During the past few years, there have been notable developments in the non-fungible token (NFT) sector and the digital securities’ sector – as well as in respect of “buy now pay later” (BNPL) services.

NFT-related businesses have been popular since late 2020, especially in the online gaming sector. In addition, content holders, digital artists and advertising agencies have rushed to these new markets.

Digital security businesses gained traction in 2021. Their main focus is on digital corporate notes and tokenised equity interests in real estate funds.

Among mobile payment services, BNPL services have been growing rapidly in tandem with the development of this business abroad. It is notable that PayPal acquired one of the largest BNPL services providers in Japan, Paidy Inc, in autumn 2021, so as to expand its BNPL services to Japan.

Trends for 2024

On 4 March 2022, the Bill for Partial Amendment to the Act on Payment Services Act, etc, for the Purpose of Establishing a Stable and Efficient Funds Settlement System (the “Amendment Act”) was submitted to the Diet. It was approved on 3 June 2022, and subsequently came into effect in June 2023. The Amendment Act aims to establish a stable and efficient funds settlement system that is responsive to the digitalisation of finance and other fields against the backdrop of:

• a rise in issuance and circulation of stablecoins overseas;
• growing needs for improvement in transaction monitoring by banks, etc; and
• the increasing prevalence of prepayment instruments that enable payment by electronic means.

In connection with the rise in issuance and circulation of stablecoins overseas, the Amendment Act also introduced the concept of “electronic payment instruments” (EPIs), which corresponds to the concept of stablecoins (Article 2, paragraph 5 of the Amended Payment Services Act (Amended PSA)).

Under the Amended PSA:

• stablecoins that are redeemable for fiat currencies (fiat-backed stablecoins) are regulated as EPIs, while non-fiat-backed stablecoins such as DAI will continue to be regarded as crypto-assets;
• only banks, fund transfer services providers, trust banks and trust companies that are licensed or registered in Japan may issue EPIs directly to residents of Japan;
• an entity is required to obtain a licence as an electronic payment instruments transaction service provider (EPI-TSP) if, as a business, it:
1. sells or buys EPIs;
2. acts as an intermediary, a broker or an agency of sales and purchases of EPIs; or
3. provides custody services of EPIs, as a business;
• an EPI-TSP is subject to AML/CFT regulations, including the travel rule;
• an EPI-TSP that continuously sends or receives EPIs to or from overseas virtual asset service providers (VASPs) must check whether such VASPs are conducting appropriate due diligence of users for AML/CFT purposes; and 
• an EPI-TSP must segregate users’ EPIs from its proprietary assets.

In Japan, almost every area of finance has been benefiting from robust fintech innovation. Online or mobile payment services, cryptocurrency-based businesses and other blockchain-based tokens, robo-advisers and financial account aggregation services that utilise OpenAPI (Application Programming Interface) are among the predominant sectors.

One indication that the fintech business is maturing is the shift in major players from fintech start-ups to well-established companies (such as traditional major financial institutions and telecommunications companies).

Apart from the regulations applicable to crypto-asset exchange services (CAES) and EPI services, there is no specific regulatory framework for fintech businesses. If the services provided by the fintech companies are subject to existing financial regulations, such as obtaining applicable authorisation (licences or registrations), then they are required to comply with them. What follows is a high-level outline of the regulations that apply to popular fintech services.

Online/Mobile Payment

Although there are many payment methods and instruments in Japan, there is no comprehensive payment law.

A prepaid payment instrument (PPI) is an instrument that records a certain value charged in advance of its use and is then debited as payment of consideration for goods and/or services. PPIs are regulated under the PSA.

Instalment payments made in consideration for goods or services that are divided over two months or more are regulated under the Instalment Sales Act. The Act substantially covers all credit card payments and BNPL services.

Remittance or money transfer is regulated pursuant to the Banking Act and the PSA. The PSA classifies fund transfer services (FTS) into the following three categories:

• FTS involving remittances exceeding JPY1 million per transaction;
• FTS that correspond to the current classification of FTS in the PSA; and
• FTS involving remittances of small amounts (ie, several tens of thousands of yen).

Services Related to Crypto-Assets

CAES providers (CAESPs) are regulated under the PSA. Most of the so-called payment tokens and utility tokens would fall within the definition of a crypto-asset. Those who provide CAES (or custody services thereof) must register with the FSA.

