Daiwa Securities Group has four corporate principles. They are “building trust,” “placing importance on personnel,” “contributing to society,” and “maintaining healthy earnings results.” The Group believes that compliance is a significant element for achieving these principles. The goal of the Group’s compliance activities is not merely to “comply with laws and regulations,” but to earn the trust of customers, markets, society, and stakeholders.
The compliance division of Daiwa Securities Group consists of the Compliance Control Department and the Compliance Department. The former is mainly responsible for overall compliance planning and formulation and also plays a role as a gatekeeper to the market. The latter is tasked with providing support to sales branches and headquarters departments and divisions. The two collaborate to build a compliance system, working concurrently for Daiwa Securities Group Inc. and its subsidiary Daiwa Securities.
At Daiwa Securities Group, the compliance system focuses on three key issues: securing the fairness and transparency of the market, eliminating any relations with anti-social forces (including countermeasures against money laundering and funding of terrorism), and maintaining information security. With these issues in mind, it supports Daiwa Securities and other Group companies.
At Daiwa Securities, the Compliance Department monitors transactions and solicitation by sales branches, identifies challenges and issues, and visits sales branches to check their business status and provide instructions. The department also regularly conducts on-site inspections. Moreover, it visits the work sites of headquarters departments and divisions directly, identifying issues and providing training support. In providing instructions and support, the department uses online tools when instructions and support are difficult to provide face-to-face due to the COVID-19 pandemic. The Customer Counseling Center, established within the Compliance Department, comprehensively handles customer feedback and complaints and reflects them in the business to improve customer satisfaction.
One of Daiwa Securities’ strengths lies in its stationing of full-time internal administrators belonging to the Compliance Department at all sales branches. The internal administrators work on improving the effectiveness of the PDCA cycle (plan, do, check, act) at each sales branch as compliance managers. They also cooperate closely with the Compliance Department in an effort to build a solid compliance system.
Staff members in the compliance division—the Compliance Control Department, the Compliance Department, and internal administrators at sales branches—total approximately 250 as of April 1, 2021. They are striving to strengthen Daiwa Securities Group’s compliance system.
Full Implementation of “Customer-First”
Daiwa Securities is taking measures in line with the compliance program to ensure the effective operation of our internal control system and strict compliance of our sales activities with laws and regulations. For FY2021, we set up the pillars outlined below, maintaining “Customer-First” as the keyword, as in the previous fiscal year.
- 1.Full implementation of “Customer-First Operations”—pursuit of the greatest benefit to customers
- 2.Reinforcement of countermeasures against money laundering/funding of terrorism
- 3.Exercising of proper functions as a gatekeeper to the market
- 4.Creation of firm information management systems
- 5.Strengthening of compliance systems of overseas worksites
Daiwa Securities markets various financial products, including stocks and investment trusts. When soliciting investment from customers, we ensure compliance with the principles of integrity and fairness, suitability, and self-responsibility, from the perspective of investor protection. We have adopted the practice of systematically providing continuous and thorough after-sale follow-ups, rather than leaving it to individual sales staff, especially when the market is trending downward. We believe that providing thorough, face-to-face explanations to customers and maintaining customer trust and a sense of security at times of market fluctuations are part of the practice of Customer-First for Daiwa Securities as a marketer of financial products. We will continue stepping up such initiatives going forward.
Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT)
The importance of anti-money laundering and countering the financing of terrorism (AML/CFT) has grown worldwide. Daiwa Securities Group complies with laws and regulations related to AML/CFT, and works on reinforcement of the effective preventive system based on a risk-based approach as an important management issue to ensure that Daiwa Securities Group is not used for money laundering or funding terrorism.
At Daiwa Securities Group Inc., we have appointed a person in charge of supervising AML/CFT for the entire group, and have set up a supervising department to promote countermeasures. The "AML/CFT Domestic Group Policy" and "AML/CFT Global Policy", which stipulate policies and operational guidelines for the AML/CFT management system, have been established, and domestic and overseas group companies have established each system in line with the policies.
