Mizuho Financial : Amendment to Current Report by Foreign Issuer (Form 6-K/A)

FORM 6-K/A

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 6-K/A

REPORT OF FOREIGN PRIVATE ISSUER

PURSUANT TO RULE 13a-16 OR 15d-16

UNDER THE SECURITIES EXCHANGE ACT OF 1934

For the month of January 2022

Commission File Number 001-33098

Mizuho Financial Group, Inc.

(Translation of registrant's name into English)

5-5, Otemachi 1-chome

Chiyoda-ku, Tokyo 100-8176

Japan

(Address of principal executive office)

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F.Form 20-F ☒ Form 40-F ☐

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1): ☐

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7): ☐

Indicate by check mark whether the registrant by furnishing the information contained in this Form is also thereby furnishing the information to the Commission pursuant to Rule 12g3-2(b) under the Securities Exchange Act of 1934. Yes ☐ No ☒

If "Yes" is marked, indicate below the file number assigned to the registrant in connection with Rule 12g3-2(b):82-.

THIS REPORT ON FORM 6-K SHALL BE DEEMED TO BE INCORPORATED BY REFERENCE INTO THE PROSPECTUS FORMING A PART OF MIZUHO FINANCIAL GROUP, INC.'S REGISTRATION STATEMENT ON FORM F-3 (FILE NO. 333-233354) AND TO BE A PART OF SUCH PROSPECTUS FROM THE DATE ON WHICH THIS REPORT IS FURNISHED, TO THE EXTENT NOT SUPERSEDED BY DOCUMENTS OR REPORTS SUBSEQUENTLY FILED OR FURNISHED.

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

Date: January 24, 2022
Mizuho Financial Group, Inc.
By:		/s/ Makoto Umemiya
Name:		Makoto Umemiya
Title:		Senior Executive Officer / Group CFO

January 24, 2022

	Company: Mizuho Financial Group, Inc. Representative: President & Group CEO Tatsufumi Sakai Head Office: 1-5-5 Otemachi, Chiyoda-ku, Tokyo Company: Mizuho Bank, Ltd. Representative: President & CEO Koji Fujiwara Head Office: 1-5-5 Otemachi, Chiyoda-ku, Tokyo

(Updated) Submission of Business Improvement Plan

Mizuho Financial Group, Inc. and Mizuho Bank, Ltd. hereby announces that there have been corrections made to the above-mentioned disclosure material released on January 17, 2022, at 15:20 p.m. (JST).

1.	Reason for corrections

To correct the discrepancies between the English version and the original Japanese version, and typographical errors.

2.	Content of Corrections

Please see the following pages. Revised parts are underlined.

1

January 17, 2022

	Company: Mizuho Financial Group, Inc. Representative: President & Group CEO Tatsufumi Sakai Head Office: 1-5-5 Otemachi, Chiyoda-ku, Tokyo Stock code: 8411 (First Section of Tokyo Stock Exchange) Company: Mizuho Bank, Ltd. Representative: President & CEO Koji Fujiwara Head Office: 1-5-5 Otemachi, Chiyoda-ku, Tokyo

Submission of Business Improvement Plan

Today, Mizuho Financial Group, Inc. and Mizuho Bank, Ltd. submitted a business improvement plan to the Japanese Financial Services Agency based on the business improvement order issued on November 26, 2021.

Regarding the recent series of IT system failures that began from February 28, 2021, as a financial institution bearing responsibility for maintaining societal infrastructure, we deeply apologize for the inconvenience and concern we have caused to our customers and society by allowing these system failures to occur repeatedly in a short period of time and, as a consequence, failing to adequately fulfill our role in facilitating smooth settlements.

In the business improvement plan we submitted today, we have fully assessed and revised the measures for improving IT systems that we have formulated up until now, as well as our measures for customer relations and crisis management. In designing the plan, we gathered feedback from frontline offices and also sought out external viewpoints and expert insights in order to ensure the effectiveness, completeness, and continuity of the plan. Following this assessment and revision, we will continue to steadily implement our measures to prevent further incidents and further enhance our multilayered system failure response capabilities.

2

Also, to strengthen governance throughout the entire group, we have formulated measures on business strategy and corporate resource allocations based on an assessment of the on-the-ground situation, strengthen our internal management structure for IT system risk management and legal and regulatory compliance, and further enhance our supervisory functions, in line with the roles and functions of Mizuho Financial Group and Mizuho Bank.

