Compliance

Daiwa Securities Group has four Corporate Principles. They are "Building trust," "Placing importance on personnel," "Contributing to society," and "Maintaining healthy earnings results." The Group believes that compliance is a significant element for achieving these principles as well as the Group's basic management policy, "Maximizing the value of customer assets," as described in the Medium-term Management Plan. The goal of the Group's compliance activities is not merely to "comply with laws and regulations," but to earn the trust of customers, markets, society, and stakeholders.

Compliance System

For the improvement and enhancement of the compliance system, the Compliance Control Department and Compliance Departments 1 and 2 collaborate to improve and strengthen Group-wide compliance systems. The former is responsible for overall compliance planning and formulation and serves as a market gatekeeper while the latter are tasked with providing direction and support to the sales branches and corporate departments and divisions. These compliance departments also work with the internal administrators assigned at each department to ensure appropriate operational management and prevent noncompliance through monitoring, guidance and education. Furthermore, they cooperate closely with the compliance departments of overseas bases to build a global compliance system.

Decisions on general policies and specific measures related to legal compliance, corporate ethics and internal control for Daiwa Securities Group as a whole are deliberated and made at meetings of the Group Compliance Committee.

For compliance risk management, we focus on the following three as important items: ensuring market fairness and transparency; avoidance of any kind of relationship with anti-social forces (including by implementing anti-money laundering and anti-terrorism financing measures); and information security.

At Daiwa Securities, Compliance Departments 1 and 2 monitor transactions and solicitation by sales branches, identify challenges and issues, and help the branches solve the identified issues. The Departments also regularly conduct on-site inspections. Moreover, they help the headquarters departments and divisions identify issues and provide them with training support. The Customer Counseling Center, established within Compliance Department 1, comprehensively handles customer feedback and complaints and reflects them in the business to improve customer satisfaction.

Daiwa Securities stations full-time internal administrators at its sales branches. These internal administrators serve as Compliance Managers and work to build a solid compliance system.

They also work on product governance to build an appropriate sales and management system for the delivery of products to customers.

Daiwa Securities Group's Compliance Framework

Full Implementation of "Customer-First"

Daiwa Securities is taking measures in line with the compliance program to ensure the effective operation of our internal control system and strict compliance of our sales activities with laws and regulations. We set up the pillars outlined below, maintaining "Customer-First" as the keyword.

  1. 1.Full implementation of appropriate market gatekeeper functions
  2. 2.Reinforcement of internal control systems for "Maximizing the value of customer assets"
  3. 3.Support for the Group's business reforms
  4. 4.Shift to DX-based business flow and organizational management
  5. 5.Optimized assignment of functions and resources for robust and efficient organizational management

Daiwa Securities deals with various financial products, including stocks and investment trusts. When soliciting investment from customers, we ensure compliance with the principles of integrity and fairness, suitability, and self-responsibility, from the perspective of investor protection. We have adopted the practice of systematically providing continuous and thorough after-sale follow-ups, rather than leaving it to individual sales staff, especially when the market is trending downward. We believe that providing thorough, face-to-face explanations to customers and maintaining customer trust and a sense of security at times of market fluctuations are part of the practice of Customer-First for Daiwa Securities as a marketer of financial products. We will continue stepping up such initiatives going forward.

Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT)

The importance of anti-money laundering and combating the financing of terrorism (AML/CFT) has grown worldwide. Daiwa Securities Group complies with laws and regulations related to AML/CFT, and works on reinforcement of the effective preventive system based on a risk-based approach as an important management issue to ensure that Daiwa Securities Group is not used for money laundering or funding terrorism.

At Daiwa Securities Group Inc., we have appointed a person in charge of supervising AML/CFT for the entire group, and have set up a supervising department to promote countermeasures. The "AML/CFT Domestic Group Policy" and "AML/CFT Global Policy," which constitute policies and operational guidelines for the AML/CFT management system, have been established, and domestic and overseas group companies have established each system in line with the policies.

