Compliance and Risk Management Structure
The Hoshizaki Group defines its compliance and risk management structure as follows. All Hoshizaki Group employees are made aware of the guidance in the “Hoshizaki Compliance Handbook.”
- Hoshizaki shall establish and thoroughly publicize the “Hoshizaki Corporate Philosophy,” the “Compliance Regulations,” and other rules to constantly make the Directors and employees aware of compliance with laws, regulations, and the Articles of Incorporation in the execution of their duties.
- Hoshizaki shall establish the Compliance and Risk Management Committee in order to maintain and improve the internal control system and develop the compliance structure.
- A Director shall promptly report to the Audit & Supervisory Committee and the Board of Directors in the event that he or she discovers an activity in violation of laws, regulations, or the Articles of Incorporation. Group companies shall promptly report to auditors and directors, and relay this report to the Audit & Supervisory Committee of HOSHIZAKI CORPORATION.
- An internal reporting system shall be established as a reporting system for employees in the event that an employee discovers an activity in violation of laws, regulations, or the Articles of Incorporation.
- Hoshizaki shall work to firmly exclude anti-social forces by refusing all involvement with them, confronting any undue demands from anti-social forces in a forceful and resolute manner, and coordinating with the police and other external experts.
The “Compliance Regulations” apply not only to HOSHIZAKI CORPORATION but also to the entire Group. In accordance with the “Compliance Regulations,” the “Compliance and Risk Management Committee (“the Committee”)” is chaired by the Representative Director, President & COO of HOSHIZAKI CORPORATION. Hoshizaki's Legal Affairs Department acts as the Committee's secretariat and plans and formulates general compliance initiatives, and in order to ensure that the decisions of the Committee are carried out, the Executive Officer in charge of the legal affairs is appointed as the Chief Compliance and Risk Management Officer. In addition, each division and Group company has a Compliance and Risk Management Manager and Deputy Manager.
The Committee also defines the basic compliance policy of the Hoshizaki Group as follows. The policy and the “Hoshizaki Corporate Philosophy” are described in the “Hoshizaki Compliance Handbook,” ensuring that all executives and employees of the Hoshizaki Group are aware of these as a code of conduct.
Basic Compliance Policy
The Hoshizaki Group will
- Always recognize the importance of the social responsibility and public mission the corporate group has with respect to food environments and strive to establish unwavering trust from society through sound and appropriate business operations.
- Endeavor to proactively and fairly disclose accurate information (product and corporate), strive for broad communication with society, and devote ourselves to transparent management that can be evaluated by society.
- Strictly comply with laws and regulations and carry out honest and fair corporate activities that do not violate social norms.
- Have a sense of duty as a good citizen with a strong sense of ethics that can be applied in the international community and will contribute to the development of the economy and society at home and abroad.
- Take a firm stance against anti-social forces that threaten the order and safety of civil society, a stance we never compromise on.
In addition to the above policies, the “Hoshizaki Compliance Handbook” also includes “Compliance Regulations,” “Risk Management Regulations,” and “Internal Reporting Regulations,” and sets forth specific action guidelines and common rules regarding matters such as insider trading controls and harassment prevention.
This Compliance Handbook is distributed in booklet form to all executives and employees of the Hoshizaki Group and also used as a text for the Group’s compliance training. It has been translated into 14 languages including English and is distributed to the overseas Group companies as well. We will continue to strengthen our compliance with annual compliance training for all executives and employees.
<Compliance and Risk Management Structure>
The Hoshizaki Group distributes the Hoshizaki Compliance Handbook to all employees and conducts compliance training at least once a year.
In FY2020, in order to further strengthen governance and compliance, we established a Legal Affairs Department and changed our system to one in which this department provides compliance training to manager-level employees at distributors and group companies. By adopting a "cascade-down approach" in which managers who have taken the training teach their subordinates in turn, we are aiming to simultaneously strengthen our promotion of both manager-learning and worker-understanding. In addition, we are working to raise employee compliance awareness by conducting group work-style training using likely cases in actual work.
In FY2021, while continuing the harassment prevention training in FY2020, we focused on the prevention of occupational accidents and the prevention of fraudulent activities in sales and service activities.
Overseas, the Legal Affairs Department carried out activities to enhance the quality of compliance training. It reviewed in advance the materials of compliance training conducted by each group company, and brushed up the contents to be included through discussion with local personnel. For example, in Vietnam, local managers translate improved training materials into Vietnamese to promote the understanding of employees. In the United States, we are working to make training more accessible by improving training materials under the guidance of specialist companies.
Internal Reporting System
The Hoshizaki Group has established a whistle-blowing system. Depending on the nature of their report or consultation, whistle-blowers may choose either an in-house contact point (the Legal Affairs Department), or a lawyer other than in-house counsel as an external contact point. Each whistle-blowing case is reviewed by the Whistle-Blowing Review Committee, after which countermeasures are implemented and the results reported to the Compliance and Risk Management Committee and the Management Committee.
