Compliance

Policies and Structure for Implementation

The Fujitsu Group has a compliance division under the General Counsel and carry out measures based on the Global Compliance Program (GCP) in cooperation with compliance offices in each region. The results of these activities are reported to the Risk Compliance Committee, which was established based on “Policy on the Internal Control System” (*1), and raising awareness and ensuring of the Fujitsu Way Code of Conduct in Fujitsu Group are implemented in cooperation with the Board of Directors and Audit & Supervisory Board Members.

In each region, raising awareness and ensuring of the Fujitsu Way Code of Conduct are implemented in cooperation with the Region Risk Compliance Committee established as a subcommittee of the Risk Compliance Committee.

The operational status of the Global Compliance Program is regularly reported to the Risk Compliance Committee, the Region Risk Compliance Committee, and the Board of Directors. The development and operation of internal rules, education, and monitoring systems to comply with various laws and regulations related with Fujitsu Group’s business are promoted under the practice and supervision of management.

• (*1)
  Policy on the Internal Control System (P5-P8)

Global Compliance Program

Fujitsu has developed the Fujitsu Global Compliance Program (GCP) to implement and disseminate the Fujitsu Way Code of Conduct and the GBS, and is working to maintain and improve the Fujitsu Group’s global legal compliance structure. The GCP organizes our various compliance-related activities into five pillars in a systematic manner. The GCP promotes external understanding of Fujitsu’s compliance structure and its compliance activities, in addition to clarifying what items Fujitsu needs to address on a continual basis. Based on this GCP, we implement various policies and initiatives in each region, taking into account factors such as each country/region’s the legal systems and government institutions guidelines.

When implementing the GCP, we establish internal Group rules and assign a compliance officer in each region to be responsible for compliance activities and ensure the structure’s implementation. We also continuously provide employees with various forms of training, with the goal of embedding the Fujitsu Way Code of Conduct and the GBS. In addition, we have established an internal whistleblower system in the event of compliance issues, and employees are required to immediately report compliance violations to the Risk Management & Compliance division if they are discovered. We periodically verify the effectiveness of the GCP through measures such as risk assessment, audit, and reviews by external specialists, and continuously work towards improving the GCP.

Global Compliance Program

Fujitsu Group's minimum requirements for internal rules that must be established by Fujitsu Group companies have been put together as the Fujitsu Group Global Policy. This policy establishes norms, rules, etc., after taking each country’s law, culture, customs and other characteristics into account.

We have instituted the Rules for Compliance with the approval of the Risk Management & Compliance Committee, and expanded the Rules for Compliance into Japanese Group companies with the aim of thoroughly ensuring compliance and sustainably improving corporate value. In particular, under the above rule, we have established more specific, detailed rules and guidelines in the areas with significant impact on business; namely, antitrust law, anti-bribery, and antisocial forces.

For non-Japanese Group companies, in addition to the Fujitsu Group Global Policy, we have formulated global guidelines based on the approval of the Risk Management & Compliance Committee, and have had these guidelines adopted into the internal rules of each non-Japanese Group company. In addition to issuing General Compliance Guidelines which correspond to the above Rules for Compliance, we have also issued global guidelines which relate to competition laws and various guidelines which pertain to bribery prevention.

With regard to bribery, in addition to principles defined in the GBS, we have established internal rules that state the advance application and approval processes required for actions such as providing gifts and hospitality to government officials, giving donations and charitable contributions to political organizations, and making facilitation payments. Furthermore, as one measure for conducting advance surveys and evaluation of transaction risk in regions and fields that are at a high risk for corruption, we perform due diligence at the time of starting new transactions. We screen our suppliers through steps such as requiring suppliers to complete questionnaires according to their risk level. We also require partners to abide by laws and regulations, as well as the GBS, through contracts and other means.

Top management expresses its intentions to strive for compliance proactively and continuously through measures such as sending messages to employees. In doing so, Fujitsu puts the Code of Conduct and the GBS into practice and spread them throughout the entire Fujitsu Group.

The President himself has repeatedly sent out messages to all employees, both in Japan and overseas, declaring that Fujitsu will put an end to compliance violations such as collusion and the formation of cartels. Even overseas, regional heads and Group company top managers continuously send out messages emphasizing the importance of compliance and a corporate culture that has zero tolerance for wrongdoing.

Furthermore, Fujitsu established the annual Fujitsu Compliance Week which begins on December 9th runs until December 15th, to coincide with "International Anti-Corruption Day"(December 9th). During that week, compliance messages are simultaneously sent to employees by top management (including the CEO) at Fujitsu headquarters and the Heads of each business region, and Presidents of group companies in each country. We also release annually updated Compliance e-Learning to employees of all Group companies, and provide compliance-related activities planned for each region.

Additionally, we have assigned staff in charge of compliance operations in each region, and have formed a global network composed of staff in charge of risk compliance at each Fujitsu Group company. Based on these steps, we have established a system for operation of our Global Compliance Program.

The Fujitsu Group continuously conducts various training and communication activities for executives and employees in order to embed and implement the Fujitsu Way Code of Conduct, the Global Business Standards, and other internal rules.

We provide Compliance e-Learning for all Fujitsu Group executives and employees every year. The contents of this e-learning includes risk areas such as bribery, collusion, fraudulent accounting, and security export control. Moreover, in order to reflect the results of risk assessment and social conditions, the Compliance Division at Fujitsu headquarters and compliance staff from each region conduct an annual review of the e-learning. In 2021, compliance e-learning was conducted in 16 languages for all Fujitsu Group executives and employees (approximately 130,000 people). As of May 2022, 97.1% of all executives and employees have already taken the course.

In addition to the measures listed above, we conduct timely online training and e-learning in accordance with the risk level of each organizational level, region, and division. The training and e-learning is based on laws, customs, and actual business conditions in each country. Every year, Fujitsu and domestic Group companies hold compliance training sessions targeted at newly appointed executives. This training is conducted by lawyers from outside Fujitsu, and the company's legal and compliance divisions. For managers, we periodically conduct internal training where in-house instructors explain the importance of the Code of Conduct and compliance, in addition to discussing typical scenarios and difficult situations. We have also implemented compliance education as part of training for new employees. In addition to ensuring that new employees understand the importance of the Fujitsu Way Code of Conduct and the Global Business Standards, we continually provide education that focuses on specific risks in organizations such as sales divisions and legal division. We also have future plans to further develop compliance training for our partner companies.

Furthermore, as discussed above, Fujitsu Compliance Week is held annually from December 9th to 15th. During that week, compliance messages are issued to employees by top management (including the President) and regional managers. Other activities during the week include distributing news related to compliance in each region.

Establishing an Internal Whistleblower System
The Fujitsu Group has established an internally and externally accessible portal, operated as Fujitsu Alert, to receive internal whistleblower reports and consultation (including anonymous reports) from all Group employees (including retirees, temporary transfers, contracted employees, part-time employees, dispatch workers, and others) and offer consultations. Group companies also maintain and operate separate internal whistleblower systems.

Through a web form or telephone hotline, Fujitsu Alert accepts reports on suspected wrongdoing or concern from all Fujitsu Group employees and external parties who have a connection to the Fujitsu Group (anonymously, if applicable). Fujitsu Alert is available in 20 languages 24 hours a day, 365 days a year. Fujitsu Alert is also used to communicate (including submission of additional materials and receipt of comments from the Compliance Division) with the whistleblower regarding the contents of the investigation.

We have established a Compliance Line for Suppliers in Japan in order to receive reports from the suppliers who directly supply products, services, software and other goods to Fujitsu and domestic Group companies. Overseas, Fujitsu Alert also accepts reports from customers, suppliers, and other third parties.

• Fujitsu Alert
• Compliance Line for Suppliers in Japan

These internal whistleblower systems are publicized to employees via periodic messages, compliance training sessions, websites, and posters. In addition, Fujitsu periodically confirms trends in the usage of the whistleblower systems in order to ensure increased recognition for and confidence in the systems among employees.

