Risk and Compliance

At Kioxia Group, we strive to ensure thorough compliance with all relevant laws and regulations based on the Kioxia Group Standards of Conduct, in order to ensure fair and open competition.

At Kioxia Holdings Corporation, the President and CEO is assigned lead responsibility for ensuring risk compliance; the Officer in charge of Human Resources & Administration, the Officer in charge of Legal Affairs and the Officers designated by President and CEO (hereinafter referred to as the “Designated Officers”) have joint second-level responsibility. Kioxia Holdings Corporation has established a process whereby our Risk and Compliance Committee has complete authority and responsibility with regard to all risk and compliance-related issues across the entire Group. Our statutory auditors attend meetings of this Committee as “observers.”

In line with our Risk Compliance Management Regulations, Kioxia Group collects, analyzes and assesses all relevant risk-related information regarding compliance risks, including business risks and risks associated with disasters, accounting fraud, information security, and product quality, prior to formulating priority measures and implementing these. Furthermore, we have constructed a framework that allows swift and organization-wide response to risks across the entire Group when required.

We classify risks into a number of categories, including compliance-related risks, finance/accounting-related risks, and business risks, and have established committees for each category to enable agile management of these. Each committee reports on activities and status to the Risk and Compliance Committee on a timely basis. The Risk and Compliance Committee, which meets every six months, determines risks that may cause a crisis, or “crisis risks,”¹ and reviews all matters related to Group-wide risks and compliance activities. Furthermore, the Committee formulates, implements and supports risk and compliance management measures (priority measures), monitors the activities of each committee, and reports on these to the Board of Directors, which reviews them as appropriate. 

When a crisis risk or an event that may develop into one occurs, staff must report the situation to Risk and Compliance Committee at Kioxia Holdings Corporation immediately. The Officer Responsible for Risk Compliance then issues instructions regarding the handling of the risk in consultation with the heads of each organization directly under the President and other appropriate parties, and implements measures to address the situation and prevent recurrences.

In order to create an open work environment and reduce risk, in addition to encouraging day-to-day communication within each workplace, Kioxia Group operates a whistleblower system. All employees are informed about this system through internal websites, emails and other means. The system is designed to protect the anonymity of whistleblowers and ensure that they are not treated disadvantageously. The number of reports received and consultations undertaken through the whistleblower system in FY2022 was 239.

Of the reports received, those referencing inappropriate situations or concerns about inappropriate situations were reported to the relevant division so that instructions for improvement could be provided or alerts issued. In cases involving consultations and questions about the duties of the informants themselves, we gave advice on how to deal with each situation.

For reports other than those that were anonymously submitted, in principle we explained the status of our responses to the informants. Except in cases where prior consent is obtained from the employees concerned, the names or contact details of informants are never disclosed.

Kioxia Corporation has established a Business Partner Hotline to enable business partners such as suppliers to report to us any violations or suspected violations of laws and regulations, Kioxia Group Standards of Conduct, the Kioxia Group Procurement Policy, business agreements, corporate ethics, or other applicable rules, standards and norms established by Kioxia Group in connection with procurement and other business transactions, and to help us rectify these.

We investigate and establish the facts and in principle notify the results of our investigation to the whistleblower. The personal details of the person who made the allegation are not disclosed to anyone outside the Business Partner Hotline Secretariat without their consent. Moreover, we ensure there is no unfair treatment of the whistleblower or their company arising from their allegation.

The number of reports received and consultations undertaken through the Business Partner Hotline in FY2022 was zero. 

Kioxia Group provides various compliance training programs and thoroughly disseminates details of the Kioxia Group Standards of Conduct to all directors and employees in order to reinforce risk and compliance awareness.

Kioxia Group defines risks related to compliance as priority risk management issues that have the potential to severely impact our business; we strive to prevent such risks and to respond swiftly in the event of an occurrence. The basic policies governing behavior are defined in the “Kioxia Group Standards of Conduct: 1. Sound Business Management and 2. Fair Business Operations.” Initiatives include the establishment of internal rules and operational frameworks aimed at ensuring compliance with anti-trust laws and regulations and with those related to the prevention of bribery or insider trading, or potential third-party risks such as political donations and funding.

In the light of recent global regulatory trends, Kioxia Group has been making rigorous efforts to prevent cartelization and bribery. In FY2022, we conducted voluntary audits at our major group companies that have adopted a compliance program and two related guidelines regarding compliance with anti-trust laws and anti-bribery with foreign public officials. These audits allowed us to establish the levels of compliance at those companies² and provide thorough compliance training.

Kioxia Group promotes rigorous compliance with business-related laws and regulations by providing training, making effective use of relevant databases, and performing periodic self-audits. We implement improvements aimed at mitigating any risks found by internal audit in order to continue to enhance our compliance structure.

