Risk and Compliance

At Kioxia Group, we strive to ensure thorough compliance with all relevant laws and regulations based on the Kioxia Group Standards of Conduct, in order to ensure fair and open competition.

At Kioxia Holdings Corporation, the President and CEO is assigned lead responsibility for ensuring risk compliance; the Officer in charge of Human Resources & Administration, the Officer in charge of Legal Affairs and the Officers designated by the President and CEO (hereinafter referred to as the “Designated Officers”) have joint second-level responsibility. Kioxia Holdings Corporation has established a process whereby our Risk and Compliance Committee has complete authority and responsibility with regard to all risk and compliance-related issues across the entire Group. Our statutory auditors attend meetings of this Committee as “observers.”

Prior to formulating priority measures and implementing these, and in line with our Risk and Compliance Management Regulations, Kioxia Group collects, analyzes and assesses all relevant risk-related information regarding compliance risks, including business risks and risks associated with disasters, accounting fraud, information security, and product quality. Furthermore, we have constructed a framework that allows swift and organization-wide response to risks across the entire Group when required.

We classify risks into a number of categories, including compliance-related risks, finance/accounting-related risks, and business risks, and have established committees for each category to enable agile management of these. The Risk and Compliance Committee, which meets half-yearly, determines risks that may cause a crisis, or “crisis risks,”¹ and reviews all matters related to Group-wide risks and compliance activities. Furthermore, the Committee formulates, implements and supports risk and compliance management measures (priority measures), monitors the activities of each committee, and reports on these to the Board of Directors, which reviews them as appropriate.

When a crisis risk or an event that may develop into one occurs, the risk parties must report the situation to the staff of Risk and Compliance Committee at Kioxia Holdings Corporation immediately. The Officer Responsible for Risk Compliance then issues instructions regarding the handling of the risk in consultation with the heads of each organization directly under the President and other appropriate parties, and implements measures to address the situation and prevent recurrences.

Kioxia Group has established an Internal Audit Division under the direct control of the President and CEO at Kioxia Holdings Corporation with the aim of strengthening internal controls. In line with the Internal Audit Policy, the Internal Audit Division formulates and executes audits of each division and group company and reports the results to him. During these audits, the Internal Audit Division conducts investigations to check business processes and trails, and when issues are discovered, the division monitors the progress and results of corrective measures until these are completed. The issues are shared within the Group and utilized to help prevent their occurrence in other divisions. Through these internal audits, we regularly evaluate the status of compliance with relevant laws, regulations and internal rules, as well as the effectiveness of risk management activities, in order to make improve them.

In order to create an open work environment and reduce risk, in addition to encouraging day-to-day communication within each workplace, Kioxia Group operates a whistleblower system. All employees are informed about this system through internal websites, emails and other means. The system is designed to protect the anonymity of whistleblowers and ensure that they are not treated disadvantageously. The number of reports received and consultations undertaken through the whistleblower system in FY2023 was 217.

Of the reports received, those referencing inappropriate situations or concerns about inappropriate situations were reported to the relevant division so that instructions for improvement could be provided or alerts issued. In cases involving consultations and questions about the duties of the informants themselves, we gave advice on how to deal with each situation.

For reports other than those that were anonymously submitted, in principle we explained the status of our responses to the informants. Except in cases where prior consent is obtained from the employees concerned, the names or contact details of informants are never disclosed. Additionally, since June 2022, Kioxia Group in Japan has started accepting reports from employees within one year of their retirement.

Kioxia Corporation has established a Business Partner Hotline to enable business partners such as suppliers to report to us any violations or suspected violations of laws and regulations, Kioxia Group Standards of Conduct, the Kioxia Group Procurement Policy, business agreements, corporate ethics, or other applicable rules, standards and norms established by Kioxia Group in connection with procurement and other business transactions, and to help us rectify these.

We investigate and establish the facts and in principle notify the results of our investigation to the whistleblower. The personal details of the person who made the allegation are not disclosed to anyone outside the Business Partner Hotline Secretariat without their consent. Moreover, we ensure there is no unfair treatment of the whistleblower or their company arising from their allegation.

The number of reports received and consultations undertaken through the Business Partner Hotline in FY2023 was four. Of the reports and consultations we received, we confirmed the facts of the cases in which the company may have been involved. We then provided explanations and confirmation of the facts to the informants.

Kioxia Group has established and disseminated the Kioxia Group Standards of Conduct in multiple languages as an ethical standard to be observed by all directors and employees. The Standards of Conduct constitutes one of the most important rules and regulations of the company, and has been adopted by a resolution of the Board of Directors of Kioxia Holdings Corporation. All directors and employees receive introductory training covering this Standards of Conduct as part of their new employee training, and pledge to comply with its content. To raise awareness of potential risk and compliance issues, all directors and employees receive Risk Compliance Training based on the Kioxia Group Standards of Conduct and we make sure that they are thoroughly familiar with its content.

Kioxia Group categorizes risks related to compliance as priority risk management issues that have the potential to severely impact our business; we strive to prevent such risks and to respond swiftly in the event of an occurrence. The basic policies governing behavior are defined in the “Kioxia Group Standards of Conduct: 1. Sound Business Management and 2. Fair Business Operations.” Initiatives include the establishment of internal rules and operational frameworks aimed at ensuring compliance with anti-trust laws and regulations and with those related to the prevention of bribery or insider trading, or potential third-party risks such as those related to political donations and funding.

