Risk Management

State of Risk Management System

The Group has formulated risk management regulations and implements risk management with the aims of prevention, to prevent the occurrence of management risks themselves, and minimization of impact by understanding the situation and responding promptly and appropriately when risks occur. To ensure thorough risk management and compliance throughout the Group, the Company has established a Risk and Compliance Committee, which meets twice a year in principle. To ensure thorough risk management and compliance throughout the Group, the Company has established a Risk and Compliance Committee, which meets twice a year in principle.

Approach to Information Security

The Group engages in businesses related to life and maintaining health, and is often exposed to sensitive information in the medical field. Society requires the Group to exercise careful consideration and handling of such information.

We recognize that the safe and correct handling of information and the stable operation of systems are indispensable to providing higher quality services without compromising corporate value, and to ensure the continuity of our business.

Formulating an Information Security Policy

We have formulated the VITAL KSK Holdings Information Security Policy to further enhance safety and security and help Group employees to recognize the importance of information security. The Information Security Policy is a comprehensive, specific and systematic policy designed to protect information assets owned by the organization from threats. It outlines the Group’s basic approach to information security and policies on systems, organization and operation to ensure information security.

In accordance with the VITAL KSK Holdings Information Security Policy, the Group fulfills its social responsibilities by formulating internal rules and implementation standards in line with specific organizational units, data and information assets.

Major Risks and Group Responses

Major Risks Risks Group Responses<
Risks associated with natural disasters and accidents
  • Suspension of business activities, etc., due to large-scale natural disasters, etc.
  • Sufficient disaster countermeasures based on experience
  • Installation of in-house power generators at major business locations
  • Business Continuity Planning (BCP)
  • Systems for communication with local governments
  • Systems for communication with doctor and pharmacist associations, etc.
Risks related to health insurance system reforms and the revision of drug price standards
  • Government policy to control healthcare costs
  • Revised annually
  • Special reductions (four times a year)
  • Compliance with distribution improvement guidelines(*)
  • Sale prices commensurate with value
  • Expression of opinions through membership in industry associations, etc.
Risks related to drug manufacturer price policies
  • Fluctuations in purchase prices
  • Changes in rebate of sales and sales incentive criteria
  • Proposal of initiatives to manufacturers
  • Building partnerships with manufacturers
Risks related to delivery prices
  • Competition over prices with competitors
  • Decrease in volume of items sold when prices are not adjusted appropriately
  • Compliance with distribution improvement guidelines
  • Sale prices commensurate with value
  • Profit management through the use of internal IT systems
  • Efforts to reduce transaction costs
  • Cost reductions
Risks associated with the ownership of investment securities
  • Risk of share price decline
  • Impairment loss handling according to the rate of decline for each individual stock
  • Quantitative and qualitative determination of rational reasons for cross-shareholdings
Compliance
  • Violation of laws and regulations, including the Bribery Act and the Unfair Competition Prevention Act
  • Loss of trust and damage to corporate value due to corporate behavior that deviates from social norms
  • Formulation and rigorous implementation of a compliance code throughout the Group
  • Establishment of a Risk and Compliance Committee
  • Compliance training (three times a year) for all Group employees and compliance awareness surveys (once a year)
Risks related to information leaks
  • Divulging customer and other information
  • Establishment of an Information Security Committee
  • Formulation of an Information Security Policy and other regulations
  • Thorough employee education
  • Establishment of a management system for critical information
Risks due to system problems
  • Suspension of business activities due to system problems, etc.
  • Establishment of an immediate response system with 24-hours, 365-day monitoring
  • Backup system for mission-critical systems

*Japan’s Ministry of Health, Labour and Welfare (MHLW) has been applying Guidelines for the Improvement of Commercial Transaction Practices of Ethical Drugs for Manufacturers, Wholesalers, and Medical Institutions/Pharmacies since April 2018.