Global Site
Breadcrumb navigation
Risk Factors
- Font size
-
(As of June 19, 2025)
(1) Risk management system
The NEC Group has a company-wide cross-sectional risk management system centered on the Risk Control and Compliance Committee and the Chief Risk & Compliance Officer (CRCO) to accurately comprehend and to respond appropriately to both internal and external risks related to NEC Group’s businesses.
In NEC Corporation (hereinafter the “Company”), important matters related to company-wide risk management, including a risk management policy and selection of and response policies to “Priority Risks” that requires countermeasures across the NEC Group, as well as measures to address risks that require company-wide management in response to changes in risk environment during the fiscal year, are discussed at the Risk Control and Compliance Committee and then reported to the Business Strategy Committee and the Board of Directors on a regular basis.
The Company has the CRCO to monitor and address company-wide risks centrally and cross-functionally and manage possibilities to make losses. The CRCO takes a lead in the company-wide risk management by detecting and analyzing risks that are diversifying and becoming more complex in constantly changing social and business environment, and evaluating impacts, while prioritizing countermeasures and closely collaborating with other chief officers in charge of each risk.
(2) Policies, processes, and operational status in risk identification
a. Policy
The NEC Group refers to the Enterprise Risk Management - Integrated Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and ISO31000 which is an international standard that provides principals and guidelines for risk management. On this basis, the NEC Group, in order to pursue returns through appropriate risk management, has categorized the risks associated with the NEC Group’s businesses into the Risk Total Picture and has decided on responsible divisions and response policies for each risk. In the Risk Total Picture, integrity is recognized as the foundation of all risk management activities and risks are classified into three categories according to their nature. The Company has developed a response flow in case such risk should materialize, especially in the event of a crisis that threatens the existence of the Company.
b. Process
Based on a comprehensive list of risks that the NEC Group should be aware of, the CRCO engages in dialogue with the other chief officers in charge of managing each risk and conducts risk assessments. The CRCO creates a risk map that visualizes risk priorities by evaluating impact on five levels and urgency on three levels taking into consideration changes in the external and internal environment and the status of each risk countermeasure.
The CRCO updates the risk map through the review of the Risk Control and Compliance Committee on a quarterly basis, and regularly reports to the Business Strategy Committee and the Board of Directors.
c. Operational status
Through the process described in the previous paragraph, the NEC Group has prioritized the risks which may affect the NEC Group as presented in the following risk map.
Among these, the NEC Group considers “provision of appropriate products and services” to be particularly important, and “cybersecurity”, “respect for human rights”, “occurrence of serious misconduct”, and “human capital management” to be the next most important risks, which are referred to and described below as priority risk and significant risks.
(3) Priority risk and significant risks
a. Priority risk
| Risk name | Provision of appropriate products and services | |
| Classification | Business, Compliance | |
| Evaluation | Impact: 4 | Urgency: 3 |
| Description | The NEC Group offers a wide variety of products, systems and services, and conducts business in Japan and overseas with a global supply chain. If the NEC Group is unable to maintain quality control and safety management in the NEC Group and unable to maintain the trust of a wide range of stakeholders, including suppliers, it may result in legal liabilities and social reputational harm, which may have a material adverse impact on the NEC Group’s business. | |
| Countermeasure | Quality and safety promotion system / quality and safety risk management system The NEC Group has established company-wide regulations and standards to clarify its system of activities for quality control and safety management. The Chief Supply Chain Officer (CSCO) takes responsibility for quality control and safety management in the NEC Group, and the quality promotion organizations established in the Supply Chain Strategy Division and consolidated subsidiaries, as well as the quality and safety management officers appointed in each operating division and consolidated subsidiary, are playing key roles in improving quality and safety. The NEC Group has also established a company-wide system for risk management related to quality and safety, and is implementing it thoroughly. In the event of a serious problem with a customer’s system or a system that may have an impact on society, a serious product safety incident, a technical regulatory violation etc., the NEC Group will promptly initiate a swift escalation process , hold discussions with the divisions concerned, and decide on response policies for the customer, the competent authorities, and public relations. Evaluation system for new projects At the start of a new project, the NEC Group identifies the risks involved in the execution of the project and makes sure that adequate risk countermeasures are in place. The NEC Group conducts pre-order reviews from various perspectives, including quality-related technical and safety risks, development scale and implementation period, and project execution structure. Supply chain management system In the NEC Group, the CSCO is responsible for managing sustainable procurement activities. In addition, the meetings chaired by the procurement function manager of the Supply Chain Strategy Division is engaged in making decisions on sustainable procurement and receiving periodic reports on the status of the implementation both in Japan and overseas to enhance governance. The NEC Group is, not only by itself but also through collaboration and co-creation with suppliers, conducting its businesses while paying careful attention to the impacts on the environment and society as a whole, with the intention of gaining the trust of society and creating social value. | |
