Japan's Financial Regulator Proposes Stricter Security for Brokerages

Japan FSA Proposes Mandatory Phishing-Resistant MFA for Brokerages

The Financial Services Agency of Japan (JFSA) has proposed draft amendments to supervisory guidelines aimed at tightening security for brokerage firms. This initiative is a response to increasing online fraud incidents affecting customer accounts. The draft amendments emphasize mandatory multi-factor authentication (MFA) to bolster security measures against phishing and other cyber threats. More details can be found on Regulation Asia.

The push for stricter security obligations comes amid reports of increased phishing attacks targeting brokerage customers. The proposal aims to protect customer accounts and prevent unauthorized access, which has become a growing concern in the financial sector.

Surge in Fraudulent Trading Activities

Reports indicate that unauthorized trading linked to hacked brokerage accounts in Japan has surged over tenfold since early 2025. A staggering total of losses has reached over $710 million as of April 2025. The FSA notes that the number of unauthorized account accesses has exceeded 3,300, highlighting a critical cybersecurity crisis. More details can be found at Fraudulent Trading by Hackers Surges More Than 10-Fold in Japan.

The increase in unauthorized trading activities is alarming:

• February 2025: 33 transactions totaling $700,000.
• March 2025: 685 transactions with sales hitting $90 million.
• April 2025: 736 transactions, pushing sales to $260 million.

How Hackers Operate

Hackers are employing phishing schemes, creating fake websites that mimic legitimate trading platforms. Once users enter their credentials, hackers gain access to accounts, selling existing stocks and purchasing other equities to obscure losses. The rise in these fraudulent practices is largely attributed to weak cybersecurity measures, including reused passwords and lack of MFA.

Impacted Companies

Major financial institutions, including Rakuten Securities, Nomura Holdings, and SBI Holdings, have faced significant repercussions from these breaches. For example, SBI Holdings experienced a stock dip of 15% due to compliance concerns.

Regulatory Changes and Industry Responses

The Japan Securities Dealers Association (JSDA) is advocating for mandatory MFA across all brokerage accounts. JSDA Chairman Toshio Morita emphasized the necessity of MFA, stating, “Multi-factor authentication is not just a best practice anymore; it’s a necessity to safeguard client assets.” The regulatory landscape is shifting towards requiring layered authentication methods to enhance security.

The regulatory changes are expected to have significant market implications. Brokerages may incur compliance costs ranging from ¥50-100 billion ($350–700 million) by 2026. Firms like Mitsubishi UFJ that have invested in cybersecurity infrastructure are likely to outperform those lagging in security measures.

Balancing Innovation with Security

Japan's regulators are tasked with fostering digital innovation while enhancing cybersecurity. The FSA's amendments to the Payment Services Act reflect a commitment to strengthening oversight of digital transactions. Investment in robust cybersecurity systems is essential for maintaining investor confidence in the face of rising cyber threats.

As the financial sector adapts to these challenges, firms that prioritize cybersecurity measures, such as MFA and biometric authentication, are likely to emerge as leaders in the market.

For more information about how to secure your financial transactions and protect against fraud, explore our services at undefined or contact us today.