Furthermore, we will take measures to enhance our frameworks for our people and organization and reform our corporate culture. This will serve as the foundation for enhancing the effectiveness and sustainability of our measures to prevent further incidents and our corporate management.

Both Mizuho Financial Group and Mizuho Bank are steadily implementing business improvement plans to prevent such a situation from happening again. In order to ensure that customers can use Mizuho services with peace of mind, all directors and employees will work together as an organization to establish a strong framework that prevents system failures from having a significant impact on customers and that minimizes the impact on customers even in the event of a failure. We will continue to pursue these initiatives under our current ever-changing environment.

As announced on June 15, 2021, Mizuho Financial Group and Mizuho Bank have established the System Failure Response Evaluation Committee on the supervisory side and the System Failure Improvement Promotion Committee on the business execution side, to follow up on, review, and revise the business improvement plan. We will continuously verify the progress of measures to prevent further incidents through both of these perspectives.

Please refer to the attachments for an overview of the business improvement plan.

3

Attachment 1

Note: [ ] indicate implementation timelines. [Added] indicates measures added since the review of measures to prevent further incidents released in June.

Mizuho Bank Business Improvement Plan

I.	Enhancement of multilayered system failure response capabilities

i)	Measures to improve IT systems

1.	Assessments and other efforts to prevent system failures

(1)	Inspection of application

1)

Check that the quality remains the same as at the time of the initial decision for release, add the targeted transaction services, and implement confirmation testing for non-operating services. [Completed]

2)

Confirm the ripple effects of and measures for errors that could lead to severe failures.

•

Develop a system operation check to verify MINORI's operations when severe failures occur and formulate an IT system support plan. Implement IT system support based on the results of the system operation check. [Completed]

•

Use a testing environment to run a test deliberately causing system errors with the potential to be severe failures for mission-critical systems. Confirm ripple effects on MINORI and other peripheral systems. [September 2022]

3)

Assess maintenance necessary to stable operation.

•

Assess maintenance necessary to MINORI's stable operation, including the effects an increase in transactions would have on systems, the need for responses, and similar. [Beginning March 2022]

•

Share details on assessments of the status of IT system processing and other factors. Conduct assessments and verifications of system specifications and potential risk events. [Added] [June 2022]

4

(2)	Inspection of foundational infrastructure

1)

Handling and inspection of firmware

•

Address and inspect firmware from time of system failures. Inspect for similar potential issues. [Completed]

2)

Management of maintenance terms

•

Identify hardware that must be upgraded within the maintenance term and inspect for hardware that is beyond the maintenance term. [Completed]

Formulate an IT system support policy based on the results. [March 2022]

Expand the scope of inspections. [March 2022]

•

Develop framework for review of hardware upgrades. [Added] [Completed]

Expand scope of hardware that must be upgraded within the maintenance term. [March 2022]

3)

Clarification of matters for managing information and methods for software bugs [Added]

•

Clarify regulations on bug-related information. [Completed]

Implement framework for analyzing bug-related information. [March 2022]

4)

Enhancement of early warning indicator management and preventative maintenance [Added]

•

Implement regular inspections to improve management of hardware. [April 2022]

•

Implement preventative maintenance of critical hardware. [Completed]

Implement disk component inspections for preventative maintenance. [March 2022]

Formulate an inspection plan for disk components in additional critical hardware. [March 2022]

Regulate inspections of disk components for preventative maintenance of critical hardware. [March 2022]

5)

Securing effective operation of IT systems [Added]

•

Formulate a plan for inspections checking that foundational infrastructure is operating according to requirements, and implement inspections in upstream systems. [March 2022]

Formalize in regulations. [June 2022]

5

(3)	Enhancement of framework for development projects

1)

Put in place regulations, procedures, and checklists for the development process. [Completed]

2)

Put in place regulations, procedures, and checklists for project release.

•

Clarify on-site operational status; the framework for monitoring on-site conditions, taking into account maximum risk; and the confirmation/verification items to be used in determining the feasibility of a project release. [Completed]

(4)	Changes to system specifications and other measures to address system failures

1)

Change the ATM specifications for retention of ATM cards and bankbooks to ensure return of cards and bankbooks. [Completed]

2.	Enhancement of ability to respond to system failures

(1)	Improvement of the monitoring system

1)

Improve the effectiveness of development departments' identification of impacts. [Completed]

2)

Improve the speed and accuracy of operation departments' monitoring.

