Risk Management

Santen strives to establish an information management and monitoring system in response to various risks, including unpredictable uncertainties, to eliminate such risks or address them appropriately.

Risk Management System

In accordance with the rules for risk management, we identify, evaluate, and monitor risks regularly in each region and division to deal with assumed major risks of loss related to the execution of our business activities, striving to avoid or minimize the risk of loss during times of normal business operations. At the same time, we continue to build an effective risk management system to improve the sophistication of risk management. To this end, in fiscal 2022, we began dividing risks into risks attributable to internal factors and risks attributable to external factors, identifying and categorizing each risk factor in an integrated manner and communicating this information throughout the company.

As our business expands globally, we are required to comply with various regulations at advanced levels. In addition, we must take appropriate measures to ensure a stable supply of products, quality control, IT security, and compliance, as well as to ensure risk management against pandemics, natural disasters, conflicts, etc.

To address the variety of risks that may affect our business in particular, we continue to strengthen risk management activities under the leadership of our chief risk officer (CRO), who is responsible for identifying major risks, formulating preventive measures, and encourage discussion.

In the event or report of an event that has the potential to develop into a serious crisis, we form a crisis management committee, chaired by the Santen president and CEO. This committee responds to and contains the situation in question as we implement measures to prevent recurrence. 

In its independent capacity, the Internal Audit Office verifies the status of risk management through internal audits.

