Norbert Gehrke
Jul 15 · 4 min read
The FSA’s IT Governance Framework

As announced in June 2018, Japan’s financial services regulator, the Financial Services Agency (FSA), is migrating from a rules-based supervisory approach to a principles-based one, this all under the catchy slogan “replacing checklists with engagement.”

In particular, the scope of its supervisory approaches will expand from a backward-looking, element-by-element compliance check to substantive, forward-looking and holistic analysis and judgment. With that, the enforcement activities will be focused on the assessment of the overall effectiveness rather than on an item-by-item compliance check. Dynamic supervision based on forward-looking analysis will be conducted, and disclosure and engagement with firms will be promoted to support the pursuit of best practices.

As a result, the focus should be on issues of firm-wide priority rather than try to check each and every item on common checklists, accompanied by a shift from periodic on-site inspection to continuous and seamless monitoring and further the coordination between on-site and off-site activities. The regulator aims to accumulate in-depth knowledge on each firm and engage with a broader range of stakeholders.

So much for the theory, but what does this mean for IT Governance in particular? The FSA had proposed a draft discussion paper on “Dialogues and Practices Regarding Financial Institutions’ IT Governance” in March, and a finalized version after public comment at the end of June.

The FSA sees three levels of implementation: IT Governance (which the document quoted above addresses), IT Management (risk management for the purpose of stable system operation) and System Integrated Risk Management (as defined by reference standards). The latter two would have been within the scope of the previous, backward-looking supervisory approach, while the former encapsulates the new, forward-looking intentions.

Through all of this, the FSA has significant concerns around the changes in the financial environment.

  • Even under the circumstances of population decline and aging, and the prolonged low interest rate environment, it is necessary to examine IT systems to provide financial services that meet the needs of users — not addressing excessive system cost now might just lead to bigger problems in the future.
  • With the acceleration of digitalization, various platformers will advance into the financial sector, so there will be a platform-like presence in the future. Financial institutions need to be able to transform their business model through digitization, including the better utilization of data, to compete.

From the FSA’s perspective, the focus is not only on “IT Management” that operates the system safely and stably, but also on “IT Governance” that enables the creation of corporate value by aligning IT with corporate strategy. Several different levels of governance are laid out.

1 — Leadership by management
Is management pro-active in building IT governance?

2 — IT strategy is alignment with corporate strategy
Is the IT strategy linked to the corporate strategy? How is digital transformation incorporated?

3 — IT organization to deliver IT strategy
Are the functions needed for the IT strategy and digital transformation in place, without leaving it to the system department or outsourcer? Are roles and responsibilities clearly defined?

4 — Optimized IT resource management
Are IT resources allocated and optimized based on the IT strategy?

5 — IT investment management process that leads to the creation of corporate value
Are there strategic IT investments that will create corporate value? Is PDCA implemented, including the evaluation of the effectiveness of IT investments?

6 — Well-managed IT risks
Are IT risks being considered, including the opportunity cost for non-new technologies?

7 — Effective IT management (the traditional monitoring area)
Is IT management required to support IT governance?

In an environment where essentially all of the domestic financial institutions follow a waterfall approach to system development, where the system departments are not equal partners, but merely recipients of instructions, and most of the engineering resources are outsourced to subsidiaries that serve as pre-retirement homes for executives that can no longer progress their careers at the mother ship, at least on paper this revised FSA approach is an important step towards holding executives accountable for their supporting technology organizations. Digital transformation is not a responsibility of the system department alone, it needs to be led from the top of the house.


You might also be interested in our previous reporting:

The Force is coming to Japan

Japan FSA: towards funcion-based regulation


If you found value in this article, please “clap” (up to 50 times).

This article is part of our Tokyo FinTech Publication, please follow us to read more from our writers, like hundreds of readers do every day.

Should you live in Tokyo, or just pass through, please also join our Tokyo FinTech Meetup. In any case, our LinkedIn page, Facebook page and our Instagram account are there for you as well.

Tokyo FinTech

一般社団法人 (General Incorporated Association) Tokyo FinTech is registered as a non-profit organization in Japan, promoting the domestic ecosystem through innovation

Norbert Gehrke

Written by

Passionate about strategy & innovation in Japan. Connector of people & ideas.

Tokyo FinTech

一般社団法人 (General Incorporated Association) Tokyo FinTech is registered as a non-profit organization in Japan, promoting the domestic ecosystem through innovation

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade