Compliance Data
Ensuring Corporate Ethics and Compliance
Latest updated on Apr 25, 2025
Basic Policy
We have established the NTT DATA Group Code of Conduct with the purpose of fostering corporate ethics and compliance awareness and adapting to the changing business environment. This Code serves as a fundamental set of guidelines for the daily activities of every NTT DATA employee. We are advancing efforts to mitigate compliance risks through the dissemination and practice of this Code.
Governance System
To enhance corporate ethics and reduce and prevent compliance risks such as legal violations, we have identified compliance risks as key risks to be monitored globally, and we are implementing Company-wide measures and monitoring via the Corporate Ethics Committee to address these risks effectively. This committee is chaired by Kazuhiko Nakayama, our senior executive vice president and representative director, and consists of the heads of departments related to corporate ethics. It meets twice a year in principle, with the proceedings reported to the Board of Directors.
The Board reviews the results of the Group's ethics initiatives and plans for the next fiscal year, and discusses and directs appropriate actions as necessary. In addition, the results of internal audits and plans for the next fiscal year are reported to the Board by the Internal Audit Department, and any necessary actions are discussed and implemented.
【Reference Page】 NTT DATA's Corporate Governance Systems: Sustainability Report | NTT DATA Group (P96)
Regular Audits of Ethical Standards
Our company conducts annual checks using standardized items, including corporate ethics, for all domestic companies and overseas Group companies. The results are then consolidated and compiled by the headquarters' internal audit department.
Additionally, in Japan, we directly audit high-risk companies, including verification of corporate ethics.
These audit plans and their results are reported to the Board of Directors and the Audit and Supervisory Committee.
Whistleblowing Systems and Protection of Whistleblower
To maintain sound management through the early detection and correction of behavior that contravenes laws and corporate ethics, we operate the Whistle Line to receive reports from all NTT DATA Group personnel, including employees and temporary staff, as well as business partners. It covers all the entities of NTT DATA Group, including headquarters, Japan domestic group subsidiaries, and overseas group subsidiaries. It is stipulated in the NTT DATA Group Whistleblowing Policy that a whistleblower shall not be treated disadvantageously due to their reporting. This means that no person will suffer any detriment or retaliation for raising a genuine concern in good faith. The Whistle Line accepts reports about actual or suspected misconduct such as violations of laws and regulations, violations of the Code of Conduct (incorporating a wide range of topics, including Respect for Human Rights, Anti-harassment, Equal Opportunity, Health and Safety, and other responsible business activities. Please refer to the details here.), or any other conduct that seriously impairs the honor or social reputation of NTT DATA Group Company.
Operation of Whistleblowing Systems
The whistleblowing systems are managed and operated by the dedicated departments (Chief Risk Office) of the headquarters in accordance with the NTT DATA Group Whistleblowing Policy, and the Whistle Line's reception channel is operated by independent third-party law firms. The Policy allows for anonymous reporting, and the third-party law firms enable whistleblowers to submit reports anonymously with processes that ensure the privacy and personal information of the whistleblowers will be fully protected and kept confidential.
Whistleblowing system is handled under the responsibility of the Chief Risk Officer (CRO) of each company. If a violation of laws and regulations, the NTT DATA Code of Conduct, or various regulations is found, disciplinary actions, such as pay cuts or suspension, are taken in accordance with the disciplinary rules set by each Group company, and, depending on the situation, are reflected in assessments and personnel changes.
For employee concerns that do not constitute breaches of conduct or illegal activities, the processes may differ. For example, in Japan, we have a designated channel to handle harassment-relevant cases.
Processes of Whistleblowing and Confidentiality Protection
The whistleblower contacts the designated channel (email address or phone number) that is operated by an independent third-party law firm to report the issue. In Japan, we provide two contact channels: one designated to handle harassment-relevant cases, and another to handle all other cases of whistleblowing. The independent third-party law firm that received the report deletes any information that could identify the whistleblower and notifies the CRO, requesting an investigation. The CRO requests an investigation assigned to each organization that is responsible. The investigators promptly conduct the investigation and report to the CRO with an investigation response. The CRO reviews the response and replies to the whistleblower through the third-party law office. If a violation of laws and regulations, the NTT DATA Code of Conduct, or various regulations is found, disciplinary actions are taken.
In principle, we ensure that whistleblowers are informed of the outcomes of the investigation and actions taken in response to their reports. This guarantees transparency throughout the process.
With the involvement of the reception channel operated by independent third-party law firms, the whistleblower's information will be kept confidential during the whole process. The name of the whistleblower will not be notified to the CRO.
People who are involved in investigations based on information provided by the CRO are bound by specific confidentiality obligations of the NTT DATA Group Whistleblowing Policy. The content of the whistleblowing cases and investigation results will only be shared with necessary and designated organizations and people, who will use the information for necessary purposes only. If information leakage is found, disciplinary actions are taken.