Protection of Whistleblower
Employees are encouraged to report breaches or potential breaches of compliance of which they become aware. Furthermore, if employees are unsure of the appropriate action to be taken, they can seek advice from a supervisor in their division or a specialized division such as the legal division.

Anonymous reports can be submitted to Fujitsu Alert, and we handle information with the utmost care in order to preserve anonymity. Even in cases where the whistleblower is indirectly identified during investigation process, we strictly prohibit the adverse treatment of whistleblowers due to their reports, and any such adverse treatment will be regarded as an extremely serious breach of internal policies.

Response to Reports
In the event of a report on breach of compliance, we will conduct an internal investigation under the supervision of responsible managers who are licensed attorneys, and will cooperate with external attorneys when necessary. Fujitsu directly reports the results of its internal investigations to the Board of Directors and the Risk Management & Compliance Committee. These reports are made independent of the division and/or affiliated companies which are involved in the subject matter under investigation. Depending on the content of the report, the Compliance Division may delegate an investigation to other authorized divisions if deemed appropriate.

The Compliance Division will conduct an appropriate internal investigation in order to understand the facts and review possible countermeasures in accordance with applicable laws and professional standards. The internal investigation includes, but is not limited to, consideration of applicable laws, consideration of appropriate investigation steps, evaluation of collected evidence, documentation of investigation results, and reporting or escalation. Depending on the results of the investigation, Fujitsu provides feedback to the whistleblower if necessary based on applicable laws such as the data protection laws and business laws.

In the event that the investigation has verified problems according to the Code of Conduct, Global Business Standards, or other internal rules, we take corrective measures such as disciplinary action and reflect the results in personnel evaluations. In order to prevent similar problems from occurring in the future, we remind all parties of rules, revise systems, strengthen monitoring and supervision, and take other necessary measures.

The investigation process is also reviewed and improved at least once a year, including at the time of establishment of the annual plan under the Global Compliance Program and/or at the time of enactment or amendment of relevant laws.

Fujitsu may be either required by law or decide based on business judgement to provide information about compliance violations to certain government and/or judicial agencies (including, but not limited to, government investigative agencies or courts). When making such decisions, Compliance Division staff work together with managers and other relevant divisions as necessary.

Filing Reports with the Risk Management & Compliance Committee
When executives or employees become aware that compliance violations have occurred, or recognize signs that violations may occur, they are required by the risk management regulations to immediately file a report with the Risk Management & Compliance Committee and in accordance with the reporting system previously established by the head of the division. In addition, we periodically report to the Risk Management & Compliance Committee, the Board of Directors and Audit & Supervisory Board members concerning internal whistleblower reports and consultations, as well as our responses to major compliance issues. Please refer to the Fujitsu Group Integrated Report for the number of meetings of the Risk Management & Compliance Committee and the Board of Directors.

FY 2022 Results
In FY2022, a total of 88 cases were reported in "Fujitsu Alert". Of these, no cases of corruption (including bribery) were identified and no disputes arose. The Fujitsu Group takes measures to prevent corruption based on its "Global Policy on Anti-Bribery and Anti-Corruption" (*3) and rigorously complies with the laws and regulations of each country.

• (*3)
  Global Policy on Anti-Bribery and Anti-Corruption (P.16-P.18)

The Fujitsu Group conducts annual verification of the effectiveness of the Global Compliance Program through reviews of our risk assessment and internal auditing activities, and through reviews by external experts such as law firms. We are also working to continuously improve our Global Compliance Program based on the results of applicable reviews and audits, as well relevant social conditions. Please refer to the Risk Management page regarding our risk assessment activities.

The Compliance Division of Fujitsu headquarters continually assesses risk that mainly targets Group companies located in overseas countries and regions with a high risk of corruption. Through interviews with executives/employees and verification of internal rules and business processes, the Compliance Division analyzes the compliance risks of local businesses. It then proposes countermeasures in accordance with the actual contents and extent of risks, and supports the implementation of those countermeasures.

The status of risk assessment and implementation of the Global Compliance Program are periodically reported to the Risk Management & Compliance Committee, the Regional Risk Management & Compliance Committees, and the Board of Directors. The discussions and decisions made at these meetings are reflected and implemented in a timely manner to activities in the Global Compliance Program.

Initiatives for Security Export Controls

The export of goods and the transfer of technology that could be used for the development or production of weapons of mass destruction or conventional weaponry is controlled by an international framework for security export controls, with the objective of maintaining global peace and security. In Japan, regulations for security export controls are implemented under the Foreign Exchange and Foreign Trade Act (the Foreign Exchange Act).

In line with the Fujitsu Way Code of Conduct’s stipulation that employees should comply with all laws and regulations, Fujitsu has enacted “Internal Compliance Program” on Security Export Control Regulations whose fundamental objective is the promotion of security export controls that are not only in accordance with the Foreign Exchange Act, but with the Export Administration Regulations (EAR) of the United States, which are applied extraterritorially.

Fujitsu has established a system in which the President serves as the designated Chief Security Export Control Officer, while the Security Export Control Office in the Corporate Governance and Compliance Unit serves as the organization that promotes security export control activities. The Security Export Control Office carries out all classification and transaction screening (verifying the country/region receiving the goods/technology, the intended application for it, and the identity of the client) for export of goods and the transfer of technology to overseas locations, where all necessary licenses are adequately obtained before shipment. In addition, in the “Internal Compliance Program” such process is established that legal violations shall be reported immediately. When conducting business, in order to prevent legal violations by misinterpretation of and/or overlook of related regulations, we coordinate closely with the Ministry of Economy, Trade and Industry, which has jurisdiction over export administration regulations.

In order to maintain this internal system for security export controls and keep it going, we continue to conduct regular audits and provide export controls training to all executives and employees.

With regard to all domestic and overseas Group companies, Fujitsu headquarters offer guidance about how to develop rules and establish frameworks for proper security export controls, provides educational support and audit support, and organizes gatherings within the Group for the purpose of information exchange, among other activities. In addition, since FY 2013, Fujitsu has been developing an e-Learning course that covers security export controls and is available in 20 languages for Group companies around the world.

System to Ensure Proper Financial Reporting

In the “Policy on the Internal Control System”, which was resolved by the Board of Directors, Fujitsu stipulates the following points.

• The Company has, apart from the organization that prepares financial reports, an organization under the Chief Financial Officer responsible for establishing, operating, and evaluating internal control over Fujitsu Group financial reporting, to ensure the effectiveness and reliability of financial reports.
• These organizations create rules for establishing, operating, and evaluating internal control over the unified accounting policies shared throughout the Fujitsu Group and financial reporting.

Under the direction of the Risk Management & Compliance Committee, the organization responsible for internal control and internal audits has established the system, and in accordance with the rules established by the Company based on the principles of the “Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting” published by the Business Accounting Council, internal control over financial reporting throughout the Fujitsu Group is assessed. The activity status and assessment results are reported to the Chief Financial Officer and the Risk Management & Compliance Committee.

Our Approach to Tax Matters

Tax compliance at the Fujitsu Group is carried out according to the Fujitsu Way Code of Conduct.

• We understand the purpose and spirit of each country’s tax laws and treaties, as well as other guidelines such as those laid out in the BEPS (Business Erosion and Profit Shifting) Project led by the OECD, and abide by them. We strive to file tax returns and pay taxes appropriately. In transactions between related companies, we will comply with the general rule of an arm’s length price and distribute profits appropriately.
• We do not engage in tax planning that is solely for the purpose of avoiding taxes without business purpose or business substance. Similarly, we will not use tax havens to transfer profits with the intention of avoiding taxes.

We will act in good faith in our relationships with tax authorities, and behave in an ethical and transparent manner, in accordance with the values that are cherished by the Fujitsu Way.

Based on the above, we aim to achieve proper tax management, in order to continuously improve corporate value.