
You are about to leave www.astellas.com and enter a third-party website. Astellas is not responsible for the content or services on the third-party website.
Would you like to continue?
Risk Governance
Astellas established the Global Risk and Resilience Management Committee (“GRRC”) and Divisional Risk and Resilience Committees (“DRRCs”) to provide effective oversight of key risks and mitigation activities. Internal Audit observes these committee meetings to ensure that these key risks are taken into consideration in their priorities. GRRC consists of several CxOs and representatives from risk functions. Global risks are ultimately reported to the Board.
The diagram below summarizes Astellas’ risk governance system.
Enterprise Risk Management Process
The Risk Management Team in Corporate Strategy facilitates the Enterprise Risk Management (ERM) process with the internal stakeholders annually.
Our risk assessment process is both top-down and bottom-up. To enable prioritization, we assess the impact and likelihood of each risk, considering the mitigations currently in place.
Risk owners develop action plans to reduce the level of risk exposure and enhance the resilience. Global Risks (risks that require enterprise-level attention due to their nature and impact) are discussed and endorsed at the GRRC. GRRC also monitors Emerging Risks, which we define as uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear. Sometimes, an Emerging risk is subsequently included in the risk register as a Global or Divisional risk following the discussion at the GRRC.
We continuously review the Enterprise Risk Management process to further enhance its effectiveness and efficiency. In fiscal year 2025, the Internal Audit function conducted an audit of the Enterprise Risk Management process.
Global Risks Overview
The table below summarizes the currently identified Global Risks. Any forward-looking statements are based on judgments at the end of FY2025. In addition to these risks, there are many other risks. Some risks are unique to the pharmaceuticals business, such as the uncertain nature of research and development, the risk of being infringed upon or infringing intellectual property rights, risk of drug side effects or safety issues arising thereof, and the risk of Astellas Group business’ partial dependence on licensing and sales of third-party developed drugs. Other risks include the infringement of related laws and regulations (e.g., competition with rival products, environment, health and safety); commercial litigations; delays or stoppages in manufacturing due to natural disasters; and exchange rate fluctuations. Such risks may affect the Astellas Group’s business results and financial position.
| Risk | Key | Context | Key Mitigation Actions (Examples) |
|---|---|---|---|
| Cyber Security | *** | The technology and Artificial Intelligence (AI) more broadly involved in cyberattacks is advancing at an unprecedented level and the methods of attack are growing more diverse and sophisticated. The pharmaceutical industry is no stranger to cyberattacks given the important data these companies hold. Cyberattacks or breaches caused by malicious activities may result in unavailability of critical technology systems, loss or disclosure of confidential or proprietary data including personally identifiable information. |
|
| US Pricing Policy Shift | *** | The United States aims to introduce a Most Favored Nation (MFN) drug pricing policy, which seeks to lower drug prices in the U.S. in line with the lowest price level among the advanced countries. If such a policy is implemented and applied to our products, it may lead to a decrease in our revenue in the U.S. market and could also impact our market strategies in other advanced countries. |
|
| Data Nationalism & Privacy Fragmentation | ** | Data Nationalism is a growing trend in which governments are asserting control over data generated within their borders, such as prohibiting and/or restricting the transfer of data across borders, or imposing some preconditions before transfers are allowed to take place. Data nationalism may be also manifested in fragmented privacy laws and regulations which deviate from global standards. Such regulatory changes could require Astellas to significantly modify existing business processes and IT systems that support today’s cross border data flows. This can lead to higher costs, operational and system complexity, and reduced efficiency and/or reduced innovation. |
|
| Organizational Transformation | ** | As the company kicks off CSP 2026, successful delivery of multiple transformation initiatives is critical for Astellas to continue creating and delivering VALUE for our patients. When multiple initiatives are concurrently running, it is critical to understand and manage the inter-dependencies. Uncoordinated transformation initiatives and the related changes may impact our culture and reputation. |
|
| Global Tariffs | ** | Since the establishment of the World Trade Organization in 1995, WTO member countries have maintained zero-tariff measures on pharmaceuticals. However, in April 2026, the United States announced the introduction of tariffs on pharmaceuticals and pharmaceutical ingredients. Depending on how these tariffs are implemented by the US government, this could lead to increased costs for Astellas. |
|
| Natural disasters and extreme weather events | * | Due to our geographically dispersed footprint, we may be vulnerable to natural disasters and disruptive weather events caused by climate change. In the event of catastrophic weather events that exceed the scope of typical contingency planning, our business operations may be disrupted, and the stability of our commercial supply could be impacted. |
|
| AI Regulatory Expectations | * | With the advancement of AI utilization in the pharmaceutical industry, regulatory authorities have begun to clarify the conditions for the use of AI in GxP environments through guidelines and similar measures. While we have established an AI compliance framework based on current laws and regulations, it is necessary to continue strengthening this framework to ensure we can respond to future regulatory developments. |
|