The Group Digital Strategy Committee is established at Daiwa Securities Group Inc. as a sub-committee of the Executive Management Committee, and the Digital Strategy Committee is created at Daiwa Securities as a subcommittee of the Management Committee. These subcommittees serve to deliberate and decide upon matters for accelerating decision-making involving the integration of management and IT strategies, as well as involving IT investments, and for enhancing the efficiency of IT investments. Furthermore, amid a rapidly changing and difficult-to-predict business environment, the Group is fostering the implementation of digital projects, thereby strengthening its digital transformation (DX) promotion system. The company is also putting effort into improving digital literacy of all employees by introducing "Digital IT Master Certification System" for developing human resources that can leverage advanced digital technologies to create business innovation as well as the "Daiwa Digital College," the aim of which is to acquire the basic skills for utilizing digital data and practical skills for actual business.

In order to achieve our Group's management policy of "maximizing the value of customer assets," we are making capital investments to pursue digital innovation using technologies such as generative AI and Web 3.0^*, develop infrastructure to ensure the efficiency and safety of our business, comply with laws, regulations and systems, and enhance risk management.
During FY2024, we worked to improve our total asset database and expand the consulting tools available to our sales staff, so that we can analyze and propose optimal portfolios based on a deeper understanding of our customers. Furthermore, with the aim of dramatically expanding the amount of time that sales staff spend with customers, we have introduced a system that automatically records and summarizes conversations during meetings with customers. Also, we have built an online sales platform that enables customers to place orders for a wide variety of products and securities in Daiwa's online trading. In addition, as an investment in cutting-edge technology, we developed and introduced the AI Operator Service in October 2024, which provides conversational responses to inquiries about market information and general administrative procedures using voice generated by generative AI, thereby improving customer convenience and providing a new customer experience. Additionally, in preparation against wide-area natural disasters, we have established data centers in remote locations to ensure our operational resilience^*.

• *Operational resilience: Robustness and recoverability of business operations and the ability to ensure the continuity of minimum required operations and services even in the event of systems failures, cyberattacks or natural disasters.

Daiwa Securities Group has worked to maintain and enhance the management of systems risk in order to reliably provide high-quality services to customers while protecting information assets from various threats and risks originating from inside or outside the company. Recognizing the importance of cyber security as a group management issue, we are working to strengthen systems for detecting and monitoring cyberattacks. At the same time, we continue to work toward improving our defense and resilience to cyberattacks, collaborating with outside organizations in an effort led by a dedicated organization (Daiwa-CSIRT^*) that works throughout the Group.
In improving our cyber security management systems, we are implementing specific measures in light of cyberattack trends, periodic penetration tests and vulnerability assessments by external specialist firms, and risk assessments conducted within the Group based on these results. During the current Medium-term Management Plan, we are enhancing "technical measures," "operational resilience," and "governance" as in the previous fiscal year. Specifically, we are putting effort into managing Group companies appropriately based on their respective cyber risks; optimizing our cyber measures and the related costs; advancing and increasing the efficiency of AI-based security measures; and enhancing education and training for officers and employees.
In addition, to prevent unauthorized accesses and improper trading, we are making use of external services and specialist companies for the constant monitoring and closing of phishing sites, introduction of multi-factor authentication for online trading logins, and enhance various other measures against improper trading.
Also, we are implementing measures to enhance and increase the effectiveness of our system to ensure the continuity of essential operations even in the event of wide-area natural disasters such as earthquakes and typhoons and large-scale system failures. We are thus working to make improvements so that we can continue to provide customers with services in a stable manner even in case of disasters.

• *Computer Security Incident Response Team: The organization that manages cyber security across departments.