All material subject to strictly enforced copyright laws. © 2022 IFLR is part of the Euromoney Institutional Investor PLC group.

Japan: a fresh dose of promotion

Sponsored by


Atsumi & Sakai partners Yuri Suzuki, Takafumi Ochiai, Ryosuke Oue, Naoki Kanehisa and Kenichi Tanizaki examine Japan’s regulatory repositioning on fintech in the wake of crypto- thefts

Atsumi & Sakai partners Yuri Suzuki, Takafumi Ochiai, Ryosuke Oue, Naoki Kanehisa and Kenichi Tanizaki examine Japan’s regulatory repositioning on fintech in the wake of crypto- thefts


There were significant developments in the Japanese fintech market in 2018 and early 2019. First, following two massive thefts in 2018 involving virtual currency exchanges, Japan's Financial Services Agency (FSA) published a report in December 2018 which proposed new regulatory requirements for virtual currency exchange service providers and a new regulatory framework for initial coin offerings (ICOs). Second, the FSA also announced its intention to ease restrictions on the types of activities in which banks can engage and in January 2019, it released a report suggesting the possibility that banks could be able to engage in a new business termed 'information trust banks'. On March 15 2019, the FSA submitted a bill to the Diet to amend the Payment Services Act to cater for these two aforementioned developments.

In June 2018, a new regulatory sandbox regime was also introduced and to date, three projects have been authorised, including a blockchain and a finance project. As in other countries, the Japanese government is attempting to promote the digitalisation of administrative services and regtech/suptech.

The end of virtual currency leakages?

The FSA had been confident about the virtual currency regulatory regime but the theft of NEM coins worth $500 million from Tokyo-based Coincheck on January 26 2018 dented that confidence, and the FSA has subsequently conducted on-site inspections of a significant proportion of virtual currency exchanges operating in Japan, issuing reporting orders and improvement orders to many of them.

Soon after the Coincheck case, the FSA organised a study group to reconsider the regulatory framework of virtual currency businesses. The group focused on: the occurrence of theft of customers' virtual currencies; service providers' failure to develop appropriate internal control systems in response to rapid business expansion, as revealed by the outcome of the inspections; the fact that virtual currencies have highly fluctuating prices and are being traded based on speculation; and the emergence of new types of transactions involving virtual currencies, such as margin trading and ICOs. During the study group's deliberations there was another virtual currency theft during which Tech Bureau was hacked and lost virtual currencies worth $60 million. The discussion based on the two theft cases and the outcome of inspections was compiled into a report which was published by the study group on December 21 2018.

The report addresses three core areas: virtual currency exchange service providers, margin trading and ICOs.

To address the risks of virtual currency leakages, additional requirements are being considered. In particular, where customers' private keys for deposited virtual currency are managed online (kept in a hot wallet), service providers are required to maintain net assets and funds in the same types and amounts as the deposited virtual currency in order to ensure reimbursement to customers in case of a leakage. A second key requirement is that customers are provided with a statutory lien that secures their claims to deposited virtual currency.

It is also proposed that service providers are:

  • required to disclose financial statements - and information regarding trading prices;

  • prohibited from advertisements and promotions that encourage speculative trading;

  • refused registration or have their registration cancelled if they have not joined the Japan Virtual Currency Exchange Association (JVCEA), a self-regulatory body, or have not established internal rules equivalent to JVCEA's rules;

  • prohibited from dealing in problematic virtual currencies and must notify the FSA in advance of each change of a line of virtual currencies;

  • required, when dealing in virtual currency margin trading, to be registered with the FSA in a manner similar to existing service providers dealing in foreign exchange margin trading;

  • subject to regulations such as the prohibition of unrequested solicitation, limitation of leverage ratio based on actual virtual currency price fluctuations and setting minimum margin amounts; and

  • required to explain the risks specific to virtual currencies.

To respond to numerous issues and to the future potential of ICOs, the report also proposes a new regulatory framework.

