Risk Management and Compliance

Risk Management and Compliance Policies

At Toshiba, throughout our worldwide operations, we strive to ensure compliance with laws and regulations, social and ethical norms, and internal rules. According top priority to human life and safety and to compliance in everything we do underpins our commitment to promoting business activities through fair competition and serving the interests of customers to the best of our ability.

We consider thorough adherence to the Toshiba Group Standards of Conduct (SOC), which embodies the Basic Commitment of the Toshiba Group, to be the foundation of our compliance. Thus we are working toward the SOC becoming an integral part of the entire Toshiba Group.

Every year, priority themes regarding compliance are established and promoted in light of business circumstances. By implementing a Plan-Do-Check-Action (PDCA) cycle of self-assessment, not only at each in-house company but also at group companies worldwide, we are stepping up our efforts to ensure compliance.

Risk Management and Compliance Management Structure

In order to ensure thorough compliance at Toshiba, a board member is assigned the responsibility of overseeing compliance.

We have also established a system in which, if a serious noncompliance incident occurs, we swiftly consider how to deal with it and take the necessary action.

Furthermore, we endeavor to reinforce compliance by closely examining ways to prevent SOC violations and the recurrence of similar incidences through cooperation among the relevant divisions.

Risk Management and Compliance Management Structure

* CPL is an abbreviation combining CL (contractual liability) and PL (product liability)

Response to Compliance Violations

In the event of a major noncompliance incident, Toshiba investigates all facts to identify the cause of the violation, takes the facts seriously, makes every effort to prevent recurrence, and imposes appropriate disciplinary sanctions on the offenders. It handles such violations rigorously and discloses information in a proper and timely manner as necessary.

Action taken for SOC violations in FY2010

With respect to a system project delivered to a certain government agency, an employee of our group company was found to be engaging in inappropriate dealings with public service personnel. Taking this incident seriously, the company formed a special project to reform its workplace climate. It also provided education to all employees on specific standards of conduct that take business practices into consideration. It is rather regrettable that this incident has occurred in spite of the various measures taken to eliminate SOC violations. However, learning from this incident, the Group is making further efforts to ensure thorough compliance once again.

Whistleblower System

In January 2000, Toshiba established a whistleblower system to collect internal information on SOC violations, particularly those concerning laws and regulations, and to deal with wrongdoing through a self-rectification system. Under this system, the employees can report an incident and seek advice mainly via e-mail or telephone. In April 2006, Toshiba also set up a supplier whistleblower system to receive reports from suppliers and business partners so as to prevent SOC violations by employees in charge of procurement and order placements for construction works, etc.

By putting in place systems to receive reports from inside and outside the company, Toshiba anticipates that the system will play a role in deterring SOC violations as well as self-rectification.

Toshiba Group companies have also introduced a similar whistleblower system.

Toshiba's Whistleblower System

Compliance Situation Inspection and Audit

The Legal Affairs Division periodically communicates with the Corporate Audit Division in order to confirm the state of implementation with respect to the various compliance measures. Based on the actual state of implementation, steps are taken to enhance the effectiveness of management audits and the audit results are reflected in compliance measures.

Every year Toshiba conducts an intranet-based employee survey on the Toshiba Group Standards of Conduct(SOC). The results are used in formulating measures for enhancing awareness on compliance.

Risk Management and Compliance Education

With a view to ensuring compliance with the SOC, Toshiba Group provides various education programs such as education based on the needs of different organizational levels and job functions, as well as seminars on compliance topics for top executives. We also provide e-learning for all employees on a continual basis.

For overseas subsidiaries, we have developed e-learning materials in English with a view to preventing serious SOC violations such as the formation of cartels and bribery. As a first step, we have been offering such e-learning to our subsidiaries in North America.

In addition, the Group is focusing on employee education by upgrading and utilizing educational materials such as the production of an English version of the SOC.

We also provide education appropriate to the characteristics of individual regions to prevent the recurrence of similar SOC violations in each region (as in the past). We have been promoting initiatives that suit the circumstances of individual regions.

Measures to raise awareness on compliance

In light of the penalties imposed for violations and their grave impact on future business activities, Toshiba has been making vigorous efforts to prevent capitalization, bid rigging, and bribery.

In FY2010, the company continued to step up its initiatives to ensure thorough compliance.

Specifically, the initiatives involve Toshiba Group companies in Japan and overseas performing self-audits based on two Toshiba-developed guidelines, one on antitrust and the other on anti-bribery with respect to foreign public officials. Through these audits, Toshiba Group aims to identify the compliance level at the companies concerned and to provide thorough compliance education.

Furthermore, in advance of the enforcement of the UK Bribery Act (scheduled for July 2011), which stipulates the prohibition of bribery to private citizens as well as public officials, Toshiba is working with local lawyers to review its current anti-bribery guidelines in consideration of the guidelines issued by the UK Ministry of Justice.

Toshiba promotes rigorous compliance with various business-related laws and regulations chiefly by upgrading educational materials, providing education, effectively utilizing databases that contain relevant information, and performing periodic selfaudits.

Political Contributions

The Toshiba Group Standards of Conduct stipulates that Toshiba Group shall not provide inappropriate benefits or favors to any politician or political organization.

In the case of offering political contribution, procedures in accordance with internal rules are followed as well as compliance with the Political Funds Control Law in case of Japan is strictly ensured.

• Toshiba Group Standards of Conduct Chapter 3 18.Political Contributions

Business Continuity Plan (BCP)

Failure to respond appropriately to large-scale disasters such as earthquakes, typhoons, and floods could result in the long-term closure of operations, triggering significant financial losses, ultimately affecting our stakeholders.

Toshiba implements measures to ensure the safety of employees and their families, support recovery of devastated areas, and maintain business sites and factories. In addition, Toshiba continually updates its Business Continuity Plan(BCP)covering those businesses that have large social and economic impacts in order to minimize any interruption in the supply of goods and services in the event of natural or other disasters such as an influenza pandemic.

In FY2010, Toshiba reinforced the BCP and safety measures concerning its headquarters in Tokyo.