Compliance/Risk Management


Our Approach to Compliance

At the Nippon Shinyaku Group, we define compliance as the adherence to societal norms, such as laws and regulations, corporate ethics, and in-house rules and regulations established within each of the Nippon Shinyaku Group companies. The Nippon Shinyaku Group has in place the Code of Conduct for Nippon Shinyaku Group, which defines ethical standards common to all Group companies. The Group strives to observe and live up to the code while reviewing it regularly to make it more effective. We have also established the Compliance Framework, a mechanism for ensuring good everyday practices of compliance among us, to reinforce and enhance compliance with the aim of making a significant contribution to society and winning public trust through our daily business activities.

Framework for Compliance

The Nippon Shinyaku Group has in place Compliance Operating Rules, with the Director in charge of CSR and administration acting as the Compliance Officer and a department dedicated to overseeing compliance initiatives. In each department, the director who serves as its head is responsible for its compliance initiatives, which are carried out by the managers therein.

Compliance Framework Chart

Compliance promotion and awareness-raising activities

The Compliance Management Department plans and formulates group-wide compliance initiatives based on advice from the Compliance Council. Initiatives are then implemented to spread and raise compliance awareness among all employees.
The Group conducts activities for compliance promotion and awareness-raising under the supervision of the Risk & Compliance Committee, which is chaired by the president and comprises all inside directors. The implementation status of those activities for the current fiscal year and plans for those activities for the following fiscal year are reported to and deliberated by the committee.
The Group also conducts a compliance awareness survey of all Group employees every year and shares the survey results within the Group. The Group works to prevent the realization of compliance risks using the survey results, for example, by providing special training for departments whose scores in the survey are relatively low.

Major training and awareness-raising initiatives

Training and awareness-raising initiatives Description
The President’s message The President sends messages to request thorough compliance.
Compliance training for management team Training for management team on themes such as “compliance in corporations”
Departmental compliance training Monthly departmental training on company-wide and department-specific themes
Communication on compliance Transmission of compliance-related timely information via the intranet
e-learning programs Provided twice a year to all employees as a means to review their learning from the departmental training and intranet communication
Training for new recruits Training for new recruits, that is, both new graduates joining the company in April and mid-career recruits, on the concept of compliance, the observance of rules, and so forth centering on the Code of Conduct to get the trainees to recognize the importance of compliance
Training for newly appointed managers Training for newly appointed managers on mental preparation, precautions, and other important matters related to compliance
Open call for compliance-related slogans, production of posters Open call made to employees to formulate compliance-related slogans; excellent entries are selected and used on awareness-raising posters to be displayed in workplaces
Production of “Compliance Cards” (see samples below) “Compliance Cards” produced and distributed to all employees

Compliance Cards

Internal compliance reporting system (Whistleblowing Hotlines)

The Nippon Shinyaku Group has in place and operates Whistleblowing Hotlines under its internal compliance reporting system.
This system is aimed at responding to any acts that constitute or suspected to constitute violations against laws, regulations, and internal rules, including the Code of Conduct for Nippon Shinyaku Group, which defines the Group’s ethical standards. This system applies to all kinds of corruption, such as bribery, insider trading, and misappropriation.
Whistleblowing Hotline desks, established inside and outside the company, accept reports and requests for consultation, including anonymous ones, not only via dedicated phone numbers but also by email.
These desks are open to use by both those inside the Nippon Shinyaku Group and the executives and employees of its business partners.

(Measures to be adopted in the event of any Non-Compliance being detected)
If any case suspected to constitute a compliance problem is reported, in-house investigators will start investigating into it immediately. If the investigation results confirm that the case constitutes a violation or another kind of problem, the Group will adopt appropriate measures to address the case, including giving improvement guidance to the violator(s) and relevant department(s) and taking disciplinary action in line with the Work Rules.

(Protection of whistleblowers)
We implement thorough measures to appropriately protect whistleblowers in line with the Whistleblower System Operating Rules, which clearly provide for confidentiality and other necessary measures and the prohibition of treating them disadvantageously.

(Efforts to make the system more effective)
The Code of Conduct for Nippon Shinyaku Group, ethical standards common to all Group companies, gives clear guidelines as a Key Point of Conduct, which states, “In the event we discover any violation or suspected violation of domestic and overseas laws and regulations, voluntary industry codes, or internal rules, we will report to or consult with the contact desk in accordance with the whistleblowing system (Hotline).” We also share information about the system with employees to raise their awareness of the whistleblower system and make it easier for them to use.

The reporting and consultation results for FY2022 are as follows.

Law and Company Rules Personnel (Treatment and Systems) Work Environment Other Total
9 cases 3 cases 7 cases 5 cases 24 cases

Initiatives to Prevent Workplace Harassment

The Nippon Shinyaku Group recognizes harassment as a serious issue that can trample the human rights and dignity of individuals. To prevent all forms of harassment and maintain a favorable workplace environment, the Group has established Harassment Prevention Rules and a Harassment Prevention Committee and uses them appropriately. In addition, we provide our employees with compliance training and manager training focusing on harassment and train harassment consultation staff, including those at Group companies. We also conduct various awareness-raising activities throughout the year, including distributing anti-harassment awareness-raising booklets and cards to all employees and adding a harassment awareness-raising icon to the home screen of business-use mobile phones.

Inquiries from external parties about compliance

The Nippon Shinyaku Group has established an inquiry desk on the Web to accept questions and opinions from various stakeholders, including general customers. This desk also accepts inquiries about human rights issues and harassment, including ones made anonymously. The Group implements necessary measures to protect the confidentiality of inquiries received and operates this online desk appropriately so that inquirers will not be treated disadvantageously on the basis of their use of this desk.

Initiatives to Keep Abreast of Labor Standards

「The Code of Conduct for Nippon Shinyaku Group declares, “We respect the individual’s human rights and personality and maintain a safe and pleasant working environment.” Furthermore, the code offers Key Points of Conduct concerning the “Protection of Human Rights,” “Fair Personnel Evaluation and Development of Human Resources,” “Safety and Health,” and “Workplace Culture.”
All Nippon Shinyaku employees worldwide receive Code of Conduct training as part of induction training, and after that, they are required to take a pledge of understanding and practicing the code.
We provide them with an environment where they can access an electronic booklet about the Code of Conduct on their company laptops and smartphones wherever they are.
We also offer them compliance training and e-learning training throughout the year.

Initiatives to Prevent Corruption

The Code of Conduct for Nippon Shinyaku Group, ethical standards common to all Group companies, clearly prohibits any act that can lead to corruption by stating that all those working in the Group comply with laws, regulations and internal rules, maintain sound and appropriate relationships with the political and administrative authorities and with the Group’s clients, and engage in fair, transparent and free competition. The ten-point Code of Conduct and the Key Points of Conduct, which outline the specific ways of complying with and practicing the code, are subject to update according to legal and system revisions, the social situation, and the changing business environment surrounding the Group. Every update should be resolved by or reported to the Board of Directors.
In addition, Nippon Shinyaku signed the United Nations Global Compact in January 2020 to accelerate the Group’s efforts to prevent corruption in all its forms, including extortion and bribery.

(Prevention of bribery)
The Group has in place Nippon Shinyaku Group Anti-bribery Guidelines, which prohibit all forms of bribery with public employees or other parties. The relevant Key Point of Conduct in the Code of Conduct for Nippon Shinyaku Group also states, “We will maintain a transparent and fair relationship with politics and the government, and we will not provide improper gifts, entertainment or any other favors or profits.”

(Prevention of corruption)
The Code of Conduct for Nippon Shinyaku Group clearly provides against corruption and any act that can lead to corruption by stating in the relevant Key Points of Conduct “We will comply with insider trading regulations prescribed by the Financial Instruments and Exchange Act” and “We will resolutely reject any undue or unlawful demand we receive from antisocial forces or organizations.”
In addition, in recognition of bribery and other forms of corruption as important risks to its business activities, the Group has appointed the departments responsible for managing those risks to devise and implement annual measures to prevent the realization of those risks.
As for the Group’s relationships with its business partners, the Nippon Shinyaku Sustainable Procurement Policy declares that the Group will select its suppliers based on fair and equitable assessment and that it will comply with laws and regulations of each country and conduct business transactions in line with corporate ethics and social norms.

(Anti-corruption awareness-raising and education in the Group)
All Nippon Shinyaku Group employees can consult the Code of Conduct for Nippon Shinyaku Group on company computers and smartphones. They also receive training about the code upon its updates and as part of induction training, and after that, they must take a pledge of understanding and practicing the code. The Group therefore prevents employees from being involved in corruption.
Furthermore, departmental compliance training, intended for all Group employees, deals with anti-corruption themes at least once a year to facilitate every employee’s understanding of the prevention of corruption.

(Cases of employee punishment and dismissal due to corruption)
In FY2021, no case of this kind arose in the Nippon Shinyaku Group.

(Fines, surcharges, and settlements related to corruption)
In FY2021, no one in the Nippon Shinyaku Group committed serious law violations related to corruption, so no corruption-related fine, surcharge or settlement was levied on the Group.