  • *1Provide AML/CFT Domestic Group Policy
  • *2Provide AML/CFT Global Policy

<Overview of the AML/CFT Domestic Group Policy and the AML/CFT Global Policy>

  • Periodic confirmation of customer information at the time of opening an account and after opening an account
  • Identification and evaluation of risks related to ML/FT in the products and services provided by the company
  • Implement risk mitigation measures such as continuous customer management, transaction monitoring, and suspicious transaction reporting
  • Implementation of training for executives and employees regarding AML/CFT
  • Auditing the adequacy of AML/CFT management system by internal audit

<Specific policies and procedures for AML/CFT>

Daiwa Securities conducts customer due diligence on all new customers before they can open an account with us. We confirm identity information, such as name, place of residence and date of birth, for individual customers and name and place of business for corporate customers (including identity information of the beneficial owners) in addition to confirming financial assets and the purpose of transactions. The identity information so obtained is then screened using our own database, public institutions' databases and overseas information provided by information vendors. As to existing customers, we regularly check for any matters of concern and conduct investigations if considered necessary. If a problem is detected, we may immediately suspend or terminate transactions. As a way to reduce risks, we conduct additional identification checks for customers who apply to open an account online or via other non-face-to-face means.

The abovementioned screening includes cross-checking the applicant against sanction lists furnished by Japanese and foreign government bodies as a measure to counter financing of terrorism. As for foreign politically exposed persons (PEPs), we confirm whether or not a person opening an account is regarded as a foreign PEP, and regularly verify that existing customers are not foreign PEPs using lists of foreign PEPs. If a person is determined to be a foreign PEP, we perform enhanced customer due diligence, such as confirming the person's asset and income status before each transaction, in addition to regular identity confirmation. We require that an approval be given by the AML/CFT manager for any transaction with a foreign PEP or with a customer residing in a high-risk country.

Documents related to AML/CFT such as evidence of identity are properly retained in accordance with laws and regulations of relevant countries and operational manuals of each business site. (Such documents are retained for seven years at offices in Japan pursuant to the laws of Japan.)

The Internal Audit Department conducts risk-based audits and evaluates the appropriateness and effectiveness of the management system for AML/CFT measures. The department has conducted such audits annually for the past three years.

Securing the Fairness and Transparency of the Market-Prevention of unfair transactions such as insider trading

Daiwa Securities Group thoroughly complies with related laws and regulations, including insider trading regulations, to ensure market fairness and transparency. In accordance with the procedures stipulated by laws and regulations, we will properly conduct transactions with customers and our own transactions with a high awareness of compliance.

Daiwa Securities Group is working to secure the fairness and transparency of the market by means of preventing illicit transactions by customers and by Daiwa Securities itself.

To prevent illegal transactions by customers, Daiwa Securities identifies inappropriate deals that may have an excessive impact on the market, conducts screening procedures for such deals according to certain criteria, and issues an alert if necessary. Moreover, in order to prevent insider trading from occurring, we ask about customers' place of employment and positions within their companies before opening an account for them. This practice allows us to check transactions as soon as trading orders are placed by customers who are in a position to acquire insider information. We also check the past transactions retroactively when disclosure is made of important information.

To prevent illicit transactions by Daiwa Securities itself, we may impose restrictions on or require reviews of both proprietary trading and trading by executives and employees that do not meet prescribed criteria. We also strictly manage corporate-related information, including material facts of listed companies, to prevent insider trading. In addition, all executives and employees make an annual pledge to comply with relevant laws and regulations.

Fostering Compliance Awareness

Daiwa Securities Group rigorously observes regulations and exercises self-discipline so that it can contribute to the sustainable growth of society while maintaining high ethical standards. We conduct training programs for new graduates when they join the Group, and continue through regularly scheduled training sessions throughout their careers, thus ensuring that every employee is aware of, and thoroughly understands, compliance issues.

The Group trains its employees so that even when the Group pursues new business ventures in areas where the regulatory structure is incomplete, they can return to the basic approach of laws and regulations, act sincerely in light of socially accepted ideas and common sense, and maintain strong self-discipline and legal awareness.

As the basic standards in areas that should be fulfilled at a bare minimum, the Group has formulated Group Minimum Standards,and based on these standers, the Group aims to achieve a level of compliance awareness that exceeds the boundaries of business lines.

Group Minimum Standards

  • Prevention of insider trading
  • Elimination of anti-social forces
  • Information security

The Group considers it extremely important for each employee to always maintain a high level of compliance awareness. We have therefore adopted a compliance-related program in training for new employees and a number of other internal training courses. We also give tests on compliance regularly through e-learning. At Daiwa Securities, we post a daily "Compliance Test" on our intranet and also feature a monthly compliance-related topic on our internal TV program which is aired every morning. Moreover, at Daiwa Securities' sales branches, the branch chief and the internal administrator lead an initiative, and the branch chief chairs a monthly compliance meeting in which all branch members participate. We have thus implemented various systems to keep the compliance awareness of all employees at a high level, and continue to foster awareness among employees.

