Japan’s Financial Services Agency (FSA) has issued new business improvement orders to two core subsidiaries of MS&AD Insurance Group Holdings.
The move is part of the FSA’s continued enforcement efforts to address data security breaches and improper conduct within the industry.
Mitsui Sumitomo Insurance Co Ltd (MSI) and Aioi Nissay Dowa Insurance Co Ltd (ADI) have been instructed to submit new improvement plans to the FSA in response to a series of incidents involving customer information breaches and competition law violations.
The regulator’s latest directives require the companies to:
MS&AD stated that it acknowledges the seriousness of the situation and is prioritising corrective measures.
“[MS&AD, MSI, and ADI] take the administrative actions very seriously and apologise for inconvenience or concern this situation may have caused our customers and other stakeholders,” it said in a statement.
Under the terms of the FSA’s order, both insurers must outline steps to:
These measures include conducting risk assessments, implementing responsive mitigation processes, and improving corporate governance structures.
The firms are expected to submit updated improvement plans by May 30 and begin execution immediately upon approval. Progress must be reported quarterly, with the first update due by mid-September.
The latest administrative actions follow previous improvement orders issued in December 2023, linked to allegations of price coordination among nonlife insurers. In February 2024, both MSI and ADI submitted initial plans in response to those findings.
The FSA now requires the companies to reassess those submissions and incorporate additional measures based on external expert reviews, root cause analyses, and clearer accountability from senior management.
As of March 2025, MSI reported implementing 129 organisational reforms and approximately 1,200 action items since its previous submission. ADI has also disclosed its intent to divest strategic equity holdings in listed firms by fiscal year 2029, in line with governance reforms.
The regulator’s scrutiny is not limited to MS&AD affiliates. Sompo Japan Insurance Inc, Tokio Marine & Nichido Fire Insurance Co, and others have also received instructions from the FSA concerning incidents where employees seconded to insurance agencies improperly transferred client data.
In July 2024, Sompo Japan disclosed that its staff had accessed policyholder records from other insurers while working at nine separate agencies.
One such case involved 2,700 customer records relayed from Tokyo-based Total Insurance Service Ltd. Another involved over 1,500 fire insurance policyholders with investment property loans, whose data was reportedly shared through Yokohama-based Hoei Co.
