Business Risks

Risk Governance

Astellas established the Global Risk and Resilience Management Committee (“GRRC”) and Divisional Risk and Resilience Committees (“DRRCs”) to provide effective oversight of key risks and mitigation activities. The Internal Audit observes these committee meetings to ensure that these key risks are taken into consideration in their priorities. Global risks are ultimately reported to the Board. The diagram below summarizes Astellas’ risk governance. 

risk management graph

Enterprise Risk Management Process

The Risk Management Team in Corporate Strategy facilitates the Enterprise Risk Management (ERM) process with the internal stakeholders annually. Our risk assessment process is both top-down and bottom-up. To enable the prioritization, we assess the impact and likelihood of each risk, considering the mitigations currently in place.
 

Risk owners develop action plans to reduce the level of risk exposure and enhance the resilience. Global Risks (risks that require enterprise-level attention due to their nature and impact) are discussed and endorsed at the GRRC. GRRC also monitors Emerging Risks, which we define as uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear. Sometimes, an Emerging Risk is subsequently included in the risk register as a Global or Divisional risk following the discussion at the GRRC. 

Global Risks Overview

The table below summarizes the Global Risks. Any forward-looking statements are based on judgments at the end of FY2024. In addition to these risks, there are many other risks. Some risks are unique to the pharmaceuticals business, such as the uncertain nature of research and development, the risk of being infringed upon or infringing intellectual property rights, risk of drug side effects or safety issues arising thereof, and the risk of Astellas Group business’ partial dependence on licensing and sales of third-party developed drugs. Other risks include the infringement of related laws and regulations (e.g., competition with rival products, environment, health and safety); commercial litigations; delays or stoppages in manufacturing due to natural disasters; and exchange rate fluctuations. Such risks may affect the Astellas Group’s business results and financial position.

Risk Key Context Key Mitigation Actions (Examples)
Cyber Security *** In recent years, the technology involved in cyberattacks is advancing at an unprecedented level and the methods of attack are growing more diverse and sophisticated. The pharmaceutical industry is no stranger to cyberattacks given the important data these companies hold. Cyberattacks or breaches caused by malicious activities may result in unavailability of critical technology systems, loss or disclosure of confidential or proprietary data including personally identifiable information.
  • The Astellas Information Security Program is designed based on the NIST CSF framework which includes the following domains: Govern, Identify, Protect, Detect, Respond and Recover
  • The program is governed and overseen by the Chief Digital and Technology Officer (CDTO), and progress is reported to the Executive Leadership and the Board of Directors
  • In addition, we have an active Information Security Training and Awareness portfolio of ongoing activities to include regular all-company and targeted phishing simulations, and frequent awareness campaigns
  • We continue to maintain compliance with current cyber-security regulations and actively monitor external regulatory developments
Impact of geopolitical tension on our supply chain ** Management of supply chain resilience is a complex undertaking based on the number of products marketed by Astellas, and the heightened geopolitical uncertainties further add complexity. Potential supply chain interruptions could impact our manufacturing processes, stock-out of our products, and inability to supply patients and financial penalties.
  • Product Supply Risk Assessment process
  • Enhanced relationship management and communication for CMOs
  • Phased implementation of alternative suppliers for key materials to improve our resilience
  • Increased safety stocks for materials that are subject to geopolitical supply risks
Data Nationalism & Privacy Fragmentation ** Data Nationalism is a growing trend in which governments are asserting control over data generated within their borders, such as prohibiting and/or restricting the transfer of data across borders, or imposing some preconditions before transfers are allowed to take place. Data nationalism may be also manifested in fragmented privacy laws and regulations which deviate from global standards. Such regulatory changes could require Astellas to significantly modify existing business processes and IT systems that support today’s cross border data flows. This can lead to higher costs, operational and system complexity, and reduced efficiency and/or reduced innovation.
  • Monitoring of regulatory developments
  • Country-specific projects to ensure compliance with privacy laws and other data governance & digital regulations
Meeting Sustainability Expectations and Commitments ** Society and regulators are heightening their expectations on companies' sustainability performance and disclosure. Astellas is collaborating across the organization, and sufficient funding is needed to ensure we achieve the stated sustainability goals. If we are unable to meet these goals, there could be reputational damage.
  • Sustainability governance structure
  • Sustainability measurement in top management compensation scheme
  • Sustainability Direction Performance Indictors (SDPIs) setting and disclosure
  • Progress with the CSRD (Corporate Sustainability Reporting Directive) readiness project in line with the regulatory requirements
Organizational Transformation ** Successful delivery of multiple transformation initiatives is critical for Astellas to continue creating and delivering VALUE for our patients. When multiple initiatives are concurrently running, it is critical to understand and manage the inter-dependencies. Uncoordinated transformation initiatives and the related changes may impact our culture and reputation.
  • Established a forum and mechanism to coordinate major transformation change initiatives
  • Developing a solution to provide observability of transformation initiatives being delivered across the company
  • Building change management capability across the organization
Management of Outsourced Supply Chain ** Regulatory authorities are intensifying their oversight of pharmaceutical companies. Insufficient visibility and control over the wider operating environment of Contract Development and Manufacturing Organizations / Contract Manufacturing Organizations (CDMO / CMOs) could lead to a failure to meet the regulatory requirements for our products manufactured at their sites. This could result in unexpected delays in product approval, disruptions in clinical trials, and ultimately have a negative impact on our revenue and reputation.
  • Updated contractual framework to strengthen CDMO/CMO responsibilities for reporting to Astellas and increased oversight
  • Developed a guidance document to support the regulatory intelligence searches
  • Enhanced current communication with CDMO/CMOs to include broader Quality System risks as a standard component of regular reviews
  • Enhanced the risk-based approach for conducting audits of these organizations
Emerging pharmaceutical regulation changes * In some regions, there are emerging regulations that could reduce the current intellectual property protection of pharmaceutical products allowing for earlier generics entry, or banning market entry for medicines whose environmental impact is deemed too high – such as in the European Commission proposal for a new General Pharmaceutical Legislation in the European Union. Astellas analyses the potential future policy changes to identify future risks and opportunities for our portfolio and our organization.
  • Impact assessment on Astellas business, monitoring of latest developments, etc.
US Administration’s Policies * The new U.S. administration, which was established in January 2025, is proposing policies in the areas of drug pricing and tariffs that differ from those of the previous administration. Depending on the development of these policies, there may be an impact on our business and supply chain.
  • Impact assessment on Astellas business, monitoring of latest developments, etc.
Natural disasters and extreme weather events * Due to our geographically dispersed footprint, we may be vulnerable to natural disasters and disruptive weather events caused by climate change. In the event of catastrophic weather events that exceed the scope of typical contingency planning, our business operations may be disrupted, and the stability of our commercial supply could be impacted.
  • Continuous enhancement of business continuity planning and execution of training
  • Incorporation of natural disaster risk into the site risk assessment
  • Assessment of the long-term impact of climate change on Astellas sites
  • ***Catastrophic Risk: Risks that have the potential to cause fatal damage or business disruption to the entire Astellas group level should they materialize. They have the potential to fundamentally impact and disrupt business objectives, operating model, reputation or core activities to a material level.
  • **Standard Risk: Risks that have the potential to cause substantial damage or business disruption to a specific part of the business or the entire Astellas group.
  • *Emerging Risk: Uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear.