Governance | Global Enterprise Risk Management
Business Continuity (BCP), Risk Management

To achieve its vision of providing social and customer value, the continuity of business operations and safety and security of employees are top priorities of the Bridgestone Group. By anticipating, mitigating and appropriately managing potential risks, the Group positively drives business success while also protecting its employees. To advance this knowledge organization-wide, the Group conducts regular training and frequently reviews risk management and business continuity plans (BCPs) and controls.

This mission is an important aspect of ERM (enterprise risk management) which is an increasing focus area as the world grapples with natural disasters, climate change and the effects of geopolitical conflicts. The Bridgestone Group is actively engaged in addressing these challenges.

The Bridgestone Group holds an annual, group-wide process to identify potential risks facing each Strategic Business Unit (SBU) and the overall organization. Once risks are identified, the Group names individuals responsible, and the Chief Risk Officers (CRO) of each SBU cooperate to drive and coordinate risk mitigation and management activities at the department, SBU and global levels. The Group has set up an approach under the direction of the Global CEO to deal with the most important business risks.

The Business Continuity & Risk Management Working Group (BCRM WG) was established in 2016 as one of the working groups under the Global Sustainability Committee and now within the Chief Risk Officer Council. It is comprised of members globally and from each SBU, including CRO’s and enterprise risk management professionals, and manages and updates the Bridgestone Group’s Global Risk Management Policy, and oversees a part of enterprise risk management, crisis management, and business continuity programs.

All deliberations and efforts are guided by ISO 31000, the international risk management standard, and by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management - Integrated Framework.

To fulfill its BCP/Risk Management mission, the Bridgestone Group is working toward three goals, each with measurable KPIs. These include:

1. Developing a framework for the global and regional enterprise risk management programs by the end of 2023. This framework will define the key elements of our programs and help drive alignment between the global and regional enterprise risk management programs.
2. The Group will conduct risk identification and prioritization exercises in each region and at a global level by the end of 2023.
3. Continuing to develop the global and regional programs, including developing and enhancing business continuity planning (BCP), crisis management and rolling out technology to support these programs.

The Bridgestone Group carries out an annual, Group-wide process to identify potential business risks facing the overall Group and each SBU. Once risks are identified, the Group names individuals responsible for driving risk mitigation and management activities at each functional department and SBU level.

The Group also regularly reviews and updates its risk identification process globally to identify and mitigate risks more effectively and efficiently. This information, along with best practices, is shared with all SBUs around the world to further improve processes. Information is also shared with employees, so they understand how their actions best contribute to preventing and mitigating risks. The risks identified and addressed include ESG risks as follows:

- Occupational health and safety
- Environmental protection
- Sustainable business operations (e.g., climate change, water intake)
- Supplier management and compliance programs
- Ethics and compliance

The Group is focused on instituting a management system for addressing climate change risks and other strategic risks as part of the Mid-Long Term Business Strategy. It also enhanced the global approach to emergencies including Emergency Activity Reports (EARs, the Group-wide internal quick-reporting system for significant incidents).

For major categories of risk identified, please see: Annual Securities Report

The Bridgestone Group supports the Task Force on Climate-related Financial Disclosure (TCFD) and has been participating in the Task Force on Nature-related Financial Disclosures (TNFD) Forum since March 2022.

As the world becomes increasingly concerned about climate change and the loss of natural capital, there is a growing movement towards a decarbonized society, as exemplified by the Paris Agreement. Additionally, efforts to achieve a nature-positive world, as outlined in the Kunming-Montreal Global Biodiversity Framework, are gaining momentum.

In this context, the Group is working to comprehensively assess and manage its dependencies, impacts, risks and opportunities related to climate and natural capital. The Group is incorporating them into our business strategies and advancing information disclosure.

Based on the recognition of these risks and opportunities, the Group is working to establish its unique Sustainability Business Model that links its business with efforts to realize carbon neutrality and a circular economy across the value chain. Furthermore, the Group aims to evolve its Sustainability Business Model and transform it to a regenerative one to help realize a nature-positive world where we can help stop and reverse the loss of natural ecosystems.

Specifically, the Group is working on mitigating transition risks by implementing measures such as reducing greenhouse gas emissions across the entire value chain, while at the same time working to addressing physical risks through adaptive measures, such as diversifying natural rubber supply sources through efforts towards the commercialization of natural rubber derived from Guayule.

The table above outlines the climate change and nature-related physical and transition risks associated with the Group’s business and operations. Physical risks include stronger typhoons and increased frequency of flooding and droughts, which could interrupt business activities. Risks related to the procurement of raw materials include changing rainfall patterns, which could lead to poor harvesting of natural rubber. Furthermore, reduced snowfall poses the risk of lowering demand for winter tires. On the transition risk side, climate change has prompted － and could accelerate － the introduction of systems and regulations that impact the Group’s financial position, including obligations to reduce CO₂ emissions, carbon taxes and emissions trading schemes, fuel-efficient tires in Japan and the world, and sustainable natural rubber.

For the details of the disclosure information recommended by TCFD and TNFD, see “TCFD and TNFD Index.”

The Bridgestone Group has formulated a global IT security policy and is taking measures based on this policy in collaboration with IT security teams in each SBU.

In 2020, the Group conducted an initial assessment of its IT digital maturity to identify its long-term cyber security risk. In the same year, the Group strengthened IT security with e-learning programs for employees that address email and other technologies. The Group also regularly conducts internal audits to raise awareness of IT security among employees.

To counter targeted attacks and other advanced cyber threats, the Group has established a global organizational structure to quickly respond to any IT security incidents. It has also been strengthening monitoring of its website security, networks and other systems, and improving its ability to detect suspicious emails.

In February 2022, Bridgestone Americas (BSAM) detected an IT security incident. The SBU responded by disconnecting affected systems from its network and working with external security advisors to identify the threat. It was later confirmed that the incident was the result of an untargeted ransomware attack. Once BSAM was confident that it had contained the threat, it reconnected affected systems and resumed operations, as well as continuing to reinforce its IT security.

In Japan, Bridgestone Corporation and its group companies take a systematic approach to IT security under the direction of the Chief Digital Officer (CDO) to prevent IT security incidents, including leaks of customer data and other confidential information. The company formulates corporate standards and rules on IT security, which are reviewed and revised to stay abreast of technological advancements and changes in IT risks. The company sets particularly strict standards for information systems that handle personal information.

Additionally, in 2022, a Global Cyber Risk Committee was created, comprised of senior IT SBU executives and teammates, as a cross-functional team to address cyber resiliency and globally align on strategy and execution of IT programs and systems.

A prompt initial response is essential for business continuity. In preparing for this response, the Bridgestone Group gives top priority to its employees’ health, security and safety, minimizing business losses, and anticipating business-impacting events that may occur in the supply chain. To achieve an early crisis recovery, the Group established a tiered response system based on the specific crisis situation and its severity, and established a system of identifying and implementing countermeasures and protocols. This system enables a prompt initial response to assure business continuity/early recovery, and drives initiatives for continuous improvement making use of past experiences and lessons learned.

In 2020, the Group launched a crisis management committee composed of the Global CEO, Joint Global COO and key management to review emerging information on various changes associated with the spread of COVID-19 and to make swift decisions to protect employees’ health and safety and minimize business impact. The committee has continued to operate since then, sharing best practices to drive consistent responses to challenges faced in locations around the world.

To achieve these goals, the Group continues to improve risk-control processes that strengthen the management team’s ability to make informed, timely and widespread decisions. It also is undertaking all-hazards BCP planning at either each region or global level depending on the type and complexity of the risks. All-hazards BCP planning prepares the organization for all types of threats and vulnerabilities to prevent supply chain disruption, rather than planning for specific scenarios.

The Group has developed a common, aligned framework and standards for Enterprise Risk Management, Business Continuity, and Crisis Management. These standards address the governance and oversight of the programs, program framework, technology as well as the Group’s ability to identify, assess, mitigate, and respond to significant enterprise-wide risks.

Going forward, the Bridgestone Group will continue to improve its operational framework to strengthen risk management, crisis management and BCP.

The Business environment is becoming more complex and uncertainties are increasing. Under these conditions, companies are expected to maintain and reinforce their ability to cope with the attendant risks and new business opportunities.

If a risk evolves into an actual event or problem, integrated teams of business units and staff functions already in place in each SBU are poised to spring into action. These teams carry out and manage the company's response and ensure important information is immediately communicated to the SBU's own CEO, COO, and CRO, as well as the Global CEO, Joint Global COO, and CRO. Business continuity plans are also activated if needed. These plans identify potentially affected employees, establish alternate workplaces, document critical business processes and workarounds in case normal working methods are compromised, and ensure essential equipment is available for each employee to do their job.