Crypto-asset derivatives are regulated as financial derivatives under the Financial Instruments and Exchange Act (FIEA). A company that provides crypto-asset derivatives products has to undergo registration as a Type 1 Financial Instruments Business Operator (Type 1 FIBO).

Digital Securities

Amendments to the FIEA that came into effect in May 2020 introduced a new regulatory framework for the transfer of securities via electronic data processing systems. An issuer of tokenised securities is, unless exempt, required to file a securities registration statement and issue a prospectus upon making a public offering or secondary distribution. Any person who engages in the sale, purchase or handling of a public offering of tokenised securities must be registered as a Type 1 FIBO.

Robo-Advisers

Under the FIEA, a robo-adviser that provides users with automated access to investment products must be registered as:

• an investment manager (for provision of discretionary investment management services); or
• an investment adviser (for provision of non-discretionary investment advisory services).

Open Banking/Electronic Payment Intermediate Service Providers

Entities that act as intermediaries between banks and customers – for example, by using IT to communicate payment instructions to banks based on entrustment from customers or by using IT to provide customers with information regarding their financial accounts deposited in banks – are categorised as EPI service providers under the Banking Act and are required to register with the FSA.

Financial Services Intermediary Businesses

In June 2020, the Act on Sales, etc, of Financial Instruments (ASFI) was amended to enable the establishment of financial services intermediary businesses that are capable of intermediating the cross-sectoral banking, securities and insurance financial services under a single licence. The ASFI was renamed the Act on Provision of Financial Services and came into effect on 1 November 2021.

There are no regulations specifically targeting fintech companies in connection with compensation models. The compensation restrictions under traditional finance regulations are also applicable to fintech services.

There are no specific regulatory incentives applicable to fintech companies. Fintech companies are on equal footing with legacy players.

The Japanese regulatory sandbox was introduced in June 2018. The regulatory sandbox can be used by both Japan residents and overseas companies. It enables companies to apply and receive approval for innovative and new projects and services that are not yet contemplated under current regulations without the need for amendment of existing regulations. Approved projects may not be carried out as a business but rather as a proof of concept or demonstration under certain conditions, including limitations on the number of participants and duration of operations. There are no limitations on the business sectors that can benefit from the sandbox.

The main regulatory body for fintech businesses is the FSA, including the local finance bureaus to which it has delegated certain aspects of its authority. The Ministry of Economy, Trade and Industry (METI) has jurisdiction over credit cards and instalment payments. The Ministry of Land, Infrastructure, Transport and Tourism has jurisdiction over some types of real estate fund businesses. The NPA, FSA and Ministry of Finance have co-jurisdiction over matters of AML/CFT. The Personal Information Protection Committee is the prime regulator of personal information. However, the FSA shares regulatory power over the protection of personal information in the financial sector.

Under Japanese law, when a business operator engaging in a regulated business outsources part of its business, it is obliged to conduct proper supervision of the outsourcee in accordance with applicable laws and regulations. By way of example, when outsourcing part of its CAES to a third party (including outsourcing in two or more stages), a CAESP regulated under the PSA is required to supervise such third party and take such other necessary measures to ensure proper and reliable execution of the outsourced functions.

Under Japanese law, providers of fintech-related services are responsible as gatekeepers within the scope of the applicable regulations – for example, as a gatekeeper providing a platform for the exchange of fiat currency and crypto-assets, CAESPs are subject to various obligations concerning user protection and AML/CFT. Specifically, from the viewpoint of user protection, CAES providers are obligated to provide certain information to users.

In addition, from an AML/CFT perspective, CAESPs are required – as specified business operators under the Act on Prevention of Transfer of Criminal Proceeds (APTCP) – to take steps to ascertain certain information when commencing transactions with users.

The upsurge of the Japanese crypto-asset market was stalled in January 2018 when one of the largest CAES providers in Japan announced losses of approximately USD530 million due to a cyber-attack on its network. This hacking incident prompted inspections of CAESPs by the FSA, which found internal weaknesses in most of the inspected entities – particularly in the areas of AML/CFT and cybersecurity. As a result, business improvement orders or business suspension orders were issued to these entities.