Structure and Achievements of Whistleblowing System (Corporate Ethics Hotline)

In January 2003, the Group introduced a Corporate Ethics Hotline enabling reports to be made directly to Daiwa Securities Group Inc. corporate ethics officers or to outside lawyers. The hotline's primarily goal is the early detection and prevention of behavior that risks damaging the Group's corporate value. This includes violations of the Financial Instruments and Exchange Act and other laws, rules, and regulations. The whistleblowing system is available not only to executives and employees, including those working at affiliated companies and temporary workers, but also to anyone who works at the Group's offices.

In operating the system, the Group strives to protect whistleblowers and ensure their anonymity. The Group has a strict "no retaliation" policy that prohibits disadvantage of any kind (dismissal, demotion, pay cuts, cancellation of worker dispatch contracts, replacement, etc.) from being caused to the whistleblower for making the report. Group regulations also provide for the protection of whistleblowers, prohibiting people who have information on whistleblowers from being asked to disclose such information, and prohibiting inquiries into the identify of whistleblowers.

In terms of reporting methods, in addition to telephone and in-person reports, information can also be reported via the incident reporting page on the intranet and via email, allowing for reports to be made 24 hours a day, 365 days a year.
When the hotline is contacted, the corporate ethics officer, in cooperation with the officer responsible for whistleblower response operations at each Group company, carries out a factfinding investigation, while taking steps to protect the caller. In FY2023, 82 reports were received through the whistleblowing system.

Overseas worksites have similar whistleblowing systems as in Japan, including the establishment of internal and external contact points with English-speaking personnel and the protection of whistleblowers.

Corporate Ethics Hotline System

Matters to be reported; and number and breakdown of reports to Corporate Ethics Hotline

Matters to be reported FY2020 FY2021 FY2022 FY2023
No. of reports No. of reports No. of reports No. of reports
Harassment and other human rights violations Workplace bullying 27 19 23 43
Sexual harassment 2 5 3 7
Maternity harassment 0 1 0 0
Compliance violations* Violation of laws and regulations 6 1 3 4
Information management 0 1 0 1
Violation of internal rules 9 2 7 2
Workplace environment 9 15 14 11
Etiquette and civility 3 0 1 0
Expenses and costs 1 1 3 2
Labor management (time management) 0 0 2 4
Personnel and conditions 0 1 0 2
Other 0 2 8 6
Total 57 48 64 82
  • *internal rule violations, information management violations, corruption and bribery including excessive rewards or entertainments, violation of the Financial Instruments and Exchange Act and other laws, rules, and regulations

The Group seeks to ensure that anyone can use the Corporate Ethics Hotline without hesitation. To this end, it is working to raise awareness of the hotline via the Group newsletter and intranet, and making efforts to respond quickly when reports are received.

The Group is also taking steps to improve the hotline so that it operates not just as a measure to solve problems, but also as an effective deterrent to prevent problems before they occur.

Information Security

We at Daiwa Securities Group have established basic standards (the Group Minimum Standards) for information security measures to protect personal information entrusted to us by customers in a safe and precise manner. In line with the Standards, each of the Group companies has formulated rules on the protection and handling of personal information and has established its own privacy policy.

To protect customers' information including their Individual Numbers, Daiwa Securities take appropriate security measures such as isolating such information physically, controlling access and applying encryption technology, depending on the type of information. We also in principle bans employees from taking personal information out of the company. When it is absolutely necessary to take information out of the workplace for business purposes, we require employees to obtain the prior approval of an internal administrator or other superior and to keep records of removal and return, thereby ensuring the strict management of such information. Similarly, we strictly manage the removal of personal information via email and external storage media while also monitoring for any unauthorized use. We also take information security measures for contractors. At the time of and after signing an outsourcing contract with a third party, we thoroughly check the information management structure of the contractor and conduct on-site visits to examine its practices, depending on the situation.

No matter how much information is systematized, however, a human element always remains. We therefore focus on providing training on information management to executives and employees to eliminate human error.

We have developed and implemented a reporting flow in the event that an information leakage incident occurs. Based on this flow, the department where the incident occurred immediately shares the incident with the information security administrator and reports to the department with responsibility for information management. The incident is then reported to the management, including the officer who takes charge of overseeing information security. We deal resolutely with employees who have been involved in divulging information, such as by taking disciplinary action as determined by the Company, depending on the magnitude and maliciousness of the incident.