•

Review system error detection messages and methods for warning, review system error reporting standards, and address IT systems. [Completed]

Expand scope of review of system error reporting standards. [Added] [March 2022]

Formalize regulations for regular verification of the effectiveness of the standards. [Added] [March 2022]

3)

Enhance the tools for checking failure response status, including the system dashboard. [Added] [September 2022]

(2)	Review of the system contingency plan (SCP)

1)

Develop scenario for failures across multiple systems and improve recovery manual with consideration to operational processing deadlines and other factors. [Completed]

2)

Implement initiatives to improve the effectiveness of the SCP. [Added]

•

Add SCP cross-system scenario based on connections (dependencies) between systems. [April 2022]

Enhance training on the SCP. [June 2022]

Tools for utilizing SCP-related documents. [September 2022]

6

(3)	Training based on the SCP

1)

Hold practical training using real hardware. [May 2022]

2)

Establish annual PDCA cycle for hands-on training. [Added] [May 2022]

(4)	Improving ability to analyze system failures

1)

Expand scope of information gathering on system failures, expand starting points for analyses of system failures, and enhance cross-departmental sharing of information. [Completed]

2)

Enhance system departments' ability to identify the causes of system failures. [Added] [March 2022]

3.	Enhancement of frameworks suited to the maintenance and operation phase

(1)	Enhancing our personnel

1)

Appropriate allocation of personnel to secure MINORI's stable operation

•

Assess the need for additional personnel by more thoroughly analyzing our personnel portfolio. Carry out additional allocations as necessary. [Completed]

•

Additional staffing after implementation of personnel assignments. [Added] [March 2022]

•

Develop a framework for managing staffing within Mizuho Bank's IT & Systems Group and Mizuho Research & Technologies. [March 2022]

•

Enhance the visibility of expert knowledge and skills related to MINORI, including at key partner companies (such as core vendors). [March 2022]

2)

Uniform control of specifications / systems control personnel / vendor coordination framework

•

Control specifications uniformly across vendors / increase systems control personnel. [Completed]

•

Review the duties of the Technology Advisory Desk and ensure its effective operation. [Added] [March 2022]

7

(2)	Enhancing our organization and frameworks

1)

Enhance control framework, including through establishment of an organizational body for technology and quality control and through management of vendors.

•

Establish IT Infrastructure & Project Management Department. [Completed]

•

Reassess relationships with development and operations companies and outside vendors. Also reassess the management framework. [Completed]

•

Establish and clarify recovery framework. [Added] [Completed]

Enhance recovery management. [Added] [March 2022]

(3)	Enhancing management and governance

1)

Hire professionals from outside Mizuho for management positions. [Completed]

2)

Enhance check framework for IT systems risk. [Added] [Completed]

3)

Enhance IT governance. [Added]

•

Develop a framework for evaluating the on-the-ground issues and situation. [March 2022]

•

Create a function to coordinate policy design and implementation based on the on-the-ground situation. [April 2022]

•

Design policy for the IT & Systems Group based on assessment of the on-the-ground situation and reflect in allocation of corporate resources. [March 2022]

•

Enhance frontline capabilities and improve morale in Mizuho Bank's IT & Systems Group. [June 2022]

ii)	Measures to improve customer service and crisis management

1.	Development of a framework to continually gather feedback from customers and frontline offices

(1)	Assessment of customer service

1)

Assess feedback from customers and frontline offices on system failures over the past three years and confirm improvements have been made or planned. [Completed]

2)

Build a framework for continuous assessment. [Added] [March 2022]

8

(2)	Enhancement of first and second line of defense functions, utilizing external information and feedback

1)

Allocate specialists to improve service quality. [Completed]

Establish positions in charge of communication between frontline offices and Head Office as part of a framework for daily, reciprocal communication. [Completed]

2)

Adopt a system for gathering public comments prior to launching new initiatives. [Added] [Completed]

3)

Establish organizational bodies to apply customer feedback and external information to enhancement of first and second line of defense functions.