In addition, it was reported in November 2022, that FTX Trading Limited (FTX Trading) – the parent company of FTX Japan KK, which is a CAESP and a Type 1 FIBO – has been experiencing financial problems. In light of the capital and business relationship between FTX Trading and FTX Japan KK, the FSA issued a business suspension order and a business improvement order to FTX Japan KK, citing the need to:

• immediately halt new transactions by users; and
• take all possible measures in order to prevent the flow of FTX Japan KK’s assets to affiliated companies outside Japan and subsequent harm to users’ interests.

The Act on the Protection of Personal Information (APPI) is a principle-based regime for the processing and protection of personal data in Japan. The APPI generally follows the eight basic principles of the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data. The Act is applicable to all private businesses, including fintech business operators. Based on the requirements of the APPI, every governmental ministry in Japan issued administrative guidelines applicable to the specific industry sectors under its supervision. Fintech businesses are required to comply with the “Guidelines on Personal Information Protection” that concern the financial services industry.

In Japan, accounting/audit firms are the only entities that review the activities of industry participants. For some industries, however, self-regulatory organisations also conduct reviews separately from regulators or accounting/audit firms under the applicable laws or regulations. By way of example, the Japan Virtual and Crypto-assets Exchange Association (JVCEA) is a self-regulatory organisation authorised under the PSA to review its CAESP members.

An NFT is not defined under Japanese regulation. However, it is generally understood to refer to an irreplaceable token minted on a blockchain. Since NFTs are digital items minted on a blockchain, the question is whether NFTs also constitute crypto-assets under the PSA.

NFTs are increasingly being used in various fields because, although they are digital data generated on a blockchain, they are characterised as irreplaceable owing to the unique values assigned to them.

NFTs are unlikely to constitute crypto-assets if:

• the specifications or functions of NFTs are limited in the same manner as trading cards and in-game items; and
• NFTs do not serve economic functions (such as being a means of payment) in the way that crypto-assets do.

See 12.9 Non-fungible Tokens (NFTs) for further details.

In Japan, AML rules are regulated by the APTCP. The APTCP requires “specified business operators” to conduct KYC and the like. The term “specified business operators” refers to business operators like fintech companies (among others) that are subject to financial regulations.

The APTCP is not directly applicable to unregulated fintech companies that do not fall within the definition of “specified business operators”. Accordingly, the AML policies (if any) of such unregulated fintech companies would only be those they have established on their own initiative.

Travel Rule

When a CAESP or EPI-TSP transfers digital assets to a customer of another CAESP or EPI-TSP (including any foreign CAESP or EPI-TSP) at the request of a customer, the transferring CAESP or EPI-TSP must notify the receiving CAESP or EPI-TSP of the identification information, including the name and blockchain address, pertaining to the sender and the receiver (the so-called Travel Rule). However, transfers to a CAESP or an EPI-TSP in countries that do not yet have any Travel Rule legislation are not subject to the rule. In addition, when a CAESP or an EPI-TSP transfers digital assets to an unhosted wallet at the request of a customer, it is not subject to the Travel Rule. Nevertheless, even for transactions that are not subject to Travel Rules, information on the counterparty (such as name, blockchain address, and the like) must be obtained and recorded.

Japanese financial laws do not require different business models for different asset classes, per se.

Legacy players are proactively utilising robo-advisers. Having said that, unlike in the USA, the Japanese robo-adviser market is relatively small and a couple of independent robo-advisory companies are deemed market leaders.

Currently, there are no specific rules and no guidance applicable to robo-advisers in connection with best execution of customer trades.

There is no significant business or regulatory difference in online lending based on whether the borrower is an individual or a corporation.

With the exception of commercial banks and certain banks incorporated for specific purposes, engaging in the loan business requires registration under the Money Lending Business Act (the “MLB Act”) and is subject to the MLB Act regulations. Under the MLB Act, a loan provider must prepare a written contract and certain explanatory documents and receipts. Further, the interest rate of a loan is subject to:

• the Interest Rate Restriction Act; and
• the Act Regulating the Receipt of Contributions, the Receipt of Deposits, and Interest Rates.

Loan interest rate per annum must not exceed 20% for loans with a principal amount of less than JPY100,000, 18% for loans with principal amount of between JPY100,000 and JPY999,999, or 15% for loans with a principal amount of JPY1 million or more. These regulations apply to loans to corporate borrowers as well as individual borrowers.

In Japan, loan providers do not engage in underwriting for non-professional investors. If a non-bank loan provider sells its loan receivables, its assignee would also be subject to the MLB Act regulations. This regulatory restriction makes it difficult to implement the underwriting of loan receivables for non-professional investors.

Selling loan receivables to professional, institutional investors who can comply with the MLB Act may be a practical option. However, underwriting transactions – ie, the transfer of loan receivables immediately after a loan transaction – are not usually entered into. Instead, a loan provider is more likely to sell the loan receivables for financial purposes after it has had sufficient time to observe performance of the loan receivables.

Most of the funds raised for loans are lender-raised capital. Securitisation of online lending receivables has not been typical and it is also uncommon to raise funds for specific lending transactions from general investors.

Online lending services in the form of syndicated loans are not available in Japan.

There is no legal requirement stating that payment processors must use existing payment rails. With that said, most payment processors in Japan use bank or credit card networks to provide payment processing services – except for transactions between accounts opened with the same payment processor.

Foreign remittances are subject to the APTCP. Financial institutions and certain other payment providers that receive requests for foreign remittances are required to verify the remitter’s identity and confirm the purpose of the remittance in accordance with the APTCP.

The Foreign Exchange and Foreign Trade Act (Act No 228 of 1949) (the “Foreign Exchange Act”) applies to remittances to and from abroad. Specifically, a payer who remits JPY30 million or more to a payee overseas – or a payee that receives such amount from overseas – is required to submit a transaction report under the Foreign Exchange Act. Further, payments for capital transactions and certain other transactions (mainly related to those for financial control of corporations domiciled in Japan) are subject to separate regulations under the Foreign Exchange Act.

Fund administrators (that is, those who do not have custody of assets) are not generally regulated or subject to qualification requirements. However, certain laws specifically require a fund to engage a fund administrator and/or regulate fund administrators. A fund that is incorporated as an investment corporation is, for example, required to hire a fund administrator and such fund administrator would owe the duties of loyalty and of a prudent manager’s due care under the Act on Investment Trusts and Investment Corporations. Furthermore, a fund custodian is legally and contractually obligated to segregate the fund’s assets from its proprietary assets or the assets of other funds.

On a related note, in Japan, crypto-asset funds are substantially prohibited and only funds in the form of certain partnership structures are permitted to invest in crypto-assets.

In general, administrative contracts are not regulated. However, as funds and fund operators are subject to certain regulations regarding their operations, fund administrators are generally required under contracts with funds or fund investors to comply with the relevant laws and regulations. The obligations of fund administrators typically include periodic reporting, the reporting of incidents, and an acceptance of inspections.

As regards custody duties, see 6.1 Regulation of Fund Administrators.

In Japan, marketplaces are governed by laws and regulations, depending on the type of financial instrument in question – for example, securities such as stocks are regulated by financial instruments exchanges under the FIEA. Commodities such as gold or crude oil, on the other hand, are regulated by commodity exchanges under the Commodity Futures Act. Crypto-assets are regulated by CAESPs as marketplaces under the rules of the PSA. See 7.2 Regulation of Different Asset Classes.

As mentioned in 7.1 Permissible Trading Platforms, financial instruments are regulated under different laws and regulations, depending on their type. Securities such as stocks are regulated by the FIEA and are classified as Paragraph I Securities (defined in 12.4 Regulation of “Issuers” of Blockchain Assets) or Paragraph II Securities (also defined in this section) based on their degree of tradability, and are subject to strict registration requirements, disclosure regulations, and conduct rules.

Commodities such as gold or crude oil are regulated under the Commodity Futures Act and are subject to regulations similar to those for securities under the FIEA. However, the competent authority in respect of commodities is not the FSA but the Ministry of Agriculture, Forestry and Fisheries or the METI. The disclosure requirements applicable to commodities are not as strict as those applicable to securities.

Crypto-assets are regulated under the PSA and CAESPs that provide a venue for the trading of crypto-assets are subject to regulation. As is the case with securities under the FIEA, CAESPs are subject to strict registration requirements and conduct rules. The PSA does not impose strict disclosure regulations (as it does on securities) because the purpose of the PSA is limited to ensuring fairness of settlement instruments.

Japan has emerged as one of the largest global crypto-asset markets and was the first country to establish a regulatory framework for crypto-assets. Besides enabling the registration of CAESPs wishing to provide CAES to residents in Japan, such framework seeks to protect customers of CAESPs and prevent crypto-related money laundering and terrorism financing.

Under the PSA, CAESPs are required to:

• take such measures necessary to ensure the safe management of information available to them;
• provide sufficient information to customers;
• take such measures necessary for the protection of customers and for the proper provision of services;
• segregate the property of customers from their own property and subject such segregation to regular audits by a certified public accountant or audit firm; and
• establish internal management systems to enable the provision of fair and appropriate responses to customer complaints, as well as implement measures for the resolution of disputes through financial ADR proceedings.

It should be noted that a CAESP is required under the PSA to both manage the money of users separately from its own money and to entrust users’ money to a trust company or any other similar entity in accordance with the provisions of the relevant Cabinet Office Ordinance. In other words, a CAESP is required to not only manage the money of users in bank accounts separately from its own, but also to entrust such money to a trust company or trust bank acting as trustee.

In addition, the FIEA prohibits, with penalties, unfair acts in crypto-asset trading (without limitation as to the victims of such acts) for purposes of protecting users and preventing unjust gains. However, insider trading regulations have not been included within the scope of the FIEA because of the difficulties in identifying issuers and undisclosed material facts pertaining to crypto-assets.

The criteria for the listing of crypto-assets by CAESPs is set out not in the PSA, but in the “Rules on Handling of New Crypto-Assets” formulated by the JVCEA.

Specifically, CAESPs must carefully determine whether it is appropriate for them to handle crypto-assets if the relevant crypto-assets have any of the following characteristics (per the JVCEA Pre-Assessment):

• the crypto-asset is being used or will likely be used in a way that violates laws, regulations, or principles of public order and morals;
• the crypto-asset is used or will likely be used for criminal purposes;
• the crypto-asset is used or will likely be used for money laundering or terrorist financing;
• the crypto-asset presents significant impediments or concerns to the updating or maintenance of transfer or retention records;
• the crypto-asset issuer is unable or unwilling to be properly audited by a chartered accountant or an audit firm; or
• the crypto-asset cannot be managed or disbursed in a systematic or otherwise secure manner (or it will be difficult to do so).

In addition, as of 26 December 2022, the JVCEA self-regulatory rules were amended to introduce a system to relax the handling of new crypto-assets by member CAESPs. Specifically, two systems were introduced:

• a “Green List System” to exempt certain member CAESPs (Green List Eligible Members) from the JVCEA Pre-Assessment for certain prescribed crypto-assets; and
• a Crypto-Asset Self-Check System to exempt certain member CAESPs from the JVCEA Pre-Assessment except in specific cases.

Under the Green List System, crypto-assets are designated by the JVCEA on the home page of its website as “crypto-assets widely handled in Japan” and crypto-assets for which JVCEA Pre-Assessment is not required when handled by a Green List Eligible Member if they meet all of the following four criteria:

• crypto-assets that have been handled by three or more member CAESPs;
• crypto-assets that have been handled by one member CAESP for at least six months;
• crypto-assets for which the JVCEA has not set any ancillary conditions for handling; and
• crypto-assets that are not deemed inappropriate by the JVCEA under the Green List System for any other reason.

Regarding transactions of crypto-assets, the JVCEA’s self-regulatory “Rules Concerning Development of Order Management Systems for Crypto-Asset Exchange Services” regulates the system for order management in CAESPs by stipulating the processes necessary to carry out proper business operations regarding acceptance of orders and processing of contracts from users when CAESPs carry out transactions related to the exchange of crypto-assets with users. Specifically, CAESPs are required to formulate internal rules for the development of order management systems in order to control unfair transactions and to execute transactions on the best terms.

Recently, decentralised exchanges (DEXs) – ie, exchanges of crypto-assets accessible to the general public – have emerged as a form of decentralised finance. Their trading volume has rapidly increased in the past few years.

Under Japanese law, there are no specific regulations for DEX. However, if the services provided by DEXs fall within regulated activities under the existing law, such DEXs may be subject to the relevant regulations. More specifically, DEXs may be subject to the regulations on CAES as an intermediary for the sale or exchange of crypto-assets under the PSA.

However, DEXs are characterised as decentralised exchanges with no specific centralised administrator. Therefore, if DEXs are so decentralised that no specific operator is conceivable and the person required to register as a CAESP is not conceivable, it would be difficult to apply the PSA to such an operator in a practical manner.

When offering multiple transaction methods to users, the Cabinet Office Ordinance on Crypto-Asset Exchange Service Providers and the JVCEA’s self-regulatory “Rules Concerning Development of Order Management Systems for Crypto-Asset Exchange Services” require CAESPs to specify and publish those methods, the best conditions under which the methods should be used, and the reasons for why any method should be selected for each type of crypto-assets handled by the CAESP.

There are no specific regulations on payment for order flow in Japan.

The purpose of the FIEA is to ensure fairness in the issuance of securities and in transactions of financial instruments, etc, in order to facilitate the circulation of securities, ensure fair price formation of financial instruments and – via full operation of the functions of capital markets – contribute to the sound development of the national economy and the protection of investors. Accordingly, the FIEA prohibits any person from engaging in unfair transactions in respect of the purchase and sale of securities, other transactions, or derivative transactions.

As regards crypto-assets, there have been cases in which undisclosed information (ie, the commencement of handling of a new crypto-asset) was leaked outside a CAESP and those who obtained such information allegedly profited from it. The FIEA also prohibits any person from engaging in unfair trading in the spot trading of crypto-assets or crypto-related derivative transactions.

Given the increased volume of high-frequency trading (HFT) and its influence on the market, Japan implemented regulations relating to this type of trading in 2018. Although commonly referred to in English as HFT, this type of trading is known in Japan as “high-speed trading (HST)” (kousoku torihiki) pursuant to the FIEA. In line with this terminology, the frequency of trading is not a requirement for HST pursuant to the FIEA.

The FIEA specifies certain categories of trading as HST, including:

• the sale or purchase (or entrustment thereof) of securities or market transactions of derivatives;
• the management of funds or other assets constituting the sale or purchase; and
• the execution of over-the-counter derivative transactions that cause a counterparty to conduct the sale or purchase.

These categories constitute HST when the trading decision is made automatically through an electronic information processing system and the information necessary for the trade based on that decision is communicated through IT to the financial instruments exchange or proprietary trading system (PTS) via a method used to shorten the time typically required for that communication.

A trader engaging in HST is required to register as a high-speed trader and establish an operational control system, manage risks, and provide certain information relating to that trading to the FSA. However, simply developing or creating trading algorithms or other electronic trading tools is not regulated under the FIEA.

There is no such requirement under the FIEA.

HST regulations under the FIEA are principally applicable to traders (including funds) – although certain reporting requirements are also applicable to dealers (ie, financial instruments business operators registered under the FIEA) when the dealers are engaging in proprietary trading. A financial instruments business operator may not accept HST orders from:

• a trader who is not registered pursuant to the FIEA; or
• a registered trader for which the financial instruments business operator is unable to confirm the appropriate trading system management has been implemented.

There is no such regulation under the FIEA (see 8.1 Creation and Usage Regulations).

There is no legal framework in Japan that caters specifically to DeFi. As DeFi activities fall within the scope of regulated activities under existing laws and regulations, such activities may be subject to the such laws and regulations.

See 7.6 Rise of Peer-to-Peer Trading Platforms for further details.

In Japan, there are no specific laws or regulations applicable to the provision of financial research platforms. However, the operation of investment management businesses and investment advisory businesses are regulated under the FIEA (as described in 9.3 Conversation Curation). In addition, if a financial research platform has any function that helps to match users’ transactions of any financial instruments, the platform operator may be required to register as a financial instruments business operator under the FIEA.

The FIEA prohibits the spreading of rumours or other information relating to securities or derivative transactions without verification that the statement has a reasonable basis. More specifically, the FIEA prohibits dissemination of rumours for purposes of:

• selling or purchasing, engaging in any transaction in respect of securities or crypto-assets, or engaging in any derivative transactions relating to financial instruments or indexes (including crypto-asset derivative transactions); or
• causing any fluctuation in the quotations of any securities or financial instruments or indexes of derivative transactions (including crypto-asset derivative transaction).