(Political donations)
When supporting the activities of political organizations, the Nippon Shinyaku Group takes appropriate action in compliance with applicable laws and regulations, including the Political Funds Control Act and the Public Offices Election Act.

Risk Management

Risk management system

The Nippon Shinyaku Group has in place Basic Risk Management Rules, with the Director in charge of Personnel, General Affairs, Risk Management, Compliance & Digital Transformation acting as the Risk Management Officer and a department that oversees risk management.
To promote risk management, the Group has identified possible risks in its business activities and divided them into six major categories: 1) governance, 2) strategies and plans, 3) management infrastructure, 4) business operations, 5) supply chain, and 6) disclosure and reporting. The Group has further divided these categories into medium and minor categories to organize these possible risks into more specific types, such as countermeasures against corruption, CSR planning and environmental initiatives (including greenhouse gas-related initiatives), and labor and human rights. The Group has also rated these specific risks “high,” “medium,” or “low” according to their levels of importance, using a risk matrix with the two axes of the impact level and the likelihood of realization. Each of these risks is managed by the relevant department based on the existing risk management system, including rules and a committee. To address risks that cannot be controlled through the existing system, the Group has created a risk management sheet for each of them and devised measures to prevent their realization and countermeasures to be adopted in the event of their realization. These risk management sheets are shared with all employees on the Group’s intranet.
Moreover, with the aim of preventing the realization of risks, annual action plans are formulated and implemented to address risks selected as highly important for the entire Group or each department, including ESG risks, by enhancing measures to prevent their realization and other means. The results of measures implemented in the current fiscal year and important risk themes for the next fiscal year are reported to and deliberated by the Risk & Compliance Committee, which is chaired by the president. The Board of Directors oversees risk management by receiving reports of those deliberations and checking the status and effectiveness of risk management measures.
The Group also has all its employees conduct risk management self-checks to confirm their own risk awareness every year. Matters that require special attention are identified based on an analysis of the self-check results and shared with employees through departmental compliance training in order to further raise their risk awareness.

Risk management system制
Risk management system

Response to Realized Risks (Incidents and Accidents)

In the event of an incident or accident, the dedicated risk management department reports the case to the Risk Management Officer, who judges the impact of the case on the Group’s business activities.
If the case is judged to have a minor impact, the Officer will direct the department in charge of the relevant risk to respond to the case. If the case is judged to have a major impact, the Officer immediately reports it to the President and establishes an emergency task force to respond to and settle the case as soon as possible. After the case is settled, a measure is devised to prevent the recurrence of similar cases, and the related departments implement that measure.

System for communication in response to a realized risk

Information Security

Protecting the security of information assets is a top priority for us since our research attracts global attention. Based on a policy and basic rules that we have established relating to information security, the ISMS*1 Committee has been created to oversee the operation of the Group’s information security management system and to promote related improvements.
As information security initiatives, we have an SOC*2 that conducts 24/7 surveillance of the Group's networks and computer systems, looking for suspicious activity. We also have a dedicated internal set-up (NS-CSIRT*3) to respond quickly to any information security incidents resulting from cyberattacks. NS-CSIRT runs regular cyberattack simulations and drills to test and modify each division’s response procedures and to improve the way our information security systems operate. We have also implemented a USB device connection control system and secure cloud storage system as means to prevent malware infections and information leaks, boosting operational and data management efficiency.
Given that human error is the ultimate cause of most information security breaches, we are also taking steps to mitigate people-related information security risks. To keep a good awareness and knowledge of information security, we provide information security training to all new recruits and provide online education courses to employees on an ongoing basis.
Going forward, we plan to work with external organizations to further upgrade our information security risk countermeasures for protecting the Group’s information assets.

  • *1 Information Security Management System
  • *2 Security Operation Center
  • *3 NS-Computer Security Incident Response Team

Business continuity plan (BCP) in anticipation of disasters, infectious diseases, etc.

Nippon Shinyaku has formulated a business continuity plan (BCP) under a scenario that supposes an earthquake with a seismic intensity of 6+ (on the Japan Meteorological Agency scale) hitting the Odawara Central Factory, the Company’s pharmaceutical production base. The plan is aimed at ensuring the stable supply of pharmaceutical products to patients in the event of a natural disaster, such as an earthquake, windstorm, or flood, or other kinds of emergencies. The plan is updated every year together with a BCP product list, which has been compiled to avoid product stock-out. Nippon Shinyaku has striven to strengthen its relationships of support with inventory warehouses and related companies. The Company will further promote its BCP activities according to necessity.
In response to the COVID-19 pandemic, the Company established an emergency task force in line with the Basic Risk Management Rules and adopted various measures, including encouraging employees to work remotely.