•

Establish voice-of-customer (VoC) data analysis team. [Completed]

•

Develop framework to share feedback with management, Head Office, and frontline offices. [September 2022]

4)

Explore possibilities for measures and corporate resource allocations reflecting feedback from customers and frontline offices. [Added] [Completed]

Develop framework. [Added] [March 2022]

(3)	Enhancement of users' system ownership and personnel exchanges

1)

Enhance system ownership by clarifying users' accountability. [Completed]

2)

Implement personnel exchanges between the IT & Systems Group and user departments. [April 2022]

2.	Establishment of frameworks focused on impacts on customers and settlements

(1)	Review of business continuity plan (BCP)

1)

Enhance nighttime and holiday service. [Completed]

2)

Refine BCP and enhance fiscal year implementation.

•

Consider adopting tools aimed at improving BCP processing capabilities and clarify BCP response in the event of missing the cut-off time for foreign remittances. [Added] [June 2022]

(2)	Integration of SCP and BCP and enhancement of response capabilities

1)

Consolidate individual BCP items, integrate with the SCP based on the structure of each system, and create a policy document broken down by operation. [Completed]

9

2)

Hold walkthroughs and trainings with system, user, crisis management, risk, and compliance departments in order to confirm SCP and BCP implementation remains in line with the policy document. [Added] [June 2022]

3)

Expand hands-on training focused on impacts on customers. [March 2022]

(3)	Establishment of framework for immediate responses at frontline offices and Head Office

1)

Establish framework for immediately responding to system failures. [Completed]

2)

Distribute additional IT devices to frontline offices. [June 2022]

3.	Enhancement of crisis management framework

(1)	Enhance information aggregation and risk control functions for system failures. [Added] [March 2022]

(2)	Deliberate on response within one hour of a failure being detected. [Completed]

(3)	Quickly identify impacts on customers by using the ATM monitoring system and sharing information on social media. [Completed]

(4)	Establish network between Head Office and 30 core operations and services to ensure immediate confirmation of specific impacts on operations. [Completed]

(5)	Utilize multiple methods of communication with customers.

1)

Establish framework for communicating via social media. [Completed]

2)

Further improve the effectiveness of communication with customers. [Added] [Completed]

3)

Diversify methods for communicating with customers when errors occur at ATMs. [Added] [April 2022]

(6)	Expand communication tools.

1)

Enhance ability to respond to crises at night and during holidays by adopting multifaceted communication tools. [Completed]

(7)	Enhance training on sense of ownership. [April 2022]

(8)	Enhance response structure during normal operations.

1)

Optimize information on status of IT system risk early warning indicators. [March 2022]

2)

Strengthen capabilities for public relations under emergency situations, based on individual roles. [March 2022]

10

II.	Enhanced business management response

1.	Initiatives toward strengthening governance at Mizuho Bank

(1)	Strengthening understanding of actual frontline conditions

1)

Accurate understanding of actual conditions at the frontlines. [Added]

•

Improve assessment of actual conditions through multifaceted information channels, including in relation to frontline office and customer needs for products, services, and operational quality as well as to gaps between strategies / policies and on-the-ground conditions.

2)

Sharing information about strategies and policies with the frontlines. [Added]

•

Enhance communication on strategy and policy objectives by establishing multifaceted channels for horizontal and vertical connections across various layers in each division, unit, and group, including through direct messages and explanations from executive management.

(2)	Optimizing processes toward enhancing governance functions. [Added]

1)

Optimize processes for formulating the business strategy and corporate resource allocation plans. [March 2022]

•

Gather information through multifaceted and multilayered channels to assess on-the-ground conditions and flexibly review business strategy and corporate resource allocations. Clarify and optimize the monitoring process of the "second line of defense" functions.

•

From the perspective of ensuring the continuity of the above initiatives, establish operational guidelines for the continuity of processes at Mizuho Financial Group and communicate the guidelines across the entire group.

2)

Strengthening control of risk involved in implementing strategies [March 2022]

•

Each department under the first and second line of defense functions of Mizuho Bank will establish specific measures to control risk involved in implementing strategies and monitor the status of risk control on a quarterly basis.

11

2.	Strengthening IT governance (See the previous section I. i) 3. (3) 3))

3.	Strengthening the internal management structure

(1)	Enhance the IT system risk management structure.

1)

Utilize external perspectives and analyze the details of the system failures in order to apply effective checks and balances appropriate to the unique specifications of the MINORI system. Furthermore, undertake revision and optimization through the IT Strategy Promotion Committee by continuing to report on the status of system risk early warning indicator management (which utilizes hardware failure management and maintenance schedules), the status of SCP revisions and training, the appropriateness of the allocation of IT personnel, periodic evaluation of outsourcing at Mizuho Research & Technologies by Mizuho Bank, and overall IT system risk based on business strategy and corporate resource allocations. [June 2022]

2)

In addition to the above measures, conduct multifaceted monitoring by utilizing knowledge and viewpoints in risk categories other than system risk, by reporting to various committees, and other methods. [June 2022]

(2)	Development of frameworks for legal compliance [Added]

1)

Improve the knowledge and awareness of foreign exchange laws and regulations among executive officers and employees. [April 2022]

Establish frameworks for conducting appropriate review and judgement during emergency situations. [Completed]

Improve related systems. [March 2022]

Develop and expand the business continuity plan framework for operations related to anti-money laundering and combating the financing of terrorism [January 2022]

Ensure regular communication among relevant departments. [January 2022]

Improve control and check functions that can respond appropriately to revisions in laws and regulations. [April 2022]

Enhance our organization, talent, and senior management involvement to support consistent and ongoing implementation of improvements and measures to prevent further incidents. [Develop framework through March 2022, begin each measure after the development of the framework.]

12

2)

Measures to further strengthen overall frameworks for legal and regulatory compliance

•

Enhance training and research on compliance currently being implemented throughout the entire bank on a periodic and continuous basis. [April 2022]

•

Improve the effectiveness of periodic internal inspections for laws and regulations. [February 2022]

(3)	Improve the internal audit framework. [Added]

1)

Strive to expand the IT audit framework by reviewing IT development control auditing through the establishment of the new "IT Development Control" category, as well as by reviewing approaches to risk assessment and risk prediction assessment for IT general controls. Also, consider building and implementing frameworks to improve the effectiveness of risk-based auditing by reviewing areas such as risk assessment frameworks. [March 2022]

4.	Further enhancement of supervisory functions [Added]

(1)	Enhancing Board of Directors and Audit Committee functionality

1)

Enhance multifaceted information gathering capabilities. [April 2022]

•

From the perspective of enhancing the information gathering capabilities of outside directors at Mizuho Financial Group, Mizuho Bank and other entities, the Corporate Secretariat Office and Corporate Auditors Office will expand both their information sharing and the opportunities they provide for outside directors to communicate directly and indirectly with group employees. These opportunities are to include discussions between outside directors and visits by outside directors to Mizuho offices.

2)

Enhance internal expertise based on the role of the relevant entity. [March 2022]

•

Endeavor to expand outside talent and expertise at the Board of Directors and other bodies, from the perspective of further enhancing the supervisory functions in line with the roles of Mizuho Financial Group, Mizuho Bank, and other entities (consider expanding the membership of Mizuho Bank's Board of Directors with outside directors as well). [March 2022]

13

3)

Enhance follow-upon the part of senior management. [March 2022]

•

Regarding issues identified in discussion at the Board of Directors and other bodies, increase the visibility and communication of such issues at each committee and implement other efforts to improve the framework for keeping track of matters on the business execution side.

III.	Continuous enhancement of our people and organization based on root causes

1.	Refinement of core banking system risk management and response framework

(1)	Enhance the IT system risk management structure. (See the previous section II. 3. (1))

(2)	Promote the engagement and growth of specialist personnel.

Enhance our people and organization across the company by proactively engaging specialist personnel with broad perspectives.

1)

Introduce a cross-divisional career development framework for employees to elevate their expertise. [Build a framework by March 2022 and start full-scale implementation in April 2022]

2)

Acquire personnel externally as required for the levels that handle organizational management, develop personnel competence and expertise, expand talent pool. [Ongoing]

2.	Improve recognition of impacts on customers

(1)	In addition to building a framework that continuously incorporates feedback from customers and frontline offices, establish a framework that focuses on impacts on customers and settlements in order to maintain and improve the effectiveness of the BCP. (See the previous section I. ii) 1. and 2.)

(2)	Strengthen the crisis management framework. (See the previous section I. ii) 3.)

14

3.	Enhance processes to improve governance functions (See the previous section II. 1. (2))

4.	Reforming corporate culture [Added]

(1)	Issues in senior management initiatives for corporate culture

1)

Creating an environment and corporate culture where employees can act and speak freely

•

Draw out employees' strengths by listening to their feedback, ensure management engages in active discussion beyond the scope of individual jurisdictions, monitor for employees who engage in excessive internal work, and other measures.

2)

Sharing values

•

Share Mizuho's values for serving customers and society and develop common understanding.

3)

Continuity of past initiatives

•

Continue initiatives to go beyond a top-down hierarchy by pursuing dialogue, communication, and internal cultural transformation.

(2)	Management commitment

Serve customers and society and value colleagues.

Through these initiatives, we will cultivate personnel that can better serve our customers and society, and we will make Mizuho an organization where every employee can act independently and engage in constructive discussion.

In order to achieve these ongoing initiatives, senior management will reexamine its behavior and make specific and continuous efforts to reform business operations.

(3)	Initiatives to reform corporate culture based on recognized issues

1)

Business approaches for becoming a group even more committed to customers and society

•

Review of internal operations, led by management

•

Drastic simplication and reduction of internal meetings [March 2022]

•

Further revitalization of communication between senior management [Ongoing]

•

Simplication and reduction of operations in frontline offices and Head Office [FY2022 H1]

15

2)

Reciprocal (open) communication to create a workplace that is comfortable and rewarding

•

Dialogue between employees and senior management

•

Interactive round-table discussions with employees [Ongoing]

•

Establishment of a framework for direct feedback to senior management [March 2022]

•

Communication between frontline offices and Head Office

•

Expand frontline office communications personnel and Head Office tutoring system [March 2022]

•

Employee public comment program (frontline offices to participate in initiative review process) [Ongoing]

•

Frontline office survey about communication with Head Office [Ongoing from January 2022]

•

Promotion of communication through improvements to infrastructure and the workplace environment

•

Additional distribution of digital devices [FY2022 H1]

•

Introduction of internal social media tools, which can be used for communicating messages from executive management [FY2022 H1]

3)

Framework and environment to support proactive actions while maintaining legal compliance

•

Principles-based business operation based on legal compliance

•

Delegation of authority and appropriate execution, business operations that effectively assess risks [FY2022 H1]

•

Cultivation of leadership and development of personnel through active dialogue [Ongoing]

•

Initiatives for engagement of our people

•

Initiatives to establish reciprocal and inclusive relationships between employees [FY2022 H1]

4)

Sharing Mizuho's values

•

Continuous communication of easy-to-understand messages from executive management [Ongoing from FY2022 H1]

•

Regular and continuous education of personnel regarding the IT system failures [Ongoing from February 2022]

16

5)

Follow-up based on objective information

•

Internal and external disclosure, including quantitative information on employee engagement

In addition to the above initiatives, establish an employee participatory working group to take in feedback from employees and external stakeholders, and work together with employees as an organization to continue reforming our corporate culture.

Mizuho Financial Group Business Improvement Plan

I.	Verification of Mizuho Bank business improvement plan

From the perspective of preventing future system failures and minimizing impacts on customers in the event of future system failures, Mizuho Financial Group has evaluated Mizuho Bank's measures to prevent further incidents and found that they clarify the goals, scope, and depth of initiatives, reflect feedback from frontline offices, establish processes, and utilize outside viewpoints and expert insights.

Mizuho Financial Group sets the basic approach for group initiatives, and each group entity undertakes specific measures based on said approach. In regard to enhancing our business management response and continuously enhancing our people and organization based on root causes, Mizuho Financial Group has confirmed that Mizuho Bank's measures incorporate initiatives based on our group-wide approach and are in line with Mizuho Financial Group policy.

17

II.	Mizuho Financial Group measures to prevent further incidents (Mizuho Financial Group-led measures)

i)	Measures to improve IT systems

1.	Visualization of talent portfolio and enhancement of organizational control

(1)	Develop new human resource system. [September 2022]

(2)	Hire professionals from outside Mizuho for management positions. [Completed]

(3)	Enhance framework for development projects. [March 2022]

1)

Enhance framework for ongoing risk monitoring in the development process.

(4)	Manage IT system risk.