We are reviewing the current whistle-blowing system in preparation for the 2020 amendment of the "Whistleblower Protection Act" that takes effect from June 1, 2022. Our whistle-blowing system has, from the beginning, adopted the internal system, confidentiality obligation, and mechanism to protect whistle-blowers required by the Act in most aspects, so there is no need for a major change. The same reporting system has already been adopted at our consolidated subsidiaries. Therefore, we plan to make revised points known thoroughly such as the adoption of criminal penalties for violations of confidentiality obligations.
The Whistle-Blowing Review Committee consists of one director and three executive officers or managers of related departments who serve as standing committee members, and a female advisory group also participates in the Committee in order to provide a more multifaceted perspective.
Strengthening the Internal Management System
In October 2018, inappropriate activities came to light at HOSHIZAKI TOKAI, a consolidated subsidiary of Hoshizaki. A subsequent investigation by an internal investigative committee and a third-party committee revealed inappropriate transactions and cases relating to internal controls at HOSHIZAKI TOKAI and several other consolidated subsidiaries. Based on the recommendations by the third-party committee to prevent such inappropriate activities from recurring, Hoshizaki formulated comprehensive compliance and internal control reinforcement measures in May 2019, incorporating measures to remediate the significant deficiencies in internal controls, and has been making efforts to reinforce internal controls centering on the following six initiatives. As a result of these efforts to improve internal controls, significant deficiencies in internal controls that require disclosure had been resolved as of December 31, 2019. Hoshizaki, in the “Internal Control Report” dated March 26, 2020, disclosed that internal controls were functioning effectively. We are continuing to make ongoing and effective efforts to strengthen our internal management system.
- Establishment of an optimal governance method for the Group companies
- Addition of internal control items and the adoption of IT in preparation for the future
- Establishment of group risk management functions
- Revision of the target management and personnel systems for domestic sales companies
- Optimization of the management functions of Hoshizaki and its Group companies
- Development of an education system that contributes to the strengthening of compliance and internal controls
Risk Management System
The Hoshizaki Group has determined the following with regard to risk management. The Group also identifies and assesses the Group's risk in an effort to strengthen the Group's risk management. We also plan and execute measures in each of these areas.
- The Hoshizaki Group shall set forth the “Risk Management Regulations” as the basis for its risk management system, appoint managers for the management of each type of risk, and establish a risk management system in accordance with the regulations.
- The Board of Directors and other meeting bodies shall monitor the status of risk management and establish an oversight system by coordinating with the Audit & Supervisory Committee and the Internal Audit Office.
Responses at the Time of Major Disasters (BCP)
On April 1, 2010, Toyoake City in Aichi Prefecture, where Hoshizaki’s Head Office Plant is located, was designated an “Area under Intensified Measures against Tokai Earthquake Disaster.” In response, Hoshizaki’s Head Office Plant established a “BCP Formulation System,” a “System to Promote the Operation of BCP Under Normal Conditions,” and a “System for Invoking BCP During Emergencies,” headed by the President as the manager, as well as developing a system for coordinating with neighboring companies toward the early recovery of regional industries.
The Hoshizaki Group information security classifications are outlined in the “Information Management Regulations.” Information security management is carried out by the Information System Department.
Our domestic sales companies have appointed one or more persons at each company to promote IT. A system has been established in which the Information System Department is alerted in the event of an information security incident to prevent information leaks and other risks.
Hoshizaki has introduced a 24/7 external surveillance service to counter cyberattacks.
In FY2021, Hoshizaki introduced a security system (EDR) to detect and address suspicious behavior on terminals used internally and by its domestic group companies to further improve security measures.
Employee education and enlightenment
As part of our compliance education, we provide information security education to all employees.
We also improve our employees' security awareness by conducting “targeted email attack drills” on our employees each year.
Information security when out of the office
We have adopted a system that allows the tracking of computers and other devices through GPS when our sales or service representatives take them out of the office. Furthermore, if a device is lost, the system is capable of shutting it off from the network and deleting information remotely.
Management of personal information
Personal information is managed in accordance with the separate Personal Information Protection Policy.
With the revision of the Act on the Protection of Personal Information on April 1, 2022, we have revised our policy to address the expanded scope of publication and and published the revised version on our website.
In order to prevent information leaks, we prohibit the use of USB flash drives or other external memory devices, and keep a log of all emails and attachments sent from our systems in order to prepare for contingencies.
No major leaks of personal information have occurred at the Hoshizaki Group to date.
Initiatives to Prevent Corruption
The Hoshizaki Group, in accordance with its internal anti-bribery rules, prohibits all acts of bribery and thoroughly enforces compliance with relevant laws regarding transactions with public agencies and political donations. Going forward, Hoshizaki will continue to make efforts to prevent misconduct by carrying out anti-bribery training, in addition to education on the code of conduct.
Intellectual Property Rights
The Hoshizaki Group endeavors to prevent the infringement of intellectual property rights by having our design and intellectual property departments conduct prior investigations ahead of the launch of its products, etc., to ensure that the products, etc., the Group provides do not infringe the patents or other intellectual property rights of other companies.
The Group has concluded advisory agreements with patent offices with expertise in intellectual property laws and conducts appraisals and the like to confirm that the intellectual property rights of other companies are not infringed.