Risk Management and Compliance

At Kioxia Group, we strive to ensure thorough compliance with all relevant laws and regulations based on the Kioxia Group Standards of Conduct, in order to ensure fair and open competition.

At Kioxia Holdings Corporation, the President and CEO is assigned lead responsibility for ensuring risk management and compliance. The officer in charge of Human Resources & Administration, the officer in charge of Legal Affairs and the officers designated by the President and CEO (hereinafter referred to as the “Designated Officers”) have joint second-level responsibility. Kioxia Holdings Corporation has established a process whereby the Risk Management and Compliance Committee, chaired by the President and CEO, has complete authority and responsibility with regard to all risk management and compliance-related issues across the entire group. Our Audit & Supervisory Board members attend meetings of this committee as observers.

In line with its Risk Management and Compliance Regulations, Kioxia Group collects, analyzes and assesses all relevant risk-related information including compliance risks, for example, business risks and risks associated with disasters, accounting fraud, information security, and product quality. We also formulate priority measures for our risk management activities and implement countermeasures. Furthermore, we have constructed a framework that allows swift response to risks across the entire group when required.

For some risk categories, including finance/accounting-related risks, business risks, and information security risks, our risk management activities are carried out by delegating authority to subcommittees to enable agile management of these risks. The Risk Management and Compliance Committee, which meets semiannually or more often (as necessary), determines risks that should be properly managed, as well as the divisions responsible for managing those risks, related organizations, and “crisis risks,”¹ and reviews all matters related to group-wide risk management and compliance activities. Furthermore, the committee formulates, implements and supports risk and compliance management measures (priority measures), monitors the activities of each committee, and reports on these activities to the Board of Directors, which reviews them as appropriate.

When a crisis risk or an event that may develop into one occurs, the situation must be reported to the staff of the Risk Management and Compliance Committee at Kioxia Holdings Corporation immediately. The Officer Responsible for Risk Management and Compliance then issues instructions regarding the handling of the risk in consultation with the heads of each organization directly under the President and other appropriate parties, and implements measures to address the situation and prevent recurrences.

Kioxia Group has established an Internal Audit Division under the direct control of the President and CEO of Kioxia Holdings Corporation, with the aim of strengthening internal controls. In line with the Internal Audit Policy, the Internal Audit Division formulates and executes audits of each division and group company and reports the results to the President and CEO. During these audits, the Internal Audit Division conducts investigations to check business processes and trails, and when issues are discovered, the division monitors the progress and results of corrective measures until their completion. The issues are shared within the Group and utilized to help prevent their occurrence in other divisions. Through these internal audits, we regularly evaluate the status of compliance with relevant laws, regulations and internal rules, as well as the effectiveness of risk management activities, in order to improve them.

In order to create an open work environment and reduce risk, in addition to encouraging day-to-day communication within each workplace, Kioxia Group operates a whistleblower system. All employees are informed about this system through internal websites and other means. The system is designed to protect the anonymity of whistleblowers and ensure that they are not treated disadvantageously, which is also explained on internal websites. In addition, Kioxia Holdings Corporation has established a system that allows the company’s officers or employees to provide information directly to an external lawyer in the event they become aware of any suspected violations of laws or regulations (including those related to accounting) by the company or by its officers or employees. The number of reports received and consultations undertaken through the whistleblower system in FY2024 was 143.

Of the reports received, those referencing inappropriate situations or concerns about inappropriate situations were reported to the relevant division so that instructions for improvement could be provided or alerts issued. In cases involving consultations and questions about the duties of the whistleblower themselves, we gave advice on how to deal with each situation.

For reports other than those that were anonymously submitted, in principle we explain the status of our responses to the whistleblowers. Except in cases where prior consent is obtained from the employees concerned, the names or contact details of whistleblowers are never disclosed. Additionally, since June 2022, Kioxia Group in Japan has started accepting reports from employees within one year of their retirement.

Kioxia Group has stipulated in the Kioxia Group Standards of Conduct that it must ensure healthy working environments free from discrimination and harassment. Moreover, it has established a Harassment Consultation Desk in each workplace and affiliate company in preparation for potential concerns regarding harassment. The desks respond to consultation requests from employees and others, confirm the facts of each case, and when harassment is confirmed, issue corrective instructions or warnings to the individuals involved.

