Risk Management and Compliance

Toshiba Group conducts business activities, giving the highest priority to life, safety, and compliance with laws and regulations, and social and ethical norms. In order to respond appropriately to the globalization and diversification of business, and to changes in laws and regulations in every country of the world, Toshiba Group has established systems to address various risks.

FY2022 Key Achievements

  • Implemented workplace meetings for domestic and overseas Group companies to improve internal controls and the corporate culture themed around fraudulent incidents at U.S. subsidiaries.
  • To ensure compliance and continuously improve corporate culture, we held the Senior Management Compliance Seminar (once in the first half and once in the second half) for executive officers of Toshiba and senior management of Toshiba Group in Japan with an outside director as lecturer. Participants totaled approximately 230 people. We also continued to conduct general compliance training in fraud risk and accounting compliance, among others.
  • We implemented activities to establish and augment the global whistleblower system, which became fully operational in FY2021, by designating each Regional Representative Subsidiary as contact points for receiving whistleblower reports.
  • In response to COVID-19, we took infection prevention measures such as setting a target attendance rate and promoting teleworking. For workplaces where work-from-home is not feasible, we encouraged flexible work arrangements while making efforts to reduce infection risks.

Policy on Risk Management and Compliance



Toshiba Group has set up three lines of internal control system, with the relevant business divisions as the front line, the administrative divisions as the second, and the audit divisions as the third. The system is designed to effectively manage risks by assigning to each line a clearly defined role and set of duties, which it carries out appropriately, at the same time exercising a checks-and-balances function. In order to respond to changes in the business environment and to the diverse and ever-changing risks that arise when conducting business activities, we will ensure effective risk management.
Toshiba’s shares were designated as securities on alert on September 15, 2015 due to inappropriate accounting. After that, Toshiba improved its internal control system and the designation was lifted on October 12, 2017. As reported in the Report on Improvements of Internal Management System and Progress Report on Improvements of Internal Management System released on October 20, 2017 and July 25, 2018 respectively, Toshiba has continued its efforts to strengthen the internal control system and worked to regain the trust of shareholders, investors, and all other stakeholders. On August 1, 2017, Toshiba’s shares were reassigned to the Second Section of Tokyo Stock Exchange and Nagoya Stock Exchange. As a result of aforementioned efforts, our shares were designated as first section securities of both of the exchanges again on January 29, 2021. Toshiba will continue to work to enhance its internal control system.
At Toshiba Group, top management regularly issues messages on compliance so as to clarify its own stance and to foster a culture in which compliance is prioritized across the whole Group.

At Toshiba Group, we formulated and are striving to entrench the Standards of Conduct for Toshiba Group (SOC) as a specific action guideline since we are a company that contributes to the realization of a sustainable society while conducting fair, sincere and highly transparent business activities. We are also working toward making the SOC an integral part of the entire Toshiba Group. The SOC is one of the Toshiba Group’s important basic guidelines, and therefore, its revision requires approval by the Board of Directors.

Response to fraud

Toshiba Group maintains a policy of zero tolerance against fraud. As a preventative activity, every year we systematically organize fraud risk scenarios in specific fields, conduct inspections to understand the actual situation at each Group company, and strengthen guidance for improvement. In FY2022, we conducted inspections on fraud risk related to production management and inventories.
In the event of a case of fraud, we conduct an investigation of all facts to identify the cause of any such occurrences, treat the facts seriously, make every effort to prevent recurrence, and disclose information in a proper and timely manner as necessary. Any employees involved with cases of fraud are handled rigorously, including through the implementation of disciplinary action.

Structure of Risk Management and Compliance


Toshiba has separate management systems for compliance and other risks and business risks. Business risks refer to uncertain factors that may prevent the achievement of business and project objectives on strategic decision-making and execution of business activities.
To address compliance and other risks, we appoint a Chief Risk Compliance Management Officer (CRO) to oversee risk management and compliance for the whole Group. In addition, under the CRO, the Legal & Compliance Division responds to whistleblower reports, attempts to achieve global compliance, aims to strengthen the whistleblower system, and is advancing effective risk management and compliance activities.

The CRO chairs the Risk Compliance Committee, which is attended by relevant executive officers, including the President and CEO. The committee analyzes whistleblower reports and cases both inside and outside the Company and evaluates the impacts of risks and the status of risk control in accordance with the risk table that covers compliance risks based on the Standards of Conduct for Toshiba Group. It then determines priority measures of the immediate fiscal year. The Risk Compliance Committee is attended and monitored by members of the Audit Committee who also serve as outside directors. The agenda deliberated at the committee is reported to the Board of Directors. In FY2022, the Risk Compliance Committee met five times.
In response to the inappropriate accounting treatment in 2015, Toshiba has worked to strengthen accounting compliance by establishing a special accounting compliance system. In order to further strengthen the overall compliance system, from FY2021, we evolved the system into one that encompasses accounting compliance and other types of compliance, and began promoting centralized management.
Toshiba operates a risk management system (RMS) incorporating a PDCA cycle* led by administrative divisions at the second line of internal control system. The aim is to identify the status at each Toshiba Group company of initiatives on compliance risk and to promote improvement in an integrated manner. With the RMS, we implement the Risk Assessment Program (RAP) to assess risks of Toshiba Group companies. The administrative divisions provide guidance to improve the compliance risks identified. At the same time, the relevant business divisions at the front line of internal control system themselves work to identify and mitigate the risks autonomously.
Furthermore, since FY2020, we have systematically organized fraud risk scenarios related to financial reporting and accounting, and conducted inspections on Group companies to understand the status of their fraud risk, while strengthening guidance to improve such status.
In the event of a serious compliance-related incident, there is a system in place by which such incident is reported immediately to the President and CEO, CRO, and members of the Audit Committee, among others, through the reporting system. Under these systems, the relevant in-house committees, etc. promptly evaluate and implement countermeasures.

Meanwhile, Toshiba deals with business risks by clarifying management decision criteria, permissible risk limits and corporate policy on business withdrawal in making management decisions for business execution to achieve Toshiba Group’s sustainable growth and increase corporate value. In addition, for each risk case, the Business Risk Review Committee conducts risk assessment, identifies the maximum risk, and establishes items for monitoring.