Given the importance of clarifying that soliciting investments by funding virtual currencies is subject to financial regulations, and in light of the easy transferability of ICO tokens and the risks to investors, the following frameworks are considered: (i) when soliciting 50 or more investors, requiring the issuer to provide both initial and subsequent public disclosure; (ii) regulating brokers/dealers of investment-type ICOs to the same degree as securities firms, and requiring that they examine the business and financial conditions of the issuer; (iii) applying the current unfair trading regulations to relevant parties; and (iv) restricting solicitation to retail investors in the same manner as restrictions on solicitation of unlisted stocks.

In terms of non-investment types of ICOs, virtual currency exchange service providers dealing in ICO tokens should provide users with information of use of proceeds and the feasibility of the project.

The study group also discussed measures to restrict unfair activities in virtual currency spot trading, such as prohibiting improper conduct, spreading rumours and price manipulation, requiring virtual currency exchange service providers to monitor transactions and prohibiting transactions aimed at profiting based on non-public information.

The report addresses possible regulation for virtual currency custodial services whereby custody service providers will have to be registered with the FSA and be subject to regulations under the Payment Services Act as a part of virtual currency services, such as the establishment of an internal control system, segregated management of users' deposited virtual currency and service providers' virtual currency, anti-money laundering measures, etc.

One year after the Coincheck theft case, the FSA has absorbed the lessons from the two theft cases, the subsequent inspections and the study group's discussions and it is now clearer on how to regulate virtual currency businesses. On March 15 2019, the FSA submitted a bill to the Diet to amend the Payment Services Act, the main features of which are the change to the defined legal term of 'virtual currencies' to 'cryptoassets', additional restrictions on cryptoasset exchange and custodial services and the introduction of new regulatory framework for margin trading and ICOs.

Relaxing restrictions on bank data use

On January 16 2019, the Study Group on the Financial System (set up under the FSA) released the 'Report on the development of data utilization by financial institutions'.

The Report discussed relaxing the restrictions on the types of business that financial institutions are permitted to conduct, to allow:

  • a bank to provide banking business related data to third parties;

  • insurance companies and Type I financial instruments business operators (ie, a securities company) to provide data related to their businesses to third parties; and

  • insurance companies to own, as subsidiaries, companies conducting a business which contributes, or is expected to contribute, to the advancement of the insurance business by using information and technologies.

Currently, traditional financial institutions such as banks, insurance companies and securities companies are only permitted to conduct businesses prescribed by the laws under which they operate and it is not clear whether those laws allow them to receive, store and analyse data provided by users, and to use the same for their businesses, or to provide it to third parties. The Report notes that there is no reason to prohibit traditional financial institutions from such data use.

On the other hand, when considering loosening the restrictions on the scope of banks' businesses, it is also necessary to take into account the purpose of the regulations, which is to prevent of conflicts of interest, prevent the abuse of a dominant bargaining position, and eliminate potential risks that might arise if banks are permitted to conduct businesses other than traditional bank related businesses.

Looking to balance these two considerations, the Report suggests that the scope of any newly permitted business must be limited to providing data to the extent that the data is related to a banking business: only (a) above (though it does not give any specifics of the exact scope).

After the provision of data to third parties is permitted, it might become possible for a bank to start a new business as an 'information trust bank': a business model in which personal data is not only managed using a system such as a personal data store (PDS) (pursuant to an agreement with the individual data subject regarding data usage), but is also provided to third parties in accordance with the instructions by the individual or based on a decision by the information trust bank on the individual's behalf after reviewing the appropriateness of doing so and most likely, made in accordance with the predetermined conditions.

Since the Report's publication, a bank and a leading consulting have firm launched an experiment for commercialisation, in collaboration with an academic medical centre. The business model considered in this case was that: medical data provided by medical institutions is accumulated at the information trust bank; the data is shared with other hospitals' doctors and pharmacists pursuant to the relevant individual's intent; and the accumulated medical data is provided to the data use company that has requested it.

Another leading bank is considering a structure in which personal information will be provided by the bank to a relevant data use companies that request the data, if a bank customer downloads relevant apps developed by the bank and comprehensively consents to share his/her medical information, financial information and location information, etc. with the information trust bank.

According to the proposed bill submitted to the Diet on March 15 2019, the provision of customer information that will contribute to the sophistication of financial service businesses and improved user experience is supposed to be added to the incidental services of banks, financial instruments business operators and insurance companies.

Regulatory sandbox in Japan

As the fourth industrial revolution rapidly develops around the globe, it is obvious that countries need to cultivate new core technologies and businesses in order to survive in the global market. Some developed countries are already aware that existing regulations have been hindering investment and the inflow of human resources, and are implementing improvements in their business and regulatory environments so that new businesses can be tested and evaluated without undue hindrance by existing and often archaic regulations – the so-called sandbox system.

In Japan, regulatory reform has been also recognised as an important policy issue to achieve sustainable economic growth, with two notable reforms having been introduced since January 2014: the 'System to Remove Gray Zone Areas' and the 'System of Special Arrangements for New Business Activities'. However, because these two systems presuppose the existence of certain business methods they had not been as effective in assisting the development of new businesses as hoped, so Japan was urgently in need of a regulatory sandbox system similar to those introduced in other developed countries.

In the meantime, information technologies (for example, the internet of things (IoT), big data and artificial intelligence) have rapidly generated innovation in the last few years, and industrial structures and international competition are experiencing disruptive changes.

To address these changes and lead the global economy by realising a productivity revolution, the Japanese government approved a New Economic Policy Package in December 2017 in which it decided to implement policies during 'a period for productivity revolution and intensive investment' leading up to 2020. In light of this, a regulatory sandbox regime was introduced in June 2018 under the Act on Special Measures for Productivity Improvement. The regime enables projects to be tested in an environment where relevant regulations are not applied immediately and the number of participants and project duration are limited.

Any company, including foreign companies, can apply to use this regulatory regime in Japan. In the application to use a regulatory sandbox, a business operator must specify certain matters, such as: (a) a demonstration of the business, including testing the possibilities of using innovative technologies such as AI, IoT or blockchain for future businesses; (b) the time and the place of the demonstration; (c) the scope of participants (which must include persons that may suffer a loss from the proposed business); and (d) how the data to be collected through the demonstration would be used in the deliberation of regulatory reform.

By January 2019, a total of three projects had been authorised:

  • Practicability test of home electric appliances that integrate high-speed PLC (power line communication) devices

This test aims to confirm that such a connection complies with the relevant safety laws and does not disturb communication or broadcasting activities. It is expected that the results of the test will facilitate the amendment of relevant governmental notifications (the interpretation of technical standards pertaining to electric installation mounted with a high-speed PLC device).
  • Online influenza medical examinations using a diagnosis kit

This test aims to encourage medical examinees to take an online medical examination using a diagnosis kit exclusively for online medical examinations when the examinee experiences a subjective symptom of influenza in order to confirm whether or not it may become an effective measure against pandemic influenza.
  • Establishing a transaction platform that enables the real time settlement of the sale and purchase of Bitcoin between cryptocurrency exchange operators

This test aims to verify the security of asset values, records and transactions of the side chain (that enhances the function of Blockchain) and secure the transparency of price formation and thus establish a stable and fair OTC transaction market.

The evaluations are expected to last from a few months to a year, though none is considered to conflict with existing rules.

Promoting digitalisation

The Japanese government is attempting to promote digitalisation in administrative services in order to build data links between government institutions, regional public bodies and the private sector, and to merge their services. In addition to streamlining bureaucracy, this project will also promote the fintech industry as fintech interacts with digital administrative services.

Currently, only approximately 12% of administrative procedures in Japan are conducted online and the government aims to enable all such procedures to be conducted online where possible. By digitalising administrative services, many inconvenient and time-consuming face-to-face communications and physical affixing of seals, etc, will be eliminated. There will also be a review of regulations so that procedures with the private sector can also put online. However, some regulations require the use of documents and do not permit the use of virtual forms and have had to be, or will need to be, amended to enable the roll-out of digital services. For example, The Act on Prevention of Transfer of Criminal Proceeds did not allow financial institutions to complete identity verification online, however it was amended in November 2018 to enable them to do so.

The government is also taking steps to reduce the administrative burden of requirements to submit multiple documents for similar administration services through a "once only" initiative. For example, the usage rate of the unified ID My Number card is less than 15% and the government is aiming to increase this by enabling the use of the My Number card for identification in place of documents such as residence certificates and certificates of registered information.