As a part of our anti-bribery initiatives, we perform due diligence on our outsourcing partners and other business partners that may have relationships with public officials, in order to identify potential bribery risks and any other risks before commencing business with them. In addition to incorporating provisions that prohibit bribery in our contracts with the aforementioned parties, we also notify them about our anti-bribery policy, among other activities.

Furthermore, Kioxia Group is taking steps to raise compliance awareness among our staff based on our own Standards of Conduct. Kioxia Group in Japan provided their directors and employees with e-learning training on sales-related risks during December 2022 and January 2023, to raise the level of our sales-related legal risk management.

² 6 domestic and 14 overseas affiliates of the Kioxia Group (as of August 2023)

To prevent insider trading and ensure proper management of all information, Kioxia Holdings Corporation and Kioxia Corporation have formulated “Insider Trading Prevention Regulations” and developed processes and regulations designed to manage the flow of potentially market-sensitive information. In 2022, e-learning designed to prevent insider trading was conducted for all employees of Kioxia Group in Japan. This initiative aimed to ensure that the contents and objectives of the “Insider Trading Prevention Regulations” were thoroughly understood.

As part of its contribution to society, and when deemed to be necessary, Kioxia Corporation makes transparent donations to political parties, in order to encourage the adoption of policies that will support our business and aid the healthy development of parliamentary democracy. Where we make donations to political parties, procedures in accordance with internal rules are followed and, in the case of donations made in Japan, we ensure we are compliant with Japan’s Political Funds Control Law.

The basic policy of the Kioxia Group is to fulfill our obligations to pay all due taxes through business activities conducted based on the principles of fairness, integrity, and transparency. Kioxia Group's tax policy stipulates that the Group must
(a) comply with the guidelines of the Organization for Economic Cooperation and Development (OECD) and with the applicable laws and regulations of each country and region;
(b) contribute to the tax administration of local communities through sales, profits, and payment of taxes in accordance with the purpose and reality of our business activities;
(c) develop our business while ensuring tax transparency; and
(d) appropriately manage and reduce any tax risks.
These activities are carried out in accordance with the following:

The Chief Financial Officer of Kioxia Holdings Corporation has official responsibility for ensuring that our Group complies with all relevant tax regulations and reports to the Board of Directors on its compliance with these, on its implementation of relevant initiatives, and on any key issues. The Kioxia Holdings Group Tax Office periodically arranges internal training on tax policies in order to cultivate human resources who are familiar with the tax system of each country and region; it also identifies any potential tax issues, collects information, and shares knowledge. Group companies are required to report on any potential tax risks or other tax issues to the Chief Financial Officer.

We comply with the OECD Transfer Pricing Guidelines and with the laws and regulations of each country and region, and undertakes proper tax reporting and payment.

We recognize the possibility of tax risks arising in situations where laws and regulations differ or are interpreted differently in different countries and regions. When a potentially significant risk is identified, we strive to minimize it by means of thorough scrutiny and analysis, by obtaining advice from tax specialists, by making prior referral to tax authorities or by means of advance pricing agreements.

Transfer prices between Group companies are decided in accordance with the arm’s length principle. The functions and risks of all Group companies are analyzed and periodically monitored to ensure profits are allocated on the basis of the contributions of each company. 

Tax deductions and incentives in each country and region are utilized in a manner that accords with our business objectives, and we strive to pay all appropriate levels of tax. Business activities are conducted in accordance with appropriate tax structures in line with our business objectives; we do not deliberately conduct transactions or other activities in low tax countries or tax havens.

In addition, we strive to eliminate double taxation by utilizing the prevailing relief systems and tax treaties in each country and region. Situations where the tax position is uncertain are documented in accordance with proper accounting standards.

Kioxia Group supports the reform of international taxation proposed by the OECD and the G20. Furthermore, in accordance with the process by which information is exchanged between tax authorities in regions where Group companies are situated, we submit country by country reports and master files according to regulations in each country or region. We strive to ensure tax transparency by providing the information required for tax reporting and payment in a timely and appropriate manner.

We seek to maintain good relationships based on mutual trust with the tax authorities overseeing each country and region. We respond to requests from tax authorities with honest and accurate representations of the facts.

Kioxia Group identifies, analyzes and assesses business risks and ensures appropriate levels of risk management across all areas of our business in order to prevent interruptions to our operations in times of emergency, such as earthquakes or other natural disasters, accidents, or pandemics. The Group has devised business continuity management regulations in accordance with our BCM Policy, and implemented measures to ensure the safety of employees and their families and ensure disaster readiness at our business sites and factories. We conduct practical training and prepare for emergencies so that we can continue or quickly resume delivering products and services in the event of damage or loss.

We have initiated business continuity planning at Kioxia Group manufacturing, sales, and technical bases as well as at administrative bases. However, in response to various changes in the social environment, we are further reinforcing our supply chain management and strengthening ties between other committees, including the Information Security Committee and Quality Conference, in order to ensure business continuity planning that spans companies throughout the entire Kioxia Group.