The Bridgestone Group sells products in more than 150 countries worldwide, and the potential business impact of privacy laws could vary considerably from region to region based on local laws and regulations. The impact of noncompliance or of a data breach could lead to significant fines and penalties or damage to the Bridgestone brand now and in the future.

The Bridgestone Code of Conduct contains a specific section on privacy and personal data. Furthermore, to comply with general data protection regulations, certain SBUs appointed a designated data protection lead (if required by law) or privacy officer and implemented and continue to implement and maintain robust privacy programs and associated policies. They further developed methods to identify and comply with the emerging privacy laws being adopted by an increasing number of governments in their territories.

The privacy professionals in the various Bridgestone Group companies have focused on compliance with the relatively new and developing privacy laws such as Europe’s General Data Protection Regulation (GDPR), Brazil’s Lei Geral de Proteção de Dados (LGPD), the U.S. State of California’s California Consumer Privacy Act (CCPA), the other U.S. state privacy laws going into effect in 2023, and various new data protection acts in the Asian countries.

Bridgestone Corporation and its group companies in Japan believe that protecting personal information is an important employee responsibility. Bridgestone Corporation in Japan formulated a Privacy Policy that reflects these principles. Based on this policy, the company conducts ongoing trainings for all its employees and its group companies’ employees in Japan and maintains a well-defined structure for information management.

In terms of key risks relating to the sustainable procurement of raw materials, the sufficient supply of natural rubber can be threatened by natural disasters, climate change, war and political, civil and social unrest. The demand for tires is expected to expand in line with global population growth and motorization, increased need for a sustainable natural rubber supply chain. Any disruption in sustainable materials procurement, not only for natural rubber but also other critical raw materials, would adversely impact global tire supplies, as well as Bridgestone’s business performance and brand reputation.

With these risks in mind, the Group has reinforced its commitment to sustainability by adopting a Global Sustainable Procurement Policy and by reaffirming its corporate responsibility commitment. The Group will continue conducting business in ways that improve the natural rubber supply chain, supporting technological innovation and advancement that enhances the viability of the natural rubber economy. Additionally, the Group will take measures to mitigate negative impacts related to procurement, logistics, supply chain and processes for both natural rubber and other critical raw materials, ensuring sustainable procurement practices.

The Group believes that proactively protecting corporate assets forms the basis of good corporate management. These initiatives also go toward mitigating risks to our employees and the communities to meet social responsibility requirements. Each region of the Group formulates a BCP in case of a natural disaster and regularly conducts initial response training. The following are examples of natural disasters targeted by each region.

• Japan: Earthquake
• America: Hurricane
• Europe: Extreme heat
• Asia: Flood

The Bridgestone Group’s globally dispersed operations expose it to a broad range of risks. One of these is the risk of pandemics ― and not just the COVID-19 pandemic. Since 2013, Bridgestone Corporation has formulated business continuity plans (BCPs) to address the spread of all sorts of severe infectious diseases of potentially pandemic proportions.

The BCPs have effectively guided the response to the 2013 Avian Influenza in China and ensured the wellbeing of the employees and business operations there. In 2014 and 2015, the Group received global recognition for its successful efforts to control the spread of Ebola hemorrhagic fever at its Liberia-based natural rubber producing operation. Firestone Liberia not only saved lives, supported education and response efforts in surrounding communities, and partnered with the Government of Liberia and NGOs to detect and fight the disease, but also managed to keep its business running at the same time. This accomplishment was documented and published in a case study by Northwestern University's Kellogg School of Management, which is now a regular part of the crisis management curriculum for MBA students.

During the COVID-19 pandemic, the Bridgestone Group leveraged BCRM WG to implement a unified, global crisis management and business continuity approach ensuring consistency of response, anticipating and preparing for coming risks and challenges, and sharing best practices on a global level.

Among other things, the WG drove prompt access in the different SBUs to critical personal protective equipment; implemented a common case-tracking and reporting protocol to identify trends and business impacts; established global policies on travel as well as meetings and events; monitored government regulations to ensure compliance; assessed the impact of compounding events such as holidays in Southeast Asia and civil unrest in the United States; and provided weekly updates to the Executive Committees of each SBU.