Internal Control That Promotes the Undertaking of Bold Challenges

JR East Group’s Basic Approach to Its Internal Control System

Systems and Mechanisms to Support and Encourage the Taking On of Bold Challenges

We have established systems and mechanisms that proactively support and encourage employees to take on bold challenges to develop the JR East Group and increase its value, and we are constantly reviewing and improving them.
To encourage employees to take on bold challenges in their daily work, we share best practices throughout the Group through communication tools that can be viewed and posted by all Group employees, and we also conduct employee engagement surveys. We are working to create an environment that fosters employee initiative and motivation by identifying the percentage of employees who responded positively to “employee creativity rate” in the survey.
We also actively communicate with frontline employees through opinion exchange meetings, discussions, and on-site visits, with the aim of spreading the management vision.

Percentage of employees who gave positive answers to relevant items in the engagement survey

FY2023: 84.2% FY2024: 85.8%
Employees' Bold Challenges

Basic Approach to Risk Management

For the Group to improve profitability and undertake structural reforms, we recognize the importance of broad-view risk management that considers risk*not only from the perspective of reducing negative factors such as avoiding losses but also from the perspective of proactively increasing the value of the Group.
We have established and operate internal controls in accordance with the Companies Act and the Financial Instruments and Exchange Act to ensure stable and proper business operations, while also working to develop the Group and support and encourage the taking on of bold challenges aimed at enhancing value and growth.

  • *These include not only risks related to compliance, safety assurance, and natural disasters, among others, but also those related to market changes, trends of our competitors, social and economic conditions in Japan and overseas, and management decisions related to new businesses.

Risk Management Initiatives

  • *1Challenge risks are risks that should be considered when implementing new measures or entering new businesses.
  • *2Environmental change risks are risks that increase in importance with changes in the business environment.

Tax Transparency Initiative

JR East Group has established a Group Policy on Tax Transparency to ensure that we pay taxes appropriately, which is one of our responsibilities as a corporation, while also managing tax risks appropriately and aiming to enhance our corporate value. We will also comply with tax-related laws and regulations in all countries and regions in which we do business and build a highly transparent tax governance system.

Group Policy on Tax Transparency

Strengthening Collaboration with Group Companies through Part-time Officers

To improve governance across the entire Group and achieve consolidated cash flow management by business unit, we are working to strengthen communication with Group companies through part-time officers who are dispatched to Group companies. The officers are provided with “key points to bear in mind,” which summarize their roles and responsibilities.
Each part-time officer reports to the head office on the status and implementation of initiatives, and by acting with an awareness of key points, they stimulate communication throughout the Group, which leads to improved governance, the realization of consolidated cash flow management, and enhanced corporate value.

Basic Approach to Compliance

Based on the Policy on Legal and Regulatory Compliance and Corporate Ethics, the JR East Group has established a Compliance Action Plan that outlines how we should behave as a corporation and as members of society. While building trust with all stakeholders, we comply with all related laws in our various business fields, such as Mobility services and Lifestyle Solutions services, and we conduct business in accordance with our corporate ethics.

Key Compliance Initiatives

You can swipe horizontally.

What We Aspire To Specific Initiatives Status of Initiatives
  • Understanding the importance of compliance as the foundation of management
  • Strengthening our ability to respond to risks that may be present in our business
  • Compliance education for all employees
  • Implemented for all Group companies in FY 2025.3, (including seconded employees, contract employees, dispatched employees, etc.)
  • In light of the discovery of data fraud in vehicle wheelset assembly operations, discussions were held to prevent the recurrence of similar incidents
  • Compliance training for managers
  • Compliance seminars for executives
  • Established individual education programs as part of “Compliance education for all employees”
  • Implemented in FY 2025.3, covering themes including harassment prevention and support for diverse human resources
  • Compliance awareness survey
  • Used the results obtained to identify issues and consider improvement measures
  • Regular inspections to ensure proper business operations
  • Prevention and early detection of inappropriate events
  • Checklists for confirming basic matters
  • Compiled summaries of main inspection items related to laws and regulations into a Companywide version and a system-specific version, which are checked at least once a year
  • Compiled into a Companywide version and a system-specific version
  • JR East Group compliance consultation desk (officers, employees, and former employees of all Group companies, as well as executives and employees of business partners, can consult and report via this desk)
  • Handled about 270 consultations and reports in FY 2025.3
  • Handled a wide range of consultations and reports, including those related to the handling of laws and regulations, interpersonal problems, and various types of harassment
  • Building sound relationships with business partners
  • Inclusion of anti-bribery clauses in Compliance Action Plan
  • Formulated and announced Basic Policy for Preventing Bribery of Foreign Public Officials, etc. in conjunction with our expansion of overseas business
  • Inclusion of a ban on profiteering in work regulations
  • Signed the United Nations Global Compact and joined the Anti- Corruption Subcommittee
  • Strengthened compliance with anti-corruption laws and regulations in various overseas countries
JR East Group 
Compliance Initiatives

Basic Policy for Information Security

We have established the JR East Group’s Basic Policy for Information Security and are working to minimize security risks throughout the Group, with the general manager of the Innovation Strategy Headquarters serving as the chief information security officer (CISO).
JR EAST Group Information Security Basic Policy

System to Promptly Detect and Respond to Cyberattacks

Security Operation Center (SOC)

  • Establishment of an SOC to monitor suspicious communications targeting the JR East Group
  • Configuration of a framework that can analyze suspicious communications and escalate them in a timely manner

JR East Endpoint Security Service (JRE-ESS)

  • Deployment of integrated security products with virus detection and SOC coordination functions to each computer within the JR East Group
  • Addressing of the increasing security risks associated with the expansion of remote working

Information Security Initiatives

Security Education and Training
  • Education for all employees to raise their awareness of cybersecurity
  • Training for employees in each position within the implementation framework
  • Ongoing response training at each Group company to prepare for a security incident
10 Principles of Information Security
  • Distributed to each JR East Group employee as a set of rules that every employee must observe
10 Principles of Information Security (multilingual support)

Personal Data Protection Initiatives

Pursuant to applicable laws and regulations, including personal information protection legislation both in Japan and overseas, we are working to reduce the risk of data breaches by strengthening our personal information management system and reviewing our rules.

  • Publication of Basic Policy for Personal Information Handling
  • Formulation of internal regulations such as personal information management regulations
  • Operational audits conducted at least once a year at all locations
  • Publication of privacy policies in response to legislation in the European Union, the United Kingdom, and California, among other jurisdictions
  • Regularly scheduled education and training through compliance and information security education and other such programs for all employees

Links