Cybersecurity System

Basic Stance

While transactions using the Internet and smartphones have increased with the remarkable development of digital technology in recent years, the Bank has been working to expanded services that rely on digital channels.
On the other hand, the advance in sophistication and skill in methods of cyberattacks has brought increasing risk to financial institutions.
JAPAN POST BANK regards the risk of cyberattacks as one of the top risks for management, and works to continuously strengthen the cybersecurity system through management initiative.

Governance System

In order to strengthen the cybersecurity system through management initiative, JAPAN POST BANK has established an organization dedicated to cybersecurity (the Cybersecurity Department) under the President and Representative Executive Officer, and the Chief Information Security Officer (CISO).By providing reports on a regular and ad hoc basis to the Board of Directors and the Executive Committee, the Bank has developed a governance system that allows for timely, appropriate management decisions in accordance with changes in the environment.
The status of IT system management, including cybersecurity, is regularly discussed by the Risk Committee, an advisory body to the Board of Directors, and reported to the Board of Directors at least once a year, thus the Board of Directors has an oversight function regarding cybersecurity measures.

Japan Post Group Executive Declaration on Cybersecurity

As a member of the Japan Post Group, the Bank expressed the Japan Post Group Executive Declaration on Cybersecurity.

Related Information

Japan Post Group Executive Declaration on Cyber Security

Management System

JAPAN POST BANK has established several professional cybersecurity organizations, including JPBank CSIRT (Computer Security Incident Response Team), which serves to prevent cyber incidents and respond in the event one actually occurs, and JPBank SOC (Security Operation Center), which monitors logs from security devices, network equipments, and other sources to detect and analyze any indications of cyber incidents, as part of our ongoing efforts to protect against cyberattacks. In order to ensure that we can precisely and rapidly engage in information sharing, decision making, public relations, and countermeasures in the event of an incident, the Bank conducts regular drills and exercises. We also actively participate in outside activities, including drills and exercises organized by the Financial Services Agency of Japan and the Metropolitan Police Department.
Moreover, the Bank works to strengthen its cybersecurity system in accordance with third party assessments and recommendations based on the FFIEC-CAT, which is used internationally as a tool to evaluate the management systems of financial institutions.
In addition, the Bank has prepared multilayer detection and defense measures, including analysis of and countermeasures against new modes of attack, through cooperation with government offices, other companies in the industry, and related associations.

FFIEC-CAT evaluations

1. Cyber Risk Management and Oversight (governance, risk management, resources, training and culture)
2. Threat Intelligence and Collaboration (threat intelligence, monitoring and analyzing, information sharing)
3. Cybersecurity Controls (preventative controls, detective controls, corrective controls)
4. External Dependency Management (connections, relationship management)
5. Cyber Incident Management and Resilience (incident resilience planning and strategy, detection, response, and mitigation, escalation and reporting).

Developing Human Resources to Support Cybersecurity

In today's world where use of cloud services, AI, and other digital technologies only continues to increase, taking actions with an awareness of cybersecurity risks in all manner of situations as part of business activities has become essential. In order to strengthen the management base to become a more trusted bank, JAPAN POST BANK assigns professional cybersecurity experts. Similarly, we systematically organize the required skills, promote human resources development in a planned manner in line with the responsible duties and skills, and enhance the expertise of human resources for this purpose.
Moreover, the Bank raises awareness of cybersecurity among every employee, including those involved in management, and actively provides the basic.

Developing Professional Cybersecurity Experts

In order to promote cybersecurity system enhancements and put protections against cyberattacks into practice, JAPAN POST BANK formulates training plans based on the required professional knowledge and experience, provides skills training courses and assistance for acquiring certifications, and conducts annual incident response drills.
Moreover, the Bank actively participates in outside initiatives, including the Financials ISAC Japan, an organization established to share information among the financial sector, as well as various training programs organized by the Financial Services Agency of Japan and the Metropolitan Police Department. Through these endeavors, we accumulate professional knowledge and experience in order to strengthen our implementation frameworks.

Cybersecurity Education

In order to chart a greater awareness of and provide more in-depth basic knowledge on cybersecurity, JAPAN POST BANK conducts cybersecurity training for managements as well as targeted e-mail attack drills for all executives and employees (including non-regular employees).
In addition, the publication of an internal informational magazine that regularly alerts employees to cyberattacks and informs them of response measures (including what to do if an employee discovers a cybersecurity problem in addition to the necessary measures to address the threat of cyberattacks). We also provide e-learning contents designed to teach everything from basic knowledge to the latest expert-level knowledge, in an effort to educate employees.

Major Cybersecurity Initiatives

In order to enable our customers to use services provided through digital channels with a greater level of safety and security, JAPAN POST BANK is advancing efforts to enhance our cybersecurity system and to protect against cyberattacks on a daily basis. These efforts include strengthening identity verification and authentication processes, anti-virus measures, vulnerability responses, threat trend analyses, cyberattack detection, and fraudulent transaction monitoring.

• Strengthening Identify Verification
  Introduced eKYC (electronic Know Your Customer: A technology that compares smart cards from personal identification documents with facial information photographed at the time of registration to complete identity verification entirely online) to prevent fraudulent registration impersonating customers.
• Strengthening Identify Authentication
  Introduced an authentication app that complies with FIDO (Fast Identity Online:international standards for online authentication) to further strengthen authentication during important transactions, such as money transfers, and introduced Token, a device for generating passwords that can only be used once (one-time passwords).
• Anti-virus Measures
  Free distribution of PhishWall Premium, a software designed to prevent fraudulent money transfers by detecting.
• Vulnerability Countermeasures
  Collecting daily cyberattack threat and vulnerability information and implementing countermeasures for them, as well as conducting TLPT^*2 (Threat-based Penetration Testing) aimed at enhancing our ability to defend against breaches to our systems caused by attacks.
• Fraudulent Transaction Monitoring
  Monitor unauthorized access to Internet banking systems and prevent damage from fraudulent money transfers, etc.

Related Information

Security measures of Japan Post Direct (Japanese only)