<Major countermeasures for AML/CFT>
- Periodic confirmation of customer information at the time of opening an account and after opening an account
- Identification and evaluation of risks related to ML/FT in the products and services provided by the company
- Implement risk mitigation measures such as continuous customer management, transaction monitoring, and suspicious transaction reporting
- Implementation of training for executives and employees regarding AML/CFT
- Auditing the adequacy of AML/CFT management system by internal audit
<Customer and Client Inspection System>
- 1.We undertake the following procedures for all customers opening a new account with Daiwa Securities.
- (1)Screening using our own database constructed using information obtained from news reports, the Internet, and other sources
- (2)Screening using databases provided by public and other institutions
- (3)Utilization of overseas information provided by information vendors and other sources
- 2.We regularly check for matters of concern related to existing customers and conduct further investigation if necessary. When a problem is identified, we promptly terminate or exclude trading.
- 3.We strive to obtain the latest information in collaboration with the police, and other external organizations aimed at eradicating anti-social forces.
- 4.We conduct training for executives and employees at our Group companies every year. The training is designed to raise their awareness of the importance of eradicating anti-social forces and AML/CFT, as well as to share knowledge of the latest laws and regulations, and relevant cases.
- 5.When entering into new transactions with external service providers and other businesses, we check in advance whether or not such parties are anti-social forces. We conduct similar checks every year for existing clients as well to see whether there are any changes to the situation.
Securing the Fairness and Transparency of the Market
～Prevention of unfair transactions such as insider trading～
Daiwa Securities Group thoroughly complies with related laws and regulations, including insider trading regulations, and strives to ensure market fairness and transparency. In accordance with the procedures stipulated by laws and regulations, we will properly conduct transactions with customers and our own transactions with a high awareness of compliance.
Daiwa Securities Group is working to secure the fairness and transparency of the market from two standpoints. These are how to check and prevent illicit transactions by customers and by Daiwa Securities itself.
To prevent illegal transactions by customers, Daiwa Securities checks daily transactions by extracting deals that go beyond certain criteria, such as whether they have an excessive impact on the market. In particular, in order to prevent insider trading from occurring, we ask about customers’ place of employment and positions within their companies before registering their information. This practice allows us to check transactions as soon as trading orders are placed by customers who are in a position to acquire insider information. We also check the past transactions conducted with us retroactively when timely disclosure is made of important information.
To prevent illicit transactions by Daiwa Securities itself, we also check daily transactions by extracting deals that go beyond certain criteria for both proprietary trading and trading by executives and employees. From the perspective of preventing insider trading, we strictly manage not just material facts of listed companies but also broader information related to corporations, and review suspicious transactions. We have also introduced a system for managing corporation-related information, keeping track of people obtaining information and where information has been sent. Through these efforts, we have developed a structure for preventing illegal transactions. In addition, all executives and employees make an annual pledge to comply with relevant laws and regulations.
Preventing Conflict-of-Interest Transactions between Group Companies
Conflict-of-interest transactions can occur between Daiwa Securities Group Inc. and Group companies in situations such as intra-Group transactions. Daiwa Securities Group applies rules regarding conflicts of interest stipulated by Japan’s Companies Act to the Executive Management Committee as well as the Board of Directors. Conflicts of interest between Daiwa Securities Group Inc. and Group companies are appropriately prevented through a rule prohibiting an executive officer from voting when he or she concurrently serves as an officer of an interested Group company and thus has a special interest in a matter to be decided.
Fostering Compliance Awareness
Daiwa Securities Group considers it extremely important for each employee to always maintain a high level of compliance awareness. We have therefore adopted a compliance-related program in training for new employees and a number of other internal training courses. We also give tests on compliance regularly through e-learning. At Daiwa Securities, we post a “Personal Information Check Test” and “Compliance Digest” every Monday on our intranet and also broadcast compliance-related content about 10 times a year in our internal TV program which is aired every morning. Moreover, at Daiwa Securities’ sales branches, the branch chief and the internal administrator lead an initiative to provide training and instructions suited to each workplace on a daily basis. The branch chief also chairs a monthly compliance meeting in which all branch members participate. We have thus implemented various systems to keep the compliance awareness of all employees at a high level, and continue to foster awareness among employees.
Structure and Achievements of Whistleblowing System (Corporate Ethics Hotline)
Since January 2003, the Group has operated a Corporate Ethics Hotline for all executives and employees, including those working at affiliated companies and temporary workers; the hotline enables employees to report problems in the workplace directly to Daiwa Securities Group Inc. corporate ethics officers or to outside lawyers.
