Risk Management

Risk Management

SDG-related Initiatives

Please click here for more details.

CSV Goals (Creating Shared Value)

Please click here for more details.

Managing Risk and Leveraging Opportunities

Creating a resilient business

 At CCBJH we have implemented a business resilience program that integrates the ways in which we manage risk and opportunity to enable profitable growth, protect our people and assets, enhance our capabilities to respond in a crisis, and leverage insurance to protect us financially. Central to our program is having empowered teams and employees throughout the business that understand and respond with agility to risks and opportunities, adaptable leadership that responds to a crisis, and programs that develop our people and process capabilities to support both a short-term response and longterm resiliency strategy.
 The process incorporates the review of our constantly changing business environment on at least a quarterly basis and the assessment of current and over-the-horizon risks and associated opportunities. Deep dive risk workshops are also held as part of annual business planning to identify risks and opportunities linked to our plans. On a daily basis our people throughout the business are trained and encouraged to develop and implement plans to manage key risks and we maintain a focus on being able to continue operations and serve our customers in the event of disruptions. For that purpose we have well-established crisis management and business continuity plans and a program that trains our crisis leaders at least annually through interactive simulations.

Risk Management System and Governance

 The CCBJH Board has overall responsibility for our business resilience strategies with enterprise risk management (ERM) being a central pillar. The Board and its Audit and Supervisory Committee (ASC) are closely involved in overseeing our current and over-the-horizon risks, the strategic response to them, setting our risk appetite, and monitoring management actions that strengthen our resilience in support of our strategic business plan “Vision 2030” objectives.
 Our business resilience programs, including risk management, are led by our Head of Risk Management (HRM), who as a member of the executive team is accountable for program operations and compliance. The HRM and senior leaders have risk management metrics embedded into their performance plans ensuring program delivery and risk mitigations are effective.
 The HRM works in close collaboration with the function heads and risk owners across our business on the response to specific business risks, is tasked with maintaining a wide-angled view of our business streams for emergent risks and opportunities and through regular reporting ensures that risk visibility is provided to our ELT, the ASC and the full Board. The program is annually reviewed and audited by our Internal Audit team and external auditors against global best practice.

Three Lines of Defense Model

 Our program follows the “Three Lines of Defense Model”.
 1st Line: Employees and functional risk response teams (e.g., Health & Safety) are trained to manage and take responsibility for risk management on a day-to-day basis in the operations. Our quarterly Risk Management Forum (RMF) comprising senior front-line leaders from all business functions and entities, identify current and emerging risks with insights shared and discussed with the Executive Leadership Team (ELT).
 2nd Line: Risk Management Senior Group (RMSG), led by the HRM (our equivalent of a Chief Risk Officer), develops and deploys the risk framework and focused training for all levels of the business, analyzes data and reports to the business stakeholders and Board. The RMSG also leads crisis management, business continuity and insurance responses. Interconnectivity of the streams is critical. Our approach to insurance risk transfer is influenced by the availability of insurance cover and cost, measured against the probability and magnitude of the relevant risks. They are supported by our Governance teams on implementing compliance elements of the program and by Legal who conduct regular best practice board awareness training.
 3rd Line: Internal Audit as an independent business entity and external auditors conduct annual assessments and audits against global best practices and ensures our risk approach is within risk appetite tolerances. The ASC reviews the risk management activities, with the full board updated bi-annually.

Risk Management Framework and Process.

 Our ERM framework follows COSO and ISO 31000 standards to provide a PDCA risk model aimed at driving profitable growth by leveraging opportunities and promoting appropriate risk based decision-making, as well as strong capabilities in the identification and response to foreseeable risks. The ERM program incorporates a variety of elements
・Enable us to ensure alignment to our business strategies, objectives, and principles
・Drives integration with our strategic direction, ethics and values
・Links into the business planning cycle
・Continually monitors our internal external environment for factors that may change our risk profile and create opportunities
・Conducts an annual evaluation of the type and amount of insurance we should purchase
 Our risks, which are considered against our Board establish risk appetite together with their associated mitigation and response initiatives, are constantly evaluated. Our awareness and training program is focused on making risk management intuitive and part of our culture. The RMF formally reviews our risk landscape quarterly, with reviews by the ELT, and the ASC are provided quarterly updates on the full program with the Board of Directors receiving biannual updates.
 We continued to strengthen the integration of ERM and Smart Risk program into our corporate culture and business DNA through the roll out of online training and awareness courses for all employees. We have maintained the visibility of risks and opportunities through regular ELT dialogue against our annual business plan and strategic business plan.

Enterprise Risk Management (ERM) processes

Key reportable risks

 The key reportable risks are compiled from a detailed analysis of internal and external data points. The list does not include all risks that could ultimately impact our company as there are risks that are not yet known to us, and risks currently evaluated to be immaterial that could ultimately have an impact on our business or financial performance. Linked to our sustainability program we identified risks and opportunities facing our business from environment, society and climate change. Through the proactive cross functional management of climate risks, we are responding to the requirements of TCFD and TNFD.
 While in 2024 we did not observe material changes to our reportable risks, we did see reprioritization of risks as illustrated in the table.

