Financial Services Agency

SaxoKanto Local Finance Bureau September 18, 2020 Regarding Administrative Actions against Securities Co., Ltd. 1. Saxo Securities Co., Ltd. (head office: Minato-ku, Tokyo, corporate number 8010401082810) (hereinafter referred to as "our company"), on July 31, 2020, the Financial Instruments and Exchange Law (Law No. 25 of 1948) No. 56 When we requested a report based on the provisions of Article 2, Paragraph 1 and the Act on the Protection of Personal Information (Law No. 57 of 2003), Article 40, Paragraph 1, we found the following facts. An outsourcing company that manages the personal information of our customers has been illegally accessed by a third party, and a large number of personal information (names, dates of birth, addresses, e-mail addresses, etc. of 750 customers) for 38,026 customers Including image data such as identification documents such as driver's licenses, passports, individual number cards, etc.)))), sufficient recurrence prevention measures have not been taken regarding system risk management and outsourcing contractor management. 2. Based on the above, the following administrative actions were taken against the Company today pursuant to the provisions of Article 51 of the Financial Instruments and Exchange Act. [Business Improvement Order] (1) After thoroughly clarifying the incident and conducting a deep analysis of the cause of the incident, the system will be implemented in order to fulfill the obligation to take security control measures for personal information and the obligation to supervise outsourced contractors. Construct a system to ensure proper and reliable business operations with regard to risk management and outsourcing contractor management. (2) Continue to appropriately inform and explain to customers about the incident that occurred this time, and take all possible measures to respond to inquiries from customers. (3) Clarify the location of responsibility for this matter. (4) Regarding (1) to (3) above, we will report in writing by October 19, 2020 (Monday) on the response and implementation status, and for the time being, as needed, on the progress after that. Report in writing.