Risk Management
Initiatives

Financial Risk Management

The internal controls for financial reporting used at Canon Inc. are consistent with the basic framework outlined in the On the Revision of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) issued by the Business Accounting Council; these controls are maintained and operated accordingly. The Financial Risk Management Subcommittee also conducts activities to strengthen internal controls pertaining to financial risks for the entire Canon Group, including compliance with Japan’s Companies Act and Financial Instruments and Exchange Act.

Specifically, we support each Group company to implement independent initiatives and self-driven educational activities, with each company implementing its own PDCA cycle on financial risk-related business procedures to target qualitative improvement in the reliability of the Group’s financial reporting.

As a result of these initiatives, we determined that our internal controls over financial reporting as of December 31, 2024 were effective.

Promoting Compliance

The Compliance Subcommittee works to promote corporate ethics across the Group in accordance with the Canon Group Code of Conduct, developing and regularly reviewing the Group’s compliance system. As a result of these initiatives, Canon had another year free from material fines or other sanctions in 2024.

Promoting Corporate Ethics

Canon Group Code of Conduct and Compliance Card

We have established the Canon Group Code of Conduct to clarify the management stance of the entire Group and the standards that executives and employees must comply with in their duties. To ensure that its content is understood by executives and employees in countries and regions worldwide, in addition to Japanese, the Code of Conduct is translated into more than 20 languages, including English, French, and Chinese, and adopted by a resolution of the Board of Directors of each Group company. A copy of the Code is issued to Group executives and employees worldwide and/or its text is posted on our intranet system as part of further efforts to ensure that it is known and practiced by all.

In addition, a Compliance Card that employees can carry with them is created in Japanese and more than 20 other languages, including English, French, and Chinese, and issued to Group executives and employees worldwide. Written on one side of the card is the San-ji (Three Selfs) Spirit, which has been a guiding principle since our founding, and on the other side is a compliance test that enables employees to conduct a daily self-evaluation.

Corporate Ethics and Compliance Training

Canon carries out corporate ethics and compliance training for employees suited to the circumstances and conditions of the region where they operate.

For example, Canon Inc. and Group companies in Japan conduct relevant training for executives and employees as part of new recruit training, etc. Additionally, we have since 2004 designated a Compliance Week twice a year—once in the first half of the year and the other in the second half—in order to foster discussions in the workplace about compliance issues. Through these efforts, we strive to develop and improve operational processes to ensure that employees are aware of compliance and abide by the law.

Compliance Hotline System for Internal and External Whistleblowers

Canon Inc. has a compliance hotline system to handle reports of compliance issues, including violations of laws, bribery and other forms of corruption, and other breaches of the Canon Group Code of Conduct.
We encourage appropriate use of the system by using the intranet, compliance training and other means to build awareness.

Canon Inc. also has a hotline for external stakeholders, which they can use to report specific human rights-related concerns and information in connection with Canon’s corporate activity or other specific concerns relating to various risks in the supply chain.

With both the internal and external hotlines, due care is taken to protect the privacy of informants and to ensure they do not suffer disadvantageous treatment as a result, including the option of anonymous reporting.

When a report containing a possible compliance violation is received, an investigation is launched to establish the facts and a final decision is made as to whether there is a compliance violation. If a compliance violation is found, the necessary corrective action is taken along with measures to prevent recurrence.

Nearly all Group companies worldwide have a compliance hotline.

Canon Inc. receives biannual reports from Group companies on the operational status of their respective compliance hotline systems. These biannual reports from each Group company include not only the number of cases they received but also a summary of each case, investigation results and responses, and measures to prevent recurrences. Reports for which Canon Inc. and Group companies completed investigation are analyzed statistically by category of case, including those where a compliance violation is found. The analysis results are reported on a yearly basis to the Risk Management Committee and fed back to each Group company.

The table below shows the numbers of whistleblowing reports, whistleblowing cases and compliance violations recognized after investigation into each case of whistleblowing, over the past three years. There have been no serious compliance violations.

Reports, cases and compliance violations

(no.)