Promoting Compliance Awareness among Officers and Employees
NTT DATA conducts compliance training (including e-learning) for all employees at Group companies in Japan and overseas. We also arrange lectures on corporate ethics at position-based training sessions that are conducted as part of our promotional milestones. Our compliance-related training is tailored to the business characteristics of each organization and company to steadily increase compliance awareness among employees. This training includes instructions on how to use the whistleblowing system and address concerns.
We regularly review and improve our whistle blowing systems and mechanisms. For example, we engage with our employees via the questionnaire included in our compliance internet-based training, and then incorporate their feedback to improve the mechanisms. This commitment to continuous improvement maintains a fair and transparent workplace.
Reporting on Breaches
Number of Consultations on Compliance over the Past Four Years
| FY2020 | FY2021 | FY2022 | FY2023 | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Number of Reports | Number of Reports | Number of Reports | Number of Reports | ||||||||||||
| Disciplinary actions |
Warnings | Disciplinary actions |
Warnings | Disciplinary actions |
Warnings | Disciplinary actions |
Warnings | ||||||||
| Overall Number of Reports | 78 | 2 | 34 | 100 | 1 | 42 | 147 | 2 | 35 | 165 | 2* | 24 | |||
| Compliance Violations | 36 | 2 | 34 | 43 | 1 | 42 | 37 | 2 | 35 | 26 | 2 | 24 | |||
| Violation of Internal Rules | 33 | 2 | 31 | 43 | 1 | 42 | 37 | 2 | 35 | 25 | 1 | 24 | |||
| Violation of Laws and Regulations | 3 | 0 | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | |||
| No Violation | 42 | - | - | 57 | - | - | 110 | - | - | 139 | - | - | |||
| Harassment: Number of Reports | 54 | 1 | 22 | 78 | 0 | 36 | 109 | 2 | 35 | 125 | 0 | 22 | |||
| Compliance Violations | 23 | 1 | 22 | 36 | 0 | 36 | 37 | 2 | 35 | 22 | 0 | 22 | |||
| Violation of Internal Rules | 23 | 1 | 22 | 36 | 0 | 36 | 37 | 2 | 35 | 22 | 0 | 22 | |||
| Violation of Laws and Regulations | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
| (Violation of Human Rights) | 0 | 0 | 0 | 0 | 0 | 0 | |||||||||
| No Violation | 31 | - | - | 42 | - | - | 72 | - | - | 103 | - | - | |||
| Misconduct: Number of Reports | 17 | 1 | 7 | 14 | 1 | 5 | 22 | 0 | 0 | 23 | 2 | 0 | |||
| Compliance Violations | 8 | 1 | 7 | 6 | 1 | 5 | 0 | 0 | 0 | 2 | 2 | 0 | |||
| Violation of Internal Rules | 8 | 1 | 7 | 6 | 1 | 5 | 0 | 0 | 0 | 1 | 1 | 0 | |||
| Violation of Laws and Regulations | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | |||
| (Bribery, Accounting Fraud, Disguised Contracting, etc.) | 0 | 0 | 0 | ||||||||||||
| No Violation | 9 | - | - | 8 | - | - | 22 | - | - | 21 | - | - | |||
| Fraud (personal use of company funds): Number of Reports |
2 | 0 | 1 | 2 | 0 | 0 | 8 | 0 | 0 | 8 | 0 | 0 | |||
| Compliance Violations | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
| Violation of Internal Rules | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
| Violation of Laws and Regulations | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
| No Violation | 1 | - | - | 2 | - | - | 8 | - | - | 8 | - | - | |||
| Other: Number of Reports | 5 | 0 | 4 | 6 | 0 | 1 | 8 | 0 | 0 | 9 | 0 | 2 | |||
| Compliance Violations | 4 | 0 | 4 | 1 | 0 | 1 | 0 | 0 | 0 | 2 | 0 | 2 | |||
| Violation of Internal Rules | 1 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 2 | 0 | 2 | |||
| Violation of Laws and Regulations | 3 | 0 | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||
| No Violation | 1 | - | - | 5 | - | - | 8 | - | - | 7 | - | - | |||
- *
| Reporting areas | Number of breaches in FY 2023 |
|---|---|
| Corruption or Bribery | 0 |
| Discrimination or Harassment | 0 |
| Customer Privacy Data | 0 |
| Conflicts of Interest | 0 |
| Money Laundering or Insider trading | 0 |
Disciplinary Actions against Confirmed Violations
A compliance violation or Breach of Internal policies such as "NTT DATA Code of Conduct" and "NTT Data Group Security Policy (GSP)" is dealt with using the disciplinary measures taken in accordance with the disciplinary code established at each Group company. This includes pay cuts and work suspension, and may also be reflected in assessments (evaluations) and personnel transfers.
