Today, the New York Department of Financial Services (NYDFS) and bitFlyer USA announced a $1.2 million settlement to acknowledge the Company’s historical deficiency in meeting cybersecurity requirements for financial services companies. Since April 2022, bitFlyer USA has been cooperating with the NYDFS to establish and execute an immediate path to full compliance and reaffirm its commitment to ongoing enhancements and maintenance of bitFlyer USA’s cybersecurity program.
bitFlyer USA has successfully completed over 90% of its planned program remediation work and will continue its work to achieve full compliance before the end of 2023. We have engaged a leading global advisory firm, StoneTurn, to validate our remediation work and to help create a strategy for the long-term maintenance of bitFlyer USA’s cybersecurity program.
We are grateful to report that no incidents such as cybersecurity attacks, data breach or leaks have occurred to date at bitFlyer USA which would harm customers.
Progress Made to Date
To meet the NYDFS’s requirements, we have taken substantial measures to strengthen our cybersecurity governance, policy framework, monitoring and tracking, risk mitigation and escalation processes. In addition to meeting specific requirements from NYDFS, we completed the following actions to enhance our cybersecurity program:
• Appointing new members of the board, who elevated compliance risk management practices and allocated sufficient resources to achieve global standards for cybersecurity governance and oversight
• Strengthening our cybersecurity team with the appointment of StoneTurn to provide Chief Information Security Officer services in addition to new in house members
• Launching a new learning management system which provides consistent and above-standards security awareness training to employees
• Making significant investments to enhance our Cybersecurity policies and procedures and properly equip employees with the necessary skills to maintain the enhanced cybersecurity program, including providing enhanced onboardings, continuous periodic trainings and more
• Working actively with bitFlyer, Inc. to further integrate our global approach to cybersecurity governance and oversight, ensuring standardization across the company’s operations globally
• Engaging third party resources, including StoneTurn, to validate our remediation work
What’s Coming Up Next
bitFlyer USA remains steadfast in its commitment to achieving global cybersecurity and risk management excellence in the United States. We will continue to work closely with the NYDFS to ensure full compliance is maintained going forward.
In addition to strengthening our own best practices, bitFlyer USA looks forward to supporting the NYDFS’s exhaustive work across the industry, including removing bad actors from the cryptocurrency ecosystem to nurture a safer, more trustworthy exchange for customers globally. We will continue to put our customers’ interests first and strive to contribute to the development of the industry.