IMF Staff Country Reports

This Technical Note focuses on Cyber Resilience and Financial Stability for the Japan Financial Sector Assessment Program. The cyber ecosystem is mature in Japan, with a range of stakeholders involved in ensuring the cybersecurity of the financial sector. The Financial Services Agency (FSA) is responsible for developing and operationalizing the cyber strategy for the financial sector. Cyber risk regulation and supervisory practice need further improvements. The Bank of Japan (BOJ) should strengthen the cyber risk oversight of financial market infrastructures. The FSA would benefit from deepening its analysis of the operational interconnectedness of the financial system. Further improvements in the response and recovery capabilities are recommended. The FSA and BOJ should keep upgrading, as necessary, a range of extreme but plausible cyber scenarios along with their existing Business Continuity Plans and/or Cyber Incident Response and Recovery Plans, for the financial sector. The authorities currently have strong cyber incident reporting regimes in place, with clear definitions, taxonomies, thresholds, and communication channels.