Risk Management

Basic Policy

In order to enable the Group to achieve sustainable growth with ever-increasing corporate value through the pursuit of the JFE Group’s vision of “contributing to society with the world’s most innovative technology,” we have properly identified risks across the Group. Our risk management system is subject to ongoing improvement, and effective measures are taken to eliminate as many foreseeable risks as possible.

Risk Management System

JFE Holdings is responsible for comprehensive risk management of the Group in accordance with its Basic Stance for Building an Internal Control System. The Company’s Board of Directors fulfills its supervisory responsibility for risk management and has established a system to confirms its effectiveness.


With respect to risks associated with business activities, Corporate Officers responsible for each field recognize and assess these risks. As necessary, risks are further confirmed and assessed at the Group Management Strategy Council or the Management Council, both chaired by the Representative Director and President (CEO) of JFE Holdings, where countermeasure policies and risk management action plans are deliberated and decided. In addition, with respect to ESG-related risks—such as compliance with the Antimonopoly Act and laws related to anti-corruption including bribery of public officials, observance of corporate policy and regulations such as the Corporate Vision and JFE Group Standards of Business Conduct, environment and climate change, human affairs and labor, safety and disaster prevention, human rights abuses such as sexual and power harassment, quality management, financial reporting, and information security—the responsible Corporate Officers recognize and assess such risks. As necessary, these risks are confirmed and assessed by the Representative Director and Group Sustainability Council, chaired by the President (CEO) of JFE Holdings, where countermeasure policy and action plans for risk management are deliberated and decided to ensure a Groupwide response.


The Board of Directors oversees risk management and confirms its effectiveness by regularly receiving reports on Group policy and action plans on risk management, and through deliberation and decision-making on important matters.


We will continue to improve and strengthen Groupwide risk management system in accordance with the discussion by the Board of Directors.


For our risk management policies and systems, refer to the following information.

Initiatives

Response to Specific Risks

Response to Climate Change Risks

The JFE Group has positioned “Ensuring environmental and Social Sustainability” as one of its key initiatives and formulated the JFE Group Environmental Vision for 2050, which aims to achieve carbon neutrality by 2050. Through this vision, the Group incorporates efforts to address climate change into its business strategies and reflects the principles of the TCFD in its management approaches. In doing so, we are systematically advancing initiatives to address climate change issues and striving to become a front-runner in the development of technologies for achieving carbon neutrality.


For climate change risks and opportunities, refer to the following information.

Intellectual Property Management

The JFE Group meticulously manages intellectual property across its diverse business activities. To prevent infringement on third-party intellectual property, it constantly monitors the latest information on intellectual property and implements all necessary measures.


For intellectual property activities, refer to the following information.

Privacy Protection

JFE has established the JFE Group Privacy Statement for managing information including “My Numbers,” which are personally identifiable numbers under Japan’s social security and tax number systems.


To maintain the appropriate protection of personal information, employee trainings on the rules, which have been set in place in accordance with the privacy statement, have been conducted as stipulated in applicable laws of each country related to businesses and guidelines.


To reduce information security risks, including cyber-attacks and improper system use such as leaks of personal information, and to promote safe business activities, the JFE-Security Integration and Response Team (JFE-SIRT), comprising the IT division managers of each operating company, participates in the Nippon CSIRT Association, established by private sector volunteers and corporate Computer Security Incident Response Teams (CSIRTs) active in Japan. We seek to enhance the level of our initiatives by exchanging information and coordinating on security incidents.


For privacy protection policies, please refer to the following information.

Information Security

Digital Governance and
Cyber Security Framework in the JFE Group

The JFE Group formulates various rules on information security management to prevent information leakage and system failures due to cyber-attacks and improper system use. Efforts are made to enhance information-security knowledge and awareness of rules among employees through training and education. Additionally, shared IT measures are applied in each Group company and regular information security audits are conducted to reinforce the overall information security management level in the Group.


Key issues related to IT, particularly information security, are deliberated by the JFE Group Information Security Committee to determine Group policy.


Applying the policies set by the committee, the JFE-SIRT formulates and implements information-security measures, performs information security audits, offers guidance on responding to incidents and generally enhances the level of Groupwide information security management. The JFE-SIRT reports on its activities to the Group CSR Council as appropriate. In addition, we established JFE Cyber Security & Solutions, Ltd. in April 2024 to acquire and develop independent, high-level security personnel and strengthen security monitoring and other systems.


Furthermore, the JFE Group has announced the JFE Group Declaration of Cybersecurity Management. Even as we consider cybersecurity as a vital investment for our digital transformation, we understand its continual enhancement is also a material management concern given the increasing frequency and sophistication of cyber threats. Cybersecurity measures are being accelerated under management leadership, mainly through the JFE-SIRT.


For more details about our cybersecurity measures, please see Security Management in the DX REPORT.

JFE-SIRT Initiatives

Responding to Human Rights Risks within the Supply Chain

The JFE Group procures raw materials, construction materials, and machinery from all over the world. In response to human rights risks associated with the supply chain, the Group established the JFE Group Human Rights Basic Policy in 2018 to take action in accordance with the United Nations Guiding Principles on Business and Human Rights. Each operating company has established raw material purchasing policies, purchasing and procurement policies, and a basic policy on sustainability in the supply chain, and they carry out purchasing in a way that respects human rights, legal compliance, and environmental preservation.


In addition, the Group has been conducting human rights due diligence since FY2021. In April 2023, we revised the JFE Group Human Rights Basic Policy to take account of recent changes in public awareness and issues surrounding human rights. Furthermore, we have endorsed the Ten Principles of the UN Global Compact, which cover protection of human rights, elimination of unfair labor practices, environmental protection, and prevention of corruption. We are a member of the Global Compact Network Japan, an organization that promotes Global Compact activities in Japan. We also participate in the subcommittee activities of the Global Compact Network Japan, and we have been promoting our own initiatives based on information shared with participating companies and organizations. All supply chain members and other stakeholders will continue to be called upon Groupwide to respect and support human rights.


For more details on our human rights due diligence initiatives, refer to Human Rights.

JFE Group’s Business Continuity Plan

Anticipating the possibility of natural disasters caused by typhoons and major earthquakes as well as a rapid expansion of infectious diseases such as a new strain of influenza, the JFE Group has formulated a business continuity plan (BCP) to address contingencies. We conduct regular training based on the BCP while also pursuing other countermeasures.


In the event of a major earthquake, the Group Sustainability Council will promptly discuss and determine the policy on how to deal with the matter, based on predetermined response processes to minimize loss and other damages.

Response to Major Natural Disasters

We are preparing to respond in the event of a major earthquake through measures such as establishing tsunami shelters, maintaining a Companywide line of command under restricted communications and power outages, and securing data backup. We have also strengthened the drainage system at our steelworks to address the impact of typhoons and torrential rains that are occurring with increasing severity in Japan.

Response to Infectious Diseases

Apart from the development of policies against novel influenza virus infections, we have been taking simulation-proven measures for varying scenarios to maintain key operations and prevent stoppages, including those at steel production sites and steelworks, even if there is an increase in the absence rate due to the spread of a disease. The policies are periodically reviewed and improved by the JFE Group Sustainability Council and other relevant bodies. Moreover, as a measure to protect employees against the threat of infectious diseases, we provide vaccinations and health checkups for employees, as well as their families, who are assigned to countries outside Japan and for those who go abroad for work. In addition to safety information in the destination countries, we also provide information about local infectious diseases and prohibit employees from going abroad to protect their safety, depending on prevailing circumstances.