Risk Management

Basic Policy

In order to enable the Group to achieve sustainable growth with ever-increasing corporate value through the pursuit of the JFE Group’s vision of “contributing to society with the world’s most innovative technology,” we have properly identified risks across the Group. Our risk management system is subject to ongoing improvement, and effective measures are taken to eliminate as many foreseeable risks as possible.

Risk Management System

JFE Holdings is responsible for comprehensive risk management of the Group in accordance with its Basic Stance for Building an Internal Control System by establishing a system whereby the Board of Directors oversees risk management and confirms its effectiveness.

Specifically, corporate officers are responsible for recognizing risks, and those deemed material are then confirmed and assessed by the JFE Group Sustainability Council, chaired by the CEO (president) of JFE Holdings. Next, the CSR Council deliberates and decides on countermeasure policy and action plans for risk management. Such risks include business activities; compliance-related matters such as compliance with the Antimonopoly Act and laws related to anti-corruption including bribery of public officials, observance of company policy and regulations such as the Corporate Vision and JFE Group Standards of Business Conduct; and ESG risks such as those related to the environment, climate change, human affairs, labor, safety and disaster prevention; human rights abuses such as sexual harassment and power harassment, quality management, financial reporting, and information security.

The Board of Directors oversees risk management and confirms its effectiveness by regularly receiving reports on Group policy and action plans on risk management, and through deliberation and decision-making on important matters regarding risk management.

We will continue improving Group-wide risk management in accordance with the discussion by the Board of Directors.

For our risk management policies and systems, refer to the following information.

Basic Policy for Building Internal Control Systems (Japanese only)

JFE Group Sustainability System

Development of the Whistleblowing System


Response to Specific Risks

Response to Climate Change Risks

The JFE Group places initiatives on climate change as top-priority business concerns, and it formulated the JFE Group Environmental Vision for 2050 to achieve carbon neutrality by 2050. In the Seventh Medium-term Business Plan, the Group established managerial targets to reduce CO2 emissions from the steel business by 18% from FY2013 levels by the end of FY2024 and by over 30% from FY2013 levels by the end of FY2030, and further achieve carbon neutrality by 2050 in multiple ways.

Risks are identified and evaluated based on a scenario analysis conducted under the framework recommended by the TCFD, and important factors that may affect management are selected for further analysis and used in formulating business strategies, including the Seventh Medium-term Business Plan.

For climate change risks and opportunities, refer to the following information.

TCFD Recommended Scenario Analysis

Intellectual Property Management

The JFE Group meticulously manages intellectual property across its diverse business activities. To prevent infringement on third-party intellectual property, it constantly monitors the latest information on intellectual property and implements all necessary measures.

Privacy Protection

JFE has established the JFE Group Privacy Statement for managing information including “My Numbers,” which are personally identifiable numbers under Japan’s social security and tax number systems.

To maintain the appropriate protection of personal information, employee trainings on the rules, which have been set in place in accordance with the privacy statement, have been conducted as stipulated in applicable laws of each country related to businesses and guidelines.

To reduce information security risks, including cyber-attacks and improper system use such as leaks of personal information, and to promote safe business activities, the JFE-Security Integration and Response Team (JFE-SIRT), comprising the IT division managers of each operating company, participates in the Nippon CSIRT Association, established by private sector volunteers and corporate Computer Security Incident Response Teams (CSIRTs) active in Japan. We seek to enhance the level of our initiatives by exchanging information and coordinating on security incidents.

For privacy protection policies, please refer to the following information.

JFE Group Privacy Statement

Information Security

The JFE Group formulates various rules on information security management to prevent information leakage and system failures due to cyber-attacks and improper system use. Efforts are made to enhance information-security knowledge and awareness of rules among employees through training and education. Additionally, shared IT measures are applied in each Group company and regular information security audits are conducted to reinforce the overall information security management level in the Group.

Key issues related to IT, particularly information security, are deliberated by the JFE Group Information Security Committee to determine Group policy.

Applying the policies set by the committee, the JFE-SIRT formulates and implements information-security measures, performs information security audits, offers guidance on responding to incidents and generally enhances the level of Group-wide information security management. The JFE-SIRT reports on its activities to the Group CSR Council as appropriate.

For more details on JFE’s information security, refer to the information in the management section of the DX REPORT.


Conceptual Diagram of Information Security

Conceptual Diagram of Information Security


The JFE Group Declaration of Cybersecurity Management was revised in January 2023. Even as we consider cybersecurity as a vital investment for our digital transformation, we understand its continual enhancement is also a material management concern given the increasing frequency and sophistication of cyber threats. Cybersecurity measures are being accelerated under management leadership, mainly through the JFE-SIRT.

For more details about our cybersecurity measures, please see Security Management in the DX REPORT.


Cybersecurity monitoring initiatives

Cybersecurity monitoring initiatives

Responding to Human Rights Risks within the Supply Chain

The JFE Group procures raw materials, construction materials, and machinery from all over the world. In response to human rights risks associated with the supply chain, the Group established the JFE Group Human Rights Basic Policy in 2018 to take action in accordance with the United Nations Guiding Principles on Business and Human Rights. Each operating company has established raw material purchasing policies, purchasing and procurement policies, and a basic policy on sustainability in the supply chain, and they carry out purchasing in a way that respects human rights, legal compliance, and environmental preservation.

In addition, the Group has been conducting human rights due diligence since FY2021. In April 2023, we revised the JFE Group Human Rights Basic Policy to take account of recent changes in public awareness and issues surrounding human rights. All supply chain members and other stakeholders will continue to be called upon Group-wide to respect and support human rights.

For more details on our human rights due diligence initiatives, refer to Human Rights.

Human Rights

JFE Group’s Business Continuity Plan

Anticipating the possibility of natural disasters caused by typhoons and major earthquakes as well as a rapid expansion of infectious diseases such as a new strain of influenza, the JFE Group has formulated a business continuity plan (BCP) to address contingencies. We conduct regular training based on the BCP while also pursuing other countermeasures.

In the event of a major earthquake, the Group Sustainability Council will promptly discuss and determine the policy on how to deal with the matter, based on predetermined response processes to minimize loss and other damages.

Response to Major Natural Disasters

We are preparing to respond in the event of a major earthquake through measures such as establishing tsunami shelters, maintaining a Company-wide line of command under restricted communications and power outages, and securing data backup. We have also strengthened the drainage system at our steelworks to address the impact of typhoons and torrential rains that are occurring with increasing severity in Japan.

Response to Infectious Diseases

Apart from the development of policies against novel influenza virus infections, we have been taking simulation-proven measures for varying scenarios to maintain key operations and prevent stoppages, including those at steel production sites and steelworks, even if there is an increase in the absence rate due to the spread of a disease. The policies are periodically reviewed and improved by the JFE Group Sustainability Council and other relevant bodies. Moreover, as a measure to protect employees against the threat of infectious diseases, we provide vaccinations and health checkups for employees, as well as their families, who are assigned to countries outside Japan and for those who go abroad for work. In addition to safety information in the destination countries, we also provide information about local infectious diseases and prohibit employees from going abroad to protect their safety, depending on prevailing circumstances.