Tax practices, information security

Our tax practices

We are fully committed to paying our fair share of taxes at levels that are not only within the letter and spirit of local laws but are in accordance with our responsibilities to all stakeholders in our 4S model. We do not engage in aggressive and artificial tax planning or tax avoidance schemes, and never use legal entities for tax purposes only. Nor do we undertake any transactions whose sole purpose is to reduce our tax contribution.

Our approach to tax is guided by a global tax function that requires all business units to issue detailed annual reports showing how they meet local tax obligations and ensure that appropriate expert advice is sought on all commercial and financial decisions.

Our tax practices

Tax legislation and practices have become increasingly complex in recent years, but we try to nurture good relationships with tax authorities in order to reduce uncertainty on both sides.

In 2016 we prepared ourselves to comply with the introduction in 2017 of a UK law that requires large companies to produce a tax strategy setting out, among other things, the approach toward tax planning and showing how tax risk is managed. Our tax strategy will be published on our website in 2017.

In other countries, governments are beginning to implement recommendations from the OECD's Base Erosion and Profit Shifting (BEPS) Project, which aims to clamp down on artificial tax planning strategies. One consequence will be the emergence of new country-by-country tax reporting requirements. We have undertaken a major review of our processes and data capture systems, and we are prepared to meet our obligations.

In 2016 we organized training for more than 200 employees to raise awareness of BEPS issues and other recent tax developments.

The JT Group Tax Policy

Information security

The JT Group's information security risks lie in damage to, or leakage of, information that we hold on our customers, consumers, suppliers, and employees, as well as data on our business strategy and on engineering and experimental data, including results from research.

We are committed to continuous enhancement of our information security framework, and regularly update our policies and procedures to adapt to evolving business and technical landscapes.

To strengthen our defenses we have introduced a computer-security incident response team. We have also applied for membership of the cross-industry Computer Security Incident Response Team Association (Nippon CSIRT Association), which pools resources to fight and resolve cyberattacks.

We also regularly draw up action plans on forthcoming information security regulations. For instance, we have already begun to prepare a new framework that will help us comply with the EU's General Data Protection Regulation, which will focus on personal information protection and is due to come into force in 2018.

As the majority of incidents occur due to lack of awareness, we regularly train and provide information to our employees on information security issues.