In the light of recent global regulatory trends, Kioxia Group has been making rigorous efforts to prevent cartelization and bribery. In FY2023, we conducted voluntary audits at our major group companies that have adopted a compliance program and issued two related sets of guidelines regarding compliance with anti-trust laws and anti-bribery with foreign public officials. These audits have allowed us to establish the levels of compliance at those companies² and provide them with thorough compliance training.

Kioxia Group promotes rigorous compliance with business-related laws and regulations by providing training, making effective use of relevant databases, and performing periodic self-audits. We implement improvements aimed at mitigating any risks found by internal audits in order to continue to enhance our compliance structure.

As part of our anti-bribery initiatives, we perform due diligence on our outsourcing partners and other business partners that may have relationships with public officials, in order to identify potential bribery risks and any other risks before commencing business with them. In addition to incorporating provisions that prohibit bribery in our contracts with the aforementioned parties, we also notify them about our anti-bribery policy, among other activities.

Furthermore, Kioxia Group is taking steps to raise compliance awareness among our staff based on our own Standards of Conduct. We conducted e-learning on Business risk for directors and employees during December 2023 and January 2024 at major domestic group companies and from December 2023 to March 2024 at major overseas group companies. These sessions were aimed at raising the level of our business-related legal risk management capabilities.

² Six domestic and 14 overseas affiliates of the Kioxia Group (as of March 2024)

To prevent insider trading and ensure proper management of all information, Kioxia Holdings Corporation and Kioxia Corporation have formulated “Insider Trading Prevention Regulations” and developed processes and regulations designed to manage the flow of potentially market-sensitive information. In FY2023, e-learning designed to prevent insider trading was conducted for all employees of Kioxia Group in Japan between January and March 2024. This initiative aimed to ensure that the contents and objectives of the “Insider Trading Prevention Regulations” were thoroughly understood.

As part of its contribution to society, and when deemed to be necessary, Kioxia Corporation makes transparent donations to political parties, in order to encourage the adoption of policies that will support our business and aid the healthy development of parliamentary democracy. Where we make donations to political parties, procedures in accordance with internal rules are followed and, in the case of donations made in Japan, we ensure we are compliant with Japan’s Political Funds Control Law.

The basic policy of the Kioxia Group is to fulfill our obligations to pay all due taxes through business activities conducted based on the principles of fairness, integrity, and transparency. Kioxia Group's tax policy stipulates that the Group must
(a) comply with the guidelines of the Organization for Economic Cooperation and Development (OECD) and with the applicable laws and regulations of each country and region;
(b) support the tax administration of local communities by recording sales, profits and paying taxes in accordance with the purpose and reality of our business activities;
(c) develop our business while ensuring tax transparency; and
(d) appropriately manage and reduce any tax risks.
These activities are carried out in accordance with the following:

The Chief Financial Officer of Kioxia Holdings Corporation has official responsibility for ensuring that our Group complies with all relevant tax regulations and reports to the Board of Directors on its compliance with these, on its implementation of relevant initiatives, and on any other key issues. The Kioxia Holdings Group Tax Office periodically arranges internal training on tax policies in order to cultivate human resources who are familiar with the tax system of each country and region; it also identifies any potential tax issues, collects information, and shares knowledge. Group companies are required to report on any potential tax risks or other tax issues to the Chief Financial Officer.

We comply with the OECD Transfer Pricing Guidelines and with the laws and regulations of each country and region, and undertakes proper tax reporting and payment.

We recognize the possibility of tax risks arising in situations where laws and regulations differ or are interpreted differently in different countries and regions. When a potentially significant risk is identified, we strive to minimize it by means of thorough scrutiny and analysis, by obtaining advice from tax specialists, by making prior referral to tax authorities or by means of advance pricing agreements.

Transfer prices between Group companies are decided in accordance with the arm’s length principle. The functions and risks of all Group companies are analyzed and periodically monitored to ensure profits are allocated on the basis of the contributions of each company. 

Tax deductions and incentives in each country and region are utilized in a manner that accords with our business objectives, and we strive to pay all appropriate levels of tax. Business activities are conducted in accordance with appropriate tax structures in line with our business objectives; we do not deliberately conduct transactions or other activities in low tax countries or tax havens.

In addition, we strive to eliminate double taxation by utilizing the prevailing relief systems and tax treaties in each country and region. Situations where the tax position is uncertain are documented in accordance with proper accounting standards.

Kioxia Group supports the reform of international taxation proposed by the OECD and the G20. Furthermore, in accordance with the process by which information is exchanged between tax authorities in regions where Group companies are situated, we submit country by country reports and master files according to regulations in each country or region. We strive to ensure tax transparency by providing the information required for tax reporting and payment in a timely and appropriate manner.

We seek to maintain good relationships based on mutual trust with the tax authorities overseeing each country and region. We respond to requests from tax authorities with honest and accurate representations of the facts.

We pay taxes in accordance with the actual business situation in each country and region.

Kioxia Group identifies, analyzes and assesses business risks and ensures appropriate levels of risk management across all areas of our business in order to prevent interruptions to our operations in times of emergency, such as natural disasters, accidents, pandemics, or other geopolitical risks. The Group has devised business continuity management regulations in accordance with our BCM Policy, and implemented measures to ensure the safety of employees and their families and ensure disaster readiness at our business sites and factories. We conduct practical training and prepare for emergencies so that we can continue or quickly resume delivering products and services in the event of damage or loss.

In response to various changes in the social environment, we are further reinforcing our supply chain management and strengthening ties between other committees, including the Information Security Committee and Quality Conference, in order to ensure business continuity planning that spans companies throughout the entire Kioxia Group.

In FY2023, we prepared contingency action plans and conducted drills in countries and regions where any interruption to our operations would have a significant impact on our business.