  • Plan: Identification and assessment of risks; Do: creation and operation of rules; Check: review and fact-finding surveys; Action: formulation and implementation of improvement plans

Risk Management and Compliance Committee

  • The Risk Compliance Committee manages matters related to the Standards of Conduct for Toshiba Group and matters related to risk management and compliance.
  • CPL is an abbreviation combining CL (contractual liability) and PL (product liability).

Whistleblower System

In order to create an open work environment, Toshiba is enhancing its whistleblower system, on top of preventing risks by stimulating day-to-day communication in each workplace.
In January 2000, Toshiba established a whistleblower system Toshiba Hotline to collect internal information on SOC violations, particularly those concerning laws and regulations, and to deal with wrongdoing through a self-rectification system. Under this system, an employee can report an incident and seek advice via e-mail or phone. In April 2019, we transferred the function of receiving whistleblower reports to an external organization to further ensure anonymity, lower the hurdle of reporting to the hotline, and build a stronger sense of safety. E-mail support is available 24/7. In June 2022, we began accepting reports in English, targeting those employees at Toshiba Group companies in Japan who find it difficult to make the reports in the Japanese language. Also, a reception hotline was set up at an external attorney’s office in January 2005, primarily to receive information about potential legal violations.
Furthermore, in October 2015, the new Audit Committee Hotline was set up, which allows people to report directly to the Audit Committee, which is composed of outside directors. With this new system, even matters in which the involvement of top management is suspected can be safely reported.
The Audit Committee also has access rights to the Toshiba Hotline, and provides appropriate guidance and supervision.
In April 2006, Toshiba set up a supplier whistleblower system Clean Partner Line to receive reports from suppliers and business partners to prevent SOC violations by employees in charge of procurement and order placements for construction and other works.

Each Toshiba Group company has its own whistleblower system. In addition, employees of the Toshiba Group in Japan can use the aforementioned Toshiba Hotline. Besides the whistleblower system at each company, in FY2021, we introduced the Toshiba Group Overseas Hotline for Toshiba Group companies overseas, by designating each Regional Representative Subsidiary as the secretariat for the corresponding region so as to cover laws and regulations and languages for different countries and regions.

At Toshiba Group, in accordance with laws, regulations, and internal regulations, officers and employees who make whistleblower reports with honest and legitimate intent do not receive unfavorable treatment such as dismissal and demotion as a result of having made the reports. Toshiba Group strives to ensure that the officers and employees can use the whistleblower system at ease. Specifically, each Group company has stipulated in its regulations a confidentiality obligation that allows limited persons in charge to access to what is reported by whistleblowers and a prohibition of unfavorable treatment of whistleblowers, as well as prepared manuals for persons in charge of whistleblowing. Toshiba Group in Japan maintains and operates a response system that complies with the amended Whistleblower Protection Act.

Toshiba's Whistleblower System

Operational Status of the Whistleblower System in FY2022

The numbers of reports received and consultations undertaken by the Toshiba Hotline, the Audit Committee Hotline and the Toshiba Group Overseas Hotline in FY2022 are as follows. We notified employees about the existence of the system and its assurance of strict anonymity through e-learning. We also reported on whistleblower cases to the whole Company on a number of occasions.

Number of reports received by the Toshiba Hotline (previously the Risk Hotline)

 (within parentheses: anonymous reports)
  FY2018 FY2019 FY2020 FY2021 FY2022
Reports received by internal secretariat 206reports
(142reports)
109reports
(51reports)
120reports
(57reports)
141reports
(57reports)
127reports
(49reports)
Reports received by attorney’s office 3reports
(1reports)
1reports
(1reports)
9reports
(6reports)
7reports
(3reports)
6reports
(3reports)
Total 209reports
(143reports)
110reports
(52reports)
129reports
(63reports)
148reports
(60reports)
133reports
(52reports)
 (within parentheses: anonymous reports)
  FY2018 FY2019 FY2020 FY2021 FY2022
Reports received by internal secretariat 206reports
(142reports)
109reports
(51reports)
120reports
(57reports)
141reports
(57reports)
127reports
(49reports)
Reports received by attorney’s office 3reports
(1reports)
1reports
(1reports)
9reports
(6reports)
7reports
(3reports)
6reports
(3reports)
Total 209reports
(143reports)
110reports
(52reports)
129reports
(63reports)
148reports
(60reports)
133reports
(52reports)
  • Including duplicate reports received by the internal secretariat

Number of reports received by the Audit Committee Hotline

 (within parentheses: anonymous reports)
  FY2018 FY2019 FY2020 FY2021 FY2022
Total 29reports(19reports) 42reports(37reports) 31reports(21reports) 34reports(23reports) 32reports
(17reports)
 (within parentheses: anonymous reports)
  FY2018 FY2019 FY2020 FY2021 FY2022
Total 29reports(19reports) 42reports(37reports) 31reports(21reports) 34reports(23reports) 32reports
(17reports)

Number of reports received by the Toshiba Group Overseas Hotline
(Began operations in FY2021)

  FY2021 FY2022
Total 41reports 65reports
  FY2021 FY2022
Total 41reports 65reports

Response Status

Of the reports received, Toshiba strived to investigate all facts on cases of possible legal violations or fraud to identify the cause, and handled such cases rigorously and imposed appropriate disciplinary sanctions on the offenders and implementing such measures to prevent recurrence. Meanwhile, the majority of the reports received were related to labor and general affairs. When a reported case was not a legal violation but there were or likely to be inappropriate situations, we provided instructions for improvement or issued alerts in cooperation with the relevant division. In cases involving consultations and questions about duties of the informants themselves, we gave advice on how to deal with the situation. For reports other than anonymous reports, we explained the status of our responses to the whistleblowers, in principle.
In accordance with laws, regulations, and internal regulations, confidential advisers (at the external organization or attorney’s office for the Toshiba Hotline, and at the internal secretariat for the Audit Committee Hotline) never disclose the names or contact addresses of the informants, except in cases in which consent has been obtained from them.

Out of the whistleblower reports, cases that everyone should bear in mind are taught as part of employee training. In order to protect whistleblower anonymity, such cases are presented after they are anonymized, with some details changed so that the whistleblower and the workplace where he/she works cannot be identified.
The number of reports received is released regularly on the company’s internal website.

Major Risks Identified and Their Countermeasures


Major business risks and compliance and other risks identified by and countermeasures taken by Toshiba Group are as follows.

