Mizuho Financial : Submission of Business Improvement Plan

January 17, 2022

Company: Mizuho Financial Group, Inc.

Representative: President & Group CEO Tatsufumi Sakai

Head Office: 1-5-5 Otemachi, Chiyoda-ku, Tokyo

Stock code: 8411 (First Section of Tokyo Stock Exchange)

Company: Mizuho Bank, Ltd.

Representative: President & CEO Koji Fujiwara

Head Office: 1-5-5 Otemachi, Chiyoda-ku, Tokyo

Submission of Business Improvement Plan

Today, Mizuho Financial Group, Inc. and Mizuho Bank, Ltd. submitted a business improvement plan to the Japanese Financial Services Agency based on the business improvement order issued on November 26, 2021.

Regarding the recent series of IT system failure that began from February 28, 2021, as a financial institution bearing responsibility for maintaining societal infrastructure, we deeply apologize for the inconvenience and concern we have caused to our customers and society by allowing these system failures to occur repeatedly in a short period of time and, as a consequence, failing to adequately fulfill our role in facilitating smooth settlements.

In the business improvement plan we submitted today, we have fully assessed and revised the measures for improving IT systems that we have formulated up until now, as well as our measures for customer relations and crisis management. In designing the plan, we gathered feedback from frontline offices and also sought out external viewpoints and expert insights in order to ensure the effectiveness, completeness, and continuity of the plan. Following this through this assessment and revision, we will continue to steadily implement our measures to prevent further incidents and further enhance our multilayered system failure response capabilities.

1

Also, to strengthen governance throughout the entire group, we will formulate measures on, business strategy and corporate resource allocations based on an assessment of the on-the-ground situation, strengthen our internal management structure for IT system risk management and legal and regulatory compliance, and further enhance our supervisory functions, in line with the roles and functions of Mizuho Financial Group and Mizuho Bank.

Furthermore, we will take measures to enhance our frameworks for our people and organization and reform our corporate culture. This will serve as the foundation for enhancing the effectiveness and sustainability of our measures to prevent futher incidents and our corporate management.

Both Mizuho Financial Group and Mizuho Bank are steadily implementing business improvement plans to prevent such a situation from happening again. In order to ensure that customers can use Mizuho services with peace of mind, all directors and employees will work together as an organization to establish a strong framework that prevents system failures from having a significant impact on customers and that minimizes the impact on customers even in the event of a failure. We will continue to pursue these initiatives under our current ever- changing environment.

As announced on June 15, 2021, Mizuho Financial Group and Mizuho Bank have established a System Failure Improvement Promotion Committee on the supervisory side and a System Failure Response Evaluation Committee on the business execution side. We will continuously verify the progress of measures to prevent futher incidents through both of these perspectives.

Please refer to the attachment for an overview of the business improvement plan.

2

Attachment 1

Note: [ ] indicate implementation timelines. [Added] indicates measures added since the review of measures to prevent further incidents released in June.

Mizuho Bank Business Improvement Plan

I. Enhancement of multilayered system failure response capabilities

i) Measures to improve IT systems

1. Assessments and other efforts to prevent system failures

1. Inspection of application
2. 1. Check that the quality remains the same as at the time of the initial decision for release, add the targeted transaction services, and implement confirmation testing. [Completed]
   2. Confirm the ripple effects of and measures for errors that could lead to severe failures.
   3. • Develop a system operation check to verify MINORI's operations when severe failures occur and formulate an IT system support plan. Implement IT system support based on the results of the system operation check. [Completed]
      • Use a testing environment to run a test deliberately causing system

errors with the potential	to be severe failures for	mission-critical
systems. Confirm ripple	effects on MINORI and	other peripheral

systems. [September 2022]

1. Assess maintenance necessary to stable operation.
2. • Assess maintenance necessary to MINORI's stable operation, including the effects an increase in transactions would have on systems, the need for responses, and similar. [Beginning March 2022]
   • Share details on assessments of the status of IT system processing and other factors. Conduct assessments and verifications of system specifications and potential risk events. [Added] [June 2022]

3

1. Inspection of foundational infrastructure
2. 1. Handling and inspection of firmware
   2. • Address and inspect firmware from time of system failures. Inspect for similar potential issues. [Completed]
   3. Management of maintenance terms
   4. • Identify hardware that must be upgraded within the maintenance term and inspect for hardware that is beyond the maintenance term. [Completed]
        Formulate an IT system support policy based on the results. [March 2022]
        Expand the scope of inspections. [March 2022]
      • Develop framework for review of hardware upgrades. [Completed] Expand scope of hardware that must be upgraded within the maintenance term. [March 2022]
   5. Clarification of matters on managing information and methods for software bugs[Added]
   6. • Clarify regulations on bug information [Completed], Implement flamework on analyzing bug information[March 2022]
   7. Enhancement of early warning indicator management and preventative maintenance[Added]
   8. • Implement regular inspections to improve management of hardware. [April 2022]
      • Implement preventative maintenance of critical hardware. [Completed]
      • Implement disk component inspections for preventative maintenance. [March 2022]
      • Formulate an inspection plan for disk components in additional critical hardware. [March 2022]
      • Regulate inspections of disk components for preventative maintenance of critical hardware. [March 2022]
   9. Securing effective operation of IT systems[Added]
   10. • Formulate a plan on inspections to check the foundational infrastructure is operating according to requirements, and implement inspections in upstream systems. [March 2022]
         Formalize in regulations. [June 2022]

4

1. Enhancement of framework for development projects
2. 1. Put in place regulations, procedures, and checklists for the development process. [Completed]
   2. Put in place regulations, procedures, and checklists for project release. [Completed]
   3. • Clarify on-site operational status; the framework for monitoring on- site conditions, taking into account maximum risk; and the confirmation/verification items to be used in determining the feasibility of a project release. [Completed]
3. Changes to system specifications and other measures to address system failures
4. 1. Change the ATM specifications for retention of ATM cards and bankbooks to ensure return of cards and bankbooks. [Completed]

2. Enhancement of ability to respond to system failures

(1) Improvement of the monitoring system

1. Improve the effectiveness of development departments' identification of impacts. [Completed]
2. Improve the speed and accuracy of operation departments' monitoring
3. • Review system error detection messages and warnings, review system error reporting standards, and address IT systems. [Completed]
     Expand scope of review of system error reporting standards. [March

2022]

Formalize regulations for regular verification of the effectiveness of the standards. [Added] [March 2022]

3) Enhance the tools for checking failure response status including system dashboard [Added]

1. Review of the system contingency plan (SCP)
2. 1. Develop scenario for failures across multiple systems and improve recovery manual with consideration to operational processing deadlines and other factors. [Completed]
   2. Implement initiatives to improve the effectiveness of the SCP. [Added]
   3. • Add SCP cross-system scenario based on connections

5