Compliance System

We have identified the significant compliance violation risks that Canon may face in the course of business (for example, violations of competition laws, anti-bribery laws and export control regulations) based on an assessment of the likelihood of the risk materializing and the scale of its potential impact on our business. To reduce these risks, we are working to improve the system to ensure legal compliance by improving operational workflows and rules, providing compliance training to applicable employees, and conducting audits and checks.

Strict Compliance with Security Trade Control

Canon implements a security trade control framework headed by the President. The framework ensures that we comply with regulations on the export of goods and technologies that could be diverted for use in weapons of mass destruction or conventional weaponry. Specifically, prior to entering into business we strictly check such issues as whether export goods and technologies are controlled by regulations, or whether counterparties are engaged in the development of weapons of mass destruction.

Security Trade Control is insufficient if undertaken by a single country or region. It is important to have international cooperation based on international treaties and export control regime agreements. To provide a unified policy and standard in the field of Security Trade Control, we established the Canon Security Trade Control Guidelines, which is implemented at Group companies worldwide.

In recent years there has been a move to use regulatory frameworks for security trade control in order to restrict the transactions of certain countries, regions, or corporations, mainly for reasons related to competition in the development of advanced technologies, information security, and protection of human rights. As it expands its range of business fields, Canon has also seen an increase in business transactions that require careful attention. We will pay close attention to the international situation and to the latest regulatory trends in our activities to ensure full compliance with Security Trade Control.

Compliance with Competition Laws

Business divisions of Canon Inc. and Group companies worldwide with sales and service functions conduct regular training for employees of divisions exposed to the risk of competition law violations to educate them about competition laws, give examples of legal violations, and provide everyday operational compliance guidance. Employees are encouraged to make use of Canon’s competition law hotline (connected to the Legal Division) when unsure of how to interpret or apply competition laws.

Prevention of Corruption

The Canon Group CSR Basic Statement includes “9. Prevent corruption in all its forms including bribery,” making clear to all stakeholders, both internal and external, the management stance adopted by Canon on bribery and other forms of corruption. In addition, the Canon Group Code of Conduct clearly stipulates that Group executives and employees are prohibited from receiving benefits from business partners and corporate customers in the form of gifts or entertainment, etc., that exceed the social norm, and from providing similar benefits to government agencies, business partners and corporate customers. It also clearly prohibits actions that may cause conflicts of interest or constitute insider trading. In line with the above Basic Statement, we have formulated the Canon Supplier Code of Conduct, which requires our suppliers to refrain from engaging in any form of corruption, including bribery.

Based on the above policy, following identification and assessment of the risks that Canon may face in conducting business, the Risk Management Committee has identified violation of anti-corruption laws as a significant risk. As a countermeasure, corruption risk is assessed based on the country/region and type of business using such references as the Corruption Perceptions Index published by Transparency International, and then depending on such risk, anti-corruption systems are established in accordance with laws and guidelines related to anti-corruption in major countries, such as the Foreign Corrupt Practices Act (FCPA) of the United States and the Bribery Act of the United Kingdom. Specifically, for businesses and regions assessed as high risk, each Group company has established a responsible division and has clarified its management stance on anti-corruption and matters to be observed through the formulation of basic policies and company rules on anti-corruption. We are also putting in place systems to prevent corruption among suppliers, intermediaries, and other third parties outside Canon (performance of due diligence and inclusion of an anti-bribery clause in the contract) and conduct annual training for employees engaged in high-risk duties to deepen their understanding of the anti-corruption laws and regulations in major countries and regions. Moreover, we not only conduct audits depending on the risk of corruption but also conduct an annual survey of suppliers as part of our supply chain management to check whether measures are in place to prevent the acceptance of bribes or inappropriate benefits. Finally, the Risk Management Committee undertakes an annual evaluation of the implementation and maintenance of the risk management system, which includes such anti-corruption systems, and reports the results of such evaluations to the CEO and Board of Directors.

Protecting Personal Information

Based on its Personal Information Protection Policy, Canon Inc. has drawn up and is improving its internal rules for processing of personal information, including its Personal Information Protection Regulation.

The Risk Management Committee has also identified violation of the Protection of Personal Information Act as a significant legal risk for Canon. Accordingly, besides keeping abreast of related regulatory trends, Group companies worldwide are working to build systems where all personal information is properly acquired and utilized, based on the application of internal controls and use of regular self-audits and education programs.

Recent privacy legislation affecting Canon

Promoting Business Risk Management

The Business Risk Management Subcommittee is responsible for identifying significant operational risks in terms of their potential impact and managing them.

Action policies and plans for each identified significant risk are decided in cooperation with the responsible divisions across the Group, and system implementation and risk mitigation activities are promoted through each business division and the responsible division at each Group company.

Business Continuity Plan

Canon’s Headquarters building and core facilities for information systems and research and development are concentrated in suburban areas of Tokyo. As the incidence of earthquakes in Japan is relatively high, it is also at greater risk of earthquake damage than other countries and regions. Canon also has a global network of facilities and offices. The occurrence of earthquakes, floods, other natural disasters, or terrorist attacks could cause disruption of the infrastructure for such facilities and offices. Canon believes that establishing a system to ensure that business operations can continue in the event of such a natural disaster or emergency represents one of the most important social responsibilities of any company. Based on this recognition, we have formulated a business continuity plan (BCP)^*1 and Canon Group Disaster Preparedness Guidelines, and are taking other measures to ensure business continuity in the event of a disaster. Such measures include putting in place a backup system based on parallel production of similar models at a number of sites, upgrading buildings constructed according to old aseismic design standards, concluding disaster agreements with local communities, and developing systems for collecting information and reporting.

Due to the critical importance of our Shimomaruko headquarters in Tokyo, Japan, as the home base for all Group operations, we have established a crisis control center, installed backup generators, stockpiled fuel, equipment, and supplies, and established a multiplex communication system. Moreover, we set up a Disaster Recovery Center^*2 to back up information systems to ensure that the core IT system will operate securely in the event of a large-scale disaster such as an inland earthquake in the Tokyo capital region.

We have updated all Group company facilities in Japan, setting up emergency communications equipment and support structures, and inculcated a sense of readiness in our employees through practical disaster-preparedness training. We also have systems that use data from surveillance cameras installed at each Group site so that any damage caused by natural disasters or other emergencies can be evaluated swiftly. Furthermore, we have prepared a leader’s manual in order to safeguard human life immediately following a natural disaster or fire, prevent secondary disasters, and protect company assets. Using this manual as a model, Group companies are also creating localized manuals based on the unique risks in the areas where they operate to facilitate the smooth restoration of services in the event of a disaster. Last year, 45 operational sites conducted emergency drills based on these manuals.

• *1 An action plan that includes measures to provide for the continuation of a minimal level of business in the event of disaster, accident, or other such event, and to restore operations promptly.
• *2 A facility prepared for data backup in the event of a system breakdown due to a disaster.

Economic Security Initiatives

In response to the recent rise in geopolitical risk, activities to promote economic security by maintaining and reinforcing factors such as strategic autonomy and strategic necessity –the stated aims of Japan’s Economic Security Promotion Act, enacted in May 2022 – have gained in importance. This includes stronger initiatives to prevent technology outflows and the introduction of new export controls with expanded geographical scope.

Canon Inc. is addressing economic security issues systematically at the divisional level. Besides coordinating company-wide activities; the Economic Security Office collates, researches and analyzes related internal and external information, sharing and reporting appropriately with management and the relevant divisions to promote the Group’s economic security activities while bolstering related risk mitigation capabilities.

Proper Payment of Taxes

Canon believes that, as a multinational corporation with operations spanning the globe, the proper payment of taxes in the countries and regions where it operates is one of its most fundamental and important social responsibilities. Accordingly, Canon Inc.’s Finance & Accounting Headquarters operates an integrated tax management system in accordance with the principles set out below. As a result, Canon did not receive any negative tax-related judgments or assessments in 2024, nor was it subject to any major punitive measures, such as fines.

1. Pay taxes properly in accordance with the letter and the spirit of tax-related laws and ordinances without employing tax planning for tax avoidance purposes.
2. Ensure that tax accounting and other related processes are carried out unfailingly, according to law.
3. Develop tax-related governance systems and work to raise awareness about tax compliance.
4. Adhere to common international rules on international taxation (guidelines set by the Organization for Economic Co-operation and Development and the United Nations) and ensure that actions are in compliance with the tax laws of each country.

Corporate Income Taxes