Compliance and Other Risks

Since the inappropriate accounting issues in FY2015, Toshiba Group has made efforts to continuously enhance its internal control. However, fraudulent transactions by an employee of Toshiba International Corporation and fictitious and cyclical transactions at Toshiba IT-Services Corporation were discovered in 2019 and 2020, respectively. We conducted a thorough investigation on those matters, carried out comprehensive verification within Toshiba Group, and rolled out measures to prevent recurrence. We are striving to raise the level of fraud risk management by implementing measures according to the advisory opinion provided in March 2021 by the Compliance Advisory Meeting.
In addition, in July 2022, a U.S. subsidiary encountered fraud, resulting in an outflow of funds outside the Group. We conducted an investigation to determine the cause of the fraud, and developed measures to prevent a recurrence, including inspections of internal rules and simultaneous education to prevent recurrence.
In FY2022, we focused on the further promotion of quality compliance, safety and health, a reduction in occupational accident risk, the proper use of software, and fraud countermeasures related to cash and cash equivalents as priority measures for the entire Company.

Business Risks

Toshiba Group’s businesses require highly advanced technology for their operation. At the same time, it faces fierce global competition. Thus, these businesses could be adversely affected by changes in the business environment, such as investment trends in and outside Japan, increases in material and personnel costs, fiercer competition with other companies, and exchange rate fluctuations. 

In June 2022, Toshiba Group announced the Group Management Policy of harnessing the power of digital and data to contribute to the realization of carbon neutrality and circular economy.. In this policy, we clarified our long-term vision of maximizing our Group’s corporate value, and announced our numerical targets for the medium and long term. These numerical targets are subject to a number of risks, including those described under Business Risk Factors, and are prone to influence from a high-number of issues, meaning that there is a possibility that these targets may not be realized and the business plan not realized as expected. Furthermore, it remains difficult to make predictions regarding the impact of the COVID-19 global pandemic. There is also the possibility of our business being affected by the impact of trade friction between the United States and China negatively affecting sales to some customers, the rising costs of energy on the back of the situation between Russia and Ukraine, the soaring transportation costs brought about by disruption to logistics systems, and the rising price of raw materials. These are all issues which we need to remain mindful of.

Climate change imposes risks associated with responses to relevant laws and regulations and business continuity risks due to disasters caused by climate change. We therefore analyzes such risks in accordance with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). At the same time, we are intensifying efforts to achieve our greenhouse gas reduction targets approved by a global initiative the Science Based Targets (SBT).

Risk Management and Compliance Training


At Toshiba Group, top management consistently delivers messages on compliance so as to clarify the company’s position, while the entire Toshiba Group works to raise compliance awareness and improve corporate culture.
In FY2022, we held a Senior Manager Compliance Seminar for executive officers of Toshiba and senior management of Toshiba Group in Japan once every six months with an outside director as lecturer. The seminar was participated in by around 230 employees each time, including online participants.
In addition, we provide accounting compliance education through e-learning to deepen employees’ understanding about the internal control and J-SOX. In FY2022, all employees (approximately 74,000) of 82 consolidated subsidiary Group companies in Japan and all employees (approximately 28,000) of 81 overseas Group companies participated in the seminar. Going forward, we will continue to implement these training and education programs.

Making the Standards of Conduct for Toshiba Group Available to All Employees of Toshiba Group

Toshiba Group has created the Standards of Conduct for Toshiba Group (SOC) in 24 languages and made them available on the internal website. Various compliance education programs that incorporate the SOC have been included in the level-based training, occupation-based training and senior management seminars. We are also continuing our e-learning programs (FY2022 attendance rate: 99.6% in Toshiba Group in Japan and 95.9% in overseas Group companies) for executives and all employees (including contract employees and temporary employees).

Fostering a Compliance-oriented Culture through Workplace Meetings

Each workplace holds meetings focusing on CSR to raise the awareness of each and every employee with regard to compliance matters so as to make compliance an integral part of the corporate culture.
These meetings aim to prevent compliance violations by encouraging managers and employees to discuss various problems that are likely to arise in the workplace and to share their thoughts with each other in order to create a work environment where they can easily seek advice on all kinds of problems.
In FY2022, we held workplace meetings to improve internal controls and corporate culture at Group companies in Japan and overseas, themed around the fraud incident that occurred at a U.S. subsidiary. Discussions were held at each workplace on the ideal form of internal controls and the organizational culture necessary to support them.

Inspection of Implementation Status of Risk Management and Compliance Measures


At Toshiba Group, administrative divisions, the second line of the internal control system, confirm the status of compliance in operations concerning respective areas of jurisdiction by conducting audits and inspections.
With the Risk Management System (RMS), which began its operation in April 2019, we annually implement the Risk Assessment Program (RAP) to assess compliance risks of Toshiba Group companies. The administrative divisions provide instructions to improve the risks identified. At the same time, the relevant business divisions at the front line of defense themselves work to identify and improve the risks autonomously.
In addition to RMS-based risk assessment, the Risk Compliance Committee deliberates and confirms the issues that should be prioritized in the next fiscal year based on major incidents that occurred the previous fiscal year, the status of whistleblowing, and the results of audits by the Internal Audit Division. In FY2022, we adopted the following priority measures: further promotion of quality compliance, safety and health, a reduction in occupational accident risk, the proper use of software, and fraud countermeasures related to cash and cash equivalents. In addition, improvements were also made in areas other than those covered by the priority measures in accordance with RMS-based risk assessment.
In addition, at the third line of defense, the Internal Audit Division conducts compliance-related audits of Group companies.
Toshiba conducts an employee questionnaire survey each year and questionnaires with e-learning participants about the Standards of Conduct for Toshiba Group to check the degree of penetration of the standards and the level of compliance awareness among employees. This helps it to develop measures for further improvement.

Compliance with the Antimonopoly Act and Anti-corruption


Policy on Anti-corruption

In accordance with the Standards of Conduct for Toshiba Group and various internal regulations, Toshiba Group’s policy prohibits illegal or improper payments against sound business practices and each country’s laws and regulations.

