Structure and Concept
Crisis Management Structure on a Consolidated Basis
MC has established a comprehensive framework to safeguard the lives and safety of employees and their families while ensuring business continuity and profitability during any crisis (all-hazard approach). This structure integrates Group, Regional, and National Crisis Management Offices under the leadership and supervision of the Emergency Crisis Management Officer (Representative Director and Executive Vice President Yoshiyuki Nojima).
- *As of November 1, 2024
All-Hazard Approach
Based on an all-hazard approach, MC has established an internal framework designated to anticipate and address a wide range of risks, such as major natural disasters, acts of terrorism, civil unrest, emerging infectious diseases, supply chain disruptions, legal transgressions, or cyber incidents. Under normal conditions, in collaboration with relevant corporate departments and business segments, we develop and maintain crisis management measures and structures to ensure that, in the event of a crisis, we can promptly secure the safety and confirm the status of all affected parties as part of our initial response. We then act quickly to maintain and restore the infrastructure necessary for business continuity.
For serious incidents that impact employee safety and the continuity of critical business operations, we have a company-wide structure in place to respond under the direction of the Emergency Crisis Management Officer, in accordance with our Business Continuity Management (BCM) process on a consolidated basis.
- *While company-wide action to address serious incidents is taken under the direction of the Emergency Crisis Management Officer, compliance-related incidents are handled under the direction of the Chief Compliance Officer.
Status of Initiatives in Normal Conditions
Crisis Management
Even during normal times, MC makes necessary preparations for potential crises—including but not limited to natural disasters, acts of terrorism, civil unrest, labor disputes, or accidents—whether in Japan or overseas, that could impact employee safety or the continuity of earnings, assets, and business operations.
Specifically, in addition to maintaining various frameworks, regulations, manuals, and systems, we implement initiatives to increase their effectiveness. These include earthquake simulation training at the Emergency Crisis Management Headquarters, safety confirmation drills on a consolidated basis, and training programs on crisis management and safety measures for employees assigned to new posts, aimed at raising awareness and preparedness.
(Examples of main crisis management initiatives)
| Internal Rules and Regulations | BCP / Manual | Other Specific Measures | In-House Education and Training, etc. | |
|---|---|---|---|---|
| Common |
| |||
| Japan |
|
|
|
|
| Overseas |
|
|
| |
| Emerging infectious diseases |
|
|
|
- *MC also provides individual support to operating companies
- *EOC stands for Emergency Operation Center. In the event of a major disruption to headquarters functions, the EOC, responsible for first response operations, has been established at a separate location to serve as an alternative to the Emergency Crisis Management Headquarters.
Business Continuity Management (BCM)
In FY2018, MC introduced “Business Continuity Management (BCM)” for its core business companies (selected from among operating companies) to establish and strengthen a consolidated framework that equips us with the capabilities needed to respond effectively to major crises.
BCM encompasses comprehensive management activities based on an all-hazard risk and impact analysis, tailored to the business characteristics (such as type and location) of each operating company. These activities include formulating initial response plans and business continuity plans (BCP), establishing organizational structures, and implementing an ongoing PDCA cycle through education and training.
Overview of BCM Initiatives
Business Impact Analysis Framework
We analyze “cause incidents” that disrupt core operations and lead to “result incidents,” taking into account the unique characteristics of each company’s operations.
- Cause incidents:
Natural disasters, infectious diseases, technology-related issues, external incidents, internal faults, legal issues, third-party related events - Result incidents:
Human resources (fatalities, unconfirmed safety, inability to report or commute to work); physical resources (damage to manufacturing, distribution, or other facilities); supply chains (disruption of distribution channels, disruption of material or fuel supply); information (IT system failures, electronic data damage, data manipulation or alteration, information leakage); reputation (product or service quality issues, environmental problems, administrative penalties, business suspension); financial (suspension of cash withdrawals, remittances, payments)
BCM Follow-Up Structure
While operating companies are expected to develop their own BCM systems, we provide additional support by offering BCM development tools—such as BCM guidebooks and BCP samples—and by conducting BCM meetings and re-examination sessions.
| Internal Rules and Regulations | Guidelines | Lateral BCM Development Support for Operating Companies |
|---|---|---|
|
|
|
Implementation Status Monitoring
For the crisis management and BCM initiatives mentioned above, we strive to improve our crisis management and business continuity capabilities by monitoring progress—including at operating companies—and providing various types of feedback. This process leverages business plans and other documents from each company, including unlisted subsidiaries.
Preparations for Large-Scale Natural Disasters
In the event of a Tokyo Inland Earthquake, MC has established a system—based on damage scenarios derived from government and local authority data—that enables the launch of an Emergency Crisis Management Headquarters (including remote response), safety confirmation of officers and employees, and facility damage checks at operating companies on a consolidated basis. We have also arranged various stockpiles. Additionally, we regularly draft and update BCPs and manuals within each organization, conduct earthquake simulations and other training sessions, and review areas for improvement. Through the promotion of BCM on a consolidated basis, we continue to strengthen the business continuity capabilities of each company.
Information Security and Cyber Security Measures
In order to maintain and improve the information security of our company including our major subsidiaries, we have established an internal system, developed relevant regulations for the safe and appropriate handling and management of information assets, and conduct employee training. Furthermore, in order to address cyber-attacks and e-mail frauds aimed at theft and destruction of information, we have implemented appropriate and effective countermeasures, which are not only control measures for information systems but also employee training and checking / implementation of incident response systems including those of major subsidiaries as well as obtaining the latest information in cooperation with specialized external organizations.
Independent Auditors
The MC Audit & Supervisory Committee deliberates on the appointment, dismissal, reappointment, and non-reappointment of MC’s Independent Auditors and annually assesses the appropriateness of audit methods and results. If the Committee determines that dismissal or non-reappointment is warranted, it will submit a proposal for new Independent Auditors to the General Meeting of Shareholders.