Risk category Description and potential impacts Key mitigations
Cyber Security and Systems Business activities being impacted and/or confidential information leaking caused by system failures or cyber incidents.
  • Losing trust from consumers and customers
  • Deterioration of financial conditions
  • Regulatory prosecution, fines, and reputational damage
  • Prepare countermeasures to mitigate any damage caused by system failures
  • Improving and strengthening system security by proactive threat identification and conducting simulation tests of cyberattacks
  • Complying with laws and regulations on information and data privacy management
  • Establishing internal regulations related to information security supported by related employee training programs
People Talent (Attraction and Retention) Not being able to secure, retain and develop sufficient human resources and build constructive relationships with labor unions due to business performance, aging population, and a competitive employment environment.
  • Slowdown or suspension of business activities
  • Slowdown or suspension of supply chain operations
  • Inability to achieve growth plans
  • Implement strategic people development plans and managing payment structure
  • Recruit diverse talent base and commitment to people development
  • Implement unmanned operations, online transactions, and outsourcing of shipping operations
  • Enhance the workplace environment to improve employee satisfaction
  • Strengthen communication between top management and employees
Health and Safety Lack of compliance with safety systems, ownership or accountability and awareness, mental health issues, and the use of aging equipment cause serious workrelated health and safety incidents.
  • Death or serious injury
  • Reputation damage
  • Prosecution and/or fines
  • Continue ISO45001 certification/Internal Audit strategies
  • Continue implementing mental health survey
  • Varieties of safety measures in place
  • Education & training to raise awareness
  • Remodeling of program to leverage Coca-Cola system best practices
Growth Strategies Failure to implement measures to improve our competitive advantage and grow the business through transformation (such as business integration, joint ventures, capital investments, project management etc.) due to people capabilities.
  • Deterioration of financial conditions caused by loss due to impairment
  • Losing trust from shareholders
  • Building a robust system that enables the group to respond readily and flexibly to various circumstances
  • Formulate business integration strategies that take multiple scenarios into consideration
  • Talent development strategies ensuring right skill sets are available to manage projects and deliver technological transformation
  • Supervision by Board of Directors and Executive Officers
Changing Consumer Mindset Changes in consumer preferences caused by concerns over sugar consumption and increased health awareness, or pricing.
  • Acquisition or loss of consumer base
  • Winning or losing trust from consumer
  • Discriminatory taxation
  • Focus on product innovation and portfolio expansion
  • Strengthen range of low and no calorie beverages
  • Diversification in pack sizes
  • Promote active lifestyles through consumer engagement program
Evolving Commercial and Competitor Landscapes Inability to respond to changes in the retail and competitive environment effectively, efficiently and with agility.
  • Acquisition or loss of consumer base
  • Winning or losing trust from consumers
  • Reduced sales profit
  • Reduced portfolio availability
  • Enhancing the product portfolio and accelerated productivity further to deliver products that meet the needs of the retailers
  • Enhancing Right Execution Daily (RED) to drive operational excellence
  • Expanding online channels to respond to the surge in Internet mail orders
  • People development strategies to leverage advantages in technology
Manufacturing, Logistics & Infrastructure The stable supply of goods being impeded due to issues in production and logistics operations, or changes in weather and consumer behaviors.
  • Drop in sales volume and revenue
  • Losing trust from customers
  • Building a flexible supply system to respond to changes in the market environment
  • CAPEX investment in infrastructure (production lines, etc.) that will enable the group to respond to the increase in demand during the peak seasons more readily
  • Systems enhancements to enable timely sharing of inventory status
Natural Disasters Death and injury of employees, damage to business facilities for production, logistics and sales operations caused by events, such as, earthquakes and floods
  • Slowdown or suspension of business activities
  • Slowdown or suspension of supply chain operations
  • Reduced sales opportunities
  • Additional costs required for recovery
  • Strong Business Continuity Plan (BCP) and crisis response capabilities, tested annually, enabling structured and streamlined responses.
  • Enhance regional response capability through regular crisis and disaster response training and simulations.
  • Identified alternative shipping locations and secure transportation capacity in preparation for a disaster that damages the logistics centers.
  • Insurance coverage and specialized programs for earthquake.
Sustainability Failing to respond to changes in stakeholders' awareness of sustainability including climate change risks and/or inadequately reporting on sustainability and ESG topics in line with stakeholder and regulatory requirements.
  • Reputation damage with a reduction in stakeholder trust
  • Increase in investor activism in field of climate change
  • Financial impacts - loss of sales if customer expectations on climate change are not met and they shift to competitors
  • Sustainability Committee reviews and aligns the sustainability plans and objectives
  • Achieving CSV goals contributing to the development of a sustainable society.
  • Coca-Cola system initiatives include increasing the use rate of recycled PET resin, developing more light-weighted packages, and collecting used PET bottles more effectively.
  • Proactive response in line with ESG, TCFD and TNFD reporting requirements.
Climate change Becoming short of raw materials including water and agricultural products due to climate change.
  • Reduced commodity availability and product supply
  • Increase of production costs
  • Limitations to product portfolio
  • Discriminatory taxation
  • Focus on sustainable procurement
  • Engagement with stakeholders
  • Sourcing alternative suppliers and strengthening the selection of suppliers and their management by utilizing the performance data.
  • Adjust the level of raw materials that are difficult to procure, and shift to other raw materials when necessary
Quality and Food Safety Product related quality and food safety incidents
  • Losing trust with customers and consumers
  • Decline in earnings due to product recall or mass disposal of defective products
  • Loss of opportunities due to penalties
  • Supplier quality audits and quality certifications.
  • Employee awareness of quality control in all processes from manufacturing to sales
  • Enhance the quality control and reporting system so that consumer/customer complaints receive a timely response.
  • Robust identification and response programs that enable us to deal with quality/food safety issues quickly and efficiently.
Regulatory Compliance and Ethics Violations of laws, internal regulations, and our code of ethical conducts.
  • Loss of customer and consumer trust
  • Damage to brand and corporate reputation
  • Regulatory penalties
  • Economic loss through fraud
  • Strong Tone from the Top and continued internal communication on corporate behaviors.
  • Ethics & Compliance Committee meetings held regularly.
  • Minimizing employee fraud opportunities by rebuilding the business processes, organizational structure, and IT systems.
Franchise relationships Risk related to our high dependency on, or changes to our relationship with TCCC and CCJC as trademark owners in respect to contract / relationship terms and renewals, concentrate pricing, support for product promotions.
  • Decrease in sales from any suspension in the use of TM rights and/or decline in product development capabilities and brand power.
  • Increased COGS due to concentrate price.
  • Increased sales promotion expenses in event of a decrease in sales support
  • Maintaining and continually strengthening cooperative relationships with The Coca-Cola Company and Coca-Cola (Japan) Company
Commodity Pricing Significant increase in procurement costs due to fluctuations in foreign exchange rates, raw material shortages, and commodity price increases.
  • Increased cost base impacting profitability
  • Reduced product supply
  • Limitations to product portfolio
  • Mitigate the impact of exchange rate and product price fluctuations through the uses of derivative transactions and hedging
  • Procure raw materials at lower costs through collective multi system company purchases leveraging Coca-Cola system.

