The jurisdiction is making strides to promote cooperation between financial institutions and fintech companies, as Yuri Suzuki and Takafumi Ochiai of Atsumi & Sakai demonstrate
The movement to provide banking systems using an open application program interface (API) is expanding in the fintech industry in Japan, and with fintech venture companies operating in cooperation with banks rather than providing their services independently, it is anticipated that the industry will develop rapidly.
For instance, one fintech service that is common in Japan is the use of household account-keeping apps, and accounting assistance services for companies where users of these services can view bank account information on their smartphone by using the service provider's smartphone app, after providing the service provider with their internet banking ID and password. Fintech service providers currently use an account scraping method to confirm the users' internet banking account information based on IDs and passwords provided by the users. No material incidents of misuse of information provided by users or breach of security have occurred since the Japanese Bankers Association (JBA) established voluntary rules on the use of account scraping more than 10 years ago, but it is likely that many potential users will balk at the idea of providing their credentials to a third party service provider. Open banking APIs would provide comfort to users by enabling them to access services without having to provide their ID and password directly to the service provider.
In order to promote cooperation and collaboration between financial institutions and fintech companies, whilst also ensuring user protection, the Japan Financial Services Agency (JFSA) has decided to take a fresh look at the legal regime relating to electronic payments service providers (EPSPs), including operators of household account-keeping apps.
Proposed amendments to the Banking Act for this purpose have been approved by the Cabinet and are currently being discussed in the Diet. The amendments will come into force within one year after approval by the Diet, so implementation of the amendments will be faster than that of the second EU Payment Services Directive (PSD2).
Under the amendments, the JFSA will develop a registration system for companies providing electric instruction of remittance services which is expected to be simpler than the existing system applicable to funds remittance business providers, to promote innovation and ensure user protection. In addition, the JFSA is attempting to improve the current situation where it is extremely difficult for fintech companies using open API to share data or revenue with banks due to restrictions on bank agency businesses. The JFSA's main aim is to enhance the effectiveness of open APIs by encouraging banks to develop their API systems and prohibiting discriminatory treatment among service providers. Discussions on the subject within the JFSA are focused on the development of an open API-friendly environment in which, although fintech companies will be subject to a registration system, the amendments will require the reorganisation of existing regulations and the development of systems by participating financial institutions.
EPSPs
There are two types of EPSPs: payment initiation services providers (PISPs) and account information services providers (AISPs). PISPs provide a service whereby, at the request of a depositor with a deposit account at a bank, the PISPs deliver, via electronic data processing systems, the depositor's instructions to their bank to transfer funds from their deposit account to a designated account. AISPs provide a service whereby, at the request of a depositor with a deposit account at a bank, they deliver account information to the depositor via electronic data processing systems. Consideration was given to adopting detailed regulations modelled on PSD2 at the early stage. However, after the regulators and industry parties, including the JFSA, Bank of Japan, major banks, regional banks, IT vendors, consumer groups, academics and fintech companies, held several meetings at the JBA and discussed various issues relating to open banking APIs, they reached a voluntary agreement on a detailed framework in terms of security issues, user protection and specifications regarding the provision of APIs. As a result it was no longer necessary to adopt detailed regulations like PSD2. If statutory obligations on banks were strict, such as obligations to connect with all registered service providers, service providers would be subject to stricter regulation to avoid accidents by inappropriate service providers. It was considered important that API connection regulations on service providers should be more relaxed to increase the number of service providers using APIs, and as a result the statutory obligations imposed on banks and fintech service providers are lighter in comparison to those under PSD2.
Registration of EPSPs
A service provider will have to be registered with the prime minister or a delegated authority to engage in an electronic payment service business. The amendments will come into effect within one year from promulgation (if the proposal passes the Diet), and EPSPs already operating at that date will then have six months to complete their registration. Foreign juridical entities must register a branch and a representative in Japan, and foreign individuals without an address in Japan must appoint an agent in Japan, to be registered as an EPSP. Details of how the amendments will be applied to these entities and individuals will be set out later by cabinet order. Since few large fintech companies already exist, it is necessary to encourage new entrants into the market through orders and regulations, and a registration system that encourage small companies to commence business as EPSPs.
EPSP must enter into a contract with a bank
EPSPs may only provide electronic payment services after execution of a contract with a bank. The contract must include certain specified provisions, such as regarding the sharing of the liability for compensation for losses incurred by users, and must make those terms public through the internet or some other appropriate way.
An EPSP must also make public its measures for ensuring appropriate handling and safe management of user information obtained in the course of providing its services, and the measures the bank will take in the case of the EPSP's failure to take measures for appropriate handling. It is worth noting that a voluntary agreement was reached at the JBA to the effect that either the fintech company or the bank will act as the primary contact point for users in cases of data leaks, unauthorised money transfer and refunds to users, and that sharing of losses will be discussed between the fintech company and the bank.
Banks themselves must prepare and make public standards for the execution of contracts with EPSPs through the internet or some other appropriate way, and when executing contracts with EPSPs must not unfairly discriminate between them.
Further proceeding with open innovation
Banks participating in open API innovation must set out and make public their policies regarding cooperation and collaboration with EPSPs within nine months after promulgation of the amendments.
In addition, banks planning to enter into contracts with EPSPs must make efforts to put in place a system to enable the EPSPs to provide electronic payment services without obtaining IDs and passwords from the users by a date to be designated by cabinet order, but which will be within two years from the implementation of the amendments. Although this obligation is only to make efforts, many banks will feel strong pressure to establish these systems as it appears that they are required to proceed with open APIs.
To date in Japan, there have been very few cases of PISP type services where transfer instructions are communicated to a bank through APIs. The JFSA's aim in establishing the new system under the amendments is to promote open API by setting up a registration system to regulate EPSPs, while requiring banks to at least endeavour to make API connections with EPSPs possible. In order to promote open innovation and the adoption of banking APIs, issues arising from restrictions on banking service providers acting on behalf of a bank being too strict have been pointed out, and are being reconsidered by the JFSA.
Following the provision of open APIs by banks, discussions are already underway regarding the provision of open APIs with respect to credit cards. In Japan, credit cards are regulated by different laws and governing agencies from those regulating banks, and so the discussion regarding bank APIs is not directly applicable to credit cards. The use of electronic money and credit cards are widespread in Japan and the development of discussions on APIs for credit cards is likely to also have an impact on payment services.
The API market in Japan is developing rapidly and regulators are making significant progress in considering how to address the challenges of this fast-moving market.
About the author |
||
|
|
Yuri SuzukiPartner, Atsumi & Sakai Tokyo, Japan T: +81 3 5501 1184 Partner Yuri Suzuki has experience advising on banking & finance, structured finance, TMT, M&A, international transactions, and international trade. She heads the firm's fintech team, and supports the Fintech Association Japan as a member of its secretariat. She also serves as a legal advisor to the Japan Blockchain Association, is a mentor of the MUFG Digital Accelerator Program, and a trustee of the Japan Institute of Life Insurance. She is also a member of a project group comprising the Tokyo Metropolitan Government, the Financial Services Agency, private enterprises and others working on developing policies and initiatives to attract foreign financial companies to Tokyo. She was admitted as an attorney (Bengoshi) in Japan in 2001, and worked in the Chicago office of Kirkland & Ellis 2005 – 2006. She was recommended as a Leading Lawyer in Banking for IFLR 1000 Financial and Corporate 2017 (Japan). |
About the author |
||
|
|
Takafumi OchiaiPartner, Atsumi & Sakai Tokyo, Japan T: +81 3 5501 2361 Partner Takafumi Ochiai acts for a wide range of Japanese and international clients in the financial and information technology sectors, including related dispute resolution and regulatory matters. He is a member of the firm's fintech team, and supports the Fintech Association Japan as a member of its secretariat. He is a legal advisor of the Japan Blockchain Association, a member of Finomentor, an advisor to the Incubation & Innovation Initiative (a consortium comprising of Sumitomo Mitsui Banking Corporation, Toyota, NEC and Japan Research Institution), and an advisor to the Cyber Finance Lab in the Digital Hollywood University. He was admitted as an attorney (Bengoshi) in Japan in 2006, and holds a B.S. degree from Keio University (2004). He worked in the Beijing office of another leading Japanese law firm in 2013. |
