|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Mar. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|isk Management and Strategy
We have developed and implemented cybersecurity risk management processes intended to protect the
confidentiality, integrity, and availability of our critical systems and information. While everyone at our company
plays a part in managing cybersecurity risks, primary cybersecurity oversight responsibility is shared by our board of
directors, the Risk Committee, and senior management. Our cybersecurity risk management program is a part of our
overall enterprise risk management program.
Our cybersecurity risk management program includes:
•physical, technological, and administrative controls intended to support our cybersecurity and data
governance framework, including protections designed to protect the confidentiality, integrity, and
availability of our key information systems and customer, employee, partner, and other third-party
information stored on those systems, such as access controls, encryption, data handling requirements,
and other cybersecurity safeguards, and internal policies that govern our cybersecurity risk
management and data protection practices;
•a defined procedure for timely incident detection, containment, response, and remediation, including a
written security incident response plan that includes procedures for responding to cybersecurity
incidents;
•cybersecurity risk assessment processes designed to help identify material cybersecurity risks to our
critical systems, information, products, services, and broader enterprise IT environment;
•a security team responsible for managing our cybersecurity risk assessment processes and security
controls;
•the use of external consultants or other third-party experts and service providers, where considered
appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity controls;
•annual cybersecurity and privacy training of employees, including incident response personnel and
senior management, and specialized training for certain teams depending on their role and/or access to
certain types of information, such as consumer information; and
•a third-party risk management process that includes internal vetting of certain third-party vendors and
service providers with whom we may share data.
Over the past fiscal year, while we have had two cybersecurity incidents, we have not identified risks from
known cybersecurity threats (including as a result of those two cybersecurity incidents) which have materially
affected or are reasonably likely to materially affect us, including our operations, business strategy, operating
results, or financial condition. As a result of these two recent incidents, we enhanced employee training and
background checks for both new and existing employees, but there is still no assurance that similar attacks will not
successfully occur in the future. We will continue to monitor and assess our cybersecurity risk management program
as well as invest in and seek to improve such systems and processes as appropriate. If we were to experience a
material cybersecurity incident in the future, such incident may have a material effect, including on our operations,
business strategy, operating results, or financial condition. For more information regarding cybersecurity risks that
we face and their potential impacts on our business related, see the section titled “Risk Factors” in Part I, Item 3.D,of this report.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have developed and implemented cybersecurity risk management processes intended to protect the
confidentiality, integrity, and availability of our critical systems and information. While everyone at our company
plays a part in managing cybersecurity risks, primary cybersecurity oversight responsibility is shared by our board of
directors, the Risk Committee, and senior management. Our cybersecurity risk management program is a part of our
overall enterprise risk management program.
Our cybersecurity risk management program includes:
•physical, technological, and administrative controls intended to support our cybersecurity and data
governance framework, including protections designed to protect the confidentiality, integrity, and
availability of our key information systems and customer, employee, partner, and other third-party
information stored on those systems, such as access controls, encryption, data handling requirements,
and other cybersecurity safeguards, and internal policies that govern our cybersecurity risk
management and data protection practices;
•a defined procedure for timely incident detection, containment, response, and remediation, including a
written security incident response plan that includes procedures for responding to cybersecurity
incidents;
•cybersecurity risk assessment processes designed to help identify material cybersecurity risks to our
critical systems, information, products, services, and broader enterprise IT environment;
