TOKYO ELECTRON LIMITED

Risk Management

Internal Control System and Risk Management

Basic Stance

In order to enhance the Tokyo Electron Group’s corporate value and remain accountable for our actions to our stakeholders, we are making efforts to strengthen effective internal control. This involves implementing practical measures that are in line with the Fundamental Policies concerning Internal Controls within the Tokyo Electron Group, set out by our Board of Directors. We are also evaluating our internal control over financial reporting annually based on the Financial Instruments and Exchange Act of Japan.

Risk Management System and Initiatives

To more effectively strengthen risk management of the entire Group, Tokyo Electron has established a dedicated risk management unit within the General Affairs Department of our corporate headquarters. This unit analyzes the risks faced by the Group and identifies material risks. It then monitors the management of such risks while supporting and implementing risk management activities. The unit also regularly reports the status of risk management activities to the Audit & Supervisory Board Members and the Board of Directors. Going forward, the Group companies will continue with these initiatives to enhance the efficacy of our risk management framework.

Business Risks, Etc.

(1) Market changes
The semiconductor market is expected to further grow in the medium to long term due to continuing technological innovation amid an accelerating transition to a data-driven society backed by the spread of information and communication technology applications such as IoT, AI and 5G; progress in digital transformation (DX); and response to sustainability transformation (SX). However, a wide range of factors— including the global economy, demand for end products, trade and tariff policies, and geopolitical factors—can cause short-term supply and demand to become unbalanced and generate significant fluctuations in market size. Rapid contraction of the semiconductor market could lead to results such as
overproduction, increases in dead inventory or losses from bad debts resulting from the worsening of a customer’s financial position. On the other hand, a rapid increase in demand that we cannot respond to could lead to situations such as an inability to provide products to customers in a timely manner resulting in lost opportunities. Both of these circumstances can adversely affect our business performance.
To respond to such market fluctuations, we constantly work to appropriately adjust our capital investment, personnel, inventory plans and other aspects of our businesses based on understanding of the latest market conditions through periodically reviewing the market environment and orders received at Board of Directors and other important meetings.
In addition, a large portion of our sales are to major, leading-edge semiconductor manufacturers. As such, our performance tends to be impacted by changes in capital investment by these major customers. We have established an Account Sales Division, which works in close coordination with major customers and quickly grasps trends in their capital investment outlook, as well as a Global Sales Division, which responds to a wide range of customer needs from around the world and cultivates new customers emerging in step with growth in semiconductor demand.
Through such efforts, we strive to strengthen and expand our sales framework and customer base.

(2) Geopolitics
We undertake businesses in various countries and regions, and a high proportion of sales comes from overseas. Amid growing international attention on semiconductors, countries and regions are seen to be embarking on measures—including the domestication of semiconductor-related businesses, prioritization of domestically manufactured products, tightening of export controls and strengthened environmental regulations—from perspectives such as industrial policy, national security and environmental policy. Our business performance may therefore be affected if our business activities are restricted as a result of those measures.
We grasp the implementation moves of regulations regarding import and export of products and technological development by carefully watching policy and diplomatic trends of countries, anticipating the impacts when policies and regulations are introduced and considering countermeasures. At the same time, in addition to the early identification of risks, we also strive to take fast and appropriate response when risks occur, including communicating our opinions to the policy-making authorities through means such as public comments for the healthy development of the semiconductor industry.

(3) Research and Development
Through ongoing R&D investment in leading-edge technologies, we quickly bring to market new products incorporating such technologies, succeeding in capturing high market share in each product category and achieving a high profit margin. However, delays in the launch of new products that meet customers’ technological needs, the mismatch of newly developed products with such needs, or the launch of new technologies or products by competitors before our launches could negatively affect the competitiveness of our products, impede the recovery of R&D costs or otherwise affect our business performance.
We have established a Corporate Innovation Division, which develops innovative technology and makes groundbreaking technology proposals that integrate the products and technologies of each development division as part of a groupwide development framework. In addition, we have in place a system that constantly provides highly competitive next-generation products that meet future needs ahead of our competitors through initiatives such as conducting joint research with global research institutions and sharing technology roadmaps spanning multiple technology generations with leading-edge customers.

(4) Procurement, Production and Supply
Our key production sites are located in Japan, and we supply products to customers in and outside Japan. As such, earthquakes, floods or other natural disasters, acts of terrorism, unavoidable events like infectious disease outbreaks or other such accidents occurring in Japan could cause interruptions in production that, if not promptly resolved, could delay the supply of products to customers. Furthermore, the stable supply of components and such provided by suppliers is indispensable to stable production. Therefore, in addition to the risk of disasters, accidents or other similar events, delays in component procurement due to the worsening of a supplier’s business conditions, demand that exceeds supply capabilities arising from the expansion of the semiconductor market or similar factors could result in delays in the supply of products to customers and affect our business performance.
We formulate and periodically review business continuity plans (BCPs) and undertakes measures such as establishing alternate production capabilities, developing multiple sources of important parts, seismically reinforcing its plants, and maintaining backups of information systems. In addition, we also seek to procure components early and level production by sharing forecasts with suppliers that consider our customers’ investment plans as well as semiconductor demand projections. Through these and other measures, we strive to maintain stable product supply.

(5) Safety
Our business performance may be affected if problems related to the safety of our products occur, including damage to customers, order cancellations, liability for damages or decline in our credibility.
Our “Safety First” approach entails the constant consideration of safety and health in the execution of business activities, including development, manufacturing, sales, services and management. In accordance with this approach, we work continuously to improve the safety of our products. Measures to this end include thoroughgoing safety design at the product development phase, promotion of safety training and maintaining an accident reporting system.

(6) Quality
Our products are based on the integration of numerous leading-edge technologies. The occurrence of defects could lead to recalls, liability for damages based on quality responsibility, additional costs related to implementing defect countermeasures, decline in our credibility, or otherwise affect our business performance.
Based on a uniform Group-wide quality control policy, we provide quality training for our employees and suppliers and strive to constantly maintain a quality assurance system, including ISO 9001 certification, as well as a world-class service system. In development, we introduce collaboration with sales and service departments from the initial stages of product development and design to solve technological issues. Furthermore, we mitigate and address risks such as by using simulation technology for thorough validation. When defects occur, we investigate the root of the problem and take thoroughgoing measures to prevent recurrences and the occurrence of similar defects. Similarly, in managing the quality of procured components, we constantly monitor the state of supplier quality and conduct audits, improvement support and other measures.

(7) Laws and Regulations
We operate globally and are therefore subject to the various laws and regulations of the countries and regions where we do business, including those regarding imports and exports, the environment, competition, labor, corruption, bribery and transfer pricing taxation. We strive to ensure compliance with such laws and regulations. However, violations of such laws or regulations could result in consequences such as diminished public confidence in us, fines, liability for damages or restrictions on business activities. Furthermore, national security policies of countries and unanticipated future legal amendments or tightening of regulations could, if not appropriately responded to, result in liability for costs related to such response or restrictions on business activities, or otherwise affect our business performance.
We have built a system for monitoring compliance activities at each of the key sites in and outside Japan under the direction of a Chief Compliance Officer. We conduct compliance assessments by external experts, report the identified issues to the CEO, Board of Directors and Audit & Supervisory Board, and carry out swift and effective measures as well as further
enhancement of systems.

(8) Intellectual Property Rights
Our products are based on the integration of numerous leading-edge technologies. Obtaining and legally protecting our intellectual property rights and preventing infringements of such rights by third parties are crucial to differentiating and reinforcing the competitiveness of our products. Infringements by us of the intellectual property rights of third parties could lead to restrictions on the production and sale of our products or liability for damages, or otherwise affect our business performance.
By advancing R&D strategy, business strategy and intellectual property strategy in an integrated manner, we strive to build an appropriate intellectual property portfolio and obtain exclusive rights to numerous proprietary technologies to capture high market share and achieve high profit margins in each of our product fields.

(9) Information Security
In the course of its business activities, we may obtain, hold and utilize confidential information, customer information and personal information. Incidents—such as the breach of information and service disruption—caused by unauthorized access or operation due to cyberattacks and other causes, human errors, natural disasters or other reasons could result in diminished public confidence in us, liability for damages or other consequences which may otherwise affect our business performance.
Together with seeking organizational reinforcement such as by creating a dedicated department centered on the Information Security Committee, we are building an information security system based on global standards, by conducting security assessments by external experts. In addition, beside technological aspects such as the introduction of an anomaly detection system in preparation for the occurrence of incidents, we are also taking measures from operational aspects, such as establishing globally standardized rules and regulations for information management and guidelines for response during the occurrence of incidents.

(10) Human Resources
Securing and developing diverse human resources in and outside Japan and the practice of diversity and inclusion are crucial to the continued innovation and growth of our global businesses. The inability to recruit and retain the necessary human resources on an ongoing basis or the inability to create an environment where human resources with diverse values and expertise can apply their individualities can lead to diminished product development capability or customer support quality.
This may result in not being able to realize an organization with competitive advantage or other such consequences that may affect our business performance. We believe that our employees are the source of ongoing value creation and that increasing employee engagement is one of the most important factors in increasing corporate value. Specifically, we undertake measures such as the sharing of direction by top management through regular employee meetings, the building of plans to continuously develop next-generation human resources, the visualization of employee career paths, and the provision of attractive remuneration and benefits. We are also advancing ongoing measures to improve work environments as well as health and productivity management, including steps to prevent excessively long work hours and workplace harassment.

(11) Environmental Issues
Globally, there are growing requests from society, including our stakeholders, related to sustainability. Given this, difficulties in adequately responding to requirements accompanying the transition to a carbon-free society— including the climate change policies and environmental laws and regulations of countries, industry standards of conduct, technological innovation and customer needs—could result in costs for additional responses such as new product development, specification change and modifications, reduced product competitiveness, diminished public confidence in us or other consequences that may otherwise affect our business performance.
Together with striving to comply with environmental laws and regulations and industry standards of conduct, we set our own industry-leading medium- to long-term environmental goals and work to reduce greenhouse gas emissions from the use of our products. We also seek to increase the ratio of renewable energy usage and reduce energy consumption at our plants and offices. In addition, we work to protect the global environment through our business activities by such means as providing technologies to reduce semiconductor power consumption, promoting used equipment and parts businesses, reducing equipment size, increasing productivity by improving throughput, reviewing packaging and promoting modal shifts.

(12) The Novel Coronavirus (COVID-19)
The spread of COVID-19 could affect our business continuity, including our manufacturing and sales activities. In addition, restrictions on the worldwide movement of people and things, the deterioration of global economic conditions, and other such impacts from the spread of COVID-19 could affect our business performance.
Centered on the Emergency Task Force headed by the CEO, we are implementing related countermeasures, including restricting travel to high infection-risk countries and regions, taking steps to maintain supply chains, and thorough infection prevention measures at our plants and offices.

(13) Other Risks
Our businesses are influenced by many factors, including the global and regional political conditions, economic conditions, financial and stock markets, commodity and real estate markets, foreign exchange rates, the success or failure of corporate acquisitions, major lawsuits, and competition over standardization. We expect that such factors will sometimes affect our business performance and take the necessary measures to counter such risks.

Auditing by the Internal Audit Department

To enhance our internal auditing functions, we have established the Global Audit Center, which is an organization under the direct purview of the Representative Director, President & CEO, responsible for conducting operational audits and evaluating our internal control over financial reporting prepared in accordance with the Financial Instruments and Exchange Act.
Regarding operational audits, the Global Audit Center formulates the annual audit implementation plan and conducts audits of the Group’s business locations in Japan and overseas. The Center evaluates the effectiveness of the Group’s internal audit system (i.e., the framework for ensuring that our business policies and various types of information are shared responsibly within the Group, and that risk evaluation and financial reporting are conducted properly and in a reliable manner) and the business operations under its control, and instructs field operators to improve their practices if deemed necessary. The audit results and the status or outcome of evaluation are reported to our management team in a meeting held every two months. Our full-time auditors and auditors of our Japanese subsidiaries are similarly debriefed every two months, with a process in place to keep our board of directors informed.
In addition, our internal control department and independent auditors are required to exchange information and views on a regular or ad hoc basis, so that our audits remain coordinated, efficient, and effective.

Business Continuity Plans (BCPs)

The Tokyo Electron Group began formulating its business continuity plans (BCPs) in 2003. After the Great East Japan Earthquake, the Group rebuilt these plans to include more practical provisions for restoring operations at major business sites after a crisis. Specifically, the revised plan included disaster preparation measures such as stockpiling emergency supplies (including food and drinking water), the reinforcement of essential infrastructure, restructuring of the safety confirmation system, preparation of manuals, and the implementation of drills and employee training. To meet its responsibilities as an equipment manufacturer, the Group is constantly improving its BCPs to facilitate early disaster recovery and secure alternative production capabilities.
Drawing on our experience of previous earthquakes, reinforcement work is being conducted for our existing buildings in Japan to improve their seismic resistance, while techniques such as base isolation and seismic damping are being adopted for new buildings.

Information Security Management

To ensure our information assets are used in a safe and effective manner and managed properly, the Group has set up an information management framework under the Information Security Committee that consists of representatives from departments across the Group.
The Information Security Committee acts as a decision-making body for the Group. Rules concerning the handling and protection of such sensitive information as trade secrets and personal information are formulated based on the committee’s policy, and are communicated and applied throughout the organization. An e-learning system is used to educate and promote awareness of these rules among Group employees and executives.
Additionally, the Group has a reporting system for both actual and potential cases (incidents) of information leakage. The reports help quick responses to the incidents, and their analyses are reflected in Group-wide efforts to prevent recurrence.
As for emerging cyber security threats, the Group examines possible risk mitigation measures as needed and makes rational responses. The Group also has a monitoring system in place to detect targeted social engineering threats and prevent damage.