Compliance and Risk Management
Compliance and Risk Management Structure
Alfresa Holdings Corporation has established the Compliance and Risk Management Committee, which promotes overall compliance and risk management for the Group. The Committee comprises members selected from the management teams of Alfresa Holdings Corporation and also Group companies, and meetings are held regularly twice a year with the goal of reducing risk. In addition, Alfresa Holdings Corporation established subcommittees as subordinate bodies of the Compliance and Risk Management Committee, which are limited to particular business segments, business categories, or types of operations. We aim at more appropriate and systematic response to inherent risks in specific highly specialized businesses.
Alfresa Holdings Corporation and its Group companies also hold the Compliance and Risk Management Promotion Committee regularly with the aim of promoting compliance and risk management for each company.
Basic Policy and Approach for Compliance
The Alfresa Group defines compliance as “officers and employees complying with laws, internal and external regulations, and social norms, and proactively taking the initiative to fulfill legal responsibilities and ethical responsibilities expected by society.” Group companies’ employment regulations stipulate disciplinary action for compliance violations in accordance with their severity. Companies bear legal and ethical responsibility, and if they lose society’s trust their very business foundation may become destabilized, threatening the stability of the life and happiness of their employees, as well as their families. To remain trusted by society, the Group’s individual employees must take the importance of compliance personally and act with a constant awareness of reliability, safety, and sincerity espoused in the Group’s principles. Such behavior will help create corporate value.
Establishment of The Alfresa Group Compliance Guidelines
In April 2022, we established the Alfresa Group Compliance Guidelines based on the Group’s philosophy as the Group’s highest standard rules on compliance. By continuing to implement concrete initiatives and devising measures as a unified group, we will foster a corporate culture that places the highest priority on “compliance.”
Alfresa Group Compliance Guidelines
Compliance Training and Awareness-Raising Activities
The Alfresa Group has established the Alfresa Group Compliance Guidelines which is standards of conduct for all Group officers and employees and distributed the Compliance Handbook to them in a bid to promote thorough compliance.
Tax-related Compliance
The Alfresa Group complies all tax-related laws and regulations and fulfill tax obligation at all times.
Compliance Consulting Offices (Internal Reporting System)
The Group has compliance consulting offices in place as a means for our people to consult and make reports. This ensures that violations of laws and corporate ethics are discovered early or prevented.
Compliance consulting offices are set up within the Group companies, and the Company operates a consulting office that responds to a broad range of inquires from the entire Group. In addition, external consulting office are available at Group companies to facilitate the collection of internal reports.
In 2020, Group companies in the Ethical pharmaceuticals wholesaling business established internal and external counseling hotlines dedicated to the Antimonopoly Act, and began receiving various questions and internal reports regarding strict compliance with the Antimonopoly Act and other laws.
Alfresa Group's Internal Reporting System
Due consideration is given to the privacy and other human rights of users, with confidentiality ensured. As for people who provide information for the benefit of the public, whistleblowers’ rights are protected and they are dealt with fairly.
Corruption Prevention Initiatives
The Alfresa Group Compliance Guidelines prohibits provision of profits to civil servants, etc. This means prohibiting the provision of or encouragement to accept anything that could be mistaken for a bribe in Japan or overseas. Furthermore, anticorruption laws in overseas countries may apply to acts of bribery that take place outside those countries, and since the Alfresa Group has close relationships with pharmaceuticals manufacturers and suppliers, the Group takes steps to deepen its understanding of such laws and conduct appropriate sales activities.
Each Group Company provides education and training programs mainly for managers, salespersons, and delivery staffs to ensure corruption prevention.
Basic Policy and Approach for Risk Management
The Alfresa Group defines risk as “phenomena that will or may have a negative impact on the Company’s management, and which could occur at an unpredictable time.” To enable timely and accurate management and implementation of measures for various risks, the Group engages in risk management, including measures aimed at preventing risks at ordinary times, and measures for responding after the occurrence of a crisis that has a serious negative impact on the corporate management.
Crisis Management
Disaster Countermeasures
The Alfresa Group focuses on ensuring that every Group company is ready to respond in the event of a disaster, as a Groupwide initiative. For example, Group companies update their regulations and manuals and hold disaster response training events. They also check and secure the environment and emergency stockpiles.
Disaster Training
Group companies conduct safety confirmation drills every year, along with yearly drills for communicating safety confirmation results of all Group employees to the Company via a Group emergency contact network. For the case of damage to the Group’s mission-critical systems, the Group conducts drills for switching to backup systems every year.
Business Continuity Plan (BCP)
The Alfresa Group has reinforced its BCP in preparation for a large-scale disaster or pandemic. Group companies engaged in the Ethical pharmaceuticals wholesaling business have established a support system that is prepared for a disaster. A nationwide system is in place so that even if distribution centers or branches in specific areas are affected in a disaster, other locations will be able to step in and continue supplying pharmaceuticals where they are needed.
During the COVID-19 pandemic, which became a severe social problem throughout the world since 2020, the Alfresa Group has continued a stable supply of pharmaceuticals by following its BCP, implementing basic infection prevention practices and a rotation work shift system.
In the area of information systems, disaster recovery* plans are in place. If the Group’s data center becomes damaged, systems can be switched over to a backup data center, ensuring that shared-use mission-critical systems keep functioning.
The Group has adopted a new email system that is capable of remaining in use in time of disaster, in order to secure post-disaster communication between Group companies. In addition, while remaining vigilant with regard to cybersecurity, we are also taking the necessary and appropriate measures.
* Disaster recovery: Rapid switching of a disaster-damaged computer system to a backup system
The Alfresa Group Business Continuity Plan in the Ethical Pharmaceuticals Wholesaling Business
Information Management
The Alfresa Group not only complies with the relevant laws and regulations in order to respond to the requirements of an advanced information society, but has also formulated the Basic Policy on Information Management to establish systems and ensure proper management of the information it possesses as part of its business activities.
Protection of Personal Information
The Alfresa Group recognizes that the protection of personal information is an important social obligation in its business activities and is committed to protecting personal information based on the Alfresa Group Privacy Policy.
Further Strengthening Information Security Measures
Alfresa System Corporation, which operates, maintains and develops information systems for the Alfresa Group, has acquired ISMS certification (ISO/IEC27001) and works proactively on information security measures. This corporation promotes the standardization and strengthening of security measures Group-wide and raises awareness of information security by offering regular training and other means. Moreover, it conducts questionnaires for all employees twice a year in order to confirm compliance with information security operation rules in an effort to prevent information security incidents.
Business Risks
The Group has compiled the issues relating to business conditions that may have a significant impact on the decisions of investors.