b. Significant risks
| Risk name | Cybersecurity | |
| Classification | Conduct | |
| Evaluation | Impact: 5 | Urgency: 2 |
| Description | Now that the entire world is openly connected and the use of AI is increasing, the NEC Group is exposed to various risks, including the sophisticated and commercialized cyberattacks, the growing risk of information leakage stemming from the extensive use of cloud services, and challenges in information management in view of economic security. If the NEC Group is unable to appropriately address cybersecurity risks, not only for the NEC Group itself but also for our customers and business partners, it may result in legal liabilities and social reputational harm, which may have a material adverse impact on the NEC Group’s business. | |
| Countermeasure | Given the circumstances, the NEC Group is promoting to build the “Zero Trust Security Platform” that has robust and flexible measures based on the Zero Trust Maturity Model. In line with the “Cybersecurity Management Guidelines Ver. 3.0” by the Ministry of Economy, Trade and Industry (METI) and the “Cybersecurity Framework 2.0” by the National Institute of Standards and Technology (NIST), the NEC Group has established a cybersecurity organizational structure to strengthen and implement intelligence gathering capabilities (preventive defense) and resilience capabilities (ability to recover from cyberattacks) against intensifying cyberattacks. The NEC Group is promoting a data-driven cybersecurity initiative by providing all employees with information for cybersecurity risks through an internal dashboard. This helps enhance the NEC Group’s security governance enabling top management to make data-driven business decisions quickly and members of the workforce to act autonomously. The NEC Group has structured a security implementation promotion framework for secure development and operation of the products, systems and services it provides to customers. This framework involves the Cyber Security Division and security managers in each business division, and the details and security implementation processes of which are stipulated in the “Cybersecurity Management Rules”. The NEC Group is working to implement measures, including those involving the supply chain, to provide high-quality and secure services, such as ensuring security in the phases from the planning and proposal to the operation and maintenance based on the concept of “Security by Design (SBD)” to ensure security. | |
| Risk name | Respect for human rights | |
| Classification | Conduct, Compliance | |
| Evaluation | Impact: 4 | Urgency: 2 |
| Description | By continuously assessing the actual or potential negative impacts across the value chain, the NEC Group identifies salient human rights issues that it considers having a particularly high impact. If the NEC Group is unable to address these salient human rights issues appropriately, it may result in legal liabilities, economic sanctions and social reputational harm, which may have a material adverse impact on the NEC Group’s business. | |
| Countermeasures | The NEC Group Human Rights Policy The NEC Group respects fundamental human rights in every aspect of its corporate activities and does not tolerate acts of discrimination for any reason, nor does it tolerate acts that damage the dignity of individuals. The NEC Group has formulated the NEC Group Human Rights Policy in 2015. Subsequently, in June 2022, the NEC Group revised it to clarify the commitment of top management to respect human rights as well as the governance system required by the United Nations “Guiding Principles on Business and Human Rights (UNGPs).” Furthermore, in response to the addition in 2023 by the International Labour Organization (ILO) of the concept of a “safe and healthy working environment” to its “Core Labour Standards”, the NEC Group revised its policy accordingly. Initiatives to salient human rights issues taken during the fiscal year ended March 31, 2025 are as follows. New technology and human rights (AI and human rights) In executing AI business, the NEC Group has formulated the “NEC Group AI and Human Rights Principles” for appropriate protection of basic human rights, such as privacy. The NEC Group has also formulated regulations for the system, planning, implementation, inspection, and review for responding to AI and human rights risk, and is working to disseminate the implementation and operation of these regulations. Human rights risks related to geopolitical situations and conflicts The NEC Group identifies high-risk regions from a perspective of human rights and, if customers are in these high-risk regions, checks their attributes, information concerning human rights and corruption, and intended use of products and services, prior to engaging in transactions with them. The NEC Group also checks sanctions lists related to human rights. Furthermore, if customers do not have human rights policies, the NEC Group requires them to implement measures equivalent to the “NEC Group Human Rights Policy” to prevent human rights risks. Labour in supply chains Based on the “OECD Due Diligence Guidance for Responsible Business Conduct”, the NEC Group assesses and identifies human rights risks in the supply chain, conducts on-site audits of suppliers at risk, and takes corrective measures to mitigate risks as necessary as a risk-based approach. Employee safety and health Based on the “NEC Group Occupational Health and Safety Management System”, the NEC Group identifies risks and implements countermeasures. The NEC Group also prohibits all forms of harassment, including power harassment and sexual harassment, and aims to foster a culture of mutual acceptance of diversity. The Corporate Human Rights Promotion Committee, established in 1997, continues its activities to promote human rights awareness activities, including the prohibition of discrimination and the prevention of harassment. | |
| Risk name | Occurrence of serious misconduct | |
| Classification | Compliance | |
| Evaluation | Impact: 4-3 | Urgency: 3-2 |
| Description | The NEC Group has identified compliance risks that could lead to serious misconduct and is taking appropriate countermeasures to address them. If the NEC Group is unable to properly address these issues, it may result in violations of competition law, etc., suspension of transactions, and social reputational harm, which may have a material adverse impact on the NEC Group’s business. | |
| Countermeasures | Compliance policy The NEC Group positions compliance at the foundation of management, and subscribes to “Uncompromising Integrity and Respect for Human Rights” in its “Principles” and conducts continuous company-wide activities involving all members of the NEC Group. Compliance system The NEC Group has formulated the NEC Group Compliance Policy, and the matters related to specific issues and countermeasures therefor are discussed and promoted through Risk Control and Compliance Committee, while the CRCO is comprehensively overviewing the NEC Group’s compliance issues. The NEC Group also plans and implements various measures to ensure thorough compliance, including the dissemination of the “NEC Group Code of Conduct”. The NEC Group also provides the necessary support, adjustments for, and instructions to ensure to carry out the risk management implemented by each division systematically and effectively. Prevention of violations of the Act on the Protection of Personal Information The NEC Group has appointed a Chief Legal Officer (CLO) as the officer in charge of personal information protection, and has established the positions of a Personal Information Protection Administrator, a Personal Information Protection Promotion Bureau, and a Chief Personal Information Protection Auditor to promote personal information protection at the corporate level. In addition, the Personal Information Protection Administrator serves as the person in charge of implementing the personal information protection management system, and is also responsible for protecting specific personal information (Individual Numbers to identify a specific individual in administrative procedures). In October 2005, the Company received Privacy Mark certification, recognizing it as a business operator with systems in place to ensure appropriate protection measures for personal information in conformance with JIS Q 15001. Since then, the NEC Privacy Policy has stipulated that personal information must be handled in accordance with JIS Q 15001. Prevention of bribery The NEC Group Code of Conduct sets forth action guidelines on the “prevention of bribery and corruption” and “entertainment, gifts, donations and political activities”. Through these and other measures, the NEC Group is working to prevent bribery and corruption in all its forms. Specifically, the NEC Group has formulated and is implementing the “Anti-Bribery Manual”, and the Guidelines for Provision of Gifts, Hospitality, Travel Expenses and Donations based on the “Anti-Bribery Policy”. Prevention of violations of the Construction Business Act, etc. In the area of construction work, the NEC Group has formulated and is implementing the “Code of Conduct for Health and Safety in Construction”, which is based on the philosophy of certainly providing customers with social value by establishing a compliance and health and safety culture at construction sites. Not only construction workers but also employees and related workers are engaged in safe construction in compliance with related laws and regulations based on the basic policy of “health and safety take priority in all work”, including health management. | |
| Risk name | Human capital management | |
| Classification | Business | |
| Evaluation | Impact: 5 | Urgency: 2 |
| Description | In order to achieve the NEC Group’s business goals, it is necessary to acquire and retain talented employees. If many talented employees leave the NEC Group or the NEC Group is unable to recruit talented new employees, it may have a material adverse impact on the NEC Group’s business. | |
| Countermeasures | These risks are identified as significant risks in the company-wide risk management activity. Under the leadership of the CRCO, the NEC Group is taking measures, while conducting the assessments from the perspective of impact and urgency conducted on a quarterly basis, to reduce these risks by way of building relationships with external agents and universities to acquire human resources, and continuously identifying differences between the actual numbers and the staffing plan set in the budget at the beginning of the fiscal year. Human resource acquisition and development In terms of recruitment, the NEC Group is not only using recruitment agencies but also actively engaged in scouting human resources as well as working on corporate branding and public relations. As a result, the Company, and NEC Solution Innovators, Ltd. and ABeam Consulting Ltd., which are major subsidiaries of the Company, hired 1,034 mid-career employees in the IT Services Business in fiscal year ended March 31, 2025. In terms of training, the NEC Group has a set of training programs specially designed for eight categories of DX human resources, including cloud, data scientist, and cybersecurity. The NEC Group has established a system that allows to constantly monitor the status of DX human resources and training for each organization, and the retention rate of human resources in IT Services Business is high at 97%. Long working hours that harm safety and health Through monitoring working hours regularly and analyzing the causes of overtime in divisions with excessive overtime hours, the NEC Group takes measures from the perspectives of both individual workstyle and cross-organizational approach. Occupational safety and harassment The NEC Group identifies and takes measures for risks based on the “NEC Group OH&S Management System” practiced under the “NEC Group Safety and Health Policy”, which defines the basic philosophy and code of conduct for occupational health and safety (OH&S) in the NEC Group. The NEC Group provides online training for all employees, and also provides training in the form of workshops for managers. | |
The NEC Group endeavors to avoid risks other than those described above and to take measures in the event they materialize. However, the business, results of operations, and financial position of the NEC Group may be affected by risks that are difficult to predict or that are considered to be of low materiality.
The forward-looking statements herein are based on the judgments of the NEC Group as of the end of the fiscal year ended March 31, 2025.
- (Note)The names of organizations and positions mentioned above are as of April 1, 2025.