Information Security System
  • *3Provide Group minimum standards for Information Security
  • *4Provide Global Information Security Policy

Policy on Personal Information Protection and Security

Daiwa Securities Group considers that personal information is an important asset of individuals. We recognize that we have a heavy responsibility of appropriately protecting such information. Based on the Act on the Protection of Personal Information and other rules, we have established Privacy Policy, and comply with the Group's other rules, along with relevant laws and regulations. Recognizing the importance of personal information, we strive to appropriately protect and use customers' personal information.

Under the idea that the variety of information that we handle in business is an important asset, we have also established a policy to protect important information assets from various threats and maintain information security, as well as an emergency response policy. We implement appropriate risk management to reduce and avoid various risks, including confidentiality risk, integrity risk, and availability risk associated with information assets.

Implementation of Risk Assessments and Audits Concerning Personal Information Protection

Daiwa Securities Group implements risk control self-assessments (RCSAs) as a framework for controlling operational risks. The RCSA is a process in which those who perform work identify, understand, and assess operational risks on their own, analyze those risks based on frequency of occurrence and impact, and evaluate and verify the efficacy of risk mitigation efforts. We implement RCSAs regularly at major Group companies and also conduct a risk assessment on the protection of personal information as part of the RCSAs. The assessment results are reported to the Group Risk Management Committee. In response to the assessment results, each company carries out self-inspections to reduce the risks identified during the RCSAs. For example, Daiwa Securities conducts a self-inspection every month in an effort to build a structure in which self-cleansing action operates at work sites.
The organization responsible for internal auditing at each company (the Internal Audit Department of Daiwa Securities Group Inc. for some Group companies) conducts audits periodically from the standpoint of the third line of defense to check whether such RCSA initiatives function properly. Checks on the information security system of Daiwa Securities' sales branches are conducted by the Compliance Department, which is the second line of defense, during inspections at sales branches.

Creation of Governance System Concerning Protection of Personal Information

Daiwa Securities Group has established operation standards for information security measures (Group Minimum Standards) for the purpose of appropriately controlling various risks pertaining to information assets, including personal information. Based on these operation standards, Group companies have developed rules on the protection and handling of personal information.

In addition, we have appointed the executive officer overseeing the Compliance Control Department as Group Information Security Manager to maintain and control the information security of the entire Group. We also place an Information Security Manager at each Group company to maintain and control the information security of their own company.

The Information Security Managers at Group companies report to the Group Information Security Manager as appropriate regarding the information management structure of their companies. The compliance division provides support to Group companies to strengthen the Group's information management structure. The status of information management structures at Group companies and support provided to them are reported to the Group Compliance Committee. In this way, Daiwa Securities Group is working to strengthen the information management structure of the entire Group.

Training on Protection of Personal Information

Daiwa Securities Group provides a variety of training for all executives and employees to enable them to appropriately understand the handling of personal information and perform daily work based on relevant laws and regulations including the Act on the Protection of Personal Information, Group Minimum Standards for information security, and other related rules.

We provide training programs according to the position and years of employment of individuals, in addition to training for all employees. For example, we have programs for sales managers, internal administrators, and employees in their first to fifth year at the Group.

We handle a broad range of topics in training. Major topics include "Daiwa Securities Group's Information Security System," "Occurrence Trends of Information Leakage Incidents," "Disciplinary Action against Unauthorized Removal of Information," "Prohibited Matters in Use of Information Devices for Business Purposes," "Important Points When Using Emails," "Use of Social Media," and "Developing Awareness of Information Security." Through such training, we appropriately inform and raise the awareness of all executives and employees about the importance of building an information management structure and implementing initiatives for the protection of personal information.

Policy on Incident Investigations and Responses

At Daiwa Securities Group, if an information leakage incident occurs or may occur, the department where the incident occurred or may occur immediately shares the incident with the information security administrator and reports to the department with responsibility for overseeing information security (the "Managing Department"). The incident is then shared with the Information Security Manager. Prioritizing the protection of customer information, the department where the incident occurred works to recover leaked information and informs the affected customers of the facts of the leakage under the instructions of the Managing Department. At the same time, the department also immediately conducts an investigation into the incident and implements other measures necessary to ascertain the cause of the incident and prevent it from recurring. The details of the investigation are reported to the Managing Department, which then informs all departments of the incident and issues a warning. In this way, we make Group-wide efforts to prevent recurrence. We deal resolutely with employees who have been involved in divulging information, such as by taking disciplinary action as determined by the Company, depending on the magnitude and maliciousness of the incident.