Fintech 2021

Last Updated March 18, 2021


Law and Practice


Anderson Mori & Tomotsune is one of the largest and most international Japanese law firms. It is best known for its long history of advising overseas companies doing business in Japan and in cross-border transactions. The main office in Tokyo is supported by two offices in Japan and seven overseas. The firm has one of the leading fintech practices in Japan. With extensive experience across all areas of fintech, its skilled lawyers provide innovative, up-to-date legal advice to clients in this fast-growing and cutting-edge industry. Because of the firm’s long history of success and proven understanding of new technology, their advice is regularly sought in fintech-related matters, including applications for licences and regulatory approvals for business start-ups, analysis of financial regulatory issues, development and marketing of innovative financial instruments, products and transactions, and consultations and negotiations with official regulatory authorities and self-regulatory organisations.

Notable Evolution over the Past 12 months

Digital securities

Over the past 12 months we have seen an increasing number of major financial institutions entering into, or expressing a strong interest in, getting involved with the digital securities’ (aka security tokens) sector. Below are some examples:

  • Since late 2019, Mitsubishi UFJ Trust and Banking Corporation has been developing a distributed ledger-based platform named “progmat”, which enables automatic management of digital securities’ transactions;
  • In March 2020, Nomura Securities and its tech-subsidiary BOOSTRY announced that they have provided the technical infrastructure for, and underwritten, "Digital Asset Bonds" and "Digital Bonds" issued by Nomura Research Institute;
  • In July 2020, Kenedix, real estate investment and asset management company, BOOSTRY and Sumitomo Mitsui Trust Bank announced their collaboration on the issuance of real-estate-backed digital securities; and
  • In January 2021, SBI Holdings and Sumitomo Mitsui Financial Group revealed a plan to establish a joint venture provisionally named “the Osaka Digital Exchange”, which handles, in addition to traditional stock, digital securities.

These developments were ignited by the introduction of new regulations on digital securities under the Financial Instruments and Exchange Act (the “FIEA”), which came into effect on 1 May 1 2020.

Private sector digital currency and Central Bank Digital Currency (CBDC)

From June to November 2020, DeCurret, one of the Japanese crypto asset exchange service providers (CAESPs), hosted a study group with the goal of building a digital settlement infrastructure using fiat currency pegged digital currencies. The study group included participants from three megabanks (Mizuho Bank, MUFG Bank and Sumitomo Mitsui Banking Corporation) and major Japanese companies including telecom (NTT Group and KDDI). The Financial Services Agency (the FSA), Ministry of Finance, Ministry of Internal Affairs and Communications, Ministry of Economy, Trade and Industry (the METI) and Bank of Japan (BOJ) also participated in the study group as observers. In November 2020, the study group published its final report declaring that digital currency issued by the private sector should ideally be a "two-layered digital currency" with a core function of a blockchain-based digital currency as its base layer and an additional layer implementing business logic and smart contracts.

Meanwhile, in October 2020, the BOJ published a paper entitled “The Bank of Japan's Approach to Central Bank Digital Currency” and revealed that it aims to start PoC Phase 1 in early 2021.

Trends in the Next 12 Months

Further evolution of digital securities, private sector digital currencies and CBDC will remain a key focus of the fintech market.

In addition to that, the introduction of one-stop financial services intermediary business would have a significant impact on the fintech market in Japan. In June 2020, the Act on Sales, etc. of Financial Instruments (the ASFI) was amended in order to establish a financial services intermediary business capable of intermediating the cross-sectoral financial services of banking, securities and insurance under a single license. The ASFI was renamed the Act on Provision of Financial Services (the APFS) and will come into effect in mid-2021. The APFS is expected to meet a growing need for one-stop online platforms by enabling access to various types of financial services.

In Japan, almost every area of finance has been benefitting from robust fintech innovation. Online or mobile payment services, cryptocurrency-based businesses, robo-advisors and financial account aggregation services which utilise open API are among the predominant sectors. 

One indication that the fintech business is maturing is the shift from major players as fintech start-ups to well-established companies, such as traditional, major financial institutions and telecom companies.

Apart from the regulations applicable to crypto-asset exchange services (CAESPs) and electronic payment intermediate services, there is no specific regulatory framework for fintech businesses. If the services provided by the fintech companies are subject to existing financial regulations, such as obtaining applicable authorisation (licences or registrations), they are required to comply with them. Below is a high-level outline of the regulations applicable to popular fintech services.

Online/Mobile Payment

While there are many payment methods and instruments in Japan, there is no comprehensive payment law.

  • A prepaid payment instrument is an instrument that records a certain value charged in advance of its use and is then debited as payment of consideration for goods and/or services. PPIs are regulated under the Payment Services Act (the PSA).
  • Instalment payments made in consideration for goods or services that are divided over two months or more are regulated under the Instalment Sales Act. The Act substantially covers all credit card payments.
  • Remittance or money transfer is regulated pursuant to the Banking Act and other specific laws applicable to financial institutions. Only banks and such financial institutions are allowed to conduct remittance businesses. However, services involving money transfers of up to JPY 1 million per transaction can be provided without the aforesaid licence if the firm obtains registration as a “funds transfer service provider” under the current PSA. A June 2020 amendment of the PSA will come into effect within a year and facilitate the increased use of online payments.  The amended PSA classifies fund transfer services into the following three categories: (1) Fund Transfer Service (FTS) involving remittances exceeding JPY1 million per transaction, (2) FTS that correspond to the current classification of FTS in the PSA and (3) FTS involving remittances of small amounts of several tens of thousands of yen.

Crypto-Asset-Related services

  • CAESPs are regulated under the PSA. Most of the so-called payment tokens and utility tokens would fall within the definition of a crypto asset (CA). Those who provide crypto asset exchange services (CAES) or custody services thereof must register with the FSA.
  • Crypto asset derivatives are regulated as a financial derivative under the Financial Instruments and Exchange Act (the FIEA). a company engaging in providing crypto asset derivatives has to register as a Type 1 Financial Instruments Business Operator (Type 1 FIBO)

Digital Securities

In May 2020, amendments to the FIEA, which include a new regulatory framework for securities, transferable by using electronic data processing systems, came into effect. An issuer of tokenised securities is, unless exempt, required, upon making a public offering or secondary distribution, to file a securities registration statement and issue a prospectus. Any person who engages in the business of the sale, purchase or handling of the public offering of tokenised securities is required to be registered as a Type 1 FIBO. 


A robo-adviser providing users with automated access to investment products is required to be registered as an investment manager, if providing discretionary investment management services, or an investment advisor if providing non-discretionary investment advisory services under the FIEA.

Open Banking/Electronic Payment Intermediate Service Providers

Entities which intermediate between banks and customers, such as entities using IT to communicate payment instructions to banks based on entrustment from customers or entities using IT to provide customers with information regarding their financial accounts deposited in banks, are categorised as Electronic Payment Intermediate Service Providers under the Banking Act and are required to register with the FSA.

There are no regulations specifically targeting fintech companies in connection with compensation models. The compensation restrictions under traditional finance regulations are applicable to fintech services as well.

There are no specific regulatory incentives applicable to fintech companies. Fintech companies are on equal-footing with legacy players.

The Japanese regulatory sandbox was introduced in June 2018. The regulatory sandbox can be used by both the Japanese people and overseas companies. It enables companies to apply and receive approval for innovative and new projects not yet covered by current regulations without having to amend such existing regulations. Approved projects may not be carried out as a business but rather as a PoC or demonstration under certain conditions, including limitations on the number of participants and length of operations. There are no restrictions on the business sectors which can benefit from the sandbox.

The main regulatory body of fintech businesses is the FSA, including the local finance bureaus it has delegated certain aspects of its authority to. The METI has jurisdiction over credit cards and instalment payments. The Ministry of Land, Infrastructure, Transport and Tourism has jurisdiction over some types of real estate fund businesses.

The National Police Agency, the FSA and the MOF have co-jurisdiction over AML/CFT.

The Personal Information Protection Committee is the prime regulator of personal information, but the FSA shares regulatory power over the protection of personal information in the financial sector.

Under Japanese law, when a business operator engaging in a regulated business outsources part of its business, it is obliged to properly supervise the outsourcee in accordance with the applicable laws and regulations.

For example, when a CAESP regulated under the PSA outsources part of its CAES to a third party (including outsourcing in two or more stages), it is required to supervise such third party and take other such necessary measures to ensure the proper and reliable execution of the outsourced functions.

Under Japanese law, providers of fintech-related services are responsible as gatekeepers within the scope of the applicable regulations. For example, as a gatekeeper providing a platform for the exchange of fiat currency and CA, CAESPs are subject to various obligations from the perspective of user protection and AML/CFT.

Specifically, from the viewpoint of user protection, CAESPs are obligated to provide certain information to users.

In addition, from the perspective of AML/CFT, CAESPs are required — as specified business operators under the Act on Prevention of Transfer of Criminal Proceeds (APTCP) — to take steps to ascertain certain information when commencing transactions with users.

The upsurge of the Japanese crypto-asset market was stalled in January 2018 when one of the largest CAESPs in Japan announced losses of approximately USD530 million due to a cyber attack on its network. 

