“Moving money forward“ Money Forward

Contact us

Internal 
Control System

Internal Control System

To ensure appropriateness, raise transparency, and maintain compliance of its management, the Board of Directors has established the “Basic Policy on Developing the Internal Control System” to develop and operate the internal control system of the Company.

Basic Policy on Developing the Internal Control System

1.System to Ensure that Directors and Employees Execute Their Duties in Compliance with Laws and Regulations and the Articles of Incorporation
  • ・The Company shall establish its mission, vision, values, and culture and ensure that its Directors and employees (hereinafter the “Officers and Employees”) are familiar with them.
  • ・The Company shall appoint a Group Chief Compliance Officer (Group CCO) to promote compliance activities in the Company and its subsidiaries (hereinafter the “Group”).
  • ・The Company shall establish the Group Compliance Rules and Group Compliance Manual, and shall establish and put into practice a code of conduct to ensure that the Officers and Employees of the Group not only comply with laws and regulations and rules but also conduct their corporate activities while maintaining high ethical standards.
  • ・The Company shall conduct periodic training sessions and ensure that the Officers and Employees of the Group participate in such training sessions to ensure that they acquire correct knowledge of compliance and to help them practice compliance in their daily business activities.
  • ・A Group Compliance Meeting shall be held once a quarter to receive reports and discuss matters related to the Group’s compliance.
  • ・An internal reporting contact point for the Group as a whole shall be established in the Company to receive consultation and reports on organizational or individual violations of relevant laws, regulations, notices, the Articles of Incorporation, internal rules, etc., and general social norms, in an effort to detect and correct such violations at an early stage and to strengthen compliance management in the Group.
  • ・The Company shall never have any connection with anti-social forces or groups that threaten the order and safety of civil society and shall take a firm stance against unreasonable demands in cooperation with lawyers, the police, etc.
  • ・An Internal Audit Department shall be established in the Company to conduct internal audits of the effectiveness of the internal control of the Company’s management, efficiency and effectiveness of operations, compliance with laws and regulations, and other matters.
2.System Concerning Retention and Management of Information on the Execution of Duties by Directors
  • ・The Company shall properly retain and manage legal documents such as minutes of the General Meeting of Shareholders, minutes of the Board of Directors meetings, and financial statements, as well as information (including electromagnetic records) related to the execution of important duties, in accordance with the Document Management Rules and other internal rules.
  • ・The information retained and managed shall be accessible at any time upon requests from Directors or Corporate Auditors.
3.Rules and Other Systems Concerning Management of Risk of Loss
  • ・The Company shall establish the Group Risk Management Rules to set forth basic matters concerning risk management initiatives and encourage appropriate risk management activities in the Group, thereby clarifying the organizational structure, risk assessment method, how to respond to risks, and other relevant matters.
  • ・The Company shall hold Group Risk Management Committee meetings at least quarterly, where matters concerning risks in the Group shall be reported and discussed.
  • ・With regard to the information security risk, the Group Chief Information Security Officer (Group CISO) shall periodically report the status of information security operations to the Representative Director, the Group Chief Technology Officer (Group CTO), and others to confirm the effectiveness and adequacy of the information security measures.
  • ・In accordance with the Group Basic Rules for Crisis Management, the Company shall strive to establish and operate a system for responding to crises in preparation for the occurrence of large-scale accidents, disasters, misconduct, etc., and shall take prompt action in accordance with said rules in the event of a crisis to prevent the spread of damage and minimize the amount of damage.
4.System to Ensure Efficient Execution of Duties by Directors
  • ・In addition to the regular monthly meetings of the Board of Directors, extraordinary meetings of the Board of Directors shall be held as necessary to ensure active exchange of opinions and flexible decision-making.
  • ・The Company shall introduce an Executive Officer System to separate the business execution functions from the management decision-making and supervision functions of Directors, thereby accelerating decision-making and clarifying responsibility and authority for business execution.
  • ・The Company shall establish the Regulations of the Board of Directors, Organization Rules, and Rules on Administrative Authority to define the division of duties and authority of the Officers and Employees, and each of them shall execute his or her duties in accordance with these rules.
5.System to Ensure Appropriateness of Operations Within the Corporate Group Comprised by the Company, Parent Company and Subsidiaries
  • ・The Company shall have its subsidiaries (hereinafter the “Group Companies”) establish the Group Company Management Rules and request them to report on important matters that affect the Group promptly.
  • ・The Company shall dispatch its Directors and Corporate Auditors to the Group Companies to attend their Board of Directors Meetings and confirm the status of the execution of duties by the Officers and Employees of the Group Companies.
  • ・The Company and the relevant departments of the Group Companies shall cooperate with each other, share information, and support the business operations of the Group Companies.
  • ・The Company shall have the Group Companies establish the Group Compliance Management Rules, the Group Compliance Manuals, and the Group Risk Management Rules commonly applicable to the Group, and strive to enable the Group Companies to build, establish, and operate compliance and risk management systems equivalent to those of the Company under these rules.
  • ・The Company’s Internal Audit Department shall directly audit Group Companies or receive the results of audits conducted by Group Companies to confirm the validity and effectiveness of such audits, and shall report the results of these audits to the Board of Directors and the Board of Corporate Auditors.
6.Matters Concerning the Appointment of an Employee/Employees to Assist the Duties of Corporate Auditors

In the event that Corporate Auditors request the appointment of employees to assist them in the administration of the Board of Corporate Auditors or in the performance of other duties, the Company shall, upon consultation with the Corporate Auditors, appoint dedicated or concurrently serving employees to assist the Corporate Auditors (here in after the “Corporate Auditors Staff”).