For purposes of the FIEA, rumours are interpreted by the disseminator as information lacking a reasonable basis. Therefore, rumours include more than simple statements of false information.

Additionally, certain market manipulations using representations that are intended to induce transactions of securities and derivatives are generally prohibited under the FIEA.

Responsibility as Platform Operator

If the operation of a financial research platform constitutes an investment advisory business under the FIEA, the operator is subject to a registration requirement. A registered operator would generally be instructed by the FSA to prevent the spread or exchange on the platform of statements made with the intent of market manipulation or the provision of inside information. Although no general rules or guidelines are provided with regard to prevention measures, the definition of market manipulation activities under the FIEA includes:

• engaging in fake sales and purchases;
• collusive sales and purchases;
• actual sales and purchases; or
• false representation for purposes of misleading other persons into believing that the sale and purchase of securities, crypto-assets or derivative transactions are thriving – or otherwise misleading other persons about the state of those transactions.

Definition of Investment Advisory Business

An entity constitutes an investment advisory business under the FIEA if:

• the business operator promises to provide the customer with advice on either the value of securities or an investment decision based on an analysis of the value of financial instruments and, as part of the Investment Advisory Agreement, the customer agrees to pay a fee as compensation for that advice; and
• the business operator provides advice pursuant to the Investment Advisory Agreement.

Advice as to the value of securities is generally understood to mean an express or implicit presentation of expected future profits (eg, capital gains and income gains) that would accrue from investment in securities. By way of an example, if a financial research platform provided a recommendation for an investment in certain securities – including portfolio information relating to certain prominent investors – to customers for a fee, that platform may constitute an investment advisory business and its operator may be required to register pursuant to the FIEA.

In Japan, when a company (including fintech companies) engages in insurance solicitation (ie, acts as an agent or intermediary for the conclusion of insurance contracts), it must be registered as an insurance agent or insurance broker under the Insurance Business Act.

In Japan, no distinction is made between different types of insurance in terms of their treatment by the regulators.

There is no regulation in Japan that relates specifically to providers of regtech. Accordingly, such providers are regulated under the existing legal framework, depending on their activities.

Regtech is not yet prevalent in Japan; however, the FSA officially announced in its Assessments and Strategic Priorities for 2018 that it would enhance regtech and suptech (supervisory technology) in Japan. One legislative change in this area was the 2018 amendment of the subordinate regulations of the APTCP in order to provide for various methods by which e-KYCs may be conducted in Japan.

There have not been many cases in which financial institutions have used regtech services.

In addition, there are no laws and regulations or industry practices that require financial institutions to stipulate a clause in their contracts with service providers that assures the accuracy of services provided when using a regtech service.

In connection with the use of blockchain technology, the most significant developments in the traditional financial service industry have been those relating to digital securities, NFTs and stablecoins.

The new regulatory framework has clarified the manner of application of regulations on digital securities (as described in 12.4 Regulation of “Issuers” of Blockchain Assets). As a result, a considerable number of financial institutions have entered into this new market. For more details recent developments in this area, see 1.1 Evolution of the Fintech Market.

Regulatory discussions and developments on NFTs and NFT platforms in Japan have accelerated in tandem with global trends in the field of NFTs. For the legal implications of such developments in Japan, see 2.12 Conjunction of Unregulated and Regulated Products and Services and 12.9 Non-fungible Tokens (NFTs).

In addition, the FSA introduced new regulations on stablecoins ahead of regulators in other jurisdictions (as described in 1.1 Evolution of the Fintech Market), thereby clarifying the rules applicable to issuers and intermediaries. Stablecoins to be issued in compliance with the new regulations are expected to be used for settlement transactions in respect of digital securities or other types of assets (including NFTs) on blockchain.

Generally speaking, financial regulators in Japan are receptive to fintech innovation – including those using blockchain and technology-driven new entrants in the regulated financial services markets – and are actively participating in discussions taking place in this industry.