Competition Law and Government Transactions (quote from Standards of Conduct for Toshiba Group)


1. Toshiba Group Corporate Policy

Toshiba Group Companies shall:

1. comply with all applicable laws and regulations enacted for the purpose of maintaining free and fair competition (hereinafter called "Competition Laws") in all business activities, including in all transactions with any government;

2. prepare and properly implement Competition Laws compliance programs and company rules on marketing activities that set out corporate policies and procedures for assuring compliance with applicable Competition Laws and related regulations; and

3. observe all applicable laws, regulations and lawful business practices in all government transactions, and not engage in activities such as bid obstruction (Note 1) .

2. SOC for Toshiba Group Directors and Employees

Directors and Employees shall:

1. observe the Competition Laws compliance programs as well as company rules on marketing activities and promote free and fair business activities;

2. avoid, whether express or implied, agreements or understandings with competitors relating to pricing (including quotations and bids), the volume of production and sales, allocation of markets, customers or territories, or restrictions on production capacities or technology. The prohibition of such agreements is not limited to those actually recorded in writing by way of memoranda or minutes, but also extends to oral agreements;

3. if the customer is a government agency, observe the company rules on marketing activities toward government agencies and not engage in activities such as bid obstruction or competitor coordination on orders (Note 2), and not provide false information, such as false estimates of contract prices, to any governmental agency or its officials (hereinafter including past officials);

4. not organize or participate in meetings, make pledges or arrangements, or exchange information or engage in any other activities which may result in suspicion of engaging in the activities set forth in paragraph 2 and 3 above;

5. not require distributors or dealers to agree to or maintain resale prices for any Toshiba Group Company product;

6. not allow third parties (including sales representatives) to engage in activities prohibited under paragraphs (2) to (5) above; and

7. when hiring former government officials, strictly examine the candidate in accordance with all applicable laws and regulations and the internal regulations of the governmental agency in which he or she worked, and, if such candidate is hired, not allow him or her to engage in marketing activities aimed at such governmental agency, except to the extent permitted by law.

Note1:
Herein, "bid obstruction" means, when dealing with a government agency, inquiring about the agency's intentions regarding which prospective bidder will be contracted or the possible bid price, or acting in order for the agency to realize its such intentions.

Note2:
Herein, "competitor coordination on orders" means exchanging information or coordinating with competitors regarding which prospective bidder will be contracted, bid prices and other information.

Bribery (quote from Standards of Conduct for Toshiba Group)


1. Toshiba Group Corporate Policy

Toshiba Group Companies shall:

1. observe all applicable laws and regulations, and lawful business practices, prohibit illegal or improper payments against lawful business practices; and

2. not provide any illegitimate benefits or favors to any politicians or political organizations.

2. SOC for Toshiba Group Directors and Employees

Directors and Employees shall:

1. neither make nor offer, either directly or indirectly, any payment or anything of value, whether in the form of compensation, business entertainment, gift, contribution, gratuity, or other form, that is illegal or prohibited by any applicable law or regulation, in any dealings with any government agencies, their officials, or members of any political party (including holders of a political office or candidates for such office) (except for cases that do not violate applicable laws or regulations and are considered socially acceptable), and shall not engage in sales transactions, loan transactions and the like (including guarantee transactions) that are not at arm's length;

2. not pay monies or offer benefits to any politicians (including former members of any legislative body, or current or former secretaries of any such politicians) or any company a politician may be involved with, regardless of the form such monies or benefits take (for example "commissions" or "consulting fees"), in connection with marketing toward governmental agencies;

3. refrain from offering cash or other benefits to representatives of foreign governments as a means to gain unlawful benefits or profits when conducting international business transactions;

4. not allow third parties including intermediaries, such as distributors or agents, to engage in any activities described in paragraphs 1 to 3 above;

5. ensure that reasonable compensation and all necessary terms and conditions are specified in advance when working with intermediaries, such as distributors or agents, and observe all measures required by all applicable laws and regulations of each country or region for such compensation;

6. not make contributions to political parties or committees, unless permitted to do so by applicable laws, regulations, and company rules; and

7. respect the established practices of any customer, government entity or other party, as well as all applicable laws and regulations, regarding the provision of or the restrictions or controls over the acceptance of business entertainment, gifts or other business courtesies by its employees or officials.

In keeping with this approach, the Toshiba Group is a signatory to the United Nations Global Compact and works globally to comply with antitrust and competition law and prevent corruption.
Furthermore, we request suppliers to agree to and practice the Toshiba Group Procurement Policy.

Antimonopoly and Anti-corruption Efforts

In response to global regulatory trends, Toshiba engages in rigorous efforts, led by the Chief Risk Compliance Management Officer (CRO), to ensure compliance with antitrust laws and to prevent bribery and other forms of corruption based on the structure of risk management and compliance promotion. For both, it has established compliance programs reflecting laws and regulations in Japan and overseas as well as associated sets of guidelines. Those guidelines clearly define prohibited acts such as cartels, bribery and facilitation payments. In addition, the compliance programs and guidelines stipulate an internal system, along with advanced vetting procedures ahead of meeting with government officials and a due diligence policy to understand the risks of bribery with related parties. Furthermore, we conduct robust education programs, self-audits, etc., in accordance with the provisions of the compliance programs.
Toshiba also conducts compliance training on themes including compliance with the Antimonopoly Act and prevention of bribery as part of measures to promote compliance awareness anchored in the Standards of Conduct for Toshiba Group. Going forward, we will strive to enhance the content of such education programs and increase the number of target companies.
In addition, through the annual risk assessment program targeting each Toshiba Group company (excluding listed subsidiary groups and dormant companies, etc.), in FY2022, Toshiba made efforts to identify operating status and took measures to raise awareness. In response to the issues brought to light through this process and the matters pointed out in the internal audits, etc., we are revising regulations and implementing thorough training as part of our on-going efforts to strengthen compliance with anti-trust laws and prevent bribery.
To prevent violations and early detect situations leading to violations, Toshiba established the whistleblower system for employees and the Clean Partner Line for suppliers and business partners as a system to report violations or suspected violations, and encourages the use of said system.
Furthermore, Regional Representative Subsidiaries in major global regions support Toshiba Group companies overseas, serving as a foundation for risk management in such regions. This has been done in order to appropriately control risks associated with relevant anti-trust laws, bribery, and the like, which has been rising mainly in emerging countries, and to ensure thorough compliance in global business.