•a security team responsible for managing our cybersecurity risk assessment processes and security
controls;
•the use of external consultants or other third-party experts and service providers, where considered
appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity controls;
•annual cybersecurity and privacy training of employees, including incident response personnel and
senior management, and specialized training for certain teams depending on their role and/or access to
certain types of information, such as consumer information; and
•a third-party risk management process that includes internal vetting of certain third-party vendors and
service providers with whom we may share data.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|With oversight from our Board, the Risk Committee and Audit Committee have collective primary
responsibility to assist the Board fulfill its ultimate oversight responsibilities relating to risk assessment and
management, including relating to cybersecurity and other information technology risks. The Risk Committee
oversees our enterprise risk management as a whole, with its primary focus being system and operational risk,
information and cybersecurity risk, reputational risk, and business continuity risk, while the risks relating to
financial matters, such as financial reporting and internal controls, liquidity, credit and market risk, and legal and
compliance, are the priorities of the Audit Committee with respect to its oversight role for enterprise risk
management. The Committee Chair of the Risk Committee has an ongoing dialogue with the Committee Chair of
the Audit Committee to coordinate these priorities and allocations regarding each committee’s responsibilities. The
Risk Committee oversees management’s implementation of our cybersecurity risk management program, including
processes and policies for determining risk tolerance, and reviews management’s strategies for adequately mitigating
and managing identified risks, including risks relating to cybersecurity threats. The Risk Committee currently meets
monthly, and reports to our Board regarding its activities, including those related to key cybersecurity risks, on a
quarterly basis or more frequently as needed. The cybersecurity experience of the Committee Chair of the Risk
Committee includes having served (i) in a variety of positions at PricewaterhouseCoopers LLP (PwC) in the United
States from 1998 to 2018, including Principal and Global Cyber Security Leader and Principal and U.S. and Global
Advisory Cyber Leader, and (ii) as Principal and Americas Cyber Leader at Ernst & Young LLP from April 2018 to
February 2024, and he currently serves, since March 2024, as Global Group Head, Cyber and Data Resilience, at
Kroll, LLC.
Coincheck, as our principal operating subsidiary, has its own comprehensive risk management structure,
including for cybersecurity, and its own risk committee, chaired by Coincheck’s Chairman, as well as a dedicated
chief risk officer (sometimes also referred to internally as chief risk management officer) who is in charge of day-to-
day oversight of risk management, including cybersecurity and information technology risk, and who reports to
Coincheck’s risk committee chair. In addition to his experience since 2017 at various Monex companies and
Coincheck, which has included acting as a corporate auditor, executive officer and director, and day-to-day
oversight of risk management, with a focus on technology, this chief risk officer has experience and degrees in both
law and trading, including as a trading manager at Goldman Sachs and Deutsche Bank, which included
responsibility for implementation of regulations of the Bank of International Settlements. Coincheck Parent also has
a dedicated employee who focuses on controls and risks related to cybersecurity and information technology,
including attendance and participation in relevant meetings and discussions. Her experience includes conducting
assessments regarding general information technology (IT) and automated controls under JICPA and PCAOB
standards, implementing computer-assisted audit techniques (CAATs) for risk assessment, sampling and fraud
detection, and vendor security assessments for six years at Deloitte Touche Tohmatsu LLC in Japan, and over six
years of similar experience at Deloitte Touche LLP in New York, including leading a nine-person team conducting
IT control assessment under PCAOB regarding 300 automated controls in a complex IT environment with over 200
application systems, and supervising an eight-person team to deliver internal audit support services for general IT
and automated controls. The Risk Committee receives updates from members of management, including the chair of
Coincheck’s risk committee, on our cybersecurity risks on a monthly basis, and management updates, as necessary,
regarding any material cybersecurity threats or incidents, as well as any incidents with lesser impact potential.
