Compliance and Risk Management
Casio’s effort to achieve total compliance management of employee conduct uses the Casio Group Code of Conduct and a risk management system and whistleblower hotlines based on the Code.
Casio Group Code of Conduct
The Casio Group Code of Conduct represents a pledge of ethical behavior by Casio executives and employees to those in and outside the company. They use the code to make specific decisions in their daily work and personal lives based on ethics, laws and regulations.
While the code naturally applies to group companies in Japan, it also applies to group companies outside Japan. In tandem with the rapid globalization of Casio in recent years, the code has been translated from Japanese into English and Chinese as well as the languages of other countries where Casio operates when needed.
With the revision of the code in 2008, Casio implemented compliance training for all group companies, in order to promote even better awareness.
Provisions of the Casio Group Code of Conduct
2. Basic Policies
3. Code of Conduct
3-1. Compliance with Laws and Ethics
3-2. Respect for Human Rights
3-3. Provision of Safety and Peace of Mind to Customers
3-4. Fair Competition and Transactions
3-5. Separation of Personal Affairs from Business
3-6. Information Protection
3-7. Environmental Conservation
3-8. Disclosure of Corporate Information
3-9. Maintenance of Social Order
3-10. Social Contributions
4. Implementation of the Code of Conduct
5. Handling Violations
Based on its Basic Risk Management Policies, Casio has built a system to manage risks efficiently. The company established the Risk Management Committee as the steering body to implement management programs with an emphasis on compliance risk.
In the committee's first year, fiscal 2008, it identified 70 laws relating to Casio's businesses, and listed measures being taken to comply with each law. Regarding laws where Casio had deficiencies relating to management cycle operation and manual preparation, the committee analyzed the importance of each risk based on the occurrence possibility and its impact on company management. Measures were then prepared to deal first with the risks of higher importance.
Casio transferred the risk management function from the Risk Management Committee to the CSR Committee in fiscal 2011.
In the practice of risk management, the department with the role most closely associated with the risk in question is designated as the department with responsibility for the risk. The department with responsibility formulates a risk action program. The CSR Committee Secretariat manages the implementation of the program, and the Internal Audit Department conducts an internal audit, which the CSR Committee Secretariat then follows up with confirmation of the final status of the program.
In fiscal 2008, there were 19 risk factors in which the company's compliance was deficient and the risks were of high importance. By the end of fiscal 2011, specified measures had been put in place to deal with all of these factors.
Risk management system
Responding to emergencies
In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, directors, and their families, preserving corporate assets, and maintaining business activities. Sequential updates of the manual keep pace with changes in the business environment, and the company is taking practical initiatives at the same time. Specifically, the following measures have already been undertaken:
- Implementation of regular evacuation drills and general lifesaving classes for employees
- Distribution of emergency assistance kits to employees and additional disaster stockpiling
- Construction of a system to ensure absolutely no contact with organized criminal elements
- Disaster prevention drill with the local community and provision of an open area for a temporary evacuation site
However, with the Great East Japan Earthquake, which struck in March 2011, circumstances were encountered that far exceeded previous expectations. Visits were made to the sales sites in the disaster area and interviews conducted. By verifying emergency response activities and assistance programs at the headquarters and local sites from the victims’ perspective, Casio was able to identify various points for improvement. These points were reflected in a revised Crisis Management Manual based on the premise of responding to a major earthquake with Tokyo at its epicenter. Casio also produced the Disaster Handbook for the families of its employees to deepen understanding of disaster countermeasures in the home and promote disaster readiness.
Information system disaster response measures
With the risk of power interruptions following the Great East Japan Earthquake that struck in March 2011, disaster response measures are more important than ever before. In addition to an internal data center, Casio utilizes a secure external data center that features seismic construction and self-contained power generation.
Casio has also lowered its disaster risk by actively utilizing public cloud computing infrastructure for some of its business content and services, as well as having its own internal cloud computing network. In June 2010, the indirect materials purchasing system was moved to an external service. In October 2011, Casio also moved its e-mail system, an important means of communication for employees, to a professional external provider.
Since obtaining certification, Casio has been properly carrying out the plan-do-check-act (PDCA) cycle to maintain its personal information protection management system. This includes the establishment of annual plans, having all employees undergo training and make a pledge, regular checking of personal information, access management on information systems, consignee supervision, and internal audits. Accordingly, Casio has been able to renew and maintain its certification.
In fiscal 2012, Casio designated December as Information Security Month to encourage employees to be more careful about information security. To achieve this, the company created security slogans about preventing common accidents, such as sending an e-mail message to the wrong person, and produced posters to put up at Casio workplaces.
In November 2007, Casio's Information System Department received information security management system certification (ISO 27001). The aim of applying for certification was to evaluate fulfillment of responsibility by the information system department, which has specialized skills and takes care of information assets for the entire company. Since then, Casio has further improved information security and its effectiveness, and continues to implement PDCA cycles for risk reduction activities. A certification renewal audit is held every three years. With the regular audit conducted in February 2012, the compatibility and effectiveness of Casio's information security management system was again evaluated.
* Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.
Personal information protection system
As a way to help ensure compliance, Casio set up a Whistleblower Hotline in April 2006. The hotline has been functioning with neutrality and fairness across all of its internal and external contact points.
Operating on a basis of impartiality, the hotline follows up on all whistleblower reports and consultations, and takes resolute measures against any improper behavior discovered. Effort is put into preventing issues before they grow into real problems.
There were seven whistleblower reports in fiscal 2012. In each case, the callers were interviewed, and based on the content of their reports, investigations were made, and correction measures implemented to resolve the problems.
The number of whistleblower reports has been decreasing each fiscal year. It is important to verify whether this is because there are no problems that actually need to be reported, or whether it is because anxiety about reporting is concealing real problems. In fiscal 2013, Casio plans to further improve the content of its whistleblower protection website and make efforts to increase understanding about whistleblower reports among its employees with the aim of fully establishing the system. At the same time, the company will look into the reasons for the decrease in the number of reports.
＜Fiscal 2012 Report Details＞
4 cases concerning interpersonal relations in the workplace
2 cases relating to internal rules
1 other cases
Export control, or export control security, aims to maintain international peace and security. It involves regulations on the export of goods and technology that could be diverted for the development of weapons of mass destruction or other weaponry. The regulations are designed to prevent such goods and technology from reaching countries and regions of concern or terrorist organizations.
In 1987, the Export Control Security Program of Casio Computer Co., Ltd. (a compliance program) was established in order to make sure proper measures are taken to ensure the security of exports. The program has since been continually updated along with changes in the Japanese Export Control Regulation.
Casio has appointed employees responsible for export control in relevant departments as part of an internal system to ensure observance of the program.
As the Exporter Compliance Standards took effect in April 2010, Casio has been striving to maintain and manage its system by conducting voluntary annual audits while ensuring through legal compliance, in response to the revision of applicable laws and regulations. Efforts include the strengthening of training activities at group companies in Japan.
Casio has also established a management system for complying not only with Japanese export laws but also with US Export Administration Regulations. The company is working to improve global export management, including the implementation of export management training at group companies outside Japan.
Initiatives for compliance with fair trade and advertising laws
In order to promote proper transactions as well as fair, transparent and free competition, it is essential for sales employees to have a proper understanding of Japan’s Act on Prohibition of Private Monopolization and Maintenance of Fair Trade and Act against Unjustifiable Premiums and Misleading Representations. The sales offices of Casio Computer Co., Ltd., in Japan are strengthening their measures to ensure compliance with these laws.
Casio continues to hold compliance seminars given by employee instructors at the sales offices of Casio Computer Co., Ltd., in Japan. In fiscal 2012, thirteen seminars were given at sales offices, and a total of 819 employees received the training, expanding their understanding of fair transactions. In addition, as a tool for promoting proper and fair transactions, Casio distributed Sales Compliance Cards to its sales employees in Japan that they can always have with them. The cards contain information such as an ethics and compliance test for making difficult decisions and contacts for advice or to make a whistleblower report. The cards are part of Casio’s initiative to build a legal compliance system that enables consultation on potential problems in advance. All employees at the overseas sales offices of Casio Computer Co., Ltd., receive training on competition law, which has been mandatory since fiscal 2009.
Casio Sales Compliance Card