Cyber Security Measures

The Monex Group, as a leader in the online securities and crypto asset businesses, considers cyber security as one of its most important issues. In light of the diversification of its businesses within the group, the Group recognizes the necessity to take stronger measures than ever before to address increasingly serious cyber threats.

 

With global business operations, the Group is striving to protect customers’ information and customers’ assets from increasingly serious cyber security threats and enable customers to securely conduct transactions. It is enhancing comprehensive cyber security measures by referring to supervisory guidance established by the Japanese Financial Services Agency for financial instruments business operators and the US National Institute of Science and Technology (NIST) 800 series of publications.

 

Monex Group’s subsidiaries conduct risk-based assessments to take appropriate information security measures in accordance with risks, develop countermeasures for discovered risks, and conduct continuous improvement activities. These activities are evaluated not only by the Monex Group, but also by external parties to increase the reliability of risk management activities. In addition, we plan to invest in minimizing business risks as a continuous effort to strengthen our system, such as applying vulnerability diagnoses and Red Team testing in response to recent changes in the risk environment.

Cyber Security System

We are creating a global system for responding to events and reducing damage arising due to cyberattacks throughout the entire Monex Group. Centered on the Monex Group CSIRT (Computer Security Incident Response Team) established within the Monex Group, CSIRTs have also been established in Monex Securities and Monex Group companies. Through cooperation between the Monex Group CSIRT and the CSIRTs in group companies, we are strengthening governance and CSIRTs in each company perform the functions for protecting the operations, information assets and systems of as we promote cyber security measures along the four axes of organizational operation, system response, human response and external collaboration.

 

Cyber Security System

Information Security System

We are continuously striving to strengthen day-to-day information security measures by utilizing intelligence from external specialist institutions and monitoring cyber security. In addition, we are performing analysis and taking steps to minimize damage and quickly recover from damage. CSIRTs play a central role in the acquisition of information on dangerous threats and the analysis of causes, the minimization of damage and responses for rapid recovery in the event of an “emergency” when a cyberattack is detected.

System Response

We implement measures in multiple stages (multi-layer defense) such as implementing multiple mechanisms for detecting and defending against unauthorized access and malicious programs such as computer viruses. In addition, these measures are reviewed as appropriate to address the occurrence of new threats.

Human Response

We are endeavoring to improve information security literacy by constantly implementing training and drills for all employees based on the Monex Group Information Security Basic Policy.

External Coordination

The Monex Group is building a system for collecting and sharing information on vulnerabilities and threats, etc. through communication with Financials ISAC, Japan CSIRT Council and information institutions in Japan and abroad.

Customer’s Data Privacy

Monex Group has internal policies and streamlined operation based on the policy to keep our customers’ information safe. Our Code of Conduct and Ethics and Compliance Code of Conduct policies include specific guidelines about how Officers and Employees should safeguard customers’ information. Data privacy is regularly reported at multiple Group-level governance forums, which include Board level representation to help ensure appropriate challenge and visibility among senior stakeholders. We are also investing in machine learning and intelligent strategies to improve detection and mitigation of fraud across our products and services. Monex Group will review and enhance the personal information protection management system on a continuing basis. In addition, we hold our suppliers and vendors to the same high standards for data security.

 

Monex Group is committed to protecting the privacy of data we hold and process, in accordance with the laws and regulations of the geographies we operate in. Our group companies are the first-hand entities to ensure that data privacy is handled and processed effectively to manage risks. For example, the entity in Japan, Monex Inc., embed the requirements stated in the Act on the Protection of Personal Information legislated by the Japanese government. The Act is developed based on the OECD's Privacy Guidelines.

 

Our major group companies outside of Japan also have strict policies and processes to protect the privacy of data. TradeStation Group, Inc. operates an online securities and futures brokerage firm in the US that complies with the federal law and SEC and industry self-regulatory rules and regulations regarding privacy including the California Consumer Privacy Act of 2018 (CCPA) to cover the customer who reside in California. TradeStation Group also has an introducing broker based in London, England which processes personal data under the General Data Protection Regulation (“GDPR”). The subsidiary in Hong Kong, Monex Boom Securities Limited, operates its business in accordance with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region.

 

The privacy policy of our major group companies