Risk Management
Risk Management Promotion Structure
We have established risk management regulations on various risks surrounding the Company and their management as well as established a risk management committee with the department that comprehensively manages risks as its secretariat.
As a general rule, the Risk Management Committee gathers once a month to hear a summarized report by the person in charge of information handling on the status of risk management in each organization and the comprehensive identification of risks. Then, the Committee evaluates, analyzes, and discusses measures for those risks to decide on how to respond to them. Furthermore, as a general rule, the Committee revises risks relevant to the Company every six month.
Response, status, and initiatives related to risks are shared with various committees mainly by the department in charge of risk management.
Risk to be Managed
We manage four key risks -strategic, financial, operational, and hazard risks- and work to avoid said risks.
- Strategic Risks
Recruitment and appointment of human resources, development of mechanic human resources, compliance violations, publication of ads, etc.
- Financial Risks
Impairment due to M&A, adjusting to changes in accounting standards, impact of human resource recruitment and development on performance and finance, etc.
- Operational Risks
Changes in market prices, labor management, accidents, misconducts and violations related to vehicle maintenance and sales methods, insider trading, etc.
- Hazard Risks
Spread of infectious diseases, occurrence of natural disasters, etc.
Internal Reporting System
BIKE O & COMPANY Group has established an internal reporting system for the early detection and remedy of wrongdoing, etc. and enhancement of compliance withing the Group. We have also established personnel consulting contact to enable consultation related to concerns and harassments and improve physical and mental health of employees as well as workplace environment.
For the internal reporting system, with the aim of making a convenient system, we have established multiple reporting contact in and outside the company to enable reporting to and consulting with external attorneys and specialized contractors. The reporting and consultation can be made in name or anonymously through e-mail, phone, or post.
We have established a Compliance Hotline Subcommittee for the purpose of ensuring smooth operation of the internal reporting system. The Subcommittee is in charge of research and reporting on the reports and consultations received as well as check on the reporter after a set time to ensure that the reporter does not suffer any disadvantage or retaliation. We ensure that persons related to the system and the Subcommittee observe confidentiality obligations regarding personal information and the content of reports.
The number of reports, their content and response are tracked by the Compliance Hotline Subcommittee. In case any critical faults in the internal control are identified, they are promptly reported to the Risk Management Committee. In addition, if a major misconduct is discovered, prompt measures to remedy the situation and prevent reoccurrence will be implemented by the President.
- *Exert from internal documents: compliance regulations, internal reporting system regulations, and detailed regulations for the operation of the Compliance Hotline Subcommittee
Personal Information Protection and Information Security Policy
BIKE O & COMPANY Group believes that proper use and safe management of personal, critical, and other information is one of the most important issues and building relationship of trust with its stakeholders.
BIKE O & COMPANY Group has formulated and operates under various regulations related to critical and personal information based on the Group's personal information protection guidelines and information security policy to properly manage information that are considered to be management resources. To improve security, we also implement relevant systems as well as conduct education and training for offices and employees on compliance to various related laws and regulations in order to prevent leaks, protect, and properly use and manage personal and critical information.
Business Continuation Plan (BCP)
We recognize business continuity during disasters and pandemic as one of our material issues and include preservation of life, safety of local communities, and continuation of important operations in our basic policy on BCP.
We have also formulated a response manual for disasters such as earthquakes and tsunamis based on the basic policy on BCP. Triggered by the COVID-19 pandemic, we have also formulated guidelines for responding to pandemic that take the teleworking system into consideration. In terms of manual for responding to disasters, it includes building a crisis management system during normal time as well as responding organizations and a reporting system during disasters. Furthermore, the manual and guidelines are regularly revised.
- Emergency Contact System
We have introduced an emergency contact system with an automatic messaging function for safety confirmation tied to the earthquake early warning system to conduct safety confirmation as well as ensure means of communication during disasters. We also conduct regular safety confirmation drills using the system.
- Important Functions and Safe Management of Data to Ensure Business Continuity
We have established a system in which three contact centers that possess extremely important functions for our business continuity dispersed across Japan to enable one of the contact centers to function as a substitute in case of a localized disaster.
Our core system and data such as information of transactions are stored on a data server located in an area with low geopolitical risks. Additionally, data is backed up in real time to a cloud server.