Risk Management Landscape in Japan

A Draft for France Japon Eco Magazine 2005 (103)

(Qualité, fiabilité et sécurité de l'information financière : où en est le Japon ? - Thierry de Gennes, Keiichi Kubo p. 38)

A new Company Law in Japan

The Commercial Code of Japan was first enacted more than 100 years age and is to undergo another basic revision shortly. The Japanese Penal Code, the Civil Code and the Commercial Code were conventionally written in a formal literary style. With the revision in these various laws, their contents have been converted to an easier to read spoken style of expression. The revision of the Commercial Code that is about to take place will be the last modification to be converted to such spoken language style.

The Japanese Commercial Code, in order to cope adequately with changes in the economic environment and increasing corporate scandals, has been revised from time to time over the past years. The latest revision includes a holistic structural change, such as extracting the portion related to companies from the Commercial Code to formulate a new Company Law.

 Regarding the strengthening of corporate governance, the existing Commercial Code has been revised several times. Such revision includes strengthening the power and authority of corporate auditors and the introduction of an American style company with board committees.

 In the case of the coming revision, large companies are required to decide on basic policies related to establishment on internal controls system, and a summary of such decision is to be disclosed on annual reports.

Introduction of a Certification by CEO

After the recent discovery of false statements in the financial filing documents from a railroad company, followed by re-submission of revised documents by nearly 600 listed companies, the Tokyo Stock Exchange ("TSE") has called for a presentation of Certification and Confirmation from the representatives of listed companies.

In the Certification, the representative notifies that information related to management decisions, events of significance affecting the company, and financial reporting are clearly and timely disclosed with sincere attitudes. The Certification is to be submitted every five years, or when a company representative is changed. 

The Confirmation includes statement of ascertainment that the financial filing documents do not include untrue statements. This is submitted every six months.



For the company representatives to be able to sign the Certification and Confirmation, it is necessary to have in place an internal controls system that will support the information gathered is timely and accurate. However, TSE does not require an external audit by an audit firm for either the Certification or the Confirmation.



Initiating discussion of the Sarbanes Oxley Act Japan version

Last year, an across-the-board review on financial filing documents was carried out which resulted in a hundreds of cases of re-submitting a revised reports. The Financial Services Agency (""FSA") is currently considering of introducing a Japanese version similar to the US Sarbanes Oxley Act. FSA, in order to be able to announce the results of its discussions by this coming summer, is holding the working group meetings at a relatively rapid pace. Under this system, representatives of listed companies will be required to evaluate the effectiveness of internal controls, that will be audited by an external auditing firm.

It is virtually certain that this system will be adopted in Japan before long. However, there are oppositions including opinions from Nippon Keidanren (Japan Federation of Economic Organizations), and it is likely that attention will be paid to lightening the corporate burden compared to the requirements by Sarbanes Oxley Act.



Introduction of the Personal Information Protection Law

The European Union Data Protection Directive in 1995 required that when transferring any personal data to another country, the subject country also should be established with a law to protect personal information. This lead to other major countries such as United States to establish their own general laws related to protection on personal information.



In the case of Japan, in May 2003, the Personal Information Protection Law was enacted and became fully effective as of April this year. This law is the first legislation in Japan aimed to protect personal information in the private sector.



Including the leakage of several million personal data from an internet provider, there seems to be no end to such leakage scandals. For the majority of Japanese companies, it is easy to imagine such incidents occurring in their own organization, which have led to their efforts in strengthening internal controls to manage personal information by spending considerable amount of cost and time.



Corporations are using personal information for many different purposes. In addition, with the spread of personal computers, an electronic personal data can be easily copied and duplicated. Therefore, in order to prevent leakage of personal information, introducing an employee training system that stresses on ethics is not a sufficient answer to this problem.



An introduction of information system, which discourages copying or emailing personal data, and/or records such events automatically, is necessary. At the very least, with regards to protecting personal information, the traditional Japanese management approach of trusting employees is no longer valid.



Countermeasures against hostile takeovers

Recently, there was a big issue about an internet business company attempting to takeover a large broadcasting company which attracted much attention. The president of the internet business company attempted to force the takeover, and opposing executives of the broadcasting company fought to resist that appeared on the news everyday. For the first time, most Japanese viewers were explained with technical terms regarding company takeovers, such as "poison pill", "crown jewels", "scorched-earth tactics" and "white knights".



In the case of Japan, with the revision of the Commercial Code in April 2002, it is now practicable to issue stock options. In the case of the broadcasting company that was the takeover target, the company used this new system as a poison pill. However, since the court agreed with the internet company's caveat, the broadcasting company's intention to use the "poison pill" was unsuccessful.



This news encouraged the listed companies, one after the other, to set up defensive policies to avoid takeovers. However, the Tokyo Stock Exchange was quick to put a damper on such move, requesting listed companies not to over-react on self defensive policies. Such comment can be interpreted that a company is, by nature, owned by the stockholders thus corporate managements should not establish defensive policies for their own self-protection.



Risk Management

The worst train accident in the history of Japanese railway has recently occurred. It is said that the driver's excessive speed was the cause of this accident, but at the same time it has brought up many issues concerning management problems in railroad companies.



In other words, it is being said that the driver of the train is not the only person responsible for the accident since preventing such accident is a major issue for the management, but there were insufficient policies taken to deal with this problem. 



As a matter of fact, this has not been the only serious incident in Japan. There have been events where act of dishonesty by employees led to immense loss of profit, problems concerning defective products, information leakage, and huge amount of damage claims against corporations. Also, there is no guarantee that our country is one of the target by the terrorist attack, like the 9.11 incident.



In the case of Japan, postwar baby boom era, so so-called "Dan-Kai" generation are now reaching retirement age which is an unique situation. They are the generation that have been in heavy competition in both individuals and between the companies, which stimulated their skills and talents. By losing these experienced experts, there is a danger of valuable know-how and manufacturing skills together with quality/safety management knowledge not being carried on to the next generation. 



These are all issues related to risk management. The term "risk management" tends to have a backward-looking connotations, but every business opportunity involves inherent risk, and profit is the reward gained for taking risks.



In order to carry out risk management effectively, risk assessment is an up-front and a must. It is important to concentrate efforts and policies on high risk areas for a company to deal effectively.



Corporate risk changes in scale and in category accordingly with the management environmental changes. For this reason, the author recommends to include a structure which implements a continuous risk assessment into business management system. 



In the case of COSO (the Committee of Sponsoring Organizations of the Treadway Commission) which is a global standard for internal controls, risk assessment and risk response are both positioned as important factors in internal controls. In other words, establishment and operation of corporate internal controls system is essential for introducing an effective risk management.