TOKYO ELECTRON LIMITED

Risk Management

Internal Control System and Risk Management

Basic Stance

In order to enhance the Tokyo Electron Group’s corporate value and remain accountable for our actions to our stakeholders, we are making efforts to strengthen effective internal control. This involves implementing practical measures that are in line with the Fundamental Policies concerning Internal Controls within the Tokyo Electron Group, set out by our Board of Directors. We are also evaluating our internal control over financial reporting annually based on the Financial Instruments and Exchange Act of Japan.

Risk Management System and Initiatives

To more effectively strengthen risk management of the entire Group, Tokyo Electron has established a dedicated risk management unit within the General Affairs Department of our corporate headquarters. This unit analyzes the risks faced by the Group and identifies material risks. It then monitors the management of such risks while supporting and implementing risk management activities. The unit also regularly reports the status of risk management activities to the Audit & Supervisory Board Members and the Board of Directors. Going forward, the Group companies will continue with these initiatives to enhance the efficacy of our risk management framework.

Business Risks, Etc.

(1) Market Fluctuations
The semiconductor market is expected to further grow in the medium to long term due to continuing technological innovation amid an accelerating transition to a data-driven society backed by the spread of information and communication technology applications such as IoT, AI and 5G; progress in digital transformation (DX); and response to sustainability transformation (SX). However, a wide range of factors— including the global economy, demand for end products, trade and tariff policies, and geopolitical factors—can cause short-term supply and demand to become unbalanced and generate significant fluctuations in market size. Rapid contraction of the semiconductor market could lead to results such as overproduction, increases in dead inventory or losses from bad debts resulting from the worsening of a customer’s financial position. On the other hand, a rapid increase in demand that we cannot respond to could lead to situations such as an inability to provide products to customers in a timely manner resulting in lost opportunities. Both of these circumstances can adversely affect our business performance.
To respond to such market fluctuations, we constantly work to appropriately adjust our capital investment, personnel, inventory plans and other aspects of our businesses based on understanding of the latest market conditions through periodically reviewing the market environment and orders received at Board of Directors and other important meetings.
In addition, a large portion of our sales are to major, leading-edge semiconductor manufacturers. As such, our performance tends to be impacted by changes in capital investment by these major customers. We have established an Account Sales Division, which works in close coordination with major customers and quickly grasps trends in their capital investment outlook, as well as a Global Sales Division, which responds to a wide range of customer needs from around the world and cultivates new customers emerging in step with growth in semiconductor demand.
Through such efforts, we strive to strengthen and expand our sales framework and customer base.

(2) Research and Development
Through ongoing R&D investment in leading-edge technologies, we quickly bring to market new products incorporating such technologies, succeeding in capturing high market share in each product category and achieving a high profit margin. However, delays in the launch of new products that meet customers’ technological needs, the mismatch of newly developed products with such needs, or the launch of new technologies or products by competitors before our launches could negatively affect the competitiveness of our products, impede the recovery of R&D costs or otherwise affect our business performance.
We have established a Corporate Innovation Division, which develops innovative technology and makes groundbreaking technology proposals that integrate the products and technologies of each development division as part of a groupwide development framework. In addition, we have in place a system that constantly provides highly competitive next-generation products that meet future needs ahead of our competitors through initiatives such as conducting joint research with global research institutions and sharing technology roadmaps spanning multiple technology generations with leading-edge customers.

(3) Geopolitics
We undertake businesses in various countries and regions, and a high proportion of our sales comes from overseas. Geopolitical tensions could have an adverse effect on the international order, global macroeconomic conditions, and the national security, diplomatic, industrial or environmental policies of countries and regions, which could lead to disruptions in a part of the supply chain, a macroeconomic slowdown or other consequences that may hinder our business activities and impact our financial results.
We carefully watch international developments and the diplomatic and national security measures and industrial trends of countries and regions, anticipate the implications on our business of regulations concerning product exports and imports and technological development and changes in the macroeconomic environment, and consider response plans ahead of time. In addition to the early identification of risks, we also strive to take fast and appropriate response when risks occur, while actively engaging in dialogues with the policy-making authorities through means such as public comments.

(4) Procurement, Production and Supply
Our key production sites are located in Japan, and we supply products to customers in and outside Japan. As such, earthquakes, typhoons, heavy rains, floods or other natural disasters, acts of terrorism, unavoidable events like infectious disease outbreaks or other such accidents occurring in Japan could cause interruptions in production that, if not promptly resolved, could delay the supply of products to customers. Furthermore, the stable supply of components and such provided by suppliers is indispensable to stable production. Therefore, in addition to the risk of disasters, accidents or other similar events, delays in component procurement due to the worsening of a supplier’s business conditions, demand that exceeds supply capabilities arising from the expansion of the semiconductor market or similar factors could result in delays in the supply of products to customers and affect our business performance.
We established a Corporate Production Division in 2021 and formulate and periodically review business continuity plans (BCPs), pressing forward with risk mitigation measures. This includes establishing alternate production capabilities, seismically reinforcing our plants, promoting production leveling, maintaining backups of information systems, developing multiple sources of important components, and maintaining an appropriate level of inventory. In addition, we also strive to maintain stable product supply by, for instance, sharing with suppliers forecasts that are based on semiconductor demand projections.

