Internal Control System and Risk Management System

The Internal Control and Compliance Committee (hereinafter the "Committee") has been established as an organization under the direct control of the Management Committee in order to provide support and guidance to ensure compliance across the Group. The Committee not only reports monthly to the Management Committee (including Audit & Supervisory Board members) on compliance initiatives, including monitoring of corruption in general, such as the prohibition of bribery and fraud, but also reports quarterly to the Board of Directors (including outside directors) to ensure effective supervision.

Furthermore, the committee has prepared the Kanematsu Group Compliance Handbook, which includes specific measures to prevent corruption, such as bribery, and it explains related measures with concrete examples and clearly states that the Group rejects any and all ties with antisocial forces. The Handbook has been made available through the Company intranet to promote thorough awareness among all officers and employees.

Kanematsu has established a system to promptly report to the Committee (in principle within 24 hours of the occurrence) in the event of a Compliance Matter that may damage the Group's corporate assets or reputation due to an act that violates laws and regulations, company regulations, or general social norms. When a Compliance Matter is reported, the Committee provides directions to the compliance officer in the relevant division or Group company to investigate the facts based on the content of the matter. Any person with a conflict of interest in the Compliance Matter will be excluded from being in charge of investigation. When asked to cooperate in investigations of Compliance Matters, officers and employees will respond in full and in honesty, and the Committee will determine a course of action based on the results of the investigation, then take corrective actions and implement measures to prevent recurrence.

The following hotlines for reporting matters of suspected compliance violations involving harassment or bullying to the Committee have been established with anonymous reporting available as well. The hotlines accept reports from all officers and employees (including contract employees, temporary workers, and secondees) as well as from former officers and employees within one year of their retirement.

(1) Hotline to the Committee, (2) Hotline to external counsel

A system has been established for applicable companies to create their own compliance code in accordance with the Handbook and take necessary and appropriate procedures, which is evaluated and verified regularly for its effectiveness and validity by the Internal Auditing Department and improved as needed.

The state of compliance and violations of the compliance code are subject to internal auditing. Disciplinary action and other strict measures based on employment regulations, etc. of each company will be taken against officers and employees who violate the compliance code.

Violations of the compliance code In FY2023, there were no violations of compliance that had a significant impact on the management of Kanematsu or its consolidated subsidiaries.

At Kanematsu, internal approval is required in advance when providing gifts or entertainment with a high risk of corruption based on our Item Expense Rules and Detailed Rules on Using Item Expenses as a measure to prevent corruption.

Moreover, when concluding an Agency Agreement, Service Agreement, or Outsourcing Agreement with an agency, agent, or consultant, etc. (hereinafter "agency, etc."), internal approval is required based on the Rules on Administrative Authority as well as a mandatory legal compliance clause. During deliberations, we not only verify the purpose behind using an agency, etc., the work that will be outsourced to them, and the appropriateness of the cost of the services provided by the agency, etc., but also that the Agency Agreement, Service Agreement, Outsourcing Agreement or other agreement entered into with the agency, etc. embodies the work that will be outsourced and includes a mandatory legal compliance clause. The legal compliance clause includes measures to prevent bribery and entertainment of public officials, and we require agencies, etc. to make representations and warranties to prevent corruption.

The Internal Auditing Department conducts internal audits as well, focusing on bribery and other forms of corruption.

The fiscal year ended March 31, 2023

Anti-corruption policy violations

One of Kanematsu's compliance commitments is to take a firm stand against and eschew all relationships with antisocial forces. To promote the elimination of antisocial forces, Kanematsu belongs to the Tokyo Metropolitan Police Department's Special Violence Prevention Countermeasures Association, cooperating closely on a regular basis by sharing information. The General Affairs Department is designated to coordinate Companywide response and information gathering to address any unreasonable demands from antisocial forces, and the Company maintains a framework for responding in coordination with outside organizations, including the police and attorneys.

With regard to information management, we have established standards for the custody, retention, and disposal of accounting records, balance sheets, agreements and contracts concerning the basic rights and obligations of Kanematsu, certificates related to properties, and other similar documents.
As information is a valuable corporate asset, we have also formulated, and work to reinforce, rules on information security management with the aim of protecting and managing personal data and other information in line with compliance requirements.
With regard to the security of information systems, the Group has established information security management rules aimed at preventing leaks and losses of important information and established standardized rules covering the use of PCs, networks, and e-mail to protect corporate and personal information. Furthermore, the Group continually reviews its systems framework aimed at enhancing security and operates and maintains said framework to ensure that security is maintained at necessary and appropriate levels.

With respect to business risks that may affect our operations, Kanematsu has designated departments responsible for each type of risk, established internal regulations and detailed enforcement regulations, and prepared operational guidelines.
We furthermore use training and other means to ensure thorough awareness of risk management. The Company also sets up cross-departmental committees as necessary to control risks.
To comprehensively assess risks facing the Kanematsu Group, promote operational effectiveness and efficiency, maintain legal compliance in business activities, protect Group assets, and ensure the reliability of financial reporting, we have established the Internal Control and Compliance Committee as a Groupwide organization. We have established an approval request system based on designated levels of authority to minimize business risks. The Project Deliberation Committee considers important investments and loans by comprehensively examining relevant risks.
To address the risk of crises related to the occurrence of major events, such as natural disasters, we have put in place a system, including specific rules and policies of action, to ensure the appropriate management of the Group at such extraordinary times.

Furthermore, we monitor quantifiable risks (market risk, credit risk, investment risk, country risk, etc.) by regularly measuring such risks and reporting the results to the Board of Directors and the Management Committee. Specifically, to measure maximum possible losses (risk assets) we apply a proprietary weighting scheme corresponding to the potential loss risk to all assets included in the Consolidated Statement of Financial Position as well as off-balance sheet items. ​

In addition, the Company supervises the status of risk management operations and evaluates the effectiveness of risk management systems and processes through regular reports to the Board of Directors on all important matters related to risk management.