System Chart

Each Risk

Assessment pointsRisk scenarioImpacts on corporate valueCountermeasures and current progressRisk category
Supply chain
  • Suspension of operations at a specific plant (the Noto, Shiga or Suzhou Plants, in particular) or at external contractors, or the suspension of raw material supply from a supplier due to a pandemic, natural disaster, fire or other factors
  • Adverse impacts of disruption or suspension, etc. of production activities on stable product supply, and on Santen’s business performance and financial condition
  • Create processes, systems and other mechanisms to ensure stable supply
  • Having continuously a full understanding of actual conditions and respond to issues by planning, monitoring execution, and assessing risk
  • Structure product manufacturing and supply for compatibility with rigorous logistics regulations in Europe
  • Visualize and centralize global inventory management and production planning
  • Establish and strengthen the contract manufacturer management system and backup supplier system
External factorOperational risk
Global compliance
  • Violations of social norms, laws, regulations, etc.
  • Decline in public trust and brand image
  • Damage to corporate value due to a stock price decrease
  • Decline in Santen’s business performance or difficulty in business continuity due to decreased revenue or payment of compensation for damages, etc.
  • Established the Global Compliance Policy; systemically enhance the structure for global compliance
  • Introduced an organized global education program for all employees; implement the program
  • Reinforce compliance awareness and ensure compliance with laws and regulations by designating Awareness Month for Santen’s Code of Practice, supported by messages from the CEO and regional senior management
  • We created the Speak Up Portal as a global internal reporting system, and established a globally unified risk management system.
Internal factorOperational risk
IT Security and Information Management
  • Malfunction of IT systems used in business activities
  • Cyberattacks, computer virus infection, etc.
  • Leakage of personal or other kinds of information
  • Adverse impacts of suspension of or delays in business activities, decline in public trust, etc. on Santen’s business performance
  • Operate and maintain an information security management system that meets the ISO/IEC 27001 standard
  • Established the Global Data Privacy Policy, the Global Information Security Policy, the Document Management Policy, and other policies to address cyber security risks
  • Enhance security governance through personnel and organizational measures centered around security training and drills and through technical measures (provide global antiphishing training as one measure to enhance cyber security)
  • Ensure appropriate risk management not only within the Santen Group but also throughout its supply chain and at its business partners
  • Established a system by which the Chief Digital & Information Officer (CDIO) serves as the Chief Information Security Officer (CISO), who is in charge of formulating and implementing global information security strategies and reports directly to the CEO and the Board of Directors
Internal factorOperational risk
InvestmentFailure to realize expectations or profits from proactive investments with the aim of sustainable global growth in the ophthalmic field, due to changes in the external environment or other unfavorable circumstances
  • Impairment loss on tangible or intangible assets and adverse impacts on Santen’s business performance
  • Implement investment decisions in line with internal evaluation criteria based on cost of capital
  • Established the Corporate Strategy Committee to discuss key strategic issues; organically coordinate discussions of medium-to-long-term strategy, businesses and development portfolio with individual projects for submission to the Board of Directors; clarify the position of individual projects in overall strategy and lay out issues for discussion
  • Introduced a framework of regular, continuous monitoring of Board of Directors’ resolved items to obtain steady results
Internal factorStrategic risk
Global Operation
  • Revisions to laws or regulations in the countries where Santen operates
  • Political instability and/or economic uncertainties
  • Cultural differences in business practices
  • Difficulty in achieving initially expected effects and/or profits
  • Strengthen the crisis management system through global collaboration
  • Established global policies and operational rules
  • Ensure continued monitoring
Internal factorStrategic risk
Pharmaceutical Regulatory Trends
  • Drug price revisions beyond the scope of those predicted, mainly in the Japanese market
  • Other revisions to healthcare insurance systems
  • Measures by governments or revisions to pharmaceutical insurance systems to encourage the use of generic drugs, such as volume-based purchasing in China, and other companies’ launch of generic drugs
  • Adverse impacts on Santen’s business performance and financial condition
  • Accelerate the development of new drugs with high added value
  • Pivot from long-listed products to a portfolio centered on new drugs
  • Expand sales channels to include markets for treatments that are not listed under healthcare insurance systems, etc.
  • Help ensure drug approval and fair pricing by strengthening global regulatory and market access capabilities
External factorStrategic risk
Research and Development
  • Suspension of or delays in development, refusal of submitted drug approval applications, failure to obtain expected efficacy, etc.
  • Difficulty in achieving revenue commensurate with research and development investment costs
  • Enhance development functions, mainly in the U.S. and China
  • Prioritize and optimize the development pipeline
  • Consult closely with authorities to refine clinical trial design and improve the process for selecting institutions where clinical trials are conducted
Internal factorStrategic risk
  • Unexpected side effects, leakage of personal information, etc. during clinical trials
  • Decline in public trust and adverse impacts on Santen’s business performance
  • Establish and hold meetings of the Research Ethics Committee as a deliberating body to ensure scientifically and ethically appropriate research and development
  • Implement necessary measures to ensure patients’ participation in clinical trials of their free will, with their fully informed consent, and with the protection of their personal information ensured
Internal factorOperational risk
  • Occurrence of environmental issues, such as environmental pollution
  • Legal measures or obligations to pay damages due to revisions to environmental laws or regulations, or other circumstances
  • Accelerated shift to low-carbon energy
  • Mandatory or regulatory shift to bioplastic or biomass plastic in materials for eye drop bottles and other packages
  • Decline in the supply of plant-based materials
  • Floods or drought at major production sites due to changes in rainfall patterns, and resulting delays in or suspension of product supply
  • Adverse impacts on Santen’s business performance
  • Incurrence of countermeasure costs
  • Increase in capital investment, procurement costs, etc.
  • Operate an environmental management system that not only complies with environmental laws and regulations but also meets higher in-house standards
  • Formulated the Environmental Vision and set environmental targets; implement the action plan based thereon (including promoting the use of biomass plastic as a material for eye drop bottles)
  • Plan capital investments necessary to realize a low-carbon society, including investments in installing hydrogen boilers and hydrogen fuel storage facilities
External factorStrategic risk Operational risk