After this hacking incident, the FSA conducted inspections of all deemed CAESPs (ie, crypto-exchanges allowed to provide services to their clients without having undergone the applicable registration during the grace period) and seven registered CAESPs. 

The FSA found internal weaknesses in most of these entities, particularly in the areas of AML/CFT and cybersecurity. As a result, business improvement orders or business suspension orders were issued to all these exchanges. Pursuant to the findings of the FSA inspections, the bar for obtaining registration as a CAESP has now been significantly raised.

The Act on the Protection of Personal Information (the APPI) is a principle-based regime for the processing and protection of personal data in Japan. The APPI generally follows the eight basic principles of the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data. The Act is applicable to all private businesses, including fintech business operators. Based on the requirements of the APPI, every governmental ministry in Japan issued administrative guidelines applicable to the specific industry sectors under its supervision. Fintech businesses are required to comply with the “Guidelines on Personal Information Protection” that are relevant to the financial services industry.

In Japan, there are no entities other than accounting/audit firms that review the activities of industry participants.

For some industries, however, self-regulatory organisations also conduct reviews separately from regulators or accounting/audit firms under the applicable laws or regulations.

For example, the Japan Virtual and Crypto-assets Exchange Association (the JVCEA), an authorised self-regulatory organisation under the PSA, has the authority to review its CAESP members.

NFT is an abbreviation of Non-Fungible Token. A “Non-Fungible Token” is not defined under Japanese regulation, but is generally understood to refer to an irreplaceable token minted on a blockchain. Since NFTs are digital items minted on a blockchain, the question is whether NFTs also constitute CAs under the PSA.

NFTs are increasingly being used in various fields because, although they are digital data generated on a blockchain, they are characterised as irreplaceable because of the unique values assigned to them.

If the specifications or functions of NFTs are limited like trading cards and in-game items, and if NFTs do not serve economic functions such as being a means of payment like CAs, they are likely to constitute CAs.

Japanese financial laws do not require different business models for different asset classes, per se.

Legacy players are proactively utilising robo-advisers. Having said that, unlike in the US, the Japanese robo-adviser market is relatively small and a couple of independent robo-advisory companies are deemed market leaders.

Currently, there are no specific rules and no guidance applicable to robo-advisers in connection with best execution of customer trades.

There is no significant business or regulatory difference in online lending based on whether the borrower is an individual or a corporation.

Except in the case of commercial banks and certain banks incorporated for specific purposes, engaging in the loan business requires registration under the Money Lending Business Act (the MLB Act) and is subject to the MLB Act regulations. Under the MLB Act, a loan provider must prepare a written contract and certain explanatory documents and receipts. Further, the interest rate of a loan is subject to the Interest Rate Restriction Act and the Act Regulating the Receipt of Contributions, the Receipt of Deposits, and Interest Rates. Loan interest rate per annum must not exceed 20% for loans with a principal amount of less than JPY100,000, 18% for loans with principal amount of between JPY100,000 and JPY999,999, or 15% for loans with a principal amount of JPY1 million or more). These regulations apply to loans to corporate borrowers as well as individual borrowers.

In Japan, loan providers do not engage in underwriting for non-professional investors. If a non-bank loan provider sells its loan receivables, its assignee would also be subject to the MLB Act regulations. This regulatory restriction makes it difficult to implement the underwriting of loan receivables for non-professional investors.

Selling loan receivables to professional, institutional investors who can comply with the MLB Act may be a practical option. However, underwriting transactions — ie, the transfer of loan receivables immediately after a loan transaction — are not usually entered into. Instead, a loan provider is more likely to sell the loan receivables for financial purposes  after it has had sufficient time to observe performance of the loan receivables.

Most of the funds raised for loans are lender-raised capital. Securitisation of online lending receivables has not been typical, and it is also uncommon to raise funds for specific lending transactions from general investors.

Online lending services in the form of syndicated loans are not available in Japan.

There is no legal requirement stating that payment processors must use existing payment rails. With that said, most payment processors in Japan use bank or credit card networks to provide payment processing services, except for transactions between accounts opened with the same payment processor.

Foreign remittances are subject to the APTCP, Japan's AML law. Financial institutions and certain other payment providers that receive requests for foreign remittances are required to verify the remitter's identity and confirm the purpose of the remittance in accordance with the AML Act.

The Foreign Exchange and Foreign Trade Act (Act No. 228 of 1949, the Foreign Exchange Act) applies to remittances to and from abroad. Specifically, a payer who remits JPY30 million or more to a payee overseas or a payee that receives such amount from overseas, is required to submit a transaction report under the Foreign Exchange Act.

Further, payments for capital transactions and certain other transactions (mainly related to those for financial control of corporations domiciled in Japan) are subject to separate regulations under the Foreign Exchange Act.

