Business Continuity (BCP), Risk Management

  • Facebook
  • tumblr

Mission

Prevent and mitigate operational risks
We anticipate, prevent, and mitigate risks, but when crises arise, we protect our people, property, and profits.

To achieve its vision of providing social and customer value, the continuity of business operations and safety and security of employees are top priorities of the Bridgestone Group. By anticipating, mitigating and appropriately managing potential risks, the Group positively impacts business success while also protecting employees. To advance this knowledge organization-wide, the Group conducts regular trainings and frequently reviews risk management and business continuity plans and controls.

Management structure

Bridgestone strives to comprehensively and appropriately manage risks common to the Group, while taking the business scale and characteristics of each site and Group company into account. Through the dual promotion of region-specific autonomous and group-wide risk management, Bridgestone identifies, prevents and mitigates risks, and formulates crisis management and business continuity plans to enable appropriate crisis response and support for the continuation or resumption of business.

The Bridgestone Group divides risks into two broad categories: business strategic risk directly related to the realization of the Mid-Long Term Business Strategy, and operational risks related to daily operations. The former is handled through business operations, while the latter is handled by the Chief Risk Officer (CRO), who has overall responsibility for managing risks and reports to the CEO.

The Business Continuity & Risk Management Working Group (WG), established in 2016 under the jurisdiction of the Global Sustainability Committee, is made up of members from each strategic business unit (SBU). It manages and updates the Bridgestone Group’s Global Risk Management Policy, and oversees the corporate risk management, crisis management, and business continuity systems. To achieve this mission, WG is undertaking five key initiatives:

  • Refine and standardize the annual risk identification process across the Group;
  • Create a global definition and framework for crisis management and business continuity;
  • Enhance the risk management role of emergency action reports;
  • Formalize the process for cross-SBU support in crisis management; and
  • Develop an enterprise travel risk management program.

The WG’s deliberations and efforts are guided by ISO 31000, the international standard for risk management.

Managing risk across the enterprise

The Bridgestone Group has under taken an annual, Group-wide process since 2010 to identify potential business risks facing each Strategic Business Unit and the overall organization. Once risks are identified, the Group names individuals responsible for driving risk mitigation and management activities at the department and SBU levels. These people focus on advancing the concept of autonomous and continuous improvement, and ensure effectiveness by establishing and promoting a risk-audit system.

The Bridgestone Group is now streamlining this process to make the resulting information more meaningful and actionable, while also building in broader participation across the organization. In doing so, the goals are to gain a more complete understanding of potential risks, including environmental, social, and governance (ESG) risks, across the Group, be better equipped to track and measure the impact of mitigation efforts, and share best practices about effective mitigation approaches.

The risk categories identified and addressed include ESG risks, such as but not limited to:

- Occupational safety (e.g., breach of regulations)
- Environmental protection (e.g., waste water, soil, air, noise, odor, and breach of regulations)
- Sustainable operations and suppliers (e.g., climate change, water intake, deforestation, and forced and child labor)
- Ethics and compliance (e.g., tone-at-the-top, and maintaining a culture of compliance)

In 2019, Bridgestone refined its processes for identifying and prioritizing Group global risks to enable broader participation throughout the SBUs and allow for more robust discussions about risks. That year, cyberattacks, information leaks and the theft of data were designated as the global priority risks to the Group that all SBUs should address and as such, were reported to the Global Sustainability Committee. In 2020, the Group incorporated a focus on strategic risks in line with the Mid-Long Term Business Strategy, in addition to its current assessment of operational risks. The Group also continued to upgrade its framework for crisis management and business continuity planning, including integrating climate change elements. It also began researching industry best practices in travel risk management and enhanced the Group’s approach to emergencies and EARs (Group internal quick report system of critical incidents).

In 2021, the Group plans to enhance cyber security for its operations, its supply chain and customer data. It also plans to organize the management system for operational risks related to climate change.

For major categories of risk identified, please see:

Annual Report Financial Review

Climate change risk management and response to TCFD

The Bridgestone Group supports the Task Force on Climate-related Financial Disclosure (TCFD) and its recommendations, and is working to address and disclose climate change risks and opportunities identified in line with the TCFD framework.

The Group formulated a medium- to long-term strategy towards carbon neutral in light of the climate-related risks and opportunities. For strategy, the Group is working to reduce transition risks through climate change mitigation actions, such as reducing greenhouse gas emissions, while at the same time working to reduce physical risks through adaptive measures, such as diversifying natural rubber supply sources.

Physical risks Transition risks
  • The risks include stronger typhoons and increased frequency of flooding and drought, which pose the risk of interrupting business activities
  • The risks related to the procurement of raw materials as a result of changing rainfall patterns leading to poor harvesting of natural rubber
  • The risk of lowering demand for winter tires due to snowfall reduction
  • The risk of adverse effects on the Companies’ operating results and financial position, such as limitations on business activities and increased costs, in the event that the R&D expenses required to meet the changing needs of clients and customers do not produce sufficient results when systems and regulations related to carbon taxes, reduction obligations for CO2 emissions, emissions trading, and fuel-efficient tires, etc. are introduced.

For the details of the disclosure information recommended by TCFD, see “TCFD Index.”

BCP/Crisis management system

A prompt initial response is essential for business continuity. In preparing for this response, the Bridgestone Group gives top priority to ensuring life and safety, minimizing business losses, and anticipating business-impacting events that may occur in the supply chain. To achieve an early crisis recovery, it has established a tiered response system based on the specific crisis situation, and degree of severity, and established a system of identifying and implementing countermeasures and protocols. Our system enables prompt initial response for assured business continuity/early recovery, and initiatives for continuous improvement that makes use of past experiences and lessons learned.

In addition, even in the event of a large-scale natural disaster or industrial accident, the Group is prepared to maintain business operations and can transfer decision-making and execution of event response and operations to a non-impacted team, as necessary.

In 2020, a crisis management committee comprised of the Global CEO, Global COO and key management was established to review emerging information on various changes associated with the spread of COVID-19 and make swift decisions to protect employees’ health and safety and minimize business losses. This approach included sharing best practices that helped drive consistent responses to challenges the organization faced in locations around the world.

Going forward, the Bridgestone Group will continue improving its operational framework to strengthen risk management, crisis management and BCP.

Emerging risks and mitigation measures

The Bridgestone Group identified three emerging long-term risks: compliance with emerging privacy laws, adequate IT security measures for the protection of personal data and the prevention from other advanced cyber threats, and the sustainable procurement of raw materials.

If a risk evolves into an actual event or problem, integrated teams of business units and staff functions already in place in each SBU are poised to spring into action. These teams carry out and manage the company's response and also ensure important information is immediately communicated to the SBU's own CEO, COO, and CRO, as well as the Global CEO, COO, and CRO. Business continuity plans are also activated if needed. These plans identify potentially affected employees; establish alternate workplaces; document critical business processes and workarounds in case normal methods aren’t feasible; and ensure essential equipment is available for each employee to do his/her job.

Personal information protection

The potential business impact of compliance with emerging privacy laws could vary considerably from region to region based on the differing laws. The impact of noncompliance or of a data breach could involve significant fines and penalties or damage to the Bridgestone brand as a company committed to being a good corporate citizen and upholding the rights of individuals.

The Bridgestone Code of Conduct contains a specific section on privacy and personal data. Furthermore, to comply with general data protection regulations, Bridgestone Europe, Russia, Middle East, India and Africa (EMIA) has designated a data protection lead and implemented a robust privacy policy and cookies policy. Bridgestone Americas (BSAM) has also appointed a dedicated fulltime officer who is building out a robust privacy program for BSAM that stays abreast of the privacy laws being adopted by an increasing number of governments in the United States, Canada and Latin America. As part of an enterprise-wide data privacy program, BSAM has conducted and will continue to conduct workshops to identify business processes which utilize personal information. The business process flows are then mapped to their supporting IT systems, enabling technical assurance for maintaining the privacy of personal data.

As part of the Bridgestone China, Asia Pacific (BSCAP) website migration exercise, the company updated all privacy policies throughout the region to reflect and uphold the latest standards in privacy and data protection laws. BSCAP is also redesigning and implementing a regional trade secret management policy that includes operational and technical guides on personal data protection to further BSCAP's data privacy efforts.

The privacy professionals in the various Bridgestone Group companies have focused on compliance with the following relatively new and developing privacy laws: Europe’s General Data Protection Regulation (GDPR), Brazil’s Lei Geral de Proteção de Dados (LGPD), the U.S. State of California’s California Consumer Privacy Act (CCPA), and various new data protection acts in the BSCAP region.

Bridgestone Corporation and its group companies in Japan believe that protecting personal information is an important employee responsibility. The Company formulated a Privacy Policy that reflects these principles. Based on this policy, the Company conducts ongoing trainings for all Bridgestone and its group companies’ employees in Japan and maintains a well-defined structure for information management.

IT security

Bridgestone Corporation and its group companies in Japan take a systematic approach to IT security under the direction of the Chief Digital Officer (CDO) to prevent IT security incidents, including leaks of customer data and other confidential information. The Company has formulated its corporate standards and rules on IT security, which are reviewed and revised to stay abreast of technological advancements and changes in IT risks. Particularly strict standards have been set for the information systems handling personal information.

As a group-wide effort, Bridgestone is collaborating with IT security teams in regions where the Group companies operate. It formulated a global IT security policy and is taking measures based on this policy.

To identify its cybersecurity risk, the Group conducted the first assessment on its IT digital maturity in 2020. The Group also continued to strengthen IT security organization-wide with e-learning programs for employees that addressed email and other technologies. To raise awareness of IT security among employees, the Group also regularly conducts internal audits.

Furthermore, to counter targeted attacks and other advanced cyber threats, the Group is strengthening its ability to detect suspicious emails, and the monitoring of website security, networks and other systems, and has established a global organizational structure to effect an immediate response to any IT security incidents.

Sustainable procurement of raw materials

In terms of key risks relating to the sustainable procurement of raw materials, the sufficient supply of natural rubber can be threatened by natural disasters, climate change, war and political, civil and social unrest. The demand for tires is expected to expand in line with global population growth and motorization, making the realization of a sustainable natural rubber supply chain a priority business imperative. Any disruption in sustainable materials procurement would adversely impact global tire supplies, as well as Bridgestone’s business performance and brand reputation.

With these risks in mind, the Group has reinforced its commitment to sustainability by adopting a Global Sustainable Procurement Policy and by reaffirming its corporate responsibility commitment. The Group will continue conducting business in ways that improve the natural rubber supply chain and that support technological innovation and advancement that enhances the viability of the natural rubber economy.

Preparing for risks related to natural disasters

Earthquake countermeasures in Japan

Emergency drill in Kodaira, Japan

Bridgestone Corporation conducts annual drills to prepare for large earthquakes, which pose a significant risk in Japan.

In the event of a substantial earthquake, the Company will immediately collect information on the human injuries and casualties, as well as physical damage. Depending on the extent of adverse impact, it will activate an emergency response organization and take action. As Bridgestone has key operations in major sites in the Tokyo metropolitan area, the Company has established a framework for office consistency and ensured that backup functions are available through a collaborating with Kyobashi-Head office, Kodaira-Technology Center, and Yokohama-Technology Center.

Through the annual earthquake disaster drills, employees are well-prepared for protecting their personal safety and maintaining business operation in the face of a massive earthquake like the 2011 Tohoku earthquake.

Also on the occasion of advance meeting of the Tokyo 2020 Olympic Games, employees from all SBUs who would be supporting the Bridgestone Group’s hospitality program at the Games were trained in earthquake response during a crisis management workshop and experienced the sensation of an earthquake in Bridgestone Corporation’s earthquake simulator.

The Group believes that protecting corporate assets from destruction forms the basis of good corporate management. These initiatives also go toward mitigating risks to our employees and the communities the Group serves to meet social responsibility requirements. Since the 2011 Tohoku earthquake and tsunami, it has further reviewed building components such as ceilings and pipes for further enhancement.

Crisis management and business continuity in the Americas

In 2018, Bridgestone Americas established a Business Assurance Policy which sets out the incident response, crisis management, and business continuity requirements for business units, staff functions, and critical facilities. Today, each country in Latin America and each business unit throughout the Americas has a crisis management team. For events having company-wide impact, an Enterprise Crisis Management Team and the Crisis Management Executive Council provide response leadership, oversight and governance. The critical facilities’ business continuity plans, which are reviewed and updated yearly, ensure that the SBU’s anticipate contingencies that will be necessary to carry on business following a disruptive event. Annual training and tabletop exercises sustain the Business Assurance Program and ensure that crisis management and business continuity team members understand their roles and the teams’ processes and remain skilled to perform them. Because of this, in 2020, the crisis management and business continuity teams were integral to the SBU’s successful response to COVID-19, powerful hurricanes, destructive tornadoes, and civil unrest and violence.

Response to severe infectious diseases

The Bridgestone Group’s globally dispersed operations expose it to a broad range of risks. One of these is the risk of pandemics. Since 2013, Bridgestone Corporation has formulated business continuity plans (BCPs) to address the spread of new types of influenza and other severe infectious diseases of potentially pandemic proportions. In 2015, the BCPs were revised to align with the World Health Organization’s global framework to aid pandemic preparedness and response planning.

The plans have effectively guided the response to the 2013 Avian Influenza in China and ensured the wellbeing of the employees and business operations there. In 2014 and 2015, the Group received global recognition for the successful efforts to control the spread of Ebola Hemorrhagic Fever at the Liberia-based natural rubber producing operation. Firestone Liberia not only saved lives, supported education and response efforts in surrounding communities, and partnered with the Government of Liberia and NGOs to detect and fight the disease, but also managed to keep its business running at the same time. This accomplishment was documented and published in a case study by Northwestern University's well-known Kellogg School of Management, which is now a regular part of the crisis management curriculum for MBA students.

During the COVID-19 pandemic, the Group confirmed that these BCPs are working effectively. It will continue to drive toward ever more effective and efficient planning and execution of BCPs.

Response to COVID-19 pandemic

With the onset of the COVID-19 pandemic, the Bridgestone Group leveraged its Business Continuity & Risk Management Working Group (WG) to implement a unified, global crisis management and business continuity approach ensuring consistency of response, anticipating and preparing for coming risks and challenges, and sharing best practices on a global level. Among other things, the WG ensured SBU access to critical personal protective equipment; implemented a common case-tracking and reporting protocol to identify trends and business impacts; established global policies on travel; monitored government regulations to ensure compliance; assessed the impact of compounding events such as holidays in Southeast Asia and civil unrest in the United States; and provided weekly updates to the Executive Committees of each SBU.

In furtherance of its initiative to formalize the process for cross-SBU support in crisis management, the WG decided that remote operations would adhere to the requirements and procedures of their respective host SBUs when carrying out emergency response. This decision will inform future WG efforts to standardize the Bridgestone Group’s response to emergencies at remote operations.

Relevant Information

Sustainability