IT Strategy and Management of Systems Risk
Daiwa Securities Group has raised pursuing the best mix of digital and real as one of its basic policies for the Medium-Term Management Plan “Passion for the Best” 2023. Based on this basic policy, the Group is advancing a digital strategy intended to achieve a higher top lines and more sophisticated, efficient business by fusing the respective strengths of its people and data/digital technologies starting from those of data.
IT Organization and Structure
The Group IT Strategy Committee is established at Daiwa Securities Group Inc. as a sub-committee of the Executive Management Committee, and the IT Strategy Committee is created at Daiwa Securities as a subcommittee of the Management Committee. These subcommittees serve to deliberate and decide upon matters for accelerating decision-making involving the integration of management and IT strategies, as well as involving IT investments, and for enhancing the efficiency of IT investments.
Amid a rapidly changing and difficult-to-predict business environment, the Group has established and is strengthening its digital transformation (DX) promotion system. Daiwa Securities is transforming to a "data-driven" business model that aims to increase business efficiency and improve the top line by analyzing, researching, and utilizing data. An example of this is the establishment of a new Data-Driven Promotion Council which is chaired by the president and attended by each headquarters. The company is also putting effort into developing IT personnel, such as establishing the new "Digital IT Master Certification System" for developing human resources that can leverage advanced digital technologies to create business innovation as well as the new "Daiwa Digital College," the aim of which is for all employees to acquire the IT skills and information analysis skills necessary for achieving DX.
IT investment
The Group has been investing in IT in order to provide products and services responding to customer needs from the perspective of customer-oriented operations, develop infrastructure to ensure business efficiency and safety, comply with laws and regulations, and enhance risk management. In FY2021, we promoted efforts toward expanding points of contact with customers, such as building a new CRM system*1 to support the consulting services of our sales staff, revamping our Internet service with the aim of creating a more customer-friendly screen and menu structure, and adapting systems for collaboration with Japan Post Group in relation to discretionary investment management services. In addition, we proceeded to build an infrastructure for storing and analyzing data so that all Daiwa Securities officers and employees can make data-driven decisions, and we worked on improving the efficiency of middle- and back-office operations and introducing a zero trust*2 security infrastructure.
- *1 A customer relationship management (CRM) system is one that centrally manages customer information such as customer contact histories and transaction records.
- *2 A security concept of verifying the security of every access to data systems requiring protection, whether internal or external, without trusting them.
Systems risk management
Daiwa Securities Group has worked to maintain and enhance the management of systems risk in order to reliably provide high-quality services to customers while protecting information assets from various threats and risks originating from inside or outside the company. Recognizing the importance of cyber security as a group management issue, we are working to strengthen systems for detecting and monitoring cyberattacks. At the same time, we continue to work toward improving our defense and resilience to cyberattacks, collaborating with outside organizations in an effort led by a dedicated organization (Daiwa-CSIRT*) that works throughout the Group.
In improving our cyber security management systems, we are considering specific measures in light of cyberattack trends, periodic penetration tests and vulnerability assessments by external specialist firms, and risk assessments conducted within the Group based on these results. During the current Medium-term Management Plan, we plan to enhance "technical measures," "operational resilience," and "governance." Specifically, we are putting effort into strengthening technological measures, centered around development of zero trust security infrastructure, as well as personnel measures, including raising the awareness of officers and employees through enhanced education and training. In addition, we are strengthening the governance of domestic and overseas group companies through the development of a global policy, and we are proceeding to develop systems to prevent damage from cyberattacks and to prevent any damage from spreading both within and outside the Group.
- *Computer Security Incident Response Team: The organization that manages cyber security across departments.