The hotline’s primarily goal is the early detection and prevention of behavior that risks damaging the Group’s corporate value. This includes violations of the Financial Instruments and Exchange Act and other laws, rules, and regulations.
The hotline enables anonymous reporting; Group executives and employees are forbidden to retaliate or cause detriment of any kind (dismissal, demotion, pay cuts, cancellation of worker dispatch contracts, replacement, etc.) in relation to reports by whistleblowers.
Group regulations also provide for the protection of whistleblowers, forbidding Group executives and employees from asking people who have information on whistleblowers to disclose such information, and from identifying callers or searching for any other information about them in relation to reports. Email reports are accepted 24 hours a day, 365 days a year.
When the hotline is contacted, the corporate ethics officer, in cooperation with the internal control officers at each Group company, carries out a factfinding investigation, while taking steps to protect the caller. In FY2020, 57 reports were received through the whistleblowing system.
Similarly, overseas group companies also operate a Corporate Ethics Hotline. The hotline is designed to ensure the protection of whistleblowers and is available in English and Japanese.
Matters to be reported
All behavior that risks damaging the Group’s corporate value, including the behavior outlined below:
- Harassment (bullying, power harassment, sexual harassment, maternity harassment, etc.) and other human rights violations
- Compliance violations (internal rule violations, information management violations, corruption and bribery including excessive rewards or entertainments, violations of the Financial Instruments and Exchange Act and other laws, rules, and regulations, etc.)
- Behavior related to workplace environments
- Behavior related to etiquette and manners
- Behavior related to expenses and costs
- Behavior related to labor management (time management, etc.)
|Internal rule violations||9||16%|
|Etiquette and manners||3||5%|
|Expenses and costs||1||2%|
The Group seeks to ensure that anyone can use the Corporate Ethics Hotline without hesitation. To this end, it is working to raise awareness of the hotline via the Group newsletter and intranet, and making efforts to respond quickly when reports are received.
The Group is also taking steps to improve the hotline so that it operates not just as a measure to solve problems, but also as an effective deterrent to prevent problems before they occur.
Important Issues for FY2021 and Beyond
We will continue with our initiatives toward the full implementation of “Customer-First Operations.” At the same time, we will continue to reinforce our countermeasures against money laundering and funding of terrorism as a challenge for particular focus in FY2021. It is imperative that we comply with set rules, but we consider that the goal of our initiatives should not only be to achieve such adherence. Compliance is a common theme that must be addressed by the entire securities industry and it is also a matter of trust in the industry as a whole. We will therefore exchange information with industry peers and proceed with measures while sharing good practices with each other. Daiwa Securities Group will strive to strengthen compliance as a leading company in the industry going forward, and will make efforts to contribute to enhancing trust in the entire securities industry.
We at Daiwa Securities Group have implemented numerous information security measures to protect personal information entrusted to us by customers in a safe and precise manner.
In many personal information leakage incidents arising in recent years, leakage has occurred at third parties to which operations have been entrusted. Accordingly, at the time of and after signing an outsourcing contract with a third party, we thoroughly check the information management structure of the party. We also conduct on-site visits before outsourcing to examine the business practices of the potential outsourcing contractor.
Following the enforcement of the My Number Act (the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures) in October 2015, we now ask customers to provide us with their Individual Numbers. We have controlled access to information entrusted to us by customers, including Individual Numbers, by isolating such information physically and managing it with extra care. No matter how much information is systematized, there always remains a human element. To ensure that a mistake does not occur, we focus on training for sales personnel to recognize the importance of information management, while keeping the number of employees authorized to access personal information at the minimum level necessary. Daiwa Securities also in principle bans employees from taking personal information out of the company. When it is absolutely necessary to take information out for business purposes, we require employees to obtain prior approval from an internal administrator or other superior and to keep records of removal and return, thereby strictly managing such information. Similarly, we strictly manage removal of personal information using emails and external storage media, while constantly monitoring whether there is any unauthorized use. Moreover, since some of the documents received from customers are paper-based, we prepare special storage files to avoid the risk of losing documents within the company.