1)

Clarify system risk assessment and project screening points and documentation details. [Completed]

2)

Improve the function of the Risk Management Committee. [Added] [June 2022]

(5)	Establish management framework for IT system upgrades and updates.

1)

Specify management rules for planning of system upgrades and updates. [January 2022]

2)

Verify Mizuho Bank's management framework for system upgrades and updates. [March 2022]

(6)	Expand internal audit framework. [Added] [March 2022]

1)

Allocate personnel with expertise in MINORI to the Internal Audit Department (Mizuho Financial Group / Mizuho Bankdual-hat assignments from the perspective of effective utilization of personnel). [Completed]

2)

Consider building and implementing a framework to expand the IT audit framework and improve the effectiveness of risk-based auditing and promote the implementation of auditing for executive management. The framework will also be used to verify the appropriateness of the systems and approaches of internal auditing at core group companies. [March 2022]

18

ii)	Measures to improve customer service and crisis management

1.	Development of a framework to continually gather feedback from customers and frontline offices

(1)	Strengthen user IT ownership and implement personnel exchanges. [April 2022]

1)

From September 2021, began human resource management aimed at continuously accumulating IT system knowledge and talent to support IT ownership in user divisions. Also began exchanges with short-term trainers.

2.	Establishment of frameworks focused on impacts on customers and settlements

(1)	BCP review (assumed scenario additions). [Added] [June 2022]

3.	Strengthen the crisis management framework, and implement practical drills and training (See BK: I. (ii) 3.)

III.	Enhanced business management response

1.	Initiatives to strengthen governance throughout the entire group

(1)	Strengthening understanding of actual frontline conditions

1)

Accurate understanding of actual conditions at the frontlines

•

From the viewpoint of maximizing governance throughout the entire group, Mizuho Financial Group will strengthen its understanding of actual frontline conditions through changes in the external environment and through entities, in order to accurately understand opportunities and risks, including latent opportunities and risks. [March 2022]

2)

Share strategy and measures with frontline operations [Added] (See Mizuho Bank II. 1. (1) 2))

(2)	Enhancing process for strengthening governance throughout the entire group (See Mizuho Bank II.1.(2))

2.	Strengthening IT governance (including management structure of IT & Systems Group / Mizuho Research & Technologies staff)

(1)	Understanding of on-the-ground IT situation [Added]

1)

Multifaceted framework to identify "first line of defense" issues at each company: Mizuho Financial Group, Mizuho Bank, Mizuho Research & Technologies, MI Digital Services.

•

Build a framework to identify each company's on-the-ground situation and issues from various angles. [March 2022]

19

2)

Propose measures and establish implementation function based on the on-the-ground situation.

•

Establish a control function within Mizuho Financial Group overseeing the entire group. [April 2022]

•

Establish control functions within Mizuho Bank and Mizuho Research & Technologies to propose and implement measures based on the on-the-ground situation. [April 2022]

•

Establish a new committee for Mizuho Research & Technologies management to drive enhancement of frontline capabilities. [April 2022]

•

Realize sharing of on-the-ground issues and countermeasure discussions among the various entities. [March 2022]

(2)	Policy planning and business resource allocation as an IT group based on a good understanding of the on-the-ground situation [Added]

1)

Build a framework that widely utilizes the external knowledge and resources of vendors. [Completed]

2)

Refine practical matters and processes related to 1) above. [March 2022]

3)

Develop a framework for managing staffing within Mizuho Bank's IT & Systems Group and Mizuho Research & Technologies. [March 2022]

4)

Revise the "second line of defense" monitoring and checking system tasked with overseeing the first line within Mizuho Bank's IT & Systems Group and Mizuho Research & Technologies. [March 2022]

(3)	Enhance the frontline capabilities and improve morale in Mizuho Bank's IT & Systems Group and Mizuho Research & Technologies. [Added]

1)

Build a framework that allows IT & Systems Group and Mizuho Research & Technologies frontline staff to solve issues on their own accord. [March 2022]

2)

Build an HR framework that is flexible and based on the actual situation at Mizuho Research & Technologies. [March 2022]

3)

Put in place structure to promote better understanding of the IT systems and user operations. [March 2022]

20

4)

Undertake quality enhancement projects that utilize the knowledge of external specialists. [March 2022]

5)

Inspect and revise system failure SCP and BCP lists. [June 2022]

6)