Emerging Risks

DetailsBusiness ContextImpactResponse and Mitigation Measures
International DisputesInternational disputes that span specific regions or countries not only affect the supply chain in those regions, but also impact raw materials procurement, product supply, etc.Such events cause concern for the safety of employees in the areas affected, as well as concerns about the impact on supply chains, finances, and sanctions.
If production activities, including the activities of our contract manufacturers, are affected, the supply of products to the entire global market could be affected negatively.
Continue to development response manuals to recognize and mitigate risks.
Monitor geopolitical, socio-political and economic/political conflicts in the countries and regions where key supplies and suppliers are located.
Water Resource IssuesFrequent earthquakes in the Noto Peninsula, where our plant is located, could impact groundwater channels. An accident at the nearby nuclear plant could impact water quality. These and other events could have a negative impact on production activities.Potential inability to provide a stable supply of products.
Potential impact on sales and other financial matters.
Secure backup water sources.
Maintain backup production lines.
Changes in Employment RelationshipsAs human resources mobility increases globally, declining wage competitiveness in Japan and other issues have become major problems. Competition for human resources intensifies as companies respond to wage increases and other factors, increasing the risk that talented employees will leave the company.
At the same time, competitive conditions in recruitment and hiring are likely to become more severe due to rapid wage increases associated with globalization.
Further, the globalization of work styles will change the traditional rules in each country regarding the terms of operations and recruitment.
In particular, serious consequences could result from the loss of human resources due to the increased retirement of talented employees and organizational dysfunction due to excessive mobility.
Higher wage levels for mid-career hires will contribute to higher costs.
The increasing diversity in places to work and work styles, as well as the diversification of values, may lead to events that cannot be addressed through conventional rules.
We must conduct initiatives to improve employee engagement and actively promote talented people to higher levels of responsibility.
Consider benchmarking wages and terms of employment against peers and competing systems.
Outbreak of New Infectious DiseasesThe outbreak and spread of infectious diseases caused by new pathogens could affect R&D, production, sales, and other activities.Such events could hinder research and development activities, such as clinical trials and studies. The stable supply of products could be disrupted due to the impact on the supply chain, including factory operations and logistics. Sales activities could be disrupted due to the inability to collect or provide timely and appropriate information to medical professionals.Establish systems to ensure the safety of employees and the continued stable supply of products based on our response to COVID-19 to date.

Information Security

In the most obvious sense, effective information security assures the safety of our critical assets, protects individual privacy, and guards the integrity of our systems and infrastructure. In a broader sense, information security is the essential first ingredient to our evolution as a global society. Therefore in Santen, we see information security is a strategic priority.

Santen is committed to implement and maintain an Information Security Management System (ISMS) based on ISO/IEC 27001. The main objective of the system is to guarantee the confidentiality, integrity and availability of information which is required for the continuity of daily operations, regulations and maintaining strategic competitive advantage. To implement and operate this management system, Santen;

  • Develops a clear, comprehensive security vision and implement metrics relevant to business outcomes,
  • Implements an Information Security Risk Management methodology which is efficient and effective to eliminate or reduce risks affecting processes and allocate necessary resources to mitigate information security risks to an acceptable level. It addresses uncertainties around valuable assets to ensure the desired business outcomes are achieved,
  • Conducts education program and awareness training activities regularly in order to make employees, contractors and business partners aware of their roles and responsibilities regarding Information Security,
  • Provides business continuity for critical processes by developing and maintaining business continuity framework, plans and systems,
  • Complies with and continuously seek to improve on all applicable information security related laws, market regulations, contractual obligations, industry standards and other related internal and external requirements,
  • Takes appropriate actions to manage and prevent information security policy violations,
  • Continually improves ISMS by setting security control objectives and performing regular internal audits and gap assessments,
  • Ensures that all employees comply with ISMS policies, detailed rules and controls.

Information Security Governance

Top Management's support, commitments, accountability is vital in ensuring information security implementation and achieving the Information Security Management System's intended results.

In Santen, Chief Digital & Information Officer (CDIO) acts as Chief Information Security Officer (CISO), and is accountable from the global information security strategy and its execution.

In this role, CDIO reports directly to the Chief Executive Officer (CEO), and Board of Directors (BoD) and is responsible from maintaining the security governance framework, focusing on information and business risks, concentrating on the protection of critical business processes and applications, protecting classified information from disclosure, taking responsibility for developing and maintaining an information security architecture, and ensuring that new systems are developed securely, as clearly stated in the 'Santen Global Information Security Policy'.

