An appropriate control system is set up for various risks that may affect management.

Regarding risk perception by Monex Group, Inc.  and its subsidiaries, the Company follows all legal  stipulations and also manages risk according to its  own “rules of integrated risk control.” To keep risk  that affects Company management within a certain  permissible range contributes to the achievement of  our business goals. Based on this idea, we discern,  analyze, and evaluate risk and devise appropriate  control systems for each kind of risk. In relation to
risk control, the CEO appoints a risk control manager,  and this person is responsible for providing and managing the risk control system and reporting periodically to the Board of Directors.

Items recognized as risks are classified systematically, and the location and related divisions of each risk are  clearly identified. The risk control manager then measures the risk comprehensively, estimates the degree of  impact and event probability of the risks, confirms the control situation, and reports to the Board of Directors  how much risk the Monex Group as a whole is facing.

The Monex Group’s rules of integrated risk  management stipulate that the following 10 risks  should be managed.

1. Market-related risk

2. Credit risk

3. Liquidity risk

4. Information security risk

5. System risk

6. Administrative risk

7. Legal risk

8. Reputation risk

9. Disaster risk

10. Other risk

Risk Control in the Japan Segment

Monex, Inc. is the principal company in the Japan segment and has regulations, groups and committees in  place to address and control specific risks.

Meeting and committee structure related to risk control at Monex, Inc.

Name Participants Content
Compliance Meeting
  • Internal control manager
  • Managing Director
  • Director and manager responsible for  Corporate Management Department
  • Director and office head responsible for  Quality Control Office
  • Audit Office manager, etc.
A compliance-related advisory body to the internal  control manager. Consults on all aspects of devising  and managing systems related to compliance.
QMS (*) Confirmation  Committee
* Quality Management System
 
  • Internal control manager
  • Director responsible for system development
  • Quality control office manager, etc.
Reporting and discussion of regulations pertaining to  system quality control, the state of outsourcing quality  control, incidence of system difficulties and measures  taken to prevent a recurrence of those difficulties.
Information Security  Control Committee
  • Information Security Control Committee chairman  (internal control manager and Chief Information  Security Officer)
  • Director and manager responsible for Human  Resources Department
  • Director and manager responsible for system  development, etc.
Prepares and makes decisions related to company-  wide information security control.
Credit Committee
  • Risk control manager
  • Accounting & Finance Department, Director  responsible for Corporate Administration  Department, etc.
Discussion of transactions accompanied by credit  risk, such as margin trading and futures and options  trading. For example, setting and alteration of
credit limits on clients from the viewpoint of credit  control and client control and the enforcement or  cancellation of inhouse regulations on certain issues.
System Risk Control  Committee
  • Director and general manager responsible for  Operations Division
  • Systems control manager
  • Systems operations manager
  • Quality control office manager
  • Risk control manager
Checks the systems risk status each month on  systems currently running.
Commitment Committee
  • Director responsible for Corporate Administration  Department
  • Accounting & Finance Department Manager
  • Corporate Management Department Manager,  etc.
Consults on whether the Company should underwrite  or not the suitability of pricing and scope that the  Company decides as an IPO lead manager (expected  prices and expected provisional conditions,  provisional conditions, public price, etc.).

Risk Control in the U.S. Segment

The principal businesses in the U.S. segment are online securities and technology. We established regulations  and have groups and committees in place to address and control specific risks.

Meeting and committee structure related to risk control at the TradeStation Group

Committee  organizer Committee name Participants Description
TSG
※ 1
Information 
Security Risk 
Committee
Chief Information Security Officer  Chief Risk Officer
Chief Compliance Officer (TSS *3)  Chief Technology Officer
Chief Brokerage Officer etc.
Identify company-level risks in cybersecurity and  privacy. Provide direction to mitigate risks to an  acceptable level, which may otherwise adversely  affect the Company’s ability to achieve its goals.
TSG
※ 1
Third Party Vendor 
Risk Committee
Chief Risk Officer
Chief Information Security Officer  Chief Brokerage Officer
Chief Technology Officer  Chief Financial Officer
Chief Financial Officer (TSS *3)  Chief Growth Officer
Chief Compliance Officer (TSS *3)
Responsible for onboarding and monitoring third  party vendors at a company-level and providing  direction to mitigate risks to an acceptable
level, which may otherwise adversely affect the  Company’s ability to achieve its goals.
TSG
※ 1
Legal and 
Compliance
Risk  Committee
Chief Compliance Officer (TSS *3)  Chief Risk Officer
Chief Information Security Officer  Chief Brokerage Officer
Chief Technology Officer  Chief Financial Officer  Chief Growth Officer
Chief Compliance Officer (TSS *3) etc.
Oversee legal and compliance issues and  emerging risks at a company-level, and provide  direction to mitigate risks to an acceptable  level, which may otherwise adversely affect the  Company’s ability to achieve its goals.
TST
※ 2
Risk Management 
Oversight  Committee
Chief Risk Officer (TSG *1)  President
Chief Information Security Officer (TSG *1)  etc.
  • Identify and prioritize business risks
  • Evaluate the effectiveness of activities to  mitigate risk
  • Provide direction to allocate resources and  assign responsibilities to address business risks
  • Improve company infrastructure for risk  management
TST
※ 2
IT Architecture  Risk Committee President
Chief Information Security Officer (TSG *1)  Chief Risk Officer (TSG *1) etc.
  • Manage and maintain principles, standards,  policies, guidelines, best practices and  reference models for IT infrastructure
  • Decide on exceptions and requests to deviate  from the company’s architecture strategy
  • Request and review proposals from relevant risk  owners for architectural issues that arise
  • Review and, as appropriate, make  recommendations to the TST Board regarding  significant technology investments
TST
※ 2
Technology 
Operations Risk 
Committee
President
Information Technology Vice President  Chief Information Security Officer (TSG *1)  Chief Risk Officer (TSG *1) etc.
 
