Risk Management

Risk Management System

The VITAL KSK Group has formulated risk management regulations and implements risk management with the aims of prevention, preventing the occurrence of management risks themselves, and minimizing impact by understanding the situation and responding promptly and appropriately when risks occur. To ensure thorough risk management and compliance throughout the Group, the Company has established a Risk and Compliance Committee, which meets twice a year in principle. Decisions and reports by the Committee are distributed to each operating company and throughout the Group by the chairpersons of similar committees at operating companies. The Sustainability Committee formulates strategies, sets targets, and manages risks and opportunities relating to sustainability, including those relating to climate change, and reports the details to the Board of Directors.

Risk Management System Diagram

Information Security

Approach to Information Security

The Group engages in businesses related to life and maintaining health, and is often exposed to sensitive information in the medical field. Society requires the Group to exercise careful consideration and handling of such information.

We recognize that the safe and correct handling of information and the stable operation of systems are indispensable to providing higher quality services without compromising corporate value, and to ensure the continuity of our business.

Formulating an Information Security Policy

We have formulated the VITAL KSK Holdings Information Security Policy to further enhance safety and security and help Group employees to recognize the importance of information security. The Information Security Policy is a comprehensive, specific and systematic policy designed to protect information assets owned by the organization from threats. It outlines the Group’s basic approach to information security and policies on systems, organization and operation to ensure information security.

In accordance with the VITAL KSK Holdings Information Security Policy, the Group fulfills its social responsibilities by formulating internal rules and implementation standards in line with specific organizational units, data and information assets.

Major Business Risks and the Group’s Response

*Japan’s Ministry of Health, Labour and Welfare (MHLW) has been applying Guidelines for the Improvement of Commercial Transaction Practices of Ethical Drugs for Manufacturers, Wholesalers, and Medical Institutions/Pharmacies since April 2018.

Major business risks Risks The Group’s responses
Risks associated with
natural disasters and accidents
  • Suspension of business activities, etc., due to large-scale natural disasters, etc.
  • Sufficient disaster countermeasures based on experience
  • Installation of in-house power generators at major business locations
  • Formulating BCP
  • Systems for communication with local governments
  • Systems for communication with doctor and pharmacist associations, etc.
Risks related to
health insurance system reforms and the revision of drug price standards
  • Government policy to control healthcare costs
  • Revised annually
  • Special reductions (four times a year)
  • Compliance withdistribution improvement guidelines *
  • Sale prices commensurate with value
  • Expression of opinions through membership in industry associations, etc.
Risks relating to
the pricing policies of pharmaceutical companies
  • Fluctuations in purchase prices
  • Changes in rebate of sales and sales incentive criteria
  • Proposal of initiatives to manufacturers
  • Building partnerships with manufacturers
Risks related to delivery prices
  • Competition over prices with competitors
  • Decrease in volume of items sold when prices are not adjusted appropriately
  • Compliance with distribution improvement guidelines
  • Sale prices commensurate with value
  • Profit management through the use of internal IT systems
  • Efforts to reduce transaction costs
  • Cost reductions
Risks associated with
the ownership of investment securities
  • Risk of share price decline
  • Impairment loss handling according to the rate of decline for each individual stock
  • Quantitative and qualitative determination of rational reasons for cross-shareholdings
Compliance
  • Violation of laws and regulations,
    including the Bribery Act and the Unfair Competition Prevention Act
  • Loss of trust and damage to corporate value
    due to corporate behavior that deviates from social norms
  • Formulation and rigorous implementation of a compliance code throughout the Group
  • Establishment of a Risk and Compliance Committee
  • Compliance training (three times a year) for
    for all Group officers and employees and compliance awareness surveys (once a year)
Risks related to information leaks
  • Divulging customer and other information
  • Establishment of an Information Security Committee
  • Formulation of an Information Security Policy and other regulations
  • Thorough employee education
  • Establishment of a management system for critical information
Risks due to
system problems
  • Suspension of business activities due to system problems, etc.
  • Establishment of an immediate response system with 24-hour, 365-day monitoring
  • Backup system for mission-critical systems