All cases are handled with due consideration for privacy. Moreover, neither individuals making reports nor those otherwise involved will be subject to any disadvantageous treatment for seeking consultation, or for cooperating with fact-finding investigations, or engaging in other related actions. 

In FY2024, a total of 33 cases were received by the harassment consultation desks.

Kioxia Corporation has established a Business Partner Hotline to enable business partners such as suppliers to report to us any violations or suspected violations of laws and regulations, Kioxia Group Standards of Conduct, the Kioxia Group Procurement Policy, business agreements, corporate ethics, or other applicable rules, standards and norms established by Kioxia Group in connection with procurement and other business transactions, and to help us rectify these issues.

We investigate and establish the facts and in principle notify the whistleblower of the results of our investigation. The personal details of the person who made the allegation are not disclosed to anyone outside the Business Partner Hotline Secretariat without their consent. Moreover, we ensure there is no unfair treatment of the whistleblower or their company arising from their allegation.

The number of reports received and consultations undertaken through the Business Partner Hotline in FY2024 was three. Of the reports and consultations we received, we confirmed the facts of the cases in which the company may have been involved. We then provided explanations and confirmation of the facts to the informants.

Kioxia Group has established and disseminated the Kioxia Group Standards of Conduct in multiple languages as a set of ethical standards to be observed by all directors and employees. The Standards of Conduct constitute one of the most important sets of rules and regulations of the Group, and have been adopted by a resolution of the Board of Directors of Kioxia Holdings Corporation. All directors and employees receive introductory training covering the Standards of Conduct as part of their new employee training, and pledge to comply with them. To raise awareness of potential compliance issues, all directors and employees receive compliance training based on the Kioxia Group Standards of Conduct, and are thoroughly familiarized with the content.

Kioxia Group categorizes risks related to compliance as priority risk management issues that have the potential to severely impact our business. We strive to prevent such risks and to respond swiftly in the event of an occurrence. The basic policies governing behavior are defined in the Kioxia Group Standards of Conduct, specifically 1. Sound Business Management, and 2. Fair Business Operations. Initiatives include the establishment of internal rules and operational frameworks aimed at ensuring compliance with anti-trust laws and regulations and with those related to the prevention of bribery or insider trading, or potential third-party risks such as those related to political donations and funding.

In the light of recent global regulatory trends, Kioxia Group has been making rigorous efforts to prevent cartelization and bribery. In FY2024, we conducted voluntary audits at our major group companies that have adopted a compliance program and issued two related sets of guidelines regarding compliance with antitrust law and prevention of bribery with foreign public officials. These audits have allowed us to monitor the levels of compliance and compliance training at those companies.²

Kioxia Group promotes rigorous compliance with business-related laws and regulations by providing training, making effective use of relevant databases, and performing periodic self-audits. We implement improvements aimed at mitigating any risks found by internal audits in order to continue to enhance our risk management and compliance structure.

As part of our anti-bribery measures, we perform due diligence on our outsourcing partners and other business partners that may have relationships with public officials, in order to identify potential bribery risks and any other risks before commencing business with them. In addition to incorporating provisions that prohibit bribery in our contracts with the aforementioned parties, we also notify them about our anti-bribery policy, among other activities.

Furthermore, Kioxia Group is taking steps to raise compliance awareness among our staff based on our own Standards of Conduct. We conducted e-learning on antitrust law and anti-bribery for directors and employees from August 2024 through September 2024 at major companies of Kioxia Group in Japan and from August 2024 through November 2024 at major companies of Kioxia Group overseas. These sessions were aimed at raising the level of legal risk management capabilities for fair business operations.

² Six domestic and 14 overseas affiliates of Kioxia Group (as of March 2025)

To prevent insider trading and ensure proper management of all information, Kioxia Holdings Corporation and Kioxia Corporation have formulated Insider Trading Prevention Regulations and developed processes and regulations designed to manage the flow of potentially market-sensitive information. In FY2024, e-learning was conducted for directors and employees at major companies of Kioxia Group in Japan from December 2024 through January 2025, and for directors and employees at major companies of Kioxia Group overseas from November 2024 through February 2025. This initiative was aimed at ensuring that the content and objectives of the Insider Trading Prevention Regulations were thoroughly understood.

As part of its contribution to society, and when deemed to be necessary, Kioxia Corporation makes transparent donations to political parties, in order to encourage the adoption of policies that will support our business and aid the healthy development of parliamentary democracy. When making donations to political parties in Japan, procedures are carried out in accordance with internal rules and strict compliance with Japan’s Political Funds Control Law is ensured.

The basic policy of Kioxia Group is to fulfill its obligations to pay all due taxes through business activities conducted based on the principles of fairness, integrity, and transparency. Kioxia Group’s tax policy stipulates that the Group must
(a) comply with the guidelines of the Organization for Economic Cooperation and Development (OECD) and with the applicable laws and regulations of each country and region;
(b) support the tax administration of local communities by recording sales and profits and paying taxes in accordance with the purpose and reality of our business activities;
(c) develop our business while ensuring tax transparency; and
(d) appropriately manage and reduce any tax risks.

These activities are carried out in accordance with the following.

The Chief Financial Officer of Kioxia Holdings Corporation has official responsibility for ensuring that the group complies with all relevant tax regulations and reports to the Board of Directors on its compliance with these, on its implementation of relevant initiatives, and on any other key issues. The Kioxia Holdings Group Tax Office periodically arranges internal training on tax policies in order to cultivate human resources who are familiar with the tax system of each country and region. It also identifies any potential tax issues, collects information, and shares knowledge. Group companies are required to report on any potential tax risks or other tax issues to the Chief Financial Officer.

We comply with the OECD Transfer Pricing Guidelines and with the laws and regulations of each country and region, and undertake proper tax reporting and payment.

We recognize the possibility of tax risks arising in situations where laws and regulations differ or are interpreted differently in different countries and regions. When a potentially significant risk is identified, we thoroughly scrutinize and analyze it, and then work to minimize it by obtaining advice from tax specialists, by making prior referral to tax authorities of each country and region, or by using advance pricing agreements.

Transfer prices between group companies are decided in accordance with the arm’s length principle. The functions and risks of all group companies are analyzed and periodically monitored to ensure profits are allocated on the basis of the contributions of each company.

Tax deductions and incentives in each country and region are utilized in a manner that accords with our business objectives, and we strive to pay all appropriate levels of tax. Business activities are conducted in accordance with appropriate tax structures in line with our business objectives. We do not deliberately conduct transactions or other activities in low tax countries or tax havens.

In addition, we strive to eliminate double taxation by utilizing the prevailing relief systems and tax treaties in each country and region. Situations where the tax position is uncertain are documented in accordance with proper accounting standards.

Kioxia Group supports the reform of international taxation proposed by the OECD and the G20. Furthermore, in accordance with the process by which information is exchanged between tax authorities in regions where group companies operate, we submit country-by-country reports and master files as required by each country or region. We strive to ensure tax transparency by providing the information required for tax reporting and payment in a timely and appropriate manner.

We seek to maintain good relationships based on mutual trust with the tax authorities overseeing each country and region. We respond to requests from tax authorities with honest and accurate representations of the facts.

We pay taxes in accordance with the actual business situation in each country and region.

Kioxia Group identifies, analyzes and assesses business risks and ensures appropriate levels of risk management across all areas of our business in order to prevent interruptions to our operations in times of emergency, such as natural disasters, accidents, pandemics, or other geopolitical risks. The Group has devised business continuity management regulations in accordance with our BCM Policy, and implemented measures to ensure the safety of employees and their families and ensure disaster readiness at our business sites and factories. We conduct practical training and prepare for emergencies so that we can continue or quickly resume delivering products and services in the event of damage or loss.

In response to various changes in the social environment, we are further reinforcing our supply chain management and strengthening ties between other committees, including the Information Security Committee and Quality Conference, in order to ensure business continuity planning that spans companies throughout the entire group.

In FY2024, we revised the contingency action plans prepared in FY2023 for countries and regions where any interruption to our operations would have a significant impact on our business, and conducted related drills.