IT Strategy and Management of Systems Risk

Under its Medium-Term Management Plan, “Passion for the Best” 2020, Daiwa Securities Group is promoting the IT strategy (basic IT policy) of establishing an IT platform that provides momentum for the digital transformation. The Group is also working to further strengthen IT governance in order to address the diversification of its business portfolios and the evolution of technology.

IT governance Structure

The Group IT Strategy Committee is established at Daiwa Securities Group Inc. as a sub-committee of the Executive Management Committee, and the IT Strategy Committee is created at Daiwa Securities as a subcommittee of the Management Committee. These committees deliberate and decide medium- and long-term IT investment policies and plans after taking into account business needs and trends in the business environment, such as systems and regulations.

Against a backdrop of globally tightening financial regulations, increasingly serious and sophisticated cyberattacks, greater digitalization enabled by technological evolution, and unbundling of financial services, the chief information officer (CIO) has been placed in charge of overseeing all IT-related operations across the Group, including overseas bases and in new business lines based on hybrid strategies, to ensure Group-wide risk management and business innovation. By managing IT resources and further strengthening collaboration within the Group, the CIO is working to enhance the Group’s IT capabilities.

Status of IT investment

The Group has been investing in IT in order to provide products and services responding to customer needs from the perspective of customer-oriented operations, promote a digital transformation which aims at improving the efficiency of existing business and advance business innovation and business process innovation in order to engage in high value-added business, establish basic infrastructure that is indispensable to the continuation of business, comply with legal requirements, and enhance the risk management system.

In FY2019, the Group established an environment in which employees can focus more on further improvement of customer satisfaction, such as by introducing business terminals and communication tools that are premised on telecommuting in order to enable working efficiently regardless of location, and increase the frequency of contact with customers. In addition, the Group streamlined the business process, such as account opening, etc., by introducing paperless processes and automation, and launched a new accumulation investment service, which allows customers to set and manage funding conditions according to their purpose. The Group also worked on increasing the sophistication of risk management such as by strengthening measures against cyber-attacks and money laundering.

Systems risk management

Daiwa Securities Group has worked to maintain and enhance the management of systems risk in order to reliably provide high-quality services to customers while protecting information assets from various threats and risks originating from inside or outside the company. In light of the growing threat of cyber-attacks over the past few years, we recognize the importance of cybersecurity as a group management issue, and have accordingly established a cybersecurity management system centered on Group-wide Daiwa-CSIRT*.

In recent years, new attack methods have been reported, including those that target terminals used for telecommuting and those that infiltrate networks through Group companies, business partners, and contractors. Therefore, the Group continues to collect and analyze the latest information on cyber-attack methods and vulnerability while coordinating with external organizations and companies, and continues to work toward improving its resistance and resilience to cyber-attacks.

  • *Computer Security Incident Response Team: the organization that manages cyber security across departments