Nippon Life Insurance Co. has identified 604 instances where confidential information was improperly taken by 13 of its employees while they were seconded to other financial institutions between 2019 and 2025.
The company’s internal review found that these employees – who were assigned to seven different banks and financial organisations that distributed Nippon Life products – accessed and photographed sensitive sales documents.
The insurer clarified that there were no direct orders for staff to obtain such information.
However, the investigation revealed that the employees used the data to support Nippon Life’s sales efforts and to enhance their own performance metrics.
“We sincerely apologize for causing concern and inconvenience to all parties involved,” said Naoki Akahori, representative director and executive vice president, as reported by The Mainichi.
Disciplinary actions for those involved are currently under consideration.
“We take this incident seriously and are committed to implementing company-wide measures to prevent recurrence based on identified root causes in order to restore the trust of our customers and all stakeholders,” the company said in a statement.
In a separate but related development, the Financial Services Agency (FSA) of Japan has issued new business improvement orders to Mitsui Sumitomo Insurance Co Ltd (MSI) and Aioi Nissay Dowa Insurance Co Ltd (ADI), both subsidiaries of MS&AD Insurance Group Holdings.
These directives, announced in March 2025, follow a series of customer data breaches and competition law concerns.
The FSA has instructed MSI and ADI to submit revised improvement plans that address internal control weaknesses, compliance gaps, and risk management deficiencies.
The orders require the companies to implement measures for safeguarding customer information, preventing anti-competitive practices, and ensuring proper handling of sensitive data.
The FSA’s requirements include risk assessments, enhanced mitigation strategies, and strengthened governance frameworks.
MS&AD responded in a public statement, noting, “[MS&AD, MSI, and ADI] take the administrative actions very seriously and apologize for inconvenience or concern this situation may have caused our customers and other stakeholders.”
The FSA’s oversight extends to other major insurers, including Sompo Japan Insurance Inc and Tokio Marine & Nichido Fire Insurance Co.
These companies have also received instructions following incidents where seconded employees transferred client data without authorisation.
In July 2024, Sompo Japan reported that its staff had accessed policyholder information from other insurers while working at multiple agencies.
Notably, one incident involved the transfer of 2,700 customer records from Total Insurance Service Ltd, and another saw over 1,500 fire insurance policyholder records shared via Hoei Co.
These recent developments underscore the FSA’s ongoing efforts to strengthen data security and compliance standards across Japan’s insurance sector, with a particular emphasis on internal controls, risk management, and corporate governance.
The regulatory focus signals continued vigilance over the handling of customer information and competitive practices within the industry.