7.Matters Concerning Independence of the Employee/Employees Assisting the Duties of Corporate Auditors from the Board of Directors
  • ・Personnel changes and performance evaluations of the Corporate Auditors Staff shall be made after listening to and respecting the opinions of the full-time Corporate Auditors.
  • ・Disciplinary actions of the Corporate Auditors Staff shall be taken with the consent of the Board of Corporate Auditors.
8.Matters Concerning Ensuring Effectiveness of Instructions from Corporate Auditors to the Employee/Employees Assisting Corporate Auditors
  • ・In the event that the Corporate Auditors give instructions to the Corporate Auditors Staff in the performance of their duties, the Corporate Auditors staff shall follow the instructions of the Corporate Auditors and shall not be subject to the direction and order of the Directors.
  • ・In the event that the Corporate Auditors Staff serve concurrently in other positions, the superior of the department in which the Corporate Auditors Staff serve concurrently and the Directors shall cooperate as requested by the Corporate Auditors to ensure the smooth performance of duties by the Corporate Auditors Staff.
9.System for Directors, Accounting Advisors and Employees to Report to Corporate Auditors, and Other Systems Concerning Reporting to Corporate Auditors
  • ・Directors shall report to the Corporate Auditors on the status of the execution of their duties at important meetings such as the Board of Directors meetings on a regular basis and, if necessary, report at any time and without delay.
  • ・When an officer or employee of the Group is requested by a Corporate Auditor to report on matters concerning the performance of his or her duties, he or she shall do so without delay.
  • ・When an officer or employee of the Group discovers a fact that may cause significant damage to the Company, he or she shall immediately report it to the Corporate Auditors.
  • ・The Company shall establish an internal reporting contact point that enables the Officers and Employees of the Group to report directly to the Corporate Auditors and make it known to the Officers and Employees of the Group.
10.System to Ensure that Individuals Reporting to Corporate Auditors Are Not Treated Unfavorably on the Grounds of Such Reporting

The Company shall stipulate in the Group Internal Reporting Rules, which apply to the Group as a whole, that no retaliatory action shall be taken against a whistleblower who uses the Internal Reporting System to report an incident, and make known the contents of such rules to the Officers and Employees of the Group.

11.Matters Concerning Policies on Procedures for Advanced Payments or Reimbursement of Expenses Incurred in Association with the Execution of Duties by Corporate Auditors, and on Handling of Other Expenses or Obligations Incurred in Association with Such Execution of Duties

When a Corporate Auditors requests the payment of expenses for the performance of his or her duties, the Company shall promptly pay such expenses, unless it is proved that the expenses requested are not necessary for the performance of the Corporate Auditors duties.

12.System to Ensure Effective Auditing by Corporate Auditors
  • ・The Representative Director shall, in principle, exchange opinions with Corporate Auditors once a year on management policies, significant risks surrounding the Group and issues to be addressed, and the status of development and operation of internal control systems.
  • ・Corporate Auditors shall regularly hold discussions with the Accounting Auditors and the Internal Audit Department to exchange information for effective auditing.
  • ・The members shall consult with the Internal Audit Department in advance regarding internal audit plans. In addition, Corporate Auditors shall regularly receive reports on internal audit results from the Internal Audit Department of the Company or Group Companies and may request investigations or provide instructions to these departments as necessary.
  • ・Corporate Auditors may utilize attorneys, certified public accountants, and other external specialists as necessary.
  • ・Full-time Corporate Auditors shall attend important meetings of the Company, such as the Group Compliance Committee, Group Risk Management Committee and shall regularly receive reports from the Company’s Group Chief Compliance Officer (Group CCO) on the status of the development and operation of the Group’s compliance system.
  • ・Personnel changes, performance evaluations, and disciplinary actions of the head of the Internal Audit Department shall be conducted after hearing and respecting the opinions of the Corporate Auditors.

Summary of Operation of the Internal Control System

Based on the “Basic Policy on Developing the Internal Control System,” the Company strives to establish and operate the system and reports the status of operation at the Board of Directors meeting annually. For the fiscal year ended November 2025, significant defects or deficiencies were confirmed not to exist for matters prescribed in the Basic Policy at the Board of Directors meeting held on January 14, 2026.