Status of breaches to laws related to anti-corruption (FY2022)

Item Number of cases in FY2022 Loss resulting from legal violations (yen)
Exposure through price cartel 0 0
Exposure through bribery 0 0
Item Number of cases in FY2022 Loss resulting from legal violations (yen)
Exposure through price cartel 0 0
Exposure through bribery 0 0

Political Contributions

The Standards of Conduct for Toshiba Group stipulates that Toshiba Group shall not provide inappropriate benefits or favors to any politician or political organization.
Also, as part of its social contributions, Toshiba offers political contributions, when necessary, in order to contribute to the realization of policy-oriented politics, to support the healthy development of parliamentary democracy and to improve the transparency of political contributions. In the case of offering political contribution, procedures in accordance with internal rules are followed as well as compliance with the Political Funds Control Law in case of Japan is strictly ensured.
Toshiba and key Group companies made no political contributions in FY2022.

Donations and Provision of Funds

While the Standards of Conduct for Toshiba Group forbid inappropriate expenses, they stipulate that appropriate donations to organizations may be made. We therefore donate to various organizations, taking into consideration factors such as the contribution made by the donee organization to society, its cause and community aspects, as specified by the Standards of Conduct for Toshiba Group.

Fair Trading


Fair Trading Policy and Its Promoting Structure

Toshiba Group strives to build sound partnerships with suppliers through fair trading in compliance with procurement-related laws and regulations.

Toshiba Group is promoting thorough observance of procurement compliance both in its own procurement activities, and in those of its suppliers.
There is a procurement compliance promotion structure established within the Group, which acts in order to carry out each procurement transaction in compliance with the relevant Japanese and international laws and regulations. Information related to compliance concerning procurement is thoroughly informed to Group companies through this system.
Moreover, measures are thoroughly informed by means of Procurement Compliance Liaison Meetings, organized by the Procurement Division and attended by Compliance Managers and Compliance Coordinators.

Toshiba Group procurement compliance promotion structure

In FY2022, in line with a basic policy of strengthening compliance in the procurement process, Toshiba took action to ensure adherence to regulations on legal compliance by checking the operation of each Group company’s procurement processes through investigations of the procurement process and patrols to inspect procurement transactions. In FY2023, we will continue to strengthen the operation of our procurement processes.

Clean Partner Line, Whistleblower System for Suppliers and Business Partners

Toshiba Group has established a whistleblower system for suppliers and business partners called Clean Partner Line, as a point of contact for our suppliers to tell us about issues or concerns regarding persons associated with the Toshiba Group. Personal information on whistleblowers, without the whistleblower’s consent, is not disclosed to anyone other than the Clean Partner Line staff. Also, what is reported by whistleblowers is handled based on strict procedures, with care taken not to treat whistleblowers and their companies unfavorably for whistleblowing. We notify our business partners of this system and request that they make use of it.

Checks of Fair Trading Practices (Thorough Compliance with the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors)

In Japan, we monitor the subcontracted transactions of Toshiba Group in Japan undertaking such transactions. Regarding items requiring improvement, guidance is provided to make improvements to ensure thorough compliance.

Training to Ensure Fair Trading Practices

At Toshiba Group, various training programs on compliance in procurement are provided to ensure fair trading practices. For example, since FY2007, we have conducted e-learning for employees of Group companies in Japan on relevant acts, such as the Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors.
In FY2022, a total of 70,593 Toshiba Group employees in Japan between January and February 2023 participated in the e-learning program on the Subcontract Act.
We also provide compliance education for Procurement staff of Toshiba Group companies in Japan at various phases of their careers.

Breaking Relationships with Antisocial Groups


In 1997, the Board of Directors resolved to end relations with antisocial forces such as sokaiya (groups of racketeers). Since then, the Group has strictly dealt with approaches from third parties to obstruct our lawful and appropriate corporate activities. With regard to this stance, the rejection of the involvement of antisocial groups in our business activities has been explicitly stated in the SOC. By providing e-learning lessons about the SOC to all employees, we continuously ensure that employees understand the importance of excluding antisocial groups from the business they do. In addition, in order to further ensure that all relations with antisocial forces are cut off, all Toshiba Group companies have taken various measures, such as developing and implementing Basic Public Relations Management Rules and appointing public relations management officers for each department. When conducting transactions with a new customer, the public relations management officers of that department confirm that the customer has no relations with antisocial groups. We also periodically conduct surveys on customers that we already have business relations with.
Transaction contracts normally include a clause regarding the exclusion of organized crime syndicates, which enables a contract to be cancelled without notice when the business partner is identified as an antisocial group. Toshiba Group also works with the police, corporate attorneys, and third-party organizations such as the National Center for the Elimination of Boryokudan to establish systems that enable us to respond to approaches from antisocial forces in an appropriate and timely manner.

Export Control


Export Control Policy

As indicated in Standards of Conduct for Toshiba Group, Toshiba Group’s basic export policy is to refrain from any transaction that could potentially undermine international peace and security. We comply with all applicable export control laws and regulations of the countries and regions where we operate, for example Foreign Exchange and Foreign Trade Law in the case of Japan and US export control laws and regulations with respect to transactions involving items of US origin.
In accordance with the policy, Toshiba Group has established the Export Control Compliance Program (ECCP). Based on the program, we classify the goods and technology and screen transactions. In addition to periodic export control audits and education for all executives and employees, key Group companies and corporate staff divisions provide instructions and support to the Group companies they supervise.

Toshiba Export Control Compliance Program (Toshiba ECCP)


Chapter 1 Statement of Corporate Policy

Chapter 2 Definition of Terms

Chapter 3 Export Control Organizations

Chapter 4 Control Procedures

Chapter 5 Education

Chapter 6 Compliance Reviews

Chapter 7 Notification of Violation and Corporate Sanctions

Chapter 8 Group Companies

※ ECCP: Export Control Compliance Program

Export Control System

Toshiba’s export control system is organized under the Chief Export Control Officer who has ultimate responsibility for the corporation’s export control. The Chief Export Control Officer must be a representative executive officer or an executive equivalent thereto. Under the Chief Export Control Officer, the Legal & Compliance Division Export Control Office is responsible for overseeing the export control implemented pursuant to the Toshiba Export Control Compliance Program (ECCP). Based on the Toshiba ECCP, Toshiba Group companies and corporate staff divisions have their own export control organizations led by the Export Control Officers. The Export Control Officers must be heads of the corporate staff divisions in the case of corporate staff divisions, or presidents of Group companies in the case of Group companies.

