Business Risks

(1) Risk Governance

Astellas established the Global Risk and Resilience Management Committee (“GRRC”) and Divisional Risk and Resilience Committees (“DRRCs”) to provide effective oversight of key risks and mitigation activities. Internal Audit observes these committee meetings to ensure that these key risks are taken into consideration in their priorities. Global risks are ultimately reported to the Board. The diagram below summarizes Astellas’ risk governance.

Risk Governance


(2) Enterprise Risk Management Process

The Risk Management Team in Corporate Strategy facilitates the Enterprise Risk Management (ERM) process with the internal stakeholders annually. Our risk assessment process is both top-down and bottom-up. To enable the prioritization, we assess the impact and likelihood of each risk, considering the mitigations currently in place.
Risk owners develop action plans to reduce the level of risk exposure and enhance the resilience. Global Risks (risks that require enterprise-level attention due to their nature and impact) are discussed and endorsed at the GRRC. GRRC also monitors Emerging Risks, which we define as uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear. Sometimes, an Emerging risk is subsequently included in the risk register as a Global or Divisional risk following the discussion at the GRRC.

(3) Global Risks Overview

The table below summarizes the Global Risks. Any forward-looking statements are based on judgments at the end of FY2023. In addition to these risks, there are many other risks. Some risks are unique to the pharmaceuticals business, such as the uncertain nature of research and development, the risk of being infringed upon or infringing intellectual property rights, risk of drug side effects or safety issues arising thereof, and the risk of Astellas Group business’ partial dependence on licensing and sales of third-party developed drugs. Other risks include the infringement of related laws and regulations (e.g., competition with rival products, environment, health and safety); commercial litigations; delays or stoppages in manufacturing due to natural disasters; and exchange rate fluctuations. Such risks may affect the Astellas Group’s business results and financial position.

RiskKeyContextKey Mitigation Actions (Examples)
Cyber Security***In recent years, the technology involved in cyberattacks is advancing at an unprecedented level and the methods of attack are growing more diverse and sophisticated. The pharmaceutical industry is no stranger to cyberattacks given the important data these companies hold. Cyberattacks or breaches caused by malicious activities may result in unavailability of critical IT systems, loss or disclosure of confidential or proprietary data including personally identifiable information.
  • Transformed the information security operating model which has been developed from industry best practices and frameworks e.g,, US National Institute of Standards and Technology Cybersecurity Framework
  • Designed a multi-year roadmap to enhance the maturity of our Information Security program, with significant milestones already achieved which have strengthened our foundational security
  • Reintegrated information security into DigitalX to further accelerate efforts to ensure security-by-design is factored into ongoing transformation and operational activities across Astellas
Impact of geopolitical tension on our supply chain**Management of supply chain resilience is a complex undertaking based on the number of products marketed by Astellas, and the heightened geopolitical uncertainties further add complexity. Potential supply chain interruptions could impact our manufacturing processes, stock-out of our products, and inability to supply patients and financial penalties.
  • Product Supply Risk Assessment process
  • Enhanced relationship management and communication for CMOs
  • Phased implementation of alternative suppliers for key materials to improve our resilience
  • Increased safety stocks for materials that are subject to geopolitical supply risks
Resilience of our key service providers**Astellas relies on business process outsourcing providers (“BPO”) or vendors to execute its operation. If a BPO or a vendor suffers business interruption, this may result in unexpected shutdown and non-delivery of agreed managed services. In addition, there could be secondary impacts such as the failure to meet regulatory requirements (e.g. data privacy) and increased costs.
  • Globally harmonised third party risk management programme including Artificial Intelligence (AI) tool providing continuous monitoring of real-time threats
  • Global Supplier Relationship Management Framework and SOP with dedicated vendor management teams with critical outsourcing providers
  • Incorporation of BPO supplier resilience appraisal in RFP process pre contract award
Data Nationalism & Privacy Fragmentation**Data Nationalism is a growing trend in which governments are asserting control over data generated within their borders, such as restricting the transfer of data across borders, or imposing some preconditions before transfers are allowed to take place. Data nationalism may be also manifested in fragmented privacy laws and regulations which deviate from common global standards. Such regulatory changes could require Astellas to significantly modify existing business processes and IT systems that support today’s cross border data flows. This can lead to higher costs, operational and system complexity, and reduced efficiency and/or reduced innovation.
  • Monitoring of regulatory developments
  • Country-specific projects to ensure compliance with privacy laws and other data governance regulations
Meeting ESG expectations and Commitments**The society and the regulators are heightening their expectations on companies' Environment, Social and Governance (“ESG”) performance and disclosure. Astellas is collaborating across the organisation and sufficient funding is needed to ensure we achieve the stated ESG goals. If we are unable to meet these goals, there could be reputational damages.
  • Sustainability governance structure
  • Sustainability measurement in top management compensation scheme
  • Sustainability Direction Performance Indictors (SDPIs) setting and disclosure
  • Roadmap development and cross-functional team establishment for CSRD (Corporate Sustainability Reporting Directive) readiness
Emerging pharmaceutical regulation changes*In some regions, there are emerging regulations that could reduce the current intellectual property protection of pharmaceutical products allowing for earlier generics entry, or banning market entry for medicines whose environmental impact is deemed too high – such as in the European Commission proposal for a new General Pharmaceutical Legislation in the European Union. Astellas analyses the potential future policy changes to identify future risks and opportunities for our portfolio and our organisation.
  • Product-level impact assessment
  • Consideration of these emerging regulations in the planning of relevant global functions
Mass generative AI availability*Like any other industry, the pharmaceutical industry has started actively exploring the use of generative AI, which presents opportunities and risks for Astellas. This includes competition, compliance with emerging AI regulations, and missing out on innovation as a result of taking a conservative approach.
  • Establish an AI framework to address legal, regulatory, and IP-related risks and emphasize transparency and accountability
  • Engage in industry-wide collaboration and partnerships
  • Continued active monitor and adaptation to evolving market trends
  • Continued investment in building internal AI capabilities and domain expertise
Critical infrastructure failure*Astellas relies heavily on critical infrastructure such as roads, bridges, pipelines, and power grids for the manufacturing and distribution of its products. Should these infrastructures be impacted by extreme weather, accidents, or cyberattacks, there is a risk of delays or interruptions in the production of our products and investigational new drugs. This could lead to the difficulty in continuing stable pharmaceutical supply to patients and delays in product approvals due to the delay in clinical trials.
  • Backup emergency power generator in key facilities
  • Securing the necessary stock to mitigate the impact of production interruptions
  • Securing the multiple suppliers to prepare for the long-term supply risk

*** Catastrophic risk: Risks that have the potential to cause fatal damage or business disruption to the entire Astellas group level should they materialise. They have the potential to fundamentally impact and disrupt business objectives, operating model, reputation or core activities to a material level.
** Standard risk: Risks that have the potential to cause substantial damage or business disruption to a specific part of the business or the entire Astellas group.
* Emerging risk: Uncertainties arising from trends that are on the company’s radar but whose full extent and associated implications are not yet clear.