Security Policy

Information Security Policy 

Interbank HD Co., Ltd.

Interbank HD Co., Ltd. (hereinafter referred to as “the Company”) operates under the founding business philosophy of “supporting regional foreign currency exchange infrastructure,” and fulfils its mission of contributing to the improved convenience of inbound foreign visitors and the revitalisation of regional economies through the development, manufacture, and sale of foreign currency exchange machines, as well as the operation of foreign currency exchange services. In pursuit of this mission, the Company is committed to continuously improving the quality of its services and the level of customer satisfaction.

As a company engaged in this business, the Company is committed to addressing external attacks that may impede its operations, to appropriately protecting the information it handles — including customer information, transaction information, and system information relating to foreign currency exchange machines — and to promoting activities that earn the trust of its customers and business partners. Alongside these activities, the Company is also committed to preventing information-related incidents arising from uncertain circumstances such as system failures and operational errors.

The Company recognises that engaging in these activities constitutes an essential and indispensable management responsibility. In order to fulfil these responsibilities, the Company hereby establishes this Information Security Policy and commits to its implementation and promotion.

Fundamental Policy

  1. [Establishment of Framework] The Company will organise an information security framework with the participation of senior management in order to establish, implement, operate, monitor, review, maintain, and improve its Information Security Management System. Furthermore, in accordance with this Policy, the Company will define its information security objectives and operate its Information Security Management System in pursuit of the achievement of those objectives.
  2. [Legal Compliance and Continuous Review] The Company will identify laws and regulations relating to information security — including the Payment Services Act, the Foreign Exchange and Foreign Trade Act, and the Act on the Protection of Personal Information — as well as other applicable norms, and will clarify and comply with its contractual security obligations. The Company will also periodically review its fundamental policy and internal regulations in response to changes in management policy, business operations, social conditions, technology, laws and regulations, and other relevant factors, so as to maintain ongoing conformity with applicable requirements.
  3. [Risk Management and Protection of Information Assets] The Company will conduct risk assessments in respect of all information assets it handles — including system data relating to foreign currency exchange machines, customer transaction data, and product information — in order to maintain the confidentiality, integrity, and availability of such assets, and will implement appropriate risk countermeasures to prevent and correct security incidents and similar events. The Company will set information security objectives that incorporate these measures and will work to achieve those objectives.
  4. [Education and Awareness Raising] The Company will ensure that all directors, employees, and staff of cooperative companies who handle information assets recognise the importance of information security, and will thoroughly communicate to them the proper handling of information assets. The Company will provide the education and training necessary for this purpose.
  5. [Monitoring, Auditing, and Continuous Improvement] The Company will conduct monitoring and measurement as appropriate to ensure that its Information Security Management System functions effectively. Furthermore, the Company will strive for the continuous improvement of its Information Security Management System by conducting regular audits of its operational status. In particular, enhanced security controls will be applied to the network connection environment of foreign currency exchange machines and to remote monitoring systems.
  6. [Appropriate Handling of Personal Information] Personal information used in the course of the Company’s business operations will be handled appropriately in accordance with the Company’s “Personal Information Protection Policy,” which conforms to the Act on the Protection of Personal Information and the JISQ 15001:2023 standard.
  7. [Supply Chain Security] The Company will appropriately manage security risks across its entire supply chain, including manufacturing contractors for foreign currency exchange machines (including the Shenzhen factory), sales agents, and installation facility operators. The Company will communicate its security requirements to its business partners and will clearly define the response procedures to be followed in the event that an information security issue arises.

Established: 1 April 2024 Last revised: 14 November 2025

Interbank HD Co., Ltd. Representative Director: Go Sato