Starting on May 1, Japan began enforcing a slew of new cryptocurrency regulations recently passed as updates to existing laws. That’s welcome news for those in Japan’s active cryptocurrency community, as the new rules provide greater clarity and direction on how to remain compliant while running a cryptocurrency business. Beyond that, the updates are reasonable in their demands of cryptocurrency businesses and account for the latest technologies and business models taking hold in this ever-changing industry.
Below, we’ll run through Japan’s new regulations and tell you how they build on the original laws they’re modifying.
Payment Services Act
The Payment Services Act (PSA) defines rules for fund transfers outside of traditional banking, such as those involving gift cards and other non-standard stores of value. Lawmakers added cryptocurrency provisions to the PSA in 2016 with urgency following the Mt. Gox exchange hack, and those provisions have functioned as Japan’s primary cryptocurrency regulations since then.
Here’s a summary of the original cryptocurrency provisions added to the Payment Services Act in 2016:
A legal definition of cryptocurrency. Following FATF standards, the PSA’s 2016 additions define cryptocurrency as any property value that:
- Is recorded on an electronic device or any other object by electronic means
- Can be transferred by means of an electronic data processing system
- Is not the Japanese currency, a foreign currency, or a currency-denominated asset
- Can be used by any person for the purchase or lease of goods and services
- Can be purchased from or sold to any persons
A legal definition of a cryptocurrency exchange. Likewise, the PSA’s 2016 additions also define a cryptocurrency exchange as any business that provides any of the following services:
- Allows users to purchase, sell, or exchange cryptocurrency
- Serves as intermediary or broker for (1)
- Holds user’s funds and cryptocurrency for (1) and/or (2)
Licensing for Japanese cryptocurrency exchanges. In addition to providing a legal definition of what a cryptocurrency exchange is, the PSA’s 2016 cryptocurrency rules also lay out the information exchanges must provide in order to become licensed. That information includes:
- Company name and headquarters address
- Name and address of the office that mainly handles cryptocurrency business operations
- Names of all company board members
- Name of the company’s accounting advisor
- Names of all cryptocurrencies the exchange supports
- Amount of capital held by company. It’s important to note that a cryptocurrency exchange must hold at least 10 million yen to be licensed.
- Details of company’s business model and all cryptocurrency business the company conducts
If the FSA finds any cryptocurrency exchanges operating in Japan without a license, it starts by issuing a warning, both directly to the company itself and publicly on its official website.
Ongoing requirements for Japanese cryptocurrency exchanges. The PSA also lists several consumer protection-focused standards all exchanges must meet on an ongoing basis after being licensed. These include:
- Taking appropriate measures to protect customers’ personal information
- Supervising any contractors with access to customers’ personal information to ensure (1) is met
- Informing all new users of the following: The exchange's legal name, government registration number, risks of cryptocurrency that could affect a customer's decision to purchase, and the fact that cryptocurrency is not a fiat currency backed by the Japanese government or any other
- Keeping customer funds separate from the exchange’s funds
- Submitting to audits of (4) annually by an external auditor
Japan’s self-regulatory organization for cryptocurrency exchanges. Finally, the PSA’s original cryptocurrency provisions allow Japanese cryptocurrency exchanges to create additional regulations for themselves through a self-regulatory association certified by the Japanese government. That role is filled by the Japan Virtual and Crypto Assets Exchange Association (JVCEA). All licensed cryptocurrency exchanges or exchanges in the process of being licensed are members.
The latest round of cryptocurrency-focused updates to the PSA add more specificity to the law and clear up a few grey areas from 2016. Below is our summary of the new provisions:
A fourth possible criterion for designating cryptocurrency exchanges. The latest updates to the PSA stipulate that any company that holds cryptocurrency for others will be classified as an exchange, except in cases other laws specifically regulate this activity. In essence, this adds a fourth criteria to the original three for evaluating whether or not a business is a cryptocurrency exchange. The phrase referring to exceptions based on other laws refers practically to Japan’s Act on Concurrent Operation, etc. of Trust Business by Financial Institutions, which states that banks and bank subsidiaries may not offer custodial services for cryptocurrency.
New rules for custodial cryptocurrency businesses. Starting in 2020, all cryptocurrency businesses that take custody of users’ funds — for example, most hosted wallets — are considered equivalent to cryptocurrency exchanges and are regulated as such. That means they must meet the same exchange licensure and conduct requirements delineated in the original 2016 cryptocurrency-specific additions to the PSA, even if they don’t actually facilitate the exchange of cryptocurrency. The FSA clarified this requirement further while addressing public comments during the provision’s ratification, stating that it applies only to companies whose custody gives them the ability to transfer users’ funds without their knowledge, thereby exempting businesses who hold only partial private keys, such as those providing multi-sig addresses.
Stronger rules on separation of user and company funds. The PSA’s new cryptocurrency provisions also strengthen the rules demanding exchanges store user funds separately from company funds. There are three key additions:
- Exchanges must now store any fiat money customers hold at the exchange with a separate bank or trust company.
- Exchanges can only keep as much customer funds as necessary for daily business operations in hot wallets. The rest must be placed in cold storage.
- Exchanges must hold the equivalent of all customer funds stored in hot wallets — in both quantity and currency type — in cold storage so that customers can be reimbursed promptly in the event of a hack or other loss of funds.
These rules show that the Japanese government is serious about exchanges providing a safe experience for customers.
Act on Prevention of Transfer of Criminal Proceeds (AML Act)
The AML Act as it’s colloquially known lays out the rules financial institutions, money services businesses (MSBs), and other businesses facilitating value transfers must follow to prevent criminals from laundering ill-gotten funds. While the AML Act predates the invention of cryptocurrency, lawmakers in 2016 added cryptocurrency exchanges to the list of designated businesses who must follow the law. That means that, like financial institutions, cryptocurrency exchanges must take the following actions to prevent money laundering and other forms of financial crime on their platforms:
- Gather and maintain Know Your Customer (KYC) information from users
- Monitor transactions
- Provide Suspicious Activity Reports (SARs) to Japan’s Financial Services Agency (FSA) when a transaction or pattern of user activity is deemed suspicious. For context, the FSA is Japan’s primary financial regulation enforcement agency, analogous to FinCEN in the United States.
- Create formal programs to enforce AML rules
These provisions largely mirror the guidance provided by FATF, and remain an important source of guidance for Japanese exchanges.
Regulators updated the AML Act in 2020 to strengthen the KYC procedures all businesses governed by the act — not just cryptocurrency exchanges but traditional financial institutions as well — must conduct when onboarding new customers.Starting this year, companies must ask new users for two unique identification documents when conducting KYC checks. While many cryptocurrency exchanges were likely already doing this, the stricter rule provides more specific instruction and guarantees a minimum standard of due diligence that all exchanges must meet when vetting new users.
Financial Instruments and Exchange Act
The Financial Instruments and Exchange Act (FIEA) codifies Japanese laws around securities and companies dealing in securities. Prior to 2020, the FIEA contained no regulations related specifically to cryptocurrency.
Starting this year, the FIEA now provides rules on initial coin offerings (ICOs) and cryptocurrency derivatives trading.
Rules for cryptocurrency derivative trading. Any business that allows users to trade cryptocurrency derivatives must register with the FIEA. If they provide traditional exchange or custodial services as well, they must also register as an exchange with the FSA, as defined in the Payment Services Act. In addition, the new FIEA rules say that users can only leverage themselves up to 2x on margins trading, which is significant given that many popular deriatives trading platforms allow for up to 100x leverage. The new rule goes a long way toward limiting the maximum amount customers can lose on these riskier trades.
ICO tokens defined as securities. The new FIEA provisions formally define ICO tokens as securities. The FIEA has long divided securities into two types, which we’ll refer to as Type 1 and Type 2 securities here (in Japanese, these securities are known as 第一項有価証券 and 第二項有価証券, which translate to Paragraph 1 and Paragraph 2 respectively — there isn’t a more descriptive translation). Type 1 securities are publicly available and broadly distributed, and as such issuers face strict rules around reporting and disclosure. Corporate stocks and bonds would fall into this category. Type 2 securities, on the other hand, are narrowly distributed and usually represent interests in collective investment schemes, and as such face less strict requirements. The new FIEA provisions define ICO tokens as a Type 2 security, while tokens associated with STOs, which more resemble traditional securities in that they give owners a more direct stake in the business, would generally fall under Type 1.
A new self-regulatory organization for ICO/STO token issuers. Lasly, the FIEA’s new provisions allow for the establishment of a new self-regulatory organization for businesses who want to raise money by issuing tokens, similar to what the JVCEA provides for exchanges. The Japanese government has approved the Japan Security Token Offering Association (JSTOA) to fulfill this role.
Japan is providing leadership for the industry
These latest regulations represent a big win for the Japanese cryptocurrency industry. Exchanges and other services now have clearer guidance and reasonable expectations from government on how to conduct business, while customers have clear protections in place that will allow them to use cryptocurrency as safely as possible. We hope other countries’ regulators follow their lead. If you’d like to learn how Chainalysis can help Japanese firms follow the new regulations, click here to schedule a demo!