(5) Safety
We may be subject to order cancellations and liability for damages if problems related to the safety of our products occur. Furthermore, if an accident involving severe or fatal injuries occurs, our safety awareness and practices could be called into question, which could lead to a decline in our credibility or other consequences that may otherwise affect our business performance.
Our “Safety First” approach entails the constant consideration of safety and health in the execution of business activities, including development, manufacturing, sales, services and management. In accordance with this approach, we work continuously to improve the safety of our products and workplace across the Group. Measures to this end include thorough safety design at the product development phase, job-specific safety training for employees, equipment user training for customers, and the maintenance of an accident reporting system.

(6) Quality
Our products are based on the integration of numerous leading-edge technologies. The occurrence of defects could lead to recalls, liability for damages based on quality responsibility, additional costs related to implementing defect countermeasures, a decline in our brand image and credibility, or otherwise affect our business performance.
Based on a uniform Group-wide quality control policy, we provide quality training for our employees and suppliers and maintain a quality assurance system, including ISO 9001 certification, as well as a world-class service system, based on continuous improvement. In development, we introduce collaboration with sales and service departments from the initial stages of product development and design to solve technological issues and meet customers’ needs. Furthermore, we work to mitigate and address risks such as using simulation technology for thorough validation. When defects occur, we investigate the root of the problem and take appropriate measures to prevent recurrences and the occurrence of similar defects. Similarly, in managing the quality of procured components, we constantly monitor the state of supplier quality and conduct audits, improvement support and other measures.

(7) Environmental Issues
Globally, there are growing requests from society, including our stakeholders, related to sustainability. Given this, difficulties in adequately responding to requirements accompanying the transition to a carbon-free society—including the climate change policies and environmental laws and regulations of countries, industry standards of conduct, technological innovation and customer needs—could result in costs for additional responses such as new product development, specification change and modifications, reduced product competitiveness, diminished public confidence in us or other consequences that may otherwise affect our business performance.
We work in partnership with customers and suppliers to protect the global environment throughout our supply chain under our environmental supply chain initiative entitled E-COMPASS (Environmental Co-Creation by Material, Process and Subcomponent Solutions).
Together with striving to comply with environmental laws and regulations and industry standards of conduct, we are working to provide technologies that deliver higher-performance and lower-power-consumption semiconductors. We also seek to reduce greenhouse gas emissions from the use of our products, increase the ratio of renewable energy usage and reduce energy consumption at the Group’s plants and offices toward achieving our own industry-leading medium- to long-term environmental goals. In addition, we work to protect the global environment through our business activities by such means as reviewing packaging and promoting modal shifts.

(8) Laws and Regulations
We operate globally and are therefore subject to the various laws and regulations of the countries and regions where we do business, including those regarding imports and exports, the environment, competition, labor, corruption, bribery and transfer pricing taxation. We strive to ensure compliance with such laws and regulations. However, violations of such laws or regulations could result in consequences such as diminished public confidence in us, fines, liability for damages or restrictions on business activities. Furthermore, national security policies of countries and unanticipated future legal amendments or tightening of regulations could, if not appropriately responded to, result in liability for costs related to such response or restrictions on business activities, or otherwise affect our business performance.
We have built a system for monitoring compliance activities at each of the key sites in and outside Japan under the direction of a Chief Compliance Officer. In addition, we operate a Group-wide internal reporting system to identify any action or behavior that appears inconsistent with applicable laws and business ethics at early stages and to take steps promptly. We conduct compliance assessments by external experts, report the identified issues to the CEO, the Board of Directors and the Audit & Supervisory Board, and carry out swift and effective measures as well as further enhancement of systems.

(9) Intellectual Property Rights
Our products are based on the integration of numerous leading-edge technologies. Obtaining and legally protecting our intellectual property rights and preventing infringements of such rights by third parties are crucial to differentiating and reinforcing the competitiveness of our products. Infringements by us of the intellectual property rights of third parties could lead to restrictions on the production and sale of our products or liability for damages, or otherwise affect our business performance.
By advancing intellectual property, business and R&D strategies in an integrated manner, we build an appropriate intellectual property portfolio. Additionally, we have built a system for avoiding the infringement of patents of other companies by continuously monitoring them and taking appropriate steps in collaboration with business and research and development divisions.
Through these measures, we strive to improve our product's competitiveness, reduce the risk of patent infringement claims, win high market share and improve profit margins in each of our product fields.