In addition, we have developed and implemented a reporting flow in the event that an information leakage incident occurs. Based on this flow, the department where the incident occurred immediately shares the incident with the information security administrator and reports to the department with responsibility for information management. The incident is then reported to the management, including the officer who takes charge of overseeing information security.
Policy on Personal Information Protection and Security
Under the idea that the variety of information that we handle in business is an important asset, we have also established a policy to protect important information assets from various threats and maintain information security, as well as an emergency response policy. We implement appropriate risk management to reduce and avoid various risks, including confidentiality risk, integrity risk, and availability risk associated with information assets.
Implementation of Risk Assessments and Audits Concerning Personal Information Protection
Daiwa Securities Group implements risk control self-assessments (RCSAs) as a framework for controlling operational risks. The RCSA is a process in which those who perform work identify, understand, and assess operational risks on their own, analyze those risks based on frequency of occurrence and impact, and evaluate and verify the efficacy of risk mitigation efforts. We implement RCSAs regularly at major Group companies and also conduct a risk assessment on the protection of personal information as part of the RCSAs. The assessment results are reported to the Group Risk Management Committee. In response to the assessment results, each company carries out self-inspections to reduce the risks identified during the RCSAs. For example, Daiwa Securities conducts a self-inspection every month in an effort to build a structure in which self-cleansing action operates at work sites.
The organization responsible for internal auditing at each company (the Internal Audit Department of Daiwa Securities Group Inc. for some Group companies) conducts audits periodically from the standpoint of the third line of defense to check whether such RCSA initiatives function properly. Checks on the information security system of Daiwa Securities’ sales branches are conducted by the Inspection Section of the Compliance Department, which is the second line of defense, during inspections at sales branches.
Creation of Governance System Concerning Protection of Personal Information
Daiwa Securities Group has established operation standards for information security measures (Group minimum standards) for the purpose of appropriately controlling various risks pertaining to information assets, including personal information. Based on these operation standards, Group companies have developed rules on the protection and handling of personal information.
In addition, we have appointed the executive officer overseeing the Compliance Control Department as Group Information Security Manager to maintain and control the information security of the entire Group. We also place an Information Security Manager at each Group company to maintain and control the information security of their own company.
The Information Security Managers at Group companies report to the Group Information Security Manager as appropriate regarding the information management structure of their companies. The compliance division provides support to Group companies to strengthen the Group’s information management structure. The status of information management structures at Group companies and support provided to them are reported to the Group Compliance Committee. In this way, Daiwa Securities Group is working to strengthen the information management structure of the entire Group.
Training on Protection of Personal Information
Daiwa Securities Group provides a variety of training for all executives and employees to enable them to appropriately understand the handling of personal information and perform daily work based on relevant laws and regulations including the Act on the Protection of Personal Information, Group minimum standards for information security, and other related rules.
We provide training programs according the position and years of employment of individuals, in addition to training for all employees, as the roles and knowledge required of each employee vary, depending on their situation and position. For example, we have programs for sales managers, internal administrators, and employees in their first to fifth year at the Group.
We handle a broad range of topics in training. Major topics include “Daiwa Securities Group’s Information Security System,” “Occurrence Trends of Information Leakage Incidents,” “Disciplinary Action against Unauthorized Removal of Information,” “Prohibited Matters in Use of Information Devices for Business Purposes,” “Important Points When Using Emails,” “Use of Social Media,” and “Developing Awareness of Information Security.” Through such training, we appropriately inform and raise the awareness of all executives and employees about the importance of building an information management structure and implementing initiatives for the protection of personal information.
Policy on Incident Investigations and Responses
At Daiwa Securities Group, if an information leakage incident occurs or may occur, the department where the incident occurred or may occur immediately shares the incident with the information security administrator and reports to the department with responsibility for overseeing information security (the “Managing Department”). The incident is then shared with the Information Security Manager. Prioritizing the protection of customer information, the department where the incident occurred works to recover leaked information and informs the affected customers of the facts of the leakage under the instructions of the Managing Department. At the same time, the department also immediately conducts an investigation into the incident and implements other measures necessary to ascertain the cause of the incident and prevent it from recurring. The details of the investigation are reported to the Managing Department, which then informs all departments of the incident and issues a warning. In this way, we make Group-wide efforts to prevent recurrence.