CDIO is supported by the ISMS Committee, the governance body which is chaired by the Global Head of Information Security and consists of several critical stakeholders. The ISMS Committee meets on a regular basis to make strategic decisions and perform other key responsibilities listed below, and reports the identified risks, and decisions to CDIO, CEO and BoD:

  • Approve enterprise wide, key decisions affecting the information security status of Santen,
  • Create a pragmatic, risk-aware culture where information security is subconsciously considered across all aspects of business,
  • Promote timely decision-making about information risks by monitoring Santen's exposure to information security threats, and making recommendations to the governance body,
  • Monitor security performance using information that is timely and accurate (Key Performance Indicators and Key Risk Indicators),
  • Report to stakeholders about risks identified and progress of information security-related projects and initiatives.

Security awareness trainings both for information technology (IT) and operational technology (OT)

Our security education and awareness program expect all employees to take ownership of our security practices. we train all new employees on information security policies and detailed rules.

The online IT security awareness training in FY2022 has a completion rate of 96%. Below topics are some examples that are covered in the training:

  • Understanding the importance of 'information security'
  • Understanding the security threats and how to prevent information security incidents
  • The responsibilities of the employees
  • Specific information security measures that help employees in their daily activities
  • Understanding mobile device risks
  • Measures against malware
  • E-mail and internet acceptable usage
  • Information classification and handling

The online OT security awareness training in FY2022 has a completion rate of 99%. Below topics are some examples that are covered in the training:

  • Understanding the importance of 'information security' and difference between OT and IT
  • Understanding the security threats and how to prevent information security incidents
  • Business continuity
  • Physical and environmental security
  • Network isolation and access controls
  • Change management
  • Third party risks and management

Global phishing gamification

As phishing is one of the most effective and widespread techniques used by cyber criminals, Global Information Security innovated a new phishing training approach to drive a more secure corporate culture founded upon employee behavior that reduces risk of the human element.

The team launched an ongoing phishing gamification experience globally, to encourage our colleagues learn safer email habits in an engaging and playful way, while making sure they are part of the incident response process.

Security policies and procedures

The company aims to apply industry best practices as part of our information security policies, processes and invest in strategies that are commensurate with the changing nature of the security threat landscape. Some of the policies and procedures that provide guidance to our employees in their daily operations include the following: all are for global.

  • Information Security Policy
  • Information Security Detailed Rules
  • Security Incidents Management Procedure
  • Major Security Incidents Management Procedure
  • Data Classification and Handling Policy
  • Encryption Procedure
  • Backup and Restore Procedure
  • Access Management Procedure
  • Mobile Device Management Procedure
  • Data Transfer Procedure
  • Log Management Procedure
  • Information Security Risk Management Procedure
  • Patch Management Procedure

Third party security risk management

In Santen, third parties are treated as an extension of our Information Security Management System (ISMS), i.e. when Santen provides or receives services from a third party supplier, the scope of our ISMS extends to the third parties. Our information security policies, procedures, instructions enforced in Santen, are applicable to all third parties who hold a relationship with us.

Before engaging with third parties, information security risk assessments are performed. As third party security risks are always evolving, and continuous monitoring at regular intervals is vital; we monitor the security risks via different tools and processes (such as; Maturity Level Assessments, Cyber Risk Scorecards) throughout the entire vendor lifecycle, from onboarding to off boarding.

Measures against COVID-19 Infections

We in Santen believe that our mission is to continue delivering of treatments for visual conditions to our patients around the world based on Santen's CORE PRINCIPLE, even in the event of emergencies, including the worldwide COVID-19 pandemic and the consequent adoption of lockdown measures in various cities and countries around the world. In addition, as a life science company that contributes to society, we place high importance on avoiding committing any act that could help to spread the virus, and continuing our efforts toward future innovation in ophthalmic treatment even amid such an emergency. As an emergency measure, on January 2020, we organized the Crisis Management Committee. We have since carried out various initiatives, including monitoring the situations in our business locations in Japan and abroad, and devising countermeasures and giving directions on their implementation.