Toshiba Group’s export control organization

Product Classification and Transaction Review

The technical department classifies the goods or technology and determines whether export license is required. Then, transaction screening is carried out accordingly, such as confirmation of the end-use, end-user, and final destination. Classification and transaction screening are checked and approved by multiple persons in charge. When trading with concerned countries and regions, the Export Control Office conducts stringent assessments and approvals.

Inspection and Audit of Export Control

Toshiba’s corporate staff divisions and Toshiba Group companies perform internal self-checks. In addition, the Export Control Office or the supervising department conducts regular audits to check if export control is appropriately performed. Audits are conducted once every one to three years at target companies, and in FY2021, audits were performed for three internal divisions in Japan and five Group companies. Overseas, audits are done in the order of Europe and the United States, Asia and China, and in FY2022, two Group companies in Europe and the United States received audits. Where problems are identified by the audit, we demand that improvement plans be submitted, and check the progress of the plans.

Export Control Trainings

Training courses on export controls (regular and specialized courses) are offered by the Export Control Office for corporate staff divisions and Group companies to educate employees on the importance of export control and to raise awareness and knowledge of the Toshiba Export Control Compliance Program (ECCP) and related internal regulations.
Furthermore, the Export Control Office provides compulsory export control education for all employees of Group companies in Japan through an e-learning system every year.
Export controls at Group companies including those located overseas are modeled after that of Toshiba, which is implemented under the Toshiba Export Control Compliance Program (ECCP). Export control audits are conducted periodically to evaluate their performances.
The Export Control Office holds meetings with corporate staff divisions and key Group companies to communicate on matters such as the international situation, regulatory trends, and specific requirements, and additionally to provide a forum for exchange of information and opinions. Key Group companies provide guidance and support on export control to other Group companies under their control.
Meanwhile, to enhance support for Toshiba Group overseas, we issue a quarterly export control bulletin for local staff working in export control, where we share information on export control-related legal revisions, sanctions, cases of legal violation, and other news.

Information Security Management


Policy on Information Security

Toshiba Group regards all information, such as personal data, customer information, management information, technical and production information handled during the course of business activities, as its important assets and adopts a policy to manage all corporate information as confidential information and to ensure that the information is not inappropriately disclosed, leaked or used. In view of this, Toshiba has a fundamental policy “to manage and protect such information assets properly, with top priority on compliance.” The policy is stipulated in the chapter “Corporate Information and Company Assets” of the Standards of Conduct for Toshiba Group, and managerial and employee awareness on the same is encouraged.
In response to regulatory changes and changes in the social environment, Toshiba Group revises the related rules on an ongoing basis so as to rigorously manage its information security.
When providing personal information and confidential information to outsourcing contractors, we request them to maintain confidentiality and comply with relevant laws and regulations in the same manner as Toshiba does, and to implement thorough training for employees handling the information.
We include in the contract terms the possibility of terminating contract and seeking damages in case of violations of confidentiality obligations or personal information protection obligations as stipulated in the contract.

Structure of Information Security Management

Addressing information security as a management priority, Toshiba Group appointed the Chief Information Security Officer (CISO) and each corporate staff division and Toshiba Group company has established, under the supervision of the CISO, an information security management structure.
The Cyber Security Committee deliberates matters that are necessary to ensure information security throughout Toshiba Group. The CISO formulates and enacts measures in order to make sure that internal rules related to information security are enforced in a problem-free, effective, and definitive manner.
At each division inside Toshiba, key Group companies, and subsidiaries and affiliates*1, the head of the organization serves as Information Security Management Executive, bearing responsibility for information security at their respective organization. The Executives provide guidance and assistance to Group companies in Japan and overseas under their control to ensure that they implement information security at a level equivalent to that of Toshiba.

Toshiba Group Information Security Management Structure

  • Key Group companies and Toshiba Elevator and Building Systems Corporation, Toshiba Lighting & Technology Corporation, and Toshiba Plant Systems & Services Corporation
  • CSIRT: Computer Security Incident Response Team

Information Security Measures

Toshiba Group implements information security measures from four perspectives (see the table below). The Corporate Technology Planning Division incorporates these measures into regulations and guidelines and makes them fully known to all Toshiba Group companies through notices and briefings.

Implementation of Information Security Measures from Four Perspectives

Category Description
(1) Organizational measures:
Establish an organizational structure and rules
  • Periodic reviews of information security-related regulations
  • Development and maintenance of structure
  • Implementation of audits, etc.
(2) Personal and legal measures:
Ensure adherence to rules
  • Regulation of information protection duties and disciplinary measures for breach of duties in rules of employment
  • Provision of periodic employee education and training
  • Contractor information security evaluation and conclusion of confidentiality agreements, etc.
(3) Physical measures:
Support implementation of rules in terms of physical security
  • Carry-in/carry-out control of information devices
  • Facility access control, room / facility entry control
  • Locking of highly important information, etc.
(4) Technical measures:
Support implementation of rules in terms of technology
  • Virus protection and hard disk encryption of information devices, and introduction of EDR tools*
  • Checking the vulnerabilities of servers accessible to the public enhancing their protection
  • Monitoring and controlling unauthorized access from the outside and information leakage, etc.
Category Description
(1) Organizational measures:
Establish an organizational structure and rules
  • Periodic reviews of information security-related regulations
  • Development and maintenance of structure
  • Implementation of audits, etc.
(2) Personal and legal measures:
Ensure adherence to rules
  • Regulation of information protection duties and disciplinary measures for breach of duties in rules of employment
  • Provision of periodic employee education and training
  • Contractor information security evaluation and conclusion of confidentiality agreements, etc.
(3) Physical measures:
Support implementation of rules in terms of physical security
  • Carry-in/carry-out control of information devices
  • Facility access control, room / facility entry control
  • Locking of highly important information, etc.
(4) Technical measures:
Support implementation of rules in terms of technology
  • Virus protection and hard disk encryption of information devices, and introduction of EDR tools*
  • Checking the vulnerabilities of servers accessible to the public enhancing their protection
  • Monitoring and controlling unauthorized access from the outside and information leakage, etc.
  • EDR:Endpoint Detection and Response

To protect against cyber-attacks, which are becoming more sophisticated with every passing year, we introduced a function to block suspicious e-mails, enhanced our anti-virus measures for information equipment such as IoT devices, and trained all employees in handling targeted attack e-mails. We also utilize external threat intelligence to understand terminal vulnerabilities and prevent attacks before they occur. In addition, we enhanced the monitoring for our network and in-house systems to quickly cope with a virus invasion into the company systems.
In addition, with the expansion of remote work due to the COVID-19 pandemic, the number of areas targeted by cyber-attacks is increasing. We are working to strengthen internal and external countermeasures, including by collecting and analyzing information on servers and network devices available on the internet, introducing mechanisms to understand vulnerabilities and configuration errors, and using attack simulation tools to assess the risk of security products introduced by the Company.

