Introduction

In October 2024, the Financial Services Agency revised its "Guidelines on Cybersecurity in the Financial Sector." The background to this is the increasing risk of cyber attacks due to the advancement of digitalization and rising geopolitical risks. There is a growing movement both domestically and internationally to require financial institutions to strengthen security, including data protection.

Here, ​We will introduce the major guidelines and laws that must be complied with and reaffirm the importance of data protection.

Two reasons why you should take action on data protection

If data held by a financial institution (customer personal and financial information) were to be leaked, broadly speaking, there are two types of serious damage that could occur:

1) Damage to customer information and financial assets

Data leakage may result in secondary damage, such as misuse by third parties.

② Loss of credibility as a company and negative social impacts

Financial institutions may become victims of fraud or unauthorized access. Furthermore, if the financial institutions themselves are targeted by cyber attacks, their systems may be paralyzed and services to customers may be suspended.

In other words, data protection is not just an issue that concerns the profits of financial institutions; it has the potential to have serious implications for society as a whole, making data protection an important issue from a societal perspective as well.

Industry Guidelines

In light of the increasing risks to financial systems, the Financial Services Agency and related organizations are providing a framework for financial institutions to strengthen their cybersecurity measures and protect customer data.

■Reference:
・Security Measures Standards and Manual for Computer Systems of Financial Institutions, etc. (12th Edition)

　- https://www.fisc.or.jp/publication/book/006241.php

・Guidelines for Cybersecurity in the Financial Sector

　- https://www.fsa.go.jp/news/r6/sonota/20241004/18.pdf

The following is a document summarized by Macnica based on the main guidelines and procedures issued in Japan and their descriptions related to data protection.

Financial regulations of each country

Financial-related laws and regulations are not limited to Japan; similar efforts are being made around the world. In foreign countries, some laws impose penalties in the event of violations or incidents, so companies doing business overseas need to pay even more attention.

Example:
PCI-DSS 4.0.1

・SWIFT Customer Security Controls Framework v2025

・Monetary Authority of Singapore(MAS) Technology Risk Management Guidelines etc..

Below is a document created by Macnica that clearly summarizes the relevant regulations of each country and the Fortanix product features that can be utilized (highlighted points).

Available Fortanix features

The abbreviations listed in the section on national regulations are as follows. Each of these can be achieved with Fortanix products.

Key management solutions necessary in the cloud era

Fortanix provides a centralized Data Security Manager (DSM) that separates key management from the cloud, making it simpler and more robust to protect encrypted data.

For more information on data protection itself, please see the following page:

A simple explanation of the basics! What is data protection?

We are also offering a free on-demand seminar for those who would like to learn more.

\On-demand seminar "Current zero trust measures are not enough! The importance of "data protection""/

Inquiry

If you have any other requests or questions, please contact us using the contact button below.