Improve operational processes. [March 2022]

7)

Promote and crystalize initiatives to establish a robust corporate culture through the creation of Mizuho Research & Technology's "action axis". [March 2022]

8)

Training at all levels (from senior management to individual operations staff) within Mizuho Research & Technology's IT departments. [March 2022]

9)

Refine management of evaluations for staff who support stable operations within Mizuho Bank's IT & Systems Group and Mizuho Research & Technologies. [March 2022]

3.	Strengthening the internal management structure

(1)	Enhancing the IT system risk management structure

1)

Mizuho Financial Group will utilize external perspectives and analyze the details of the system failures in order to apply effective checks and balances appropriate to the unique characteristics of the MINORI system. Furthermore, in order to review and optimize the IT Strategy Promotion Committee, going forward Mizuho Financial Group will also verify the details of reports from each group company on the status of IT system risk early warning indicator management (which utilizes hardware failure management and maintenance schedules), the status of SCP revisions and training, and the adequate allocation of IT personnel, and continue to report on overall IT system risk based on business strategy and corporate resource allocations. [June 2022]

2)

Mizuho Financial Group will centrally identify and manage the risks faced by the Mizuho group by confirming common factors and other findings (including through reports from each group company), and share horizontally throughout the entire group by reporting to various committees and other methods. [June 2022]

21

(2)	Top risk management [Added]

1)

Improve the functioning of the Risk Management Committee

•

Formulate a basic policy for strengthening top risk control. [March 2022]

•

Implement monitoring of status of policy compliance. [September 2022]

•

Implement risk monitoring based on the strengthened policy and measures. [June 2022]

2)

Initiatives on the supervision side

•

Through a risk-based approach, develop a structure for improving the effectiveness of monitoring on the supervision side (clarify focus of discussions at Risk Committee, communicate annual agendas for each committee, etc.). [April 2022]

(3)	Development of frameworks on legal and regulatory compliance [Added]

(Mizuho Bank: II. 3. (2) 1); Mizuho Financial Group will confirm Mizuho Bank development of frameworks on legal and regulatory compliance.

See Mizuho Bank: II. 3. (2) 2))

(4)	Improve the internal audit framework [Added]

(See Mizuho Financial Group: II. i) 1. (6))

4.	Further enhancement of supervisory functions [Added]

(1)	Enhancing the functions of the Board of Directors and Audit Committee

1)

Enhance multifaceted information gathering capabilities. [April 2022]

•

Mizuho Financial Group's Board of Directors will not only receive regular reports from the business execution side, but will also make standard the reporting of execution status from key entities including Mizuho Bank. It will also provide opportunities for outside directors to exchange their views on a group-wide bases. Mizuho Financial Group's Audit Committee will enhance the frequency at which it receives reports from the Internal Audit Group.

2)

Enhance internal expertise based on the role of the relevant entity.

•

Endeavor to expand outside talent and expertise at the Board of Directors and other bodies, from the perspective of further enhancing the supervisory functions in line with the roles of Mizuho Financial Group, Mizuho Bank, and other entities (consider expanding the membership of Mizuho Financial Group's Risk Committee or employing outside experts). [March 2022]

22

3)

Enhance framework for keeping track of issues.

•

Regarding issues identified in discussion at the Board of Directors and other bodies, increase the visibility and communication of such issues at each committee and implement other efforts to improve the framework for keeping track of issues on the business execution side.

5.	Utilization of specialists and external knowledge

(1)	Development of management personnel who possess requisite expertise

1)

Formulate an explicit image, after necessary discussions at the Human Resources Review Meeting and by the Board of Directors, of an "ideal person" to guide the selection of personnel and development of candidates to build an executive system for each group to better perform their required functions. [February 2022]

(2)	Utilization of external specialists and knowledge

1)

Clarify the requirements of IT operations and utilization of external specialists and knowledge. [Completed]

2)

Build a framework to monitor and continually improve utilization of external specialists and knowledge. [March 2022]

IV.	Continuous enhancement of our people and organization based on root causes

Initiatives will be promoted group-wide based on the initiatives detailed in Mizuho Bank III. Continuous enhancement of our people and organization based on root causes.

23

Attachment 2

Clarification of Responsibility of Senior Management

There is no change to the details of the Clarification of Responsibility of Senior Management published on November 26, 2021.

24