GOVERNANCE
I-ne strives to maximize corporate value and sustainable growth by enhancing our management efficiency and transparency.
Corporate Governance
Fundamental Philosophy of Corporate Governance
We regard corporate governance as a mechanism for maximizing corporate value and realizing our management philosophy. Therefore, we will work to build an organizational structure that is capable of making flexible management decisions in response to changes in the business environment, executing business operations, and implementing internal controls and supervisory functions over them.
Corporate Governance Structure
We have established our current corporate governance structure to accelerate management decision-making and enhance corporate value. For more information, please refer to the Corporate Governance Report.
Compliance
Compliance Policy
We have established the Compliance Policy, which aligns with our mission (We are Social Beauty Innovators for Chain of Happiness).
Anti-Corruption Policy
I-ne Group (hereinafter referred to as “our Group”) considers fair trade and competition as one of the important pillars of compliance and declares that in the compliance policy.
The laws and regulations against bribery and corruption, which are major threats to the rule of law and sustainable development in countries worldwide, are strengthened. To maintain the trust of society and achieve sustainable development, we establish a policy and work to prevent all forms of corruption that abuse professional authority and status for the gain of individuals and organizations, including bribery, embezzlement, breach of trust, obstruction of justice and money laundering in Japan and all countries and regions where we do business.
Efforts to Comply with Compliance
■ Verifying the effectiveness of the Compliance Policy (Code of Conduct) and Anti-Corruption Policy
Since fiscal 2023, we will regularly assess and verify the effectiveness of our Compliance Policy and Anti-Corruption Policy across the I-ne Group (hereafter referred to as “our group”). We will continue to make improvements as needed based on these evaluations. The monitoring process involves the following procedure.
- Annually confirm the number of violations of the Compliance Policy (Code of Conduct) and Anti-Corruption Policy.
- The Compliance and Risk Management Committee will propose amendments to the Compliance Policy(Code of Conduct) or Anti-Corruption Policy if the policy proves inadequate in view of the Internal Audit Department’s analysis of the violation data or in view of the external business environment.
- If such amendments are approved by the Board of Directors, we will notify all executive officers and employees (including part-time workers and temporary staff) in I-ne and its corporate group about the changes.
■ Actions for preventing bullying and harassment
To prevent harassment, all employees across our group attend an annual workshop for preventing workplace bullying and harassment. The workshop presents case studies illustrating bullying and harassment trends and how to address the problem. After the workshop, we share the video and conduct a questionnaire as follow-up activities to reinforce the training content and ensure effective implementation.
Employee whistleblowing hotline
I-ne Group (hereafter referred to as ”our group”) established an employee whistleblowing hotline for all officers and employees (including part-time workers and temporary staff). The hotline, which conforms to Japan’s Whistleblower Protection Act, includes an internal system (in which the inquiry is handled internally) and an external system (in which the inquiry is handled by an external law office). All inquiries are handled in confidence. Employees can use the hotline to report instances of bribery or other inappropriate behavior, such as discrimination, human rights violations, and workplace bullying or harassment. In addition, the whistleblowing hotline ensures the protection of the whistleblowers and their personal information so that they are not treated unfavorably.
When concerns are raised on the hotline, the Internal Audit Department seeks legal advice and conducts an inquest in line with our internal rules. The matter is then adjudicated by the Disciplinary Committee.
To make the whistleblowing hotline more effective, the outcomes of inquiries are reported to the Compliance and Risk Management Committee (chaired by the President & CEO promptly after ensuring the anonymity of the whistleblower.
We have a separate hotline for raising concerns about compliance issues in business partners and other relevant parties.
Internal hotline for reporting and consultation
I-ne Co., Ltd. Internal Audit Office
External hotline for reporting and consultation
NEC VALWAY Corporation
Compliance hotline for external stakeholders
As part of our commitment to corporate compliance, we have established various hotlines for external stakeholders (including business partners) and the general public. These hotlines include both internal and external channels, and reports can be made anonymously. Stakeholders can use these hotlines to report instances of bribery, discrimination, human rights violations, and workplace bullying or harassment. We ensure that whistleblowers are protected from retaliation and that their personal data is safeguarded.
Please use one of the dedicated forms below to report instances where an officer or a permanent or non-permanent employee of our organization (I-ne and group companies) has committed or may have committed a compliance violation. Please refrain from using the hotline for malicious purposes, such as making false accusations or defamatory statements (statements that are intended to tarnish another person’s reputation and that involve no issue of public concern).
■ Responding Department
I-ne’s Internal Audit Department
■ How my inquiry be handled?
- The department will verify the facts and conduct an investigation. Prompt action will then be taken.
- The department may contact you to clarify the details or request additional information.
- The department will inform you of the outcome of your inquiry if necessary.
■ Precautions
- Any personal information you provide in your inquiry will be used solely to contact you and address your inquiry.
- Some inquiries may take longer to process than others. It may not be possible to address all inquiries.
- Remember that any replies you receive are for you only. You must not distribute, reproduce, or create derivative works from such replies, either in whole or in part.
Form for consultation and reporting for business partners
Risk Management
Risk management system
To enhance the value of I-ne Group (hereafter referred to as “our group”), it is essential to pursue efficient strategic management while effectively controlling the risks associated with our business activities. This involves identifying and addressing risks to prevent major crises from occurring and minimizing the damage to our businesses if they do arise.
With this two-pronged approach to risk management (prevention and minimization), we have structures in place for managing risk and ensuring compliance, with back-office departments responsible for risk management.
In line with the Board of Directors’ Basic Policy on Internal Control Systems, the Compliance and Risk Management Committee operates directly under the Board of Directors as the highest-level decision-making body on risk management and compliance.
The Compliance and Risk Management Committee, along with the Sustainability Committee subcommittees and other relevant bodies, 1) enforces compliance with our policy on bribery and other forms of corruption and with legal and regulatory requirements relevant to our business activities, 2) sets action plans and evaluates major risks in areas such as health and safety, human rights (including workplace bullying and harassment), environmental issues, disaster preparedness, quality management, and cybersecurity, 3) shares information when a risk materializes, 4) sets protocols for handling risk incidents, and 5) regularly reports risk management and related issues to the Board of Directors.
The Legal Affairs Department receives risk management reports from other departments to regularly monitor and assess risks and responses across the organization. This involves determining the significance of each risk and assigning responsibility for its management. The department then develops response plans, monitors their progress, and reports quarterly to the Compliance and Risk Management Committee. It also conducts an annual risk evaluation, which covers the frequency and impact of each incident, and reports its findings to the Compliance and Risk Management Committee.
The Board of Directors supervises risk management and evaluates its effectiveness through the analysis and reporting of major risks by the Compliance and Risk Management Committee. Additionally, the Audit & Supervisory Committee independently reviews and oversees the effectiveness of risk management structures and evaluates the processes for handling risk incidents.
Information Security
Information Security is vital if we are to retain the trust of our customers, supply chain partners, employees, and all other stakeholders. We therefore take a proactive approach to safeguarding data assets from cyberthreats, leaks, and other risks.
Information Security Policy, Privacy Policy
To guide data security efforts across I-ne Group, we have established the Data Security Policy and Privacy Policy. In line with these policies, we ensure that data assets are handled correctly and that their confidentiality, integrity, and availability are safeguarded. We also keep working to maintain or improve our data security standards.
View the Data Security Policy here
View the Privacy Policy here
Organizational Framework for Information Security
The IT Division takes charge of implementing measures and processes for data security and regularly reports to the Compliance and Risk Management Committee, which is directly under the Board of Directors.
Information Security Incident Response Team
In the event of a major information leak or system shutdown, the managers of the affected divisions will assemble a response team. The team will keep the Compliance and Risk Management Committee informed about the situation and the committee will issue directives as necessary with a view to preventing a reoccurrence and ensuring adequate corporate governance.
Measures and Processes for Information Security
The IT Division, as the division in charge of establishing system infrastructure and implementing our IT strategy, develops effective security infrastructure. Alongside this infrastructure, we have processes in place to safeguard data assets from multifaceted threats, including external cyberthreats, internal malpractice, and changes in IT systems. Since poor digital literacy among employees increases the risk of security breaches caused by human error or a targeted cyberattack, we educate, train, and inform employees about data security.
■ Safeguarding Privacy
We use the PrivacyMark System to manage our personal data inventory and monitor any contractors who use the personal data. Any external party using the personal data is required to adhere to our rigorous privacy standards.
■ Clarifying the Data Assets to be Safeguarded
We regularly monitor our inventory of data assets (this inventory may include datasets, systems, services, devices, and networks) to identify data risks and clarify what assets need to be safeguarded from the risks.
■ Ensuring Data Security When Using External Services
A security check is a prerequisite for the use of external cloud services or other externally provided systems and services. We take action to reduce the risks associated with using cloud services.
■ Continual Improvement in Security
We are committed to continually improving our data security standards. We treat our security vendors as partners and engage with them in assessing practices and addressing any issues revealed in these assessments. This commitment to continual improvement is integrated into our medium-term IT budgets. With ongoing investment, we keep improving our standards in data security.