Business Risks
(1) Risk Governance
Astellas established the Global Risk and Resilience Management Committee (“GRRC”) and Divisional Risk and Resilience Committees (“DRRCs”) to provide effective oversight of key risks and mitigation activities. Internal Audit observes these committee meetings to ensure that these key risks are taken into consideration in their priorities. Global risks are ultimately reported to the Board. The diagram below summarizes Astellas’ risk governance.
(2) Enterprise Risk Management Process
The Risk Management Team in Corporate Strategy facilitates the Enterprise Risk Management (ERM) process with the internal stakeholders annually. Our risk assessment process is both top-down and bottom-up. To enable the prioritization, we assess the impact and likelihood of each risk, considering the mitigations currently in place.
Risk owners develop action plans to reduce the level of risk exposure and enhance the resilience. Global Risks (risks that require enterprise-level attention due to their nature and impact) are discussed and endorsed at the GRRC. GRRC also monitors Emerging Risks, which we define as uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear. Sometimes, an Emerging risk is subsequently included in the risk register as a Global or Divisional risk following the discussion at the GRRC.
(3) Global Risks Overview
The table below summarizes the Global Risks. Any forward-looking statements are based on judgments at the end of FY2023. In addition to these risks, there are many other risks. Some risks are unique to the pharmaceuticals business, such as the uncertain nature of research and development, the risk of being infringed upon or infringing intellectual property rights, risk of drug side effects or safety issues arising thereof, and the risk of Astellas Group business’ partial dependence on licensing and sales of third-party developed drugs. Other risks include the infringement of related laws and regulations (e.g., competition with rival products, environment, health and safety); commercial litigations; delays or stoppages in manufacturing due to natural disasters; and exchange rate fluctuations. Such risks may affect the Astellas Group’s business results and financial position.
Risk | Key | Context | Key Mitigation Actions (Examples) |
Cyber Security | *** | In recent years, the technology involved in cyberattacks is advancing at an unprecedented level and the methods of attack are growing more diverse and sophisticated. The pharmaceutical industry is no stranger to cyberattacks given the important data these companies hold. Cyberattacks or breaches caused by malicious activities may result in unavailability of critical IT systems, loss or disclosure of confidential or proprietary data including personally identifiable information. |
|
Impact of geopolitical tension on our supply chain | ** | Management of supply chain resilience is a complex undertaking based on the number of products marketed by Astellas, and the heightened geopolitical uncertainties further add complexity. Potential supply chain interruptions could impact our manufacturing processes, stock-out of our products, and inability to supply patients and financial penalties. |
|
Resilience of our key service providers | ** | Astellas relies on business process outsourcing providers (“BPO”) or vendors to execute its operation. If a BPO or a vendor suffers business interruption, this may result in unexpected shutdown and non-delivery of agreed managed services. In addition, there could be secondary impacts such as the failure to meet regulatory requirements (e.g. data privacy) and increased costs. |
|
Data Nationalism & Privacy Fragmentation | ** | Data Nationalism is a growing trend in which governments are asserting control over data generated within their borders, such as restricting the transfer of data across borders, or imposing some preconditions before transfers are allowed to take place. Data nationalism may be also manifested in fragmented privacy laws and regulations which deviate from common global standards. Such regulatory changes could require Astellas to significantly modify existing business processes and IT systems that support today’s cross border data flows. This can lead to higher costs, operational and system complexity, and reduced efficiency and/or reduced innovation. |
|
Meeting ESG expectations and Commitments | ** | The society and the regulators are heightening their expectations on companies' Environment, Social and Governance (“ESG”) performance and disclosure. Astellas is collaborating across the organisation and sufficient funding is needed to ensure we achieve the stated ESG goals. If we are unable to meet these goals, there could be reputational damages. |
|
Emerging pharmaceutical regulation changes | * | In some regions, there are emerging regulations that could reduce the current intellectual property protection of pharmaceutical products allowing for earlier generics entry, or banning market entry for medicines whose environmental impact is deemed too high – such as in the European Commission proposal for a new General Pharmaceutical Legislation in the European Union. Astellas analyses the potential future policy changes to identify future risks and opportunities for our portfolio and our organisation. |
|
Mass generative AI availability | * | Like any other industry, the pharmaceutical industry has started actively exploring the use of generative AI, which presents opportunities and risks for Astellas. This includes competition, compliance with emerging AI regulations, and missing out on innovation as a result of taking a conservative approach. |
|
Critical infrastructure failure | * | Astellas relies heavily on critical infrastructure such as roads, bridges, pipelines, and power grids for the manufacturing and distribution of its products. Should these infrastructures be impacted by extreme weather, accidents, or cyberattacks, there is a risk of delays or interruptions in the production of our products and investigational new drugs. This could lead to the difficulty in continuing stable pharmaceutical supply to patients and delays in product approvals due to the delay in clinical trials. |
|
*** Catastrophic risk: Risks that have the potential to cause fatal damage or business disruption to the entire Astellas group level should they materialise. They have the potential to fundamentally impact and disrupt business objectives, operating model, reputation or core activities to a material level.
** Standard risk: Risks that have the potential to cause substantial damage or business disruption to a specific part of the business or the entire Astellas group.
* Emerging risk: Uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear.