Basic Concept and Status of Implementation and Operation of Internal Control System|Corporate Governance

Basic Policy on Internal Control System
(Basic Policy for the Development of a System to Ensure Properness of Group Business)

Basic Concept

Our firm, based upon “Sojitz Group Statement,” has established an internal control system comprised of rules, organizations and programs, and in accordance with the Companies Act and the Ordinance of Enforcement for the Companies Act, its Board of Directors resolved at a meeting held on June 18, 2024, to adopt a “Basic Policy for the Development of a System to Ensure Properness of Group Business” as follows.

  • i)System to Ensure that the Execution of Duties by the Directors and Employees of Sojitz and its Subsidiaries Complies with Laws, Regulations and its Articles of Incorporation
  • -Sojitz will establish procedures to ensure thorough compliance in the “Sojitz Group Compliance Program,” and will enact a “Sojitz Group Code of Conduct and Ethics” to ensure that the Sojitz Group’s officers and employees comply with laws, regulations, articles of incorporation and internal rules.
  • -Sojitz, in an effort to ensure the Sojitz Group’s compliance with relevant laws and regulations, will promote the development of a compliance system centered around the Compliance Committee, and will clarify the division of duties for each department within Sojitz and the management personnel who are responsible at Sojitz’s group companies.
  • -Sojitz will not have any relations with antisocial forces including in transactions, and will adopt a resolute stance that includes legal actions against unjust demands, and further, will endeavor to ensure that this same posture is thoroughly undertaken in the Sojitz Group,
  • -Sojitz will establish internal rules on procedures and the like for the preparation of financial statements that conform with laws, regulations and accounting standards, to ensure the appropriateness of the Sojitz Group’s consolidated financial reports.
  • -Sojitz will establish the Internal Audit Department as a body that is independent from the other business executing divisions. The Internal Audit Department will conduct internal audits to verify that the Sojitz Group is appropriately carrying out business activities as well as business management and like matters in compliance with laws, regulations and internal rules.
  • ii)System for the Retention and Control of Information Related to the Execution of Duties by Sojitz’s Directors
  • -Sojitz will establish retention periods and the division that is responsible for retention, and will control important documents, including the minutes of the Board of Directors and circulated decision documents, related to the execution of duties by Sojitz’s Directors in accordance with the Board of Directors Rules and the internal rules related to the control of documents and information.
  • iii) Rules and Other Systems for the Management of the Risks of Loss at Sojitz and its Subsidiaries
  • -Sojitz will identify and classify the various internal and external risks tied to losses at the Sojitz Group and will establish internal rules and response procedures as well as responsible divisions for these risks, in an effort to prevent losses at the Sojitz Group and to minimize the losses that are incurred. In addition, it will continually confirm and improve the effectiveness thereof, and will promptly address any new risks faced by the Sojitz Group with changes in the business environment.
  • -Sojitz will establish internal rules on policies and programs to address natural disasters, terrorism, wars, crime, riots, infectious diseases and other unforeseen events caused by external factors, in order to manage risk.
  • -Sojitz will engage in the appropriate management of risk by introducing rules and requiring the establishment of the necessary risk management systems, in proportion to content and scale of business at the Sojitz’s group companies.
  • iv) System to Ensure the Efficient Execution of Duties by the Directors of Sojitz and its Subsidiaries
  • -Sojitz will clarify the division of roles for its Directors and Executive Officers, and will establish internal rules and the like regarding the division of duties, chain of command, authority and decision-making procedures for the various divisions within the company.
  • -Sojitz will set out those important matters that are to be resolved by the Board of Directors in the “Board of Directors Rules,” will delegate decisions on other important matters to the Executive Directors, and will establish a Management Committee, other councils and committees, and other business execution bodies. In addition, it will set out those matters that are reported by Executive Directors to the Board of Directors, and create a system for effective monitoring by the Board of Directors.
  • -Sojitz will establish a division to supervise the management and operating systems at Sojitz’s group companies, and will ensure the efficiency of Sojitz Group’s management to promote group management.
  • -The Sojitz Group’s management policies determined by Sojitz’s Board of Directors, Management Committee and the like will be promptly disseminated within the Sojitz Group, and will be made known to the Sojitz Group’s officers and employees both verbally and in writing.
  • -Sojitz will establish management plans on a consolidated basis, and will share management goals and indicators within a group.
  • v) System to Ensure the Properness of Business within the Corporate Group Consisting of Sojitz and its Subsidiaries
  • -Sojitz, in its “Basic Code of Group Management” and other internal rules related to group management, will be sure to set out the lead management in charge of Sojitz’s group companies, will seek prior consultation with its group companies regarding important matters, and will impose a duty that reports that include annual business reports and business activity reports be provided to Sojitz on a regular basis.
  • -Sojitz’s Internal Audit Department will conduct internal audits of its group companies to verify the appropriateness of business.
  • vi) System to Ensure the Effective Implementation of Audits by Sojitz’s Audit and Supervisory Committee
  • System to Assist in the Duties of the Audit and Supervisory Committee
    • -Sojitz will assign persons who are well-versed in Sojitz Group’s business and operations, and who have knowledge of finances, accounting and risk management to serve as employees to assist in the duties of the Audit and Supervisory Committee. These employees will carry out their duties in accordance with the directions of the Audit and Supervisory Committee, and their evaluations and transfers will be made through discussions with the Audit and Supervisory Committee.
  • System for Reporting to the Audit and Supervisory Committee
    • -Sojitz’s Directors and executive officers must immediately provide reports to the Audit and Supervisory Committee when discovering facts which may cause significant damages to Sojitz.
    • -The division in charge of Sojitz Group’s whistleblower system will provide regular reports to the Audit and Supervisory Committee, via the Compliance Committee or the like, regarding the status of whistleblower reports from the group’s officers and employees.
    • -Sojitz’s Internal Audit Department will provide regular reports regarding internal audits to the Audit and Supervisory Committee.
    • -The Audit and Supervisory Committee will be entitled to seek reports from Accounting Auditors, Sojitz’s Directors and others as needed.
    • -Sojitz will not engage in detrimental treatment toward officers and employees of the Sojitz Group who submit reports via the whistleblower system or the like (including reports to the Audit and Supervisory Committee or the like), by reason of their provision of these reports.
  • Other Systems to Ensure the Effective Implementation of Audits by Sojitz’s Audit and Supervisory Committee
    • -Sojitz will allocate the expenses required for the Audit and Supervisory Committee to carry out its duties.
    • -A system will be established wherein the Audit and Supervisory Committee Members selected by the Audit and Supervisory Committee will be entitled to attend meetings of Sojitz’s Management Committee and other important meetings to gain a direct recognition of the status of deliberations and reports on important matters.
    • -Sojitz’s Representative Directors will regularly hold meetings with the Audit and Supervisory Committee to exchange opinions regarding the issues that should be addressed by the company, the state of audit environment improvements at the Audit and Supervisory Committee, important audit related issues, and like matters.

Status of Implementation and Operation in the year ended March 31, 2024

Overall internal control system

The Internal Control Committee, which is an executing body under the management of the President, consolidates and monitors the status of implementation and operation of the Internal Control System, and leads maintenance and improvement of our internal control systems.

(Overview of operational status)
The Internal Control Committee is responsible for overseeing the maintenance and operation of the overall internal control system. Through periodic monitoring, the committee identifies company-wide issues related to internal systems and structures, examines measures to address them, instructs the departments in charge, and makes improvements. The committee also supervises the progress of internal control evaluations related to financial reporting based on the Financial Instruments and Exchange Law and works to ensure the reliability of financial reporting.

The Internal Control Committee convened four times during the period under review and presented its findings to the Board of Directors.

Specific measures in each area are implemented by each committee (Compliance Committee, Sustainability Committee, Security Trade Control Committee, DX Promotion Committee, Quality Control Committee, Information and IT System Security Committee) and various study subcommittees (Disclosure Working Group, Business Continuity Management Working Group) under the President.

Compliance

The "Sojitz Group Compliance Program" outlines the procedures for thorough compliance, and the "Sojitz Group Compliance Code of Conduct" has been established to provide a common global standard of judgment upon which all Sojitz Group officers and employees can rely.

Furthermore, the Compliance Committee, chaired by the Chief Compliance Officer (CCO), has been instrumental in establishing compliance officers and compliance committees at each Group company and overseas office.

This has resulted in the establishment of a system to promote compliance with laws, regulations, and corporate ethics across the entire Group, in collaboration with one another.

To prevent and detect compliance violations at an early stage, the Group's officers and employees are informed of the hotline (internal reporting system) to the CCO and outside attorneys, the consultation service connected to the committee secretariat, and the "Sojitz Ethics Hotline," a multilingual hotline available 24 hours a day, 365 days a year. Furthermore, a compliance inquiry counter has been established on the Company's website to receive reports from external sources.

Additionally, the Sojitz Group Anti-Corruption Regulations and the Sojitz Group Anti-Corruption Procedure have been implemented to prevent corrupt acts, and Group companies have also introduced regulations in accordance with these regulations.

With regard to the risk of sanctions and export control violations in Japan and overseas, the Sojitz Group has established the "Sojitz Group Basic Policy on Response to Sanctions and Export Controls" and has built a system to deal with such risks.

In addition, as we expand our business globally, we have established the "Sojitz Group Tax Policy" to ensure tax compliance, optimize tax costs, and maintain positive relationships with tax authorities. Our goal is to fulfill our tax obligations in a timely and appropriate manner.

Furthermore, we have established and are implementing additional programs, including e-learning, to ensure compliance with laws and regulations and to maintain and sustain a favorable working environment that is free from all forms of harassment.

(Overview of operational status)
Based on the action plan formulated by the Compliance Committee, Sojitz continues to provide counsel on how to prevent compliance issues from reoccurring, as well as providing assistance and guidance to Group companies on how to practice said Code of Conduct.

Specific activities related to compliance in the FY2023 included the following:

  • Held the Compliance Committee (four times)
  • Meetings of the CCO with Chief Operation Officers and presidents of Group companies
  • Regular liaison meetings among the compliance staff of Group companies
  • Regular liaison meetings with the compliance staff of overseas operating sites
  • Trainings, seminars and briefings on important issues concerning the prevention of harassment and corruption
  • Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
  • Alert letters for scandals caused by drinking alcohol and regarding price pass through
  • Individual support for Sojitz’s domestic operating companies through a risk-based approach to enhance the compliance system (cooperation in investigations, tailored trainings, etc.)
  • Distribution of e-learning/videos on the Sojitz Group Compliance Code of Conduct, Anti-Corruption, and Anti-Harassment to Group employees worldwide.

Especially, with regard to security trade control, based on the action plans formulated by the Security Trade Control Committee, the committee secretariat is engaged in activities for preventing violations of sanctions and export controls while providing support and guidance to the Group companies.

Specific activities carried out in the FY2023, included the following:

  • Held the Security Trade Control Committee (twice)
  • Various training programs for newly hired employees, employees hired as mid-career professionals, employees on overseas assignments, and others
  • Support for the revision and formulation of local security trade control-related regulations at overseas operating sites
  • Support for responding to measures in concert with strengthened sanctions and others, due to changes in the security situation (including U.S.-China relations, Situation in Myanmar, Situation between Russia and Ukraine, etc.)

Risk management

To address the various risks to which Sojitz is exposed in our business operations, Sojitz has established "Risk Management Basic Regulations" to classify and define risks.

For each classified risk item, Sojitz identifies a person responsible for management, formulates a "Risk Management Operation Policy and Plan," and continuously enhances its risk management system through a PDCA cycle of implementation, monitoring, and review.

In accordance with the Medium-Term Management Plan 2023, Sojitz is enhancing our risk management capabilities in the first and second lines of the three-line defense (first line: business Division, second line: corporate department, and third line: Internal Audit), which is the fundamental concept of internal control.

(Overview of operational status)
Sojitz Group conducts a materiality assessment after exhaustively identifying and reviewing company-wide risks based on the internal and external business environment. Currently, 12 major risks (such as Market risk, credit risk, business investment risk, country risk, financing risk, environmental and social (human rights) risk, compliance risk, legal risk, system and information security risk, disaster and other risks, risk related to the dissemination of corporate information via the website and SNS, and quality-related risk.) have been identified.

In the formulation of the "Risk Management Operation Policy and Plan" for each fiscal year, these risks are further subdivided, and detailed responses are taken according to the characteristics of each risk.

The "Risk Management Policy and Plan" is approved by the Board of Directors, and the status of its implementation is monitored by the Internal Control Committee and reported to the Executive Committee and the Board of Directors on a quarterly basis.

In addition, when changes in the business environment necessitate the strengthening of risk recognition and initiatives within the Group, or the need to address new areas of risk, these are reported to management and addressed as appropriate.

In the "Medium-Term Management Plan 2023," the Sojitz Group Quality Control Policy was established as the basic policy for quality control in the Group, and we are steadily strengthening our efforts to address quality-related risks.

In addition to traditional risk management in the trading business, the Sojitz Group is also quantifying and monitoring risks by assuming scenarios related to major risks, such as disasters and environmental risks, in order to capture risks throughout the supply chain and strengthen our ability to respond and resilience when risks occur.

We are also working to raise awareness of the importance of risk response among Group employees by establishing or changing Group rules and guidelines, distributing "internal control newsletters" that summarize key information such as precautions, and conducting self-inspections to check risk points for each organization. We are also promoting awareness of the importance of risk management among the Group's employees.

In addition, the Company conducts constant education and enlightenment activities through various risk management training programs to improve the risk sensitivity of the Group's officers and employees.

Management of Group companies

Each Group company maintains its own system under the supervision of the chief manager in accordance with the Sojitz Group's management control system, as outlined in the "Group Management Basic Regulations" and the "Group Management Operation Regulations." In addition, the status of system maintenance at each company is monitored on a regular basis.

In addition, Directors monitor business management of Group companies through the business division or corporate department staff who supervise these companies, or else the Directors, Audit and Supervisory Board Members, and others dispatched to Sojitz Group companies.

(Overview of operational status)
Sojitz receives regular reports from Sojitz Group companies, including annual business reports and monthly business activity reports. We also oversee the development and operation of appropriate management infrastructure and governance through directors and auditors dispatched by Sojitz. In addition, Sojitz requests prior consultation on important matters concerning the management of individual companies and oversees the execution of important business operations of group companies.

Furthermore, the Company aims to enhance group management by disseminating the Group's management philosophy and policies through the establishment of individual company regulations based on the Group's management policies and through training programs for executives and employees of Sojitz Group companies.

Based on an audit plan adopted by the Board of Directors and under the supervision of the Internal Audit Subcommittee, the Internal Audit Department of Sojitz conducts audits to investigate whether organizational governance, risk management, and internal controls are functioning appropriately in the Group companies. The Internal Audit Department also makes proposals for effective improvements to prevent losses and solve issues.

As part of the Group’s efforts to further enhance the corporate governance of Group companies, in order to improve the effectiveness of the Board of Directors at each Group company, the “Guidance for management of the Board of Directors” has been formulated, and the operating status of the Board of Directors at each company has been monitored and reported regularly to the Management Committee and the Board of Directors at Sojitz.

In addition, trainings for newly appointed Directors and Audit and Supervisory Board Members at Sojitz Group companies are provided on a yearly basis.

Management and storage of information

With respect to handling of important documents related to execution of duties such as the minutes of Board of Directors meetings, the responsible department shall appropriately manage such documents according to the retention period required by law based on guidelines including the internal rules for document retention, and shall make such documents available for viewing as necessary. As for the information related to business execution, a system is in place to monitor the status of operation by establishing rules that define the classification and confidentiality of the information. In addition, the Information and IT System Security Committee, chaired by the Chief Information Security Officer (CISO), is regularly held to strengthen the information security system.

(Overview of operational status)
With respect to information related to business execution, Sojitz regularly reviews the classification, management methods, and retention period of information as stipulated in the internal regulations, and makes efforts to ensure proper management. In addition, the Group has formulated guidelines on specific methods for the management and operation of information that requires particularly strict control, which is defined as “information requiring specific management,” and has investigated the status of holding such information and provided instructions for improvement as necessary. Furthermore, we are implementing enhanced security governance across the entire Group. This includes the deployment of security measures to detect and mitigate increasingly sophisticated cyber attacks, the introduction of software to reduce their impact, and the implementation of security risk assessments and guidance for improvement.

The Information and IT Systems Security Committee convened four times during FY2023.

Arrangements to ensure effective auditing by the Audit and Supervisory Board Members

In terms of reporting to Audit and Supervisory Board Members, Sojitz has adopted a system which, in addition to the reports by the Directors, reports matters required for auditing in a timely manner, such as reporting on Group-wide matters by various committees, including the Internal Control Committee and the Compliance Committee, as well as the Internal Audit Department, and business reports from the consolidated subsidiaries. Additionally, relevant regulations provide that persons who report to the Audit and Supervisory Board Members will not receive disadvantageous treatment on account of having made the report.

For accounting audits, Audit and Supervisory Board Members receive explanations on the audit plan and regular reports on the audit status from the Accounting Auditor, share information with each other, and establish a system enabling efficient audits. Additionally, Audit and Supervisory Board Members monitor and verify whether the Accounting Auditor maintains its independence and constantly evaluate the status of quality management of audits.

(Overview of operational status)
Reports to Audit and Supervisory Board Members are submitted in a timely manner. Meetings between Audit and Supervisory Board Members and directors and between accounting auditors are held regularly to exchange opinions.

Furthermore, Sojitz has initiated three-way audit meetings (with Audit and Supervisory Board Members, accounting auditors, and the Audit Department) on a regular basis, commencing with the current fiscal year. This will further enhance cooperation with the accounting auditors and the Audit Department.

Furthermore, audits of domestic and overseas consolidated subsidiaries are conducted through on-site inspections and remote audits using a web conferencing system to ensure sufficient communication.