Specific climate change-related risks and approaches to TCFD and nature-related risks and TNFD is located at:

TCFD TNFD

Emerging Risks

 Looking to the Future: Over the Horizon and Emergent Risk
Our external monitoring and internal risk dialogue enables us to remain vigilant to the changes in our risk environment both now for our current major risks and for the future, which we term over the horizon risks, also known as emergent risk. We actively discuss our over the horizon risks in our risk management forum, in the Executive Leadership Team and with the Board of Directors. Over the horizon risks that we may face, include but are not limited to the following.


Risk category Description and potential impacts Key mitigations
PFAS
  • PFAS contamination represents a direct threat to beverage water sources and product quality
  • Heightened regulatory scrutiny and tightening standards globally
  • Reputational exposure from consumer sensitivity to contamination
  • Potential liability from litigation and supply chain exposure
  • Enhanced proactive monitoring of PFAS in all water sources
  • Supplier engagement and compliance requirements
  • Investment in advanced water treatment technologies
  • Alignment with leading global regulatory standards
  • Transparent disclosure of testing and mitigation efforts
  • Integration of PFAS scenarios into crisis and risk management plans
Dual nature of AI
  • Rapid advances in AI that outpace effective adoption in our business could result in competitive disadvantage, inefficiencies, regulatory breaches, or reputational harm and decline
  • Strategic: Loss of market share to AI-enabled competitors
  • Operational: Reduced efficiency in forecasting, production, and quality control
  • Regulatory/Reputation: Non-compliance with emerging AI regulations; negative stakeholder perception of misuse
  • Ongoing monitoring of AI developments and sector applications
  • Integration of risk, compliance, and sustainability criteria into AI adoption and clear oversight for usage
  • Capability building to ensure effective and responsible deployment
Geopolitical tensions and conflict
  • While the probability of large-scale conflict remains uncertain, the likelihood of periodic disruption is rising
  • Key vulnerabilities include disruption to the sea line of communication such as Bashi Channel
  • Shipping delays, higher freight and insurance costs, and constrained access to packaging materials and ingredients, energy and commodity price spikes
  • Increased working capital tied up in buffer stocks
  • Knock-on effects for market access and brand perception
  • Heightened risk of cyber incidents that could disrupt IT systems and compromise data integrity
  • Diversifying suppliers
  • Establishing inventory buffers and strategic spares for critical materials
  • Enhancing cyber defenses, including backup and third-party security reviews
  • Implementing commodity and FX hedging strategies
  • Maintaining contingency playbooks for major disruption scenarios