Education, Inspection, and Audit of Information Security Management

Toshiba Group covers a diverse portfolio of businesses. To ensure Group-wide information security, it is vital for each Group company to rotate the PDCA (Plan-Do-Check-Act) cycle independently. Accordingly, Toshiba Group carries out an annual self-audit of its compliance with internal rules to identify issues and plan improvements. The Corporate Technology Planning Division evaluates the results of the audits and related improvements carried out by each Toshiba division, key Group companies, and subsidiaries and affiliates*1, and provides support and guidance where necessary. 
In FY2022, four key points were identified: (1) countermeasures against attacks via email, (2) information security of manufacturing systems, (3) supply chain security, and (4) cloud security. Since cyber-attacks targeting Japanese companies in recent years often use email, for key point (1), we confirmed the progress of basic measures for PC management, etc., including countermeasures against suspicious emails and patch applications. In addition, for key point (2), we visited multiple factories and conducted on-site checks to confirm the status of security measures implemented in the manufacturing system and identify existing issues.
Toshiba Group companies in Japan have obtained the Information Security Management System (ISMS) certification*2 and PrivacyMark certification*3 according to their business areas and have received external audits from certification authorities.
Moreover, Toshiba Group conducts yearly training for all officers, as well as permanent and temporary employees, in order to enforce strict compliance with in-house regulations. There are also programs about information security such as basic training, and introductory training for new graduate employees.

  • Key Group companies and Toshiba Elevator and Building Systems Corporation, Toshiba Lighting & Technology Corporation, and Toshiba Plant Systems & Services Corporation
  • A third-party certification system for the information security management system compliant with ISO/IEC 27000 series
  •  A certification mark granted through third party assessment to businesses that have a system to ensure appropriate handling of personal information in compliance with Japan Industrial Standards (JIS) Q 15001: Personal Information Protection Management System–Requirements

Response to Incidents Such as Leakage of Confidential Information

In the event an information security incident such as the leakage of confidential information, Toshiba responds promptly in accordance with the Information Security Incident Reporting Structure.
When an employee becomes aware of an incident or potential incident involving the leakage of corporate information, the employee immediately reports to the CSIRT. In response, the CSIRT Leader devises necessary measures, such as an investigation into the cause and review of actions to prevent recurrence. In the event of a serious leakage or potential leakage of confidential information that may constitute a violation of laws and ordinances, Toshiba implements measures such as disclosure following discussion among the related corporate staff divisions in accordance with the applicable laws and ordinances.

Information Security Incident Reporting Structure

  • Key Group companies and Toshiba Elevator and Building Systems Corporation, Toshiba Lighting & Technology Corporation, and Toshiba Plant Systems & Services Corporation

Status of Incidents Such as Leakage of Confidential Information

In FY2022, there were no leaks of important information held by Toshiba Group.
There were also no personal data-related complaints or appeals filed by regulatory authorities or other external parties. We will continue to take every precaution to prevent incidents related to information security.
For details on information security management, please refer to our Cyber Security Report.

Strengthening privacy governance


Toshiba Group has formulated the "Toshiba Group Privacy Statement" as a declaration of its management stance on the use of privacy information across its data service businesses, towards promoting the trust of society and the realization of a trusted data society.
As digital transformation (DX) becomes a global trend, we are strengthening privacy governance, at that same time as we seek to make full use of the power of data to create valuable products and services.
Toshiba Group positions respect for privacy as part of respect for human rights.

AI Governance


Toshiba Group formulated the Toshiba AI Governance Statement to promote the development, provision and use of trustworthy AI. The statement is based on Toshiba Group's management philosophy and summarizes the philosophy regarding AI from seven perspectives, which include “Respect for human dignity,” “Developing AI and cultivating talent,” and “Emphasis on fairness.” For example, “Emphasis on fairness” states “Respecting human rights, Toshiba will work to research, develop, provide and operate AI with consideration given to fairness to avoid unjustified discrimination.”
Toshiba Group is accelerating digital transformation (DX) and is promoting the resolution of various social issues by applying AI to infrastructure systems important to society. Based on the ideas in this statement, we will expand the range of human resources who can develop, provide, and operate AI, strengthen the creation of mechanisms to maintain the quality of AI systems, and proceed with the construction of Toshiba Group's AI governance.

Product Safety Information and Advertising


Policy on Product Safety Information and Advertising

Toshiba Group provides accurate product information and executes appropriate advertising in a lawful manner and in accordance with the Standards of Conduct for Toshiba Group. Quality assurance divisions of Group companies and affiliated companies monitor the safety standards of the countries where products are marketed and technical standards such as the UL Standards*1 and CE Marking*2 to ensure that their product labeling is in compliance with the relevant standards.

  • UL Standards: Safety standards established by UL LLC (Underwriters Laboratories Inc.,) that develops standards for materials, products, and equipment and provides product testing and certification.
  • CE Marking: A certification mark that indicates conformity with the safety standards of the European Union (EU). CE marking is required for products sold within the European Economic Area (EEA).

Compliance with Regulations and In-House Standards Regarding Products

In FY2022, there were no violations of product safety regulations or in-house standards in the life cycle of our products and services. There were also no violations of regulations or in-house standards relating to information and labeling of products and services.
Please refer to Product Safety and Product Security for information on our efforts to ensure strict compliance with laws and regulations related to product safety.

Compliance with Regulations on Advertising and Labeling

As a result of strict compliance with the Antimonopoly Act, the Act on Securing Quality, Efficacy and Safety of Products Including Pharmaceuticals and Medical Devices, and the Act Against Unjustifiable Premiums and Misleading Representations by Toshiba Group in Japan, there were no legal violations related to advertising in FY2022.

Tax Affairs


Basic Policy on Tax

Based on the Basic Policy on Tax, Toshiba Group complies with legal ordinances, notices, and regulations in various countries and makes efforts to properly file tax returns and pay taxes.

Basic Policy on Tax


Toshiba Group follows the following policy to properly file tax returns and pay taxes:

  1. Compliance with laws and regulations
    Toshiba and Toshiba Group companies shall carry out their tax operations in compliance with all applicable laws and regulations of the countries where their business is conducted, with the following the spirit of the laws as well as with reference to guidelines published by international organizations such as OECD.
    In addition, Toshiba and Toshiba Group companies shall conduct their business with appropriate tax structures, linked with business purposes and shall not carry out any transactions for the purpose of tax avoidance.
  2. Optimizing tax costs
    Toshiba and Toshiba Group companies shall, in compliance with tax laws and regulations, strive to utilize the legally justified measures such as consolidated tax filing regimes and other tax incentives and optimize their tax costs for Toshiba Group as a whole.
  3. Relationship with tax authorities
    Toshiba and Toshiba Group companies shall aim to maintain good relationships with tax authorities and work with them in a sincere manner.

Code of Conduct for Tax Operations

Toshiba Group shall act based on the following three codes, in order to achieve the aims of the basic policy.

Code of Conduct for Tax Operations


  1. Improvement of Governance
    Toshiba and Toshiba Group companies shall aim to improve governance by organizing the structure by which tax risks related to business activities can be identified.
  2. Improvement of Corporate Social Responsibility (CSR)
    In carrying out tax operations, Toshiba and Toshiba Group companies shall consider their CSR as well as ensure their compliance with relevant tax laws and regulations.
    In particular, Toshiba and Toshiba Group companies shall consider their responsibilities towards governments, local communities, shareholders, employees, and other stakeholders.
  3. Minimization of tax risks
    Toshiba and Toshiba Group companies shall minimize their tax risks through advance assessments of transactions and appropriate tax return filings. Toshiba Group companies shall examine various aspects of tax risks including reputation risk.

Efforts on Tax Operations

Toshiba Group shall carry out the following tax operations, based on the basic policy.

Training for Employees and Use of External Specialists

Tax operations of Toshiba Group companies shall be carried out by their employees who are well-versed in their respective local taxation. Toshiba Group shall provide opportunities to their employees who are involved in tax operations depending on their positions and experience levels. In principle, Toshiba Group shall regularly be reviewed by external specialists to confirm that their tax operations are appropriately carried out in accordance with laws and regulations, and make the final tax-related decisions.

Efforts on International Tax Systems

Toshiba Group shall have a responsibility to carry out cross border transactions with foreign related parties at the arm’s length price, and document the transaction details based on the relevant laws and regulations in the tax jurisdiction.
When carrying out cross-border transactions, Toshiba Group shall confirm whether a tax treaty exists between the relevant countries, and if so, utilize the benefits with full knowledge of the details.

Risk Management Using the Business Continuity Plan (BCP)


Failure to respond appropriately to large-scale disasters such as earthquakes, typhoons, and floods could result in the long-term closure of operations, triggering significant financial losses, ultimately affecting our stakeholders. Toshiba Group implements measures to ensure the safety of employees and their families, support recovery of devastated areas, and maintain business sites and factories. In addition, we are promoting measures from the perspective of business continuity to enable continued supply or early recovery of products and services in the event we suffer damages or losses.
The Business Continuity Plan (BCP), which we have been formulating and developing Group-wide since 2007, is one such measure. Focusing on our key businesses that have large social and economic impacts, we have established a BCP that assumes potential large-scale earthquakes and new strains of influenza, and continually updates our Plan in order to maintain and improve its effectiveness.
We created a COVID-19 team and declared an internal state of emergency in February 2020, implementing Group-wide countermeasures from two perspectives: “business continuity and fulfillment of social responsibilities” and “securing the safety of employees and society.” We have proceeded with unprecedented Group-wide countermeasures such as stringent restrictions on staff access to the workplace and drastic alteration of working hours, in order to prepare for the worst case scenario and to protect lives.
Toshiba Group will continue to reinforce its BCP, giving utmost priority to the safety of all employees, so that operations can continue even in the event of a large-scale disaster, such as earthquake, storm, flood or other major disasters, occurring in combination with a pandemic.

BCP Procurement Management

In response to the Great East Japan Earthquake and the floods in Thailand, both of which occurred in 2011, Toshiba Group has been working to establish a disaster-resistant procurement system. Based on Toshiba Group’s Procurement Policy, we request our suppliers to cooperate in continuing to provide supplies in the event of an unanticipated disaster.
In 2012, we established the BCP Procurement Guidelines to provide crisis management standards. Also, to minimize the risk of supply chain disruptions and reduce the amount of time required to resolve supply chain disruptions, we have built a system to manage corporate information on suppliers upstream in the supply chain. In the event of an unanticipated disaster, we use this system to quickly investigate its effects on our suppliers worldwide for prompt action.


Response to supply chain risks

In response to COVID-19, we have taken necessary countermeasures in collaboration with suppliers to ensure supply in order to minimize the impact on business. Specifically, we have taken measures to minimize the impact on business by ascertaining the levels of risk present in business activities and logistics in areas in which infections are spreading.
Also, in response to the situation in Ukraine, we are working to minimize the impact on business by ascertaining the risk of procurement from Russia and securing alternative procurement sources accordingly.

Appropriate Management of R&D Conducted with Public Research Funds


Toshiba Group conducts R&D using public research funds allocated by government ministries and agencies, and by incorporated administrative agencies under the jurisdiction of government ministries and agencies. In order to ensure proper operation and management of such activities, we have established regulations and system for executing said activities along with a point of contact for consultations, whistleblowing, etc.
In addition, we provide those involved in these R&D activities with regular training on compliance and on engineering ethics and research ethics to prevent Specific Research Misconduct, among other wrongdoings.

Questionnaire for Sustainability Website

Your comments and suggestions will be appreciated.
Your responses will be SSL encrypted and protected. If your browser does not support SSL or if your network connection is via an intranet protected by a firewall, you may not be able to access the questionnaire page.
Your comments and suggestions may be referred to in the next report.