(10) Information Security
In the course of our business activities, we may obtain, hold and utilize confidential information, customer information and personal information. Incidents—such as breaches and service disruptions—caused by unauthorized access or operation due to cyberattacks against us or our suppliers and other causes, human errors, natural disasters or other reasons could result in diminished public confidence in us, liability for damages or other consequences which may otherwise affect our business performance.
Together with seeking organizational reinforcement such as by creating a dedicated department centered on the Information Security Committee, we are building an information security system based on global standards, by conducting security assessments by external experts. In addition, beside technological aspects such as the introduction of an anomaly detection system in preparation for the occurrence of incidents, we are also taking measures from operational aspects, such as establishing globally standardized rules and regulations for information management and guidelines for response during the occurrence of incidents.

(11) Human Resources
Securing and developing diverse human resources in and outside Japan and the practice of diversity, equity and inclusion are crucial to the continued innovation and growth of our global businesses. The inability to recruit and retain the necessary human resources on an ongoing basis or the inability to create an environment where human resources with diverse values and expertise can apply their individualities can lead to diminished product development capability or customer support quality.
This may result in not being able to realize an organization with competitive advantage or other such consequences that may affect our business performance.
We believe that our employees are the source of ongoing value creation and that increasing employee engagement is one of the most important factors in increasing corporate value. Specifically, we undertake measures such as the sharing of direction by top management through regular employee meetings, the building of plans to continuously develop next-generation human resources, the visualization of employee career paths, and the provision of attractive remuneration and benefits. We are also advancing ongoing measures to improve work environments as well as health and productivity management, including steps to prevent excessively long work hours and workplace harassment.

(12) Pandemics, Natural Disasters and Others
Our businesses are influenced by many factors, including political conditions, social unrest, economic conditions, financial and stock markets, foreign exchange rates, the success or failure of corporate acquisitions, major lawsuits, competition over standardization, pandemics, earthquakes, typhoons, heavy rains, floods and other natural disasters in the countries and regions we operate in. Such factors could affect our business performance, and we proactively take the necessary measures to counter such risks.

Auditing by the Internal Audit Department

To enhance our internal auditing functions, we have established the Global Audit Center, which is an organization under the direct purview of the Representative Director, President & CEO, responsible for conducting operational audits and evaluating our internal control over financial reporting prepared in accordance with the Financial Instruments and Exchange Act.
Based on our Internal Audit Policy, the Global Audit Center formulates the annual audit implementation plan, conducts audits of the Group’s business locations in Japan and overseas, evaluates the effectiveness of the Group’s internal audit system (i.e., the framework for ensuring that our business policies and various types of information are shared responsibly within the Group, and that risk evaluation and financial reporting are conducted properly and in a reliable manner) and the business operations under its control, and instructs audited organization to improve their practices if deemed necessary. The audit results and the status or outcome of evaluation are reported to our management team and also to Audit & Supervisory Board Members of the company and our Japanese subsidiaries every two months. Further, a process is in place to keep our board of directors and Audit & Supervisory Board informed.
In addition, the Global Audit Center and our independent auditors intend to exchange information and views each other on a regular or ad hoc basis, so that our audits remain coordinated, efficient, and effective.

Business Continuity Plans (BCPs)

The Tokyo Electron Group began formulating its business continuity plans (BCPs) in 2003. After the Great East Japan Earthquake, the Group rebuilt these plans to include more practical provisions for restoring operations at major business sites after a crisis. Specifically, the revised plan included disaster preparation measures such as stockpiling emergency supplies (including food and drinking water), the reinforcement of essential infrastructure, restructuring of the safety confirmation system, preparation of manuals, and the implementation of drills and employee training. To meet its responsibilities as an equipment manufacturer, the Group is constantly improving its BCPs to facilitate early disaster recovery and secure alternative production capabilities.
Drawing on our experience of previous earthquakes, reinforcement work is being conducted for our existing buildings in Japan to improve their seismic resistance, while techniques such as base isolation and seismic damping are being adopted for new buildings.

Information Security Management

To ensure our information assets are used in a safe and effective manner and managed properly, we have in place the Information Security Committee that consists of an information security officer of Tokyo Electron as its head and information security general managers of the Group companies. In addition, each Group company has set up an information management structure under its own Information Security Committee that consists of representatives from its departments. The Group has established a Group-wide hierarchy of governing documents that include the Information Security Policy, the Information Security Regulation, the Information Security Standard, and various guidelines. These documents are communicated and applied to the Group companies in Japan and abroad. A handbook and an e-learning content is used to educate and promote awareness of these rules among Group executives and employees, and all departments are required to perform self-assessment at the end of each fiscal year, thereby promoting and raising information security awareness across the Group.
Additionally, the Group has a reporting system for both actual and potential incidents that may lead to information leakage. The reports received enable the Information Security Department to quickly respond to the incidents, to reflect its analysis results in Group-wide efforts and initiatives and to provide support as needed. Regarding accidents and incidents above a certain level of severity, top management makes a final decision on risk acceptance and response.
To address emerging cyber security threats, the Group examines possible risk mitigation measures as needed by making effective use of intrusion tests, external threat intelligence, and other resources and makes rational responses. The Group also has a monitoring system in place to detect targeted attacks using social engineering and prevent damage.