Governance

Corporate governance
bitFlyer Holdings Co., Ltd. is located at the center of our group as a holding company, and has functions such as determining group-wide strategy, business management, and capital policy decisions. By adopting a system in which each subsidiary executes business based on this, we separate management decision-making and management functions from execution functions, clarifying management responsibilities, speeding up business execution, and strengthening compliance functions.
Our company is a company with an audit and supervisory committee, which aims to clarify executive responsibilities and streamline decision-making, while further strengthening the supervisory function of the board of directors.
The Board of Directors makes decisions on important matters based on laws and regulations, the Articles of Incorporation, and internal regulations, and supervises the execution of duties by directors. The Audit and Supervisory Committee is composed of three or more Audit and Supervisory Committee members, the majority of whom are outside directors, and as an independent body, supervises and audits the appropriateness of the execution of duties by directors and executive officers who are not members of the Audit and Supervisory Committee.
Our business execution system is based on the Three Lines of Defense model. As the first line, the business divisions independently manage risk, the second line is the Risk Management and Compliance Department, which provides checks and advice, and the third line is the internal audit department, which conducts verification and consulting.We have created a system in which mutual checks work.
Additionally, by establishing a whistle-blowing system, we are strengthening the transparency and reliability of our organization by detecting and appropriately correcting misconduct, legal violations, and ethically questionable behavior at an early stage.
Through the above, our group will ensure sound management, maintain and improve the trust of our stakeholders, and achieve sustainable growth in corporate value over the medium to long term.
Compliance
The Group positions compliance as one of the most important issues in its management strategy, and has established an optimal system that is inextricably linked to its business model and management strategy, and promotes autonomous efforts to prevent problematic events under the leadership of directors and executive officers.
Specifically, we formulate compliance-related plans and procedures and implement specific methods consistently throughout the group, taking into account the characteristics of each business and country/region. Our directors and executive officers are proactively and proactively involved in compliance and promote its sophistication.
The Compliance Department independently checks and supports the autonomous risk management of business divisions, and promotes compliance company-wide. Furthermore, the internal audit department will continuously monitor the compliance management system and conduct audits based on a risk-based approach in an effort to strengthen and continuously improve the system. In addition, to ensure that each officer and employee recognizes the importance of compliance, we continually provide training and education for all officers and employees, and increase effectiveness through evaluation and improvement.
Through the above-mentioned system, our group will ensure thorough compliance with laws and regulations and management based on corporate ethics, maintain and improve stakeholder trust, and achieve sustainable growth in corporate value over the medium to long term.
Risk Management
Our group has adopted the "Three Lines of Defense" model advocated by the Financial Services Agency, and systematically operates company-wide risk management (ERM).
First line (business divisions): Each division understands and reports risks inherent in its own operations, and takes primary measures to prevent and respond.
2nd line (compliance department): Risk management and compliance will be the main focus, identifying, evaluating, measuring, monitoring, mitigating, and controlling all risks.
Third line (internal audit): The internal audit department independently verifies the effectiveness of risk management and reports directly to the representative director and the Audit and Supervisory Committee.
The risks we manage are wide-ranging, including cyber risk, market risk, counterparty risk, operational risk, and liquidity risk. Each risk is assessed both quantitatively and qualitatively for its probability of occurrence and impact, and management indicators and limits are clearly defined. Regarding the screening of new and existing listed crypto assets at subsidiaries, the Crypto Asset Screening Committee conducts risk assessments and decisions independently from management.
To combat cyber risks specific to the crypto asset field, we operate a 24-hour, 365-day monitoring system that includes hot wallets and cold wallets, achieving completely separate management of customer assets and a high level of security. Additionally, we are a member of the Japan Cybercrime Countermeasures Center (JC3), and are participating in sharing the latest threat information and countering cybercrime through public-private collaboration. In particular, we utilize advanced knowledge regarding financial crimes such as phishing and account theft to build early warning and rapid defense systems that will protect our customers. Through these efforts, we strive to strengthen our advanced and highly effective security system.
We regularly conduct stress tests and scenario analyzes in preparation for market fluctuations and sudden changes in liquidity. Regarding counterparty risk, we have introduced a credit evaluation model and continually examine financial soundness and ability to fulfill contracts.
The same standard risk management framework is applied to overseas subsidiaries, and governance is unified in cooperation with local supervisory authorities. The entire bitFlyer Group operates a globally integrated risk management system.
About protection of personal information
Our group recognizes the importance of protecting personal information, complies with related laws and regulations, including the Personal Information Protection Act, and handles personal information appropriately. Personal information is acquired appropriately and used only within the scope of the purpose of use, and safety management measures are taken to prevent leakage, falsification, loss, etc.
In addition, our group prohibits the unfair acquisition and use of sensitive personal information (sensitive information), and will not provide personal data to third parties without the consent of the individual, except as permitted by law or to the extent necessary for business outsourcing. We will also respond appropriately to requests for disclosure, correction, suspension of use, etc. from individuals.
Through the above system, we strive to fulfill our social responsibility regarding personal information protection and maintain the trust of our users and stakeholders.
For details, Please see Privacy policy.