(1) Identifying and Mitigating Risks Relating to the Performance of Business Activities
Pharmaceutical companies that expand their business globally are expected to follow various regulations with a high level of compliance; Astellas must also address various risks that could impact its business results and reputation. In FY2019, Astellas pursued its operation of enterprise risk management with the aim of further developing the risk management activities implemented until now. This involved newly establishing the Corporate Risk Management Division to take control over risk management, and the Global Risk and Resilience Management Committee, chaired by the Chief Administrative Officer and Chief Ethics & Compliance Officer.
Under enterprise risk management, risks are identified on the Group-wide level and on the individual division level. Those risks are classified using a uniform evaluation process according to priority and, if deemed necessary, linked to formulation of a universal means for solution. Identified risks are regularly evaluated by the Global Risk and Resilience Management Committee, and solutions and mitigation measures for high priority risks are discussed at the Executive Committee, chaired by the Representative Director, President and CEO.
(2) Risk Management Framework
Astellas’ risk management framework is as follows.
Risk Management Framework
(3) Critical Risks
The risks identified by management as having the potential to have a considerable impact on financial position, business results and cash flow position of the consolidated companies are mainly set forth below.
Any forward-looking statements are based on judgments as of March 31, 2020.
1 Risks related to cybersecurity
In recent years, the technology involved in cyberattacks is advancing at an unprecedented level and the methods of attack are growing more diverse and sophisticated. In light of this environment, Astellas has identified risks related to cybersecurity as one of its critical risks. The Information Systems Division is leading the response to this risk, implementing various countermeasures against cyberattack on a global basis that includes monitoring of networks and facilities, and taking every precaution to manage the risk.
However, despite having such measures in place, in the event that business is substantially interrupted due to a cyberattack or serious system failure, etc. caused by cyberattack, or in the event that important data, including information that could identify individuals, is lost, corrupted or leaked externally, the Astellas Group’s business results may be significantly affected.
2 Risks related to supply chain management
In the pharmaceuticals business, the ability to manufacture safe and effective pharmaceuticals reliably and then to provide their stable supply is extremely important. Astellas has identified risks related to supply chain management as one of its critical risks. The Pharmaceutical Technology Division is leading the response to this risk, establishing its own standards compliant with industry standard Good Manufacturing Practice (GMP), including manufacturing and quality controls, and Good Distribution Practice (GDP) and rigorously implementing consistent high-level quality control for not only manufacturing facilities and equipment but inclusive of all operations from ingredient procurement to storage, manufacturing, and delivery. Furthermore, to respond to growing complexities in the supply chain, the Group has introduced on a global basis, management of its Contract Manufacturing Organizations (CMO) and is proceeding with measures including the creation of Business Continuity Plans (BCP) to ensure supply during emergency situations.
However, despite having such measures in place, in the event that interruptions in supply, product shortage, or quality problems arise, or in the event that the reputation of Astellas is damaged as a result of the aforementioned, the Astellas Group’s business results may be significantly affected.
3 Risk of impact from pharmaceutical regulatory
The ethical pharmaceutical business is governed by a wide variety of regulations in each country. Astellas has identified changes in pharmaceutical pricing policy by the United States Government as one of its critical risks and is carefully watching trends.
The Astellas Group’s business results may be significantly affected by policy for controlling the cost of medical treatment, or a tightening of various regulations concerning development, manufacturing and distribution, particularly in developed countries.
In addition to the above critical risks identified by the Astellas Group, there are many other risks. Some risks are unique to the pharmaceuticals business which include the uncertain nature of research and development, the risk of being infringed upon or infringing intellectual property rights, risk of drug side effects or safety issues arising thereof, and the risk of an Astellas Group business’s partial dependence on licensing and sales of third-party developed drugs. Other risks include the risk of infringement of related laws and regulations concerning competition with rival products, or environment or health and safety, or of commercial litigation regarding business processes, as well as risks of delays or stoppages in manufacturing due to natural disaster, etc. or of exchange rate fluctuation. Such risks may affect the Astellas Group’s business results and financial position.
Note that the risks stated above do not cover all of the risks relating to the Astellas Group.