Our management team is responsible for assessing and managing our material risks from cybersecurity
threats and for our overall cybersecurity risk management program on a day-to-day basis, and supervises both our
internal cybersecurity personnel and the relationship with our retained external cybersecurity consultants, including
our efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means. Ourmanagement team includes individuals with years of working experience in the cybersecurity field.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|With oversight from our Board, the Risk Committee and Audit Committee have collective primary
responsibility to assist the Board fulfill its ultimate oversight responsibilities relating to risk assessment andmanagement, including relating to cybersecurity and other information technology risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Risk Committee
oversees our enterprise risk management as a whole, with its primary focus being system and operational risk,
information and cybersecurity risk, reputational risk, and business continuity risk, while the risks relating to
financial matters, such as financial reporting and internal controls, liquidity, credit and market risk, and legal and
compliance, are the priorities of the Audit Committee with respect to its oversight role for enterprise risk
management. The Committee Chair of the Risk Committee has an ongoing dialogue with the Committee Chair of
the Audit Committee to coordinate these priorities and allocations regarding each committee’s responsibilities. The
Risk Committee oversees management’s implementation of our cybersecurity risk management program, including
processes and policies for determining risk tolerance, and reviews management’s strategies for adequately mitigating
and managing identified risks, including risks relating to cybersecurity threats. The Risk Committee currently meets
monthly, and reports to our Board regarding its activities, including those related to key cybersecurity risks, on aquarterly basis or more frequently as needed.
|Cybersecurity Risk Role of Management [Text Block]
|With oversight from our Board, the Risk Committee and Audit Committee have collective primary
responsibility to assist the Board fulfill its ultimate oversight responsibilities relating to risk assessment and
management, including relating to cybersecurity and other information technology risks. The Risk Committee
oversees our enterprise risk management as a whole, with its primary focus being system and operational risk,
information and cybersecurity risk, reputational risk, and business continuity risk, while the risks relating to
financial matters, such as financial reporting and internal controls, liquidity, credit and market risk, and legal and
compliance, are the priorities of the Audit Committee with respect to its oversight role for enterprise risk
management. The Committee Chair of the Risk Committee has an ongoing dialogue with the Committee Chair of
the Audit Committee to coordinate these priorities and allocations regarding each committee’s responsibilities. The
Risk Committee oversees management’s implementation of our cybersecurity risk management program, including
processes and policies for determining risk tolerance, and reviews management’s strategies for adequately mitigating
and managing identified risks, including risks relating to cybersecurity threats. The Risk Committee currently meets
monthly, and reports to our Board regarding its activities, including those related to key cybersecurity risks, on a
quarterly basis or more frequently as needed. The cybersecurity experience of the Committee Chair of the Risk
Committee includes having served (i) in a variety of positions at PricewaterhouseCoopers LLP (PwC) in the United
States from 1998 to 2018, including Principal and Global Cyber Security Leader and Principal and U.S. and Global
Advisory Cyber Leader, and (ii) as Principal and Americas Cyber Leader at Ernst & Young LLP from April 2018 to
February 2024, and he currently serves, since March 2024, as Global Group Head, Cyber and Data Resilience, atKroll, LLC.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Risk Committee
oversees our enterprise risk management as a whole, with its primary focus being system and operational risk,
information and cybersecurity risk, reputational risk, and business continuity risk, while the risks relating to
financial matters, such as financial reporting and internal controls, liquidity, credit and market risk, and legal and
compliance, are the priorities of the Audit Committee with respect to its oversight role for enterprise risk
management. The Committee Chair of the Risk Committee has an ongoing dialogue with the Committee Chair of
the Audit Committee to coordinate these priorities and allocations regarding each committee’s responsibilities. The
Risk Committee oversees management’s implementation of our cybersecurity risk management program, including
processes and policies for determining risk tolerance, and reviews management’s strategies for adequately mitigatingand managing identified risks, including risks relating to cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The cybersecurity experience of the Committee Chair of the Risk
Committee includes having served (i) in a variety of positions at PricewaterhouseCoopers LLP (PwC) in the United
States from 1998 to 2018, including Principal and Global Cyber Security Leader and Principal and U.S. and Global
Advisory Cyber Leader, and (ii) as Principal and Americas Cyber Leader at Ernst & Young LLP from April 2018 to
February 2024, and he currently serves, since March 2024, as Global Group Head, Cyber and Data Resilience, atKroll, LLC.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Risk Committee currently meets
monthly, and reports to our Board regarding its activities, including those related to key cybersecurity risks, on aquarterly basis or more frequently as needed
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef