Administrative action against Monex, Inc.
March 24, 2009 Financial Services Agency Administrative actions against Monex, Inc. As a result of an inspection by the Securities and Exchange Surveillance Commission against Monex, Inc. (hereinafter referred to as "the Company"), the following fact was found to have violated laws and regulations. On March 13, 2009, a recommendation was made to seek administrative action.Opens in a new window. ○ Situation in which the management of the electronic information processing system for the financial instruments business is recognized as inadequate In accordance with the order, on July 7 of the same year, "Regarding the report based on the business improvement order under Article 56, Paragraph 1 of the Securities and Exchange Law" (hereinafter referred to as (referred to as an "Improvement Report") to the Commissioner of the Financial Services Agency, requesting improvements from the outsourcing contractor, continuously confirming the implementation status of the improvement by the Company, and reporting on improvement measures by the Company. However, regarding the implementation status of the above improvement measures, etc., the management team only receives reports from the Technology Department, which is the main body of improvement activities related to the management of the electronic information processing system. (2) did not set specific policies for improvement activities; (3) did not set evaluation standards for improvement activities; As described above, it is still recognized that the management of the electronic information processing system is insufficient. 1. Status of implementation of improvement measures by outsourcing contractors We did not understand how improvements were being implemented by outsourcing contractors, and many omissions occurred. 2. Implementation status of improvement measures at our company In the improvement report, our company listed the following points as improvement items, but the improvement status is not recognized as sufficient. In addition, it cannot be recognized that the Business Improvement Support Office, which is in the position of auditing the improvement status based on the improvement report, was conducting effective verification of each improvement item. (1) Strengthening ASP (Application Service Providers, Outsourced Contractors) Management System was created to evaluate the outsourcing contractor, but the evaluation of the ASP performed by the Company was a self-evaluation by the ASP, and the Company requested supporting materials regarding the results of the self-evaluation. No subjective evaluation. (2) Measures to prevent system failures caused by capacity shortages In the improvement report, we stated that we would verify the adequacy of the capacity management standards of each ASP. No specific threshold was set for the standard, and nine system failures due to insufficient capacity occurred between April 2008 and October 2008. (3) Measures to prevent system failures caused by design errors or test omissions In the improvement report, the company stated that it would clarify the responsibility and procedures as review rules, but the improvement items were not properly implemented. A system failure was caused due to the fact that the (4) Measures to prevent system failures caused by operational errors In the improvement report, the Company will proactively implement change management of the Company's system, and confirm in advance the scope of correction, scope of impact, and recovery methods in the event of a failure. Although it was planned to carry out such measures, system failures occurred and expanded due to failure to confirm the extent of impact, etc. (5) Ensuring the effectiveness of recurrence prevention measures In the improvement report, the Company stated that it would confirm and verify the implementation status of measures to prevent recurrence of system failures, and report to the compliance meeting. It cannot be recognized that the confirmation of the implementation status of (6) Strengthening the verification system In the improvement report, the Company stated that the system department would hold a meeting to verify recurrence prevention measures. The content has not been verified. (7) External system audit Although the company stated in the improvement report that it would conduct an external system audit, it did not conduct an external system audit at all during the period from the submission of the improvement report until the inspection reference date. The status of the operation of the above business at our company is based on Article 40, Item 2 of the Financial Instruments and Exchange Law, and Article 123, Item 14 of the Cabinet Office It is recognized that it falls under the situation where it is recognized that the management of the information processing organization is insufficient. In addition, as a major Internet-only securities company, we are required to develop and operate systems with strong fault tolerance and to develop a sufficient system for responding appropriately in the event of a fault. However, as mentioned above, the remedial measures submitted to the agency in response to past administrative dispositions have not been properly implemented, and it is necessary to review the system that caused these problems and to implement the remedial measures without fail. recognized to be. Based on the above, the following administrative actions were taken against the company today. [Business Suspension Order] From April 1, 2009 (Wednesday) to June 30, 2009 (Tuesday), new business development accompanied by system development (excluding those individually approved by the Agency). ) stop. [Business Improvement Order] (1) Investigate the cause of the failure to properly implement the improvement measures reported to the agency in response to the previous business improvement order, review the business management system and internal control system, and Clarify the location of responsibility, including (2) Make necessary reviews of the improvement measures reported to the agency in response to the previous business improvement order, and implement them appropriately. (3) As part of the improvement measures in (2) above, conduct an external system audit of the entire system to verify the effectiveness of system management and develop a system based on the results. (4) When implementing the improvement measures in (2) above, establish a system necessary to properly monitor the improvement status. (5) To reaffirm the importance of system management to officers and employees, and to implement the necessary system maintenance and training, etc., in order to ensure an appropriate business operation system. (6) Regarding (1) to (5) above, by April 23, 2009 (Thursday). by (Tuesday) and every three months thereafter), and from time to time as necessary, in writing.
View original