1.Execution of Duties by the Directors
  • ・With 6 of the Company’s 11 Directors appointed as External Directors and all 3 of its Board of Corporate Auditors Members appointed as External Board of Corporate Auditors Members, the Company has established a system that enables External Directors and External Board of Corporate Auditors Members to provide beneficial supervision or auditing from a neutral standpoint, thereby strengthening the management oversight function. The appointment of Director candidates is determined by the Board of Directors based on reports from the Nomination and Compensation Committee, which the Company has established voluntarily.
  • ・The Board of Directors held 12 regular meetings and 1 extraordinary meeting, with attendance of all Directors and all Board of Corporate Auditors Members, to not only resolve and report on individual agenda items in accordance with the authorization criteria, but also deliberate on important management matters (business strategy, capital policy, M&A, etc.). In addition, to ensure active discussions, efforts including the review of Board meeting agenda items, early distribution of Board meeting materials and enhancement of their contents, use of written resolutions and reports, and improvement of the meeting procedures are being made.
  • ・The Council of External Officers, composed of all External Directors and External Board of Corporate Auditors Members, meets four times a year to discuss and exchange opinions on important management issues, corporate governance issues, risks associated with management and business operation, and action plans to address such risks.
2.Compliance and Risk Management System
  • ・By resolution of the Board of Directors, the Company has appointed an executive officer as Group CCO (Chief Compliance Officer) responsible for the formulation and execution of compliance plans, holding of Group Compliance Committee and Group Risk Committee, implementation of compliance training, and other duties to promote compliance activities and Risk Management.
  • ・Once a quarter, the Group Compliance Committee and the Group Risk Committee are held, attended by the Executive Directors, Executive Officers, Group CxO, and full-time Board of Corporate Auditors Members of the Company and its Group companies. These meetings serve to share information and conduct deliberations on matters related to the Group’s compliance and risk management. Furthermore, the matters reported and discussed at these committees are subsequently reported to the Board of Directors.
  • ・In principle, all domestic Group companies apply a common set of Compliance-related rules (Group Compliance Regulations, Group Insider Trading Prevention Regulations, Group Internal Reporting Regulations, Group Regulations for Responding to Anti-Social Forces, Group Internal Control Regulations, Group Intellectual Property Rights Management Regulations, Group Basic Regulations on Prevention of Bribery, etc.)and risk management-related rules (Group Risk Management Rules, Group Administrative Risk Management Rules, Group Basic Rules for Crisis Management, etc.) have been established. The Group strives to ensure effective internal control by informing all officers and employees of group companies of these compliance-related rules and implementing internal control in accordance with relevant rules. In addition, all overseas Group companies conclude Group company management agreements with the Company that specify matters requiring the Company’s prior approval and matters to be reported, in order to ensure effective internal control throughout the Group.
  • ・The Group provides all officers and employees of group companies with compliance training (new hire training, training on the “Money Forward Group Compliance Manual,” training on harassment, training on intellectual property, and training on information security and the protection of personal information) to raise awareness of compliance.
  • ・An Internal Reporting System has been established to enable all officers and employees of the Group to directly report acts by the Company and major Group companies that violate or are likely to violate compliance to the designated department of the Company, this System to ensure early identification of, and prompt and appropriate countermeasures for, compliance issues including the violation of laws and regulations.
  • ・With respect to information security, which is the most significant risk for the Company, the Group CISO (Chief Information Security Officer) reports monthly on the status of security operations to the CEO and Group CTO (Chief Technology Officer), including an evaluation of the appropriateness and effectiveness of those operations along with comments.
3.Internal Audits
  • ・The internal audit departments of the Company and Group companies perform internal audits of their respective companies to verify the status of business operation, confirm the status of compliance with laws and regulations, and prevent acts in violation of laws and regulations. Results of these internal audits are reported to the Company’s Representative Director and Board of Corporate Auditors in a timely manner, and results are also reported at meetings of the Board of Directors.
4.Execution of Duties by the Board of Corporate Auditors Members
  • ・The Board of Corporate Auditors met 15 times and conducted audits based on the audit plan, and received reports from Directors, employees, or others on a regular basis. As to attendance at Board of Corporate Auditors meetings, all the Board of Corporate Auditors Members attended all the meetings that took place during their terms of office.
  • ・Board of Corporate Auditors Members audited the execution of duties by Directors and worked to strengthen and raise the level of their own audit function by attending the 13 Board of Directors meetings held and through the exchange of opinions with the Representative Director on matters including management issues, the status of establishing an environment for Board of Corporate Auditors Member audits, and material audit issues.
  • ・Board of Corporate Auditors Members attend the Group Compliance Committee and Group Risk Committee, and interview the Group CCO to directly verify matters including the status of legal and regulatory compliance, while also checking on the status of the Group’s internal audits through such means as interviewing the Internal Audit Office. Through these efforts, Board of Corporate Auditors Members have a system in place to audit issues related to compliance and risk management at the daily operational level.
  • ・In addition, one employee with appropriate knowledge, skills, and experience has been assigned as an Employee Assisting Board of Corporate Auditors Members (concurrently a member of the Internal Audit Office) to assist the execution of duties by Board of Corporate Auditors Members.

page top