  • Review the company’s operations, technology  strategy, associated budget and expenditures
  • Oversee the remediation efforts relating to  “reasons for outages” (RFOs)
  • Review all major operations and technology  risk exposure, including those relating to new  projects, products and services
  • Oversee implementation and maintenance of  the disaster recovery plan
TSS
※ 3
Margin and 
Market Risk 
Committee
Vice President of Risk Management  President & Chief Operating Officer (TSS)
Product Manager, Margin and Risk Management  Chief Risk Officer & Chief Compliance Officer (Equities)  Chief Compliance Officer (Futures) etc.
Review, discuss, and devise strategy and credit  policy concerning risk exposure to stemming from  leveraged trading risks and derivatives trading
by clients. The committee facilitates continuous  improvement of the Firm’s capabilities around  managing its market and trading risks.
TSS
※ 3
Settlement, 
Segregation, 
Liquidity, Capital &  Counterparty Risk  Committee
TSS Chief Financial Officer & FINOP & Treasurer  President (TSS)
Chief Operating Officer  Chief Compliance Officer  Chief Risk Officer
Director of Global Risk Management etc.
Monitor the risk environment for TradeStation  Securities, Inc. and provide direction for the  activities to mitigate the risks that may adversely  affect the company’s liquidity, capital and  counterparty risk.
TSS
※ 3
Risk Management 
Oversight 
Committee
Chief Risk Officer & Chief Compliance Officer  Chief Operating Officer
TSS Chief Financial Officer & FINOP  Director of Global Risk Management etc.
Monitor the risk environment and provide direction  for the activities to mitigate the risks that may  adversely affect the Firm’s ability to achieve its  growth and synergy goals. The committee facilitates  continuous improvement of the company’s  capabilities around managing its priority risks.

※ 1 TSG:TradeStation Group, Inc.
※ 2 TST:TradeStation Technologies, Inc.
※ 3 TSS:TradeStation Securities, Inc.

Risk Control in Crypto Asset Business Segment

Differences in risk control between a financial instruments business and cryptocurrency exchange business

The risk control as a cryptocurrency exchange  service provider is similar to the risk control in FX  trading in some aspects. For example, a cover  transaction (hedging on a position held by a virtual  currency exchange service provider to reduce risk with another service provider) for a position  that is issued by trading a cryptocurrency with a  customer is the same as a cover transaction for a  foreign currency pair in FX trading.

However, the cryptocurrency exchange service  provider has a higher liquidity risk for the cover  transaction than in FX trading. For leverage, the  risk (absolute amount of loss) to the trading  volume is lower because Coincheck, for example,  has a leverage ratio of 5x, which is smaller than the 25x upper limit in FX trading.

On the other hand, there is a noteworthy  difference in managing cryptocurrency trading and FX trading, which is handling the currency in  a wallet form and using blockchain to complete  the transaction. When compared to a brokerage  firm that primarily engages in equities trading,  the stock as the primary element in that trading is  managed by Japan Securities Depository Center,  Inc. using electronic data. In simpler terms, the  data is stored at a separate location from the  brokerage firm. Whereas with a cryptocurrency exchange service provider, the cryptocurrencies  are most often stored by the company itself,  requiring the company to control that high risk.

Management required in the cryptocurrency exchange business

In a cryptocurrency exchange business, other  aspects need to be managed apart from the  aforementioned risk control. Even with regard  to money laundering prevention, there are more points that must be monitored in a cryptocurrency  exchange business. In a brokerage firm, the  deposit and withdrawal from a securities account  can only be completed via a bank account.
These deposits and withdrawals are not possible  if the names on the accounts do not match. Yet in the cryptocurrency exchange business, more  advanced measures to prevent money laundering  are needed because a cryptocurrency can be  remitted to a cryptocurrency address. 

In terms of system security measures, we are  making our security system stronger to conduct  appropriate monitoring, assuming there will be  multiple threats, such as hackers attempting to  attack our servers.

Differences between cryptocurrency exchange business and financial instruments business

Service content Cover
transaction
Liquidity risk Verification of person
depositing or withdrawing
Outflow risk
of assets in
custody
Comprehensive
risk control
Virtual currency
exchange service
provider
Trade location and
exchange location
High Bank account/
address
Low Low
Financial instruments
business
Equities trading - - Bank account Low Low
FX trading Low Bank account Low Medium