Fund administrators (that is, those who do not have custody of assets) are not generally regulated or subject to qualification requirements. However, certain laws specifically require a fund to engage a fund administrator and/or regulate fund administrators. For example, a fund that is incorporated as an investment corporation is required to hire a fund administrator and such fund administrator would owe the duties of loyalty and of a prudent manager's due care under the Act on Investment Trusts and Investment Corporations.

Furthermore, a fund custodian is legally and contractually obligated to segregate the fund's assets from its proprietary assets or the assets of other funds.

On a related note, in Japan, crypto-asset funds are substantially prohibited and only funds in the form of certain partnership structures are permitted to invest in CAs.

In general, administrative contracts are not regulated. However, as funds and fund operators are subject to certain regulations regarding their operations, fund administrators are generally required under contracts with funds or fund investors to comply with the relevant laws and regulations. The obligations of fund administrators typically include periodic reporting, the reporting of incidents, and an acceptance of inspections.

In respect of custody duties, please refer to 6.1 Regulation of Fund Administrators.

In Japan, marketplaces are governed by laws and regulations dependent on the type of financial instrument in question. For example, securities such as stocks are regulated by financial instruments exchanges under the FIEA. Commodities such as gold or crude oil, on the other hand, are regulated by commodity exchanges under the Commodity Futures Act.CAs are regulated by CAESPs as marketplaces under the rules of the PSA.

In Japan, financial instruments are regulated under different laws and regulations, depending on their type.

For example, securities such as stocks are regulated by the FIEA and are classified as Paragraph I Securities (defined in 12.4 Regulation of "Issuers" of Blockchain Assets) or Paragraph II Securities (also defined in this section) based on their degree of tradability, and are subject to strict registration requirements, disclosure regulations, and conduct rules.

Commodities such as gold or crude oil are regulated under the Commodity Futures Act and are subject to regulations similar to those for securities under the FIEA. However, the competent authority in respect of commodities is not the FSA but the Ministry of Agriculture, Forestry and Fisheries or the Ministry of Economy, Trade and Industry, and the disclosure requirements applicable to commodities are not as strict as those applicable to securities.

CAs are regulated under the PSA, and CAESPs that provide a venue for the trading of CAs are subject to regulation. As is the case with securities under the FIEA, CAESPs are subject to strict registration requirements and conduct rules. The PSA does not impose strict disclosure regulations (as with securities) because the purpose of the PSA is limited to ensuring fairness of settlement instruments.

Japan has emerged as one of the largest global crypto-asset markets and was the first country to establish a regulatory framework for CAs. Besides enabling the registration of CAESPs wishing to provide CAES to residents in Japan, such framework seeks to protect customers of CAESPs and prevent crypto-asset-related money laundering and terrorism financing.

Under the PSA, CAESPs are required to:

  • take such measures necessary to ensure the safe management of information available to them;
  • provide sufficient information to customers;
  • take such measures necessary for the protection of customers and for the proper provision of services;
  • segregate the property of customers from their own property and subject such segregation to regular audits by a certified public accountant or audit firm; and
  • establish internal management systems to enable the provision of fair and appropriate responses to customer complaints, and implement measures for the resolution of disputes through financial ADR proceedings.

It should be noted that a CAESP is required under the PSA to both manage the money of users separately from its own money and to entrust users’ money to a trust company or any other similar entity in accordance with the provisions of the relevant Cabinet Office Ordinance. In other words, a CAESP is required to not only manage the money of users in bank accounts separately from its own, but also to entrust such money to a trust company or trust bank, acting as trustee.

In addition, the FIEA prohibits, with penalties, unfair acts in CA trading (without limitation as to the victims of such acts) for purposes of protecting users and preventing unjust gains. However, insider trading regulations have not been included within the scope of the FIEA because of the difficulties in identifying issuers and undisclosed material facts pertaining to CAs.

The criteria for the listing of CAs by CAESPs is set out not in the PSA, but in the "Rules on Handling of New Crypto Assets" formulated by the JVCEA, a self-regulatory organisation.

Specifically, CAESPs must carefully determine whether it is appropriate for them to handle CAs if the relevant CAs have any of the following characteristics:

  • the CA is being used or will likely be used in a way that violates laws, regulations, or public order and morals;
  • the CA is used or will likely be used for criminal purposes;
  • the CA is used or will likely be used for money laundering or terrorist financing;
  • the CA presents significant impediments or concerns to the updating or maintaining of transfer or retention records;
  • the CA issuer is unable or unwilling to be properly audited by a chartered accountant or an audit firm; or
  • the CA cannot be managed or disbursed in a systematic or otherwise secure manner (or it will be difficult to do so).

Regarding transactions of CAs, the JVCEA’s self-regulatory "Rules concerning development of order management system for crypto-asset exchange services" regulates the system for order management in CAESPs by stipulating the processes necessary to carry out proper business operations regarding acceptance of orders and processing of contracts from users when CAESPs carry out transactions related to the exchange of CAs with users.

Specifically, CAESPs are required to formulate internal rules for the development of order management systems, to control unfair transactions and to execute transactions on the best terms.

Recently, decentralised exchanges (DEXs) – exchanges of CAs accessible to the general public – have emerged as a form of decentralised finance, and their trading volume has rapidly increased in recent years.

Under Japanese law, there are no specific regulations for DEX. However, if the services provided by DEXs fall within regulated activities under the existing law, such DEXs may be subject to the relevant regulations. More specifically, DEXs may be subject to the regulations on CAES as an intermediary for the sale or exchange of CAs under the PSA.

However, DEXs are characterised as decentralised exchanges with no specific centralised administrator. Therefore, if DEXs are so decentralised that no specific operator is conceivable and the person required to register as a CAESP is not conceivable, it would be difficult to apply the PSA to such an operator as a practical matter.

With regard to transactions of CAs, the Cabinet Office Ordinance on Crypto-asset Exchange Service Providers and the JVCEA self-regulatory "Regulations concerning establishment of order management system for crypto asset exchange services" require CAESPs, when offering multiple transaction methods to users, to specify and publish those methods, the best conditions under which the methods should be used, and the reasons for why any method should be selected for each type of CAs handled by the CAESP.

There are no specific regulations on payment for order flow in Japan.

The purpose of the FIEA is to ensure fairness in the issuance of securities and in transactions of financial instruments, etc, to facilitate the circulation of securities, ensure fair price formation of financial instruments, and, by full operation of the functions of capital markets, contributing to the sound development of the national economy and the protection of investors.

Accordingly, the FIEA prohibits any person from engaging in unfair transactions with respect to the purchase and sale of securities, other transactions, or derivative transactions.

With regard to CAs, there have been cases in which undisclosed information (ie, the commencement of handling of a new CA) was leaked outside a CAESP, and those who obtained such information had allegedly profited from it. The 2019 amendment to the FIEA also prohibits any person from engaging in unfair trading in spot trading of CAs or crypto-asset-related derivative transactions.

Given the increased volume of high-frequency trading (HFT) and its influence on the market, Japan implemented regulations relating to this type of trading in 2018. Although commonly referred to in English as HFT, this type of trading is known in Japan as “high-speed trading (HST)” (kousoku torihiki) pursuant to the FIEA. In line with this terminology, as explained below, the frequency of trading is not a requirement of HST pursuant to the FIEA.

The FIEA specifies certain categories of trading as HST, including the sale or purchase (or entrustment thereof) of securities or market transactions of derivatives, the management of funds or other assets constituting the sale or purchase, and the execution of over-the-counter derivative transactions that cause a counterparty to conduct the sale or purchase. These categories constitute HST when the trading decision is made automatically through an electronic information processing system, and the information necessary for the trade based on that decision is communicated through information technology to the financial instruments exchange or proprietary trading system (PTS), with a method to shorten the time usually required for that communication.

A trader engaging in HST is required to register as a high-speed trader and establish an operational control system, manage risks and provide certain information relating to that trading to the FSA. However, simply developing or creating trading algorithms or other electronic trading tools is not regulated under the FIEA.

There is no such requirement under the FIEA.

HST regulations under the FIEA are principally applicable to traders, including with regard to funds, except that certain reporting requirements are also applicable to dealers (ie, financial instruments business operators registered under the FIEA) when the dealers are engaging in proprietary trading. A financial instruments business operator may not accept HST orders from a trader who is not registered pursuant to the FIEA, or from a registered trader for which the financial instruments business operator is unable to confirm implementation of appropriate trading system management.

There is no such regulation under the FIEA as explained in 8.1 Creation and Usage Regulations.

In Japan, there are no specific laws or regulations applicable to the provision of financial research platforms. However, the operation of investment management businesses and investment advisory businesses are regulated under the FIEA as described in 9.3 Conversation Curation. In addition, if a financial research platform has any function that helps to match a user's transactions of any financial instruments, the platform operator may be required to register as a financial instruments business operator under the FIEA.

The FIEA prohibits the spreading of rumours or other information relating to securities or derivative transactions without verification that the statement has a reasonable basis. More specifically, the FIEA prohibits dissemination of rumours for purposes of:

  • selling or purchasing, engaging in any transaction in respect of securities or CAs or engaging in any derivative transactions relating to financial instruments or indexes, including crypto-asset derivative transactions; or
  • causing any fluctuation in the quotations of any securities or financial instruments or indexes of derivative transactions, including crypto-asset derivative transactions.

For purposes of the FIEA, rumours are interpreted by the disseminator as information lacking a reasonable basis. Therefore, rumours include more than simple statements of false information.

Additionally, certain market manipulations using representations that are intended to induce transactions of securities and derivatives are generally prohibited under the FIEA.

Responsibility as Platform Operator

If the operation of financial research platform constitutes an investment advisory business under the FIEA, the operator is subject to a registration requirement. A registered operator would generally be instructed by the FSA to prevent the spread or exchange on the platform of statements made with the intent of market manipulation, or the provision of inside information. Although no general rules or guidelines are provided with respect to prevention measures, the definition of market manipulation activities under the FIEA includes:

  • engaging in fake sales and purchases;
  • collusive sales and purchases;
  • actual sales and purchases; or
  • false representation for purposes of misleading other persons into believing that the sale and purchase of securities, CAs or derivative transactions are thriving, or otherwise misleading other persons about the state of those transactions.

Definition of Investment Advisory Business

An entity constitutes an investment advisory business under the FIEA if:

  • the business operator promises to provide the customer with advice on either the value of securities or an investment decision based on an analysis of the value of financial instruments, and the customer agrees to pay a fee as compensation for that advice (the Investment Advisory Agreement); and
  • the business operator provides advice pursuant to the Investment Advisory Agreement. 

Advice as to the value of securities is generally understood to mean an express or implicit presentation of expected future profits (eg, capital gains, income gains) that would accrue from investment in securities. For example, if a financial research platform provided a recommendation for an investment in certain securities — including portfolio information relating to certain prominent investors — to customers for a fee, that platform may constitute an investment advisory business and its operator may be required to register pursuant to the FIEA.

In Japan, when a company (including a fintech company) engages in insurance solicitation (ie, acts as an agent or intermediary for the conclusion of insurance contracts), it must be registered as an insurance agent or insurance broker under the Insurance Business Act.

In Japan, no distinction is made between different types of insurance in terms of their treatment by the regulators.

There is no regulation in Japan that relates specifically to providers of regtech.  Accordingly, such providers are regulated under the existing legal framework depending on their activities.

Regtech is not yet prevalent in Japan; however, the FSA has officially announced in its Assessments and Strategic Priorities for 2018 that it would enhance regtech and suptech (supervisory technology) in Japan. One of the recent legislative changes in this area is the amendment, in 2018, of the subordinate regulations of the Act on the Prevention of Transfer of Criminal Proceeds, to provide for various methods by which e-KYCs may be conducted in Japan.

There have not been many cases in which financial institutions have used regtech services.

In addition, there are no laws and regulations or industry practices that require financial institutions, when using a regtech service, to stipulate a clause in their contracts with service providers that assures the accuracy of services provided.

In connection with the use of blockchain technology, the most remarkable development seen in the traditional financial service industry has been that of digital securities. Because the new regulatory framework has clarified the regulations on digital securities as described in 12.4 Regulation of "Issuers" of Blockchain Assets, quite a number of financial institutions have entered into this new market. For instance, in November 2019, Mitsubishi UFJ Financial Group announced the establishment of a research consortium to develop standards around digital securities management.  In February 2020, Mizuho Financial Group launched a demonstration test for issuing digital securities targeting individual investors. In March 2020, Nomura Research Institute, Ltd. announced its issuance of the digital asset bond and digital bond, which were the Japan’s first bonds using blockchain technology.

Generally speaking, financial regulators in Japan are receptive to fintech innovation — including those using blockchain and technology-driven new entrants in the regulated financial services markets — and are actively participating in discussions taking place in this industry.

However, various consumer protection issues have arisen in connection with the Japanese fintech industry. These have resulted in a decision made by regulators to strengthen the regulations governing emerging fintech businesses in order to address new risks to consumers arising from the new services. In particular, the regulatory framework for CAs was amended to enhance customer protection by introducing stricter regulations in response to a major incident in January 2018 in which one of the largest crypto-asset exchanges in Japan announced it had lost approximately USD530 million worth of CAs because of a hacking attack on its network. The new regulatory framework entered into force on 1 May 2020.

In Japan, regulations applicable to certain blockchain assets (ie, tokens issued on blockchain) may vary depending on the nature of those assets as classified below:


We believe that a large segment of tokens issued on blockchain constitute CAs as defined in the PSA. Please see 12.7 Virtual Currencies for regulations applicable to issuers of crypto-assets.

Prepaid Payment Instruments

Tokens issued on blockchain that are similar to prepaid cards, in that the tokens may be used as consideration for goods or services provided by token issuers, may be regarded as prepaid payment instruments as defined under the PSA. Please see 12.4 Regulation of "Issuers" of Blockchain Assets for regulations applicable to issuers of prepaid payment instruments.

Digital Securities

Tokens issued on blockchain that represent any securities as defined in the FIEA would be regulated under FIEA as described in 12.1 Use of Blockchain in the Financial Services Industry and 12.4 Regulation of "Issuers" of Blockchain Assets.

Regulation on Issuers of CAs

Please see 12.7 Virtual Currencies.

Regulation onIssuers of Prepaid Payment Instruments

An issuer of prepaid payment instruments is required to comply with applicable rules under the PSA. If a prepaid payment instrument may only be used for payments to the issuer for its goods or services, that issuer will not be required to register under the PSA, although it must still comply with certain notice requirements. By contrast, an issuer of prepaid payment instruments that may be used not only for payments to the issuer for its goods or services, but also for payments to other parties designated by the issuer, will be required to register as an “issuer of prepaid payment instruments” under the PSA.

Regulation on Issuers of Digital Securities

The FIEA has conventionally classified securities into (i) traditional securities such as shares and bonds (Paragraph 1 Securities), and (ii) contractual rights such as trust beneficiary interests and collective investment scheme interests (Paragraph 2 Securities). While Paragraph 1 Securities are subject to relatively stricter requirements in terms of disclosures and licensing/registration as they are highly liquid, Paragraph 2 Securities are subject to relatively looser requirements as they are less liquid. However, if securities are issued using an electronic data processing system such as blockchain, it is expected that such securities may have higher liquidity than securities issued using conventional methods, regardless of whether they are Paragraph 1 or Paragraph 2 Securities. For this reason, the FIEA introduced a new regulatory framework for securities which are transferable by using electronic data processing systems. Under the FIEA, securities which are transferable by electronic data processing systems are classified into the following three categories:

  • paragraph 1 Securities such as shares and bonds which are transferable by using electronic data processing systems (Tokenised Paragraph 1 Securities);
  • contractual rights such as trust beneficiary interests and collective investment scheme interests, conventionally categorised as Paragraph 2 Securities, which are transferable by using electronic data processing systems (electronically recorded transferable rights (ERTRs)); and
  • contractual rights such as trust beneficiary interests and interests in collective investment schemes, conventionally categorised as Paragraph 2 Securities, which are transferable by using electronic data processing systems but have their negotiability restricted to a certain extent (Non-ERTR Tokenised Paragraph 2 Securities).

An issuer of Tokenised Paragraph 1 Securities or ERTRs is, in principle, required — prior to making a public offering or secondary distribution — to file a securities registration statement as is the case for traditional Paragraph 1 Securities, unless the offering or distribution falls under any category of private placements. Any person who engages in the business of the sale, purchase or handling of the offering of Tokenised Paragraph 1 Securities or ERTRs is required to undergo registration as a Type 1 FIBO. In light of the higher degree of freedom in designing Tokenised Paragraph 1 Securities or ERTRs and the higher liquidity of these securities, a Type 1 FIBO that handles these digital securities will be required to control risks associated with digital networks such as blockchain used for digital securities.

Trading Platforms for CAs

An operator of a trading platform for purchases, sales or exchanges of CAs is regulated under the PSA. More specifically, a person who engages in intermediary, brokerage or agency activities for the trading or exchange of CAs as a business is regarded as a CAESP and is required to register under the PSA. A typical example of a CAESP is a regulated CA exchange, such as BitFlyer or CoinCheck. Please see 12.8 Impact of Regulation on "DeFi" Platforms regarding peer-to-peer trading platforms for crypto-assets.

Trading Platforms for Digital Securities

Currently, there is no secondary trading market for digital securities in Japan. Potentially, a Type 1 FIBO may operate a PTS (ie, an equivalent of an alternative trading system in the US) for digital securities with authorisation from the FSA pursuant to the FIEA. However, the requirements and procedures tailored for digital securities in order to obtain that authorisation have not yet been clarified by the regulators and certain additional developments are expected in this area in the near future.

Also, the regulator's attitude toward the secondary market for digital securities is stringent, so the introduction of a pure peer-to-peer trading platform for digital securities in Japan will require careful analysis as to its legality as well as significant discussion with the FSA, particularly from the consumer protection viewpoint.

Crypto-Asset Investment Funds

Funds that invest in CAs are subject to the same rules and regulations as other investment funds that take the form of a partnership. Therefore, in order to solicit investments, the operator of the fund must register as Type 2 FIBO unless:

  • there are no more than 49 non-professional investors with one or more professional investors, and notification in connection therewith has been made to the FSA; or
  • the fund delegates its solicitation and marketing activities to a registered Type 2 FIBO.

The operator of a fund that mainly invests in CAs is not required to register as an investment management business operator because that registration obligation is only triggered when an operator mainly invests in securities and derivatives.

In addition, investment in CAs by the operator of a fund is not likely to trigger the requirement to register as a CAESP under the PSA because the trading of crypto-assets for the fund’s own investment purposes is not considered to be the trading of CAs "as a business," which is one of the requirements for the registration obligation.

In Japan, the practical forms for the vehicle for CAs investment funds would be: (1) a Tokumei Kumiai, a partnership formed pursuant to the Commercial Code; or (2) an offshore fund, including a Cayman limited partnership, because of its flexibility in structuring the scheme while mitigating any regulatory risks. An investment trust fund under the Investment Trust and Investment Corporation Act may not be used as a vehicle for the purpose of investment in CAs because, currently, CAs are excluded from the specified asset classes in which an investment trust fund is allowed to invest under the Act.

Funds Investing in Digital Securities

In general, the operator of an investment fund that mainly invests in securities and derivatives must register as an investment management business operator. Digital securities constitute securities under the FIEA, so investing in digital securities may trigger the registration obligation as described above.

Also, if a fund expects to invest mainly in securities, including digital securities, and if the number of investors acquiring fund interests is expected to be 500 or more, a disclosure obligation will be triggered under the FIEA when raising capital.

The registration obligation with respect to self-solicitation as described above will also be applicable to a fund investing in digital securities.

The PSA defines “Crypto Asset” and requires a person who provides CAES to be registered with the FSA. The term “Crypto Asset” is defined in the PSA as:

  • proprietary value that may be used to pay an unspecified person the price of any goods purchased or borrowed or any services provided and may be sold to or purchased from an unspecified person (limited to that recorded on electronic devices or other objects by electronic means and excluding Japanese and other foreign currencies and Currency Denominated Assets; the same applies in the following item) and that may be transferred using an electronic data processing system; or
  • proprietary value that may be exchanged reciprocally for proprietary value specified in the preceding item with an unspecified person and that may be transferred using an electronic data processing system.

“Currency Denominated Assets” means any assets that are denominated in Japanese or other foreign currency. Such assets do not fall within the definition of CA. For example, prepaid e-money cards are usually considered Currency Denominated Assets. If a coin issued by a bank is guaranteed to have a certain value vis-à-vis fiat currency, such a coin is unlikely to be deemed a CA but would instead be considered a Currency Denominated Asset.

“DeFi” is an abbreviation of Decentralised Finance. DeFi refers to a decentralised financial system consisting of blockchain applications (generally referred to as decentralised applications, or “Dapps”), and is a general term for financial systems and projects that are accessible and transparent to the general public. The terms and degree of decentralisation would vary from project to project.

There are no regulations relating specifically to DeFi in Japan. However, where DeFi activities fall within regulated activities under any existing law, such activities may be subject to the relevant regulations. For example, within the scope of DeFi, DEXs may be subject to regulations relating to CAES as an intermediary for the sale or exchange of crypto-assets under the PSA.

It should be noted, however, that if a DEX is so decentralised that no specific operator is conceivable, such that the person required to register as a CAESP is not conceivable, it would be difficult to apply the PSA on such an operator as a practical matter.

The Japanese government is trying to accelerate the shift to open banking. Specifically, banks have been legally obligated to make efforts to complete the development of an open API system by 31 May 2018. However, banks are not legally obligated to release APIs, and fees and other terms must be agreed upon separately between a fintech company and a bank.

In many cases, banks impose security requirements on the users of open API and conduct pre-screening and regular monitoring on such users. Additionally, banks also carry out security audits through third parties when necessary.

Anderson Mori & Tomotsune

Otemachi Park Building
1-1-1 Otemachi
Tokyo 100-8136

+81 3 6775 1000
Author Business Card

Law and Practice


Anderson Mori & Tomotsune is one of the largest and most international Japanese law firms. It is best known for its long history of advising overseas companies doing business in Japan and in cross-border transactions. The main office in Tokyo is supported by two offices in Japan and seven overseas. The firm has one of the leading fintech practices in Japan. With extensive experience across all areas of fintech, its skilled lawyers provide innovative, up-to-date legal advice to clients in this fast-growing and cutting-edge industry. Because of the firm’s long history of success and proven understanding of new technology, their advice is regularly sought in fintech-related matters, including applications for licences and regulatory approvals for business start-ups, analysis of financial regulatory issues, development and marketing of innovative financial instruments, products and transactions, and consultations and negotiations with official regulatory authorities and self-regulatory organisations.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.