SUSTAINABILITY Corporate Governance
Risk Management
Preparing for Risks
Lawson has established departments in charge of risk management, formulated risk management-related regulations, and created a group-wide system to prevent risks during normal times. In each department as well, we identify risks that may greatly influence management related to our business goals, analyze the probabilities of such risks occurring and the level of their impact, assess the risks to see if they require intensive measures, and take measures in accordance with the characteristics of the risks.
Furthermore, to secure the effectiveness of risk management, we have established the Compliance and Risk Management Committee meetings, Information Security Management Committee meetings, as well as three small committees. We established a system while clearly defining the administrative authority and responsibilities of these committees and chairpersons, and appointed risk management personnel in each department and affiliated company. We also implement risk management training programs and drills to maintain and improve risk management awareness.
Major risks identified by Lawson
- (1) Risks related to management strategies for the franchise (FC) business and banking business
- (2) Financial risks such as damage to assets and financial arrangements
- (3) Operational risks related to safety of food and IT systems
- (4) Risks related to compliance for laws and regulations
- (5) Risks related to hazards such as disasters
To find out more, please refer to the Integrated Report posted on the Lawson website.
Response to Risks When They Occur
With the purpose of minimizing damage in the event of a situation that may lead to an emergency or crisis such as interruption of its business or damage due to a risk occurring in the Lawson Group or other situations that may cause such, Lawson has formulated rules to promptly take measures and report them in accordance with the predetermined report route and method as well as standards to establish the headquarters’ response to critical risk situations when they occur. After measures are taken for risks that have occurred, we analyze their causes and then review and improve our measures to prevent any recurrence.
Furthermore, Lawson has established a system and rules related to business continuity management (BCM) to prepare for emergencies that are accompanied with serious damage to the Lawson Group in order to avoid interruption of important business, on the premise that people’s safety is secured, and resume business activities by the target recovery time even if business activities are interrupted.
Improvement of the Information Security Framework
In order to promote the protection of personal information that the Lawson Group (a collective entity consisting of Lawson and companies that are determined to be applicable by Lawson) obtains and uses, we have established the Lawson Group Privacy Policy, put in place a management system for the protection of personal information, and appointed the manager of each division and the president of each company as the Personal Information Protection Administrator under the supervision of the CRO*, who is an executive officer. The contents of our Personal Information Protection Policy specific details of the contents and are prepared to implement them, Lawson publishes potential mistakes and complaints that may arise at the stores, accompanied by practical responses to them, in various manuals produced for the stores in an effort to raise awareness. Headquarters employees are tested periodically to ensure that they are all reliably following the rules based on the Information Security Guidebook in which matters to be observed are compiled.
We have established a system for specifying methods of gathering and storing information as well as information storage periods and for designating persons responsible for handling customers’ valuable information in each instance after advance checking by specialist departments.
When consigning responsibility for handling personal information to outside organizations, we require that a detailed investigation of the organization’s security framework be conducted in advance and that consignment of the responsibility be made only to organizations that satisfy Lawson’s conditions.
An onsite or documented inspection is conducted annually, moreover, to ensure that the conditions are maintained.
We also check our information security framework from a variety of perspectives to ensure that it remains robust by implementing information security audits by our internal audit departments and employing specialized outside companies to diagnose any vulnerabilities in our information systems.
* CRO (Chief Compliance and Risk Officer): The executive with overall responsibility for the legal compliance and risk management system and framework in the Lawson Group
- Message from the President
- Sustainable Value Creation
- Corporate Conduct Charter, Code of Ethics, and Policies
- Identification of Lawson’s Material Issues
- Environmental Vision Lawson Blue Challenge 2050 !
- Participation in Initiatives
- Engaging with the SDGs
- TCFD Proposal Initiatives
- Environmental Preservation and Corporate Citizenship Activities
- Carbon-free Initiatives
- Initiatives for Global Environmental Conservation
- Supply Chain
- The Lawson Group's "Happiness in Communities" Fundraising
- Respect for Human Rights
- Customer Relations
- Owners
- Relationship with Suppliers
- Supplier Hotline
- Employee Relations
- Community Relations
- Supporting Safety and Security in the Community
- Corporate Governance
- ESG Data
- Special Feature
- SDGs Handbook