Hand-in-hand with the digitalisation of administrative procedures described above, the government is also looking at reducing the volume of documentation such as moving house, arranging nursing care and managing inheritance by enhancing digital links with private services to enabling those private companies to incorporate the procedures within their fintech services, and accumulate data to create more convenient services. There are also discussions on the digitalisation of certain administrative functions which are seen as a hinderance to foreign investment, such as the collection of inhabitant tax, procedures regarding foreigners' status of residence and matters relating to social insurance and labour insurance.

The government is expected to submit a bill to the Diet this year to move forward with these digitalisation initiatives.

Promoting regtech and suptech

In order to promote an efficient and effective response to regulations through the use of advanced technology by business operators (regtech) and the streamlining and advancement of supervisory and inspection activities through the introduction of advanced technology by the supervisory agency (Suptech), The Ministry of Economy, Trade and Industry (METI), the competent agency for credit card transactions, has determined that it is indispensable for the supervisory agency to understand the structure of the relevant technology and establish a system which enables its proper supervision. To achieve this, METI is expected to develop a basic framework for the introduction of regtech and suptech, and subsequently indicate how to use suptech for credit card transactions.

Firing the starting gun

Based on these regulatory changes and the government's and other authorities' commitments in 2018, further wide-ranging developments in the fintech market in Japan are expected in 2019.

About the author



Yuri Suzuki

Senior partner, Atsumi & Sakai

Tokyo, Japan

T: +81 (0)3 5501 2111



Yuri Suzuki is a senior partner in Atsumi & Sakai where she heads the firm's fintech team. Yuri is a member of the secretariat of the Fintech Association Japan and has substantial experience in fintech, including in payments, lending, invoice trading, wealth management, crowd funding, crypto assets, insurtech and regtech. She serves as a legal advisor to the Japan Blockchain Association and provides support to the Tokyo Metropolitan Government Accelerator Programs and the MUFG Digital Accelerator Program.

About the author



Takafumi Ochiai

Partner, Atsumi & Sakai

Tokyo, Japan

T: +81 (0)3 5501 2111



Takafumi Ochiai is a partner in Atsumi & Sakai and a core member of the firm's fintech team. He is a member of the general secretariat of the Fintech Association Japan; the Ministry of Economic Trade and Industry's Committee to Discuss Legal System for Blockchain; Japan Bank Association's research committee for the promotion of open API; and the Innovative Technology/Business model Evaluation Committee for Regulatory Sandbox of the Cabinet Office.

About the author



Ryosuke Oue

Partner, Atsumi & Sakai

Tokyo, Japan

T: +81 (0)3 5501 2111



Ryosuke Oue is a partner in Atsumi & Sakai and a core member of the firm's fintech team. Ryosuke acts for fintech companies as well as a major credit card issuing company. He has extensive experience in banking and finance, asset finance and structured finance, acting for a wide range of Japanese and international banks and financial institutions. He also has extensive experience advising foreign investors on renewable energy projects in Japan.

About the author



Naoki Kanehisa

Partner, Atsumi & Sakai

Tokyo, Japan

T: +81 (0)3 5501 2111



Naoki Kanehisa is a partner in Atsumi & Sakai and currently heads the firm's London office. He has recently been assisting UK and European clients, including fintech companies, to set up their businesses in Japan. Naoki has presented seminars on fintech in London, including "Procedures and Licencing Requirements for Japan Market Entry for Asset Management and Fintech Businesses," at the Tokyo-London: Financial Seminar 2018, hosted by the Tokyo Metropolitan Government.

About the author



Kenichi Tanizaki

Partner, Atsumi & Sakai

Tokyo, Japan

T: +81 (0)3 5501 2111



Kenichi Tanizaki is a partner in Atsumi & Sakai with experience advising major banks, financial institutions and fintech companies on a wide range of banking and finance matters, including API interconnection, cashless settlement, money transfer and other innovative services. Kenichi also advises on regulatory, compliance and AML/CFT issues. He has presented seminars on fintech, including bank API, regulatory issues and cashless settlement at domestic and international financial institutions and symposiums.