However, various consumer protection issues have arisen in connection with the Japanese fintech industry. These have resulted in a decision made by regulators to strengthen the regulations governing emerging fintech businesses in order to address new risks to consumers arising from the new services. Notably, the regulatory framework for crypto-assets was amended to enhance customer protection by introducing stricter regulations. This was in response to a major incident in January 2018 in which one of the largest crypto-asset exchanges in Japan announced it had lost approximately USD530 million worth of crypto-assets after a hacking attack on its network. The new regulatory framework entered into force on 1 May 2020.

In Japan, regulations applicable to certain blockchain assets (ie, tokens issued on blockchain) may vary, depending on the nature of those assets (as per the following classifications). 

Crypto-Assets

The authors believe that a large proportion of tokens issued on blockchain constitute crypto-assets as defined in the PSA. See 12.7 Virtual Currencies for regulations applicable to issuers of crypto-assets.

Prepaid Payment Instruments

Tokens issued on blockchain that are similar to prepaid cards, in that the tokens may be used as consideration for goods or services provided by token issuers, may be regarded as PPIs as defined under the PSA. See 12.4 Regulation of “Issuers” of Blockchain Assets for regulations applicable to issuers of PPIs.

Non-fungible Tokens

NFTs are irreplaceable tokens minted on a blockchain. The applicability of the PSA to an NFT depends on whether such NFT constitutes a crypto-asset. However, NFT platforms that enable the conduct of NFT-related transactions are not subject to financial regulation. See 2.12 Conjunction of Unregulated and Regulated Products and Services and 12.9 Non-fungible Tokens (NFTs).

Digital Securities

Tokens issued on blockchain that represent any securities as defined in the FIEA would be regulated under FIEA as described in 12.1 Use of Blockchain in the Financial Services Industry and 12.4 Regulation of “Issuers” of Blockchain Assets.

Stablecoins

Stablecoins that are redeemable for fiat currencies (fiat-backed stablecoins) are regulated as EPIs, as noted in 1.1 Evolution of the Fintech Market.

Regulation on Issuers of Crypto-Assets

See 12.7 Virtual Currencies.

Regulation on Issuers of Prepaid Payment Instruments

An issuer of PPIs is required to comply with applicable rules under the PSA. If a PPI may only be used for payments to the issuer for its goods or services, that issuer will not be required to register under the PSA; however, it must still comply with certain notice requirements. By contrast, an issuer of PPIs that may be used not only for payments to the issuer for its goods or services, but also for payments to other parties designated by the issuer, will be required to register as an “issuer of PPIs” under the PSA.

Regulation on Issuers of NFTs

See 12.9 Non-fungible Tokens (NFTs).

Regulation on Issuers of Digital Securities

As mentioned in 7.2 Regulation of Different Asset Classes, the FIEA has conventionally classified securities into:

• traditional securities such as shares and bonds (Paragraph 1 Securities); and
• contractual rights such as trust beneficiary interests and collective investment scheme interests (Paragraph 2 Securities).

Whereas Paragraph 1 Securities are subject to relatively stricter requirements in terms of disclosures and licensing/registration because they are highly liquid, Paragraph 2 Securities are subject to relatively looser requirements because they are less liquid. However, if securities are issued using an electronic data processing system such as blockchain, it is expected that such securities may have higher liquidity than securities issued using conventional methods – regardless of whether they are Paragraph 1 or Paragraph 2 Securities. For this reason, the FIEA introduced a new regulatory framework for securities that are transferable through electronic data processing systems. Under the FIEA, such securities are classified into the following three categories:

• Paragraph 1 Securities such as shares and bonds, which are transferable by using electronic data processing systems (Tokenised Paragraph 1 Securities);
• contractual rights such as trust beneficiary interests and collective investment scheme interests, which are conventionally categorised as Paragraph 2 Securities and are transferable by using electronic data processing systems (electronically recorded transferable rights (ERTRs)); and
• contractual rights such as trust beneficiary interests and interests in collective investment schemes, which are conventionally categorised as Paragraph 2 Securities and are transferable by using electronic data processing systems but have their negotiability restricted to a certain extent (Non-ERTR Tokenised Paragraph 2 Securities).

An issuer of Tokenised Paragraph 1 Securities or ERTRs is, in principle, required to file a securities registration statement (as is the case for traditional Paragraph 1 Securities) before making a public offering or secondary distribution, unless the offering or distribution falls under any category of private placements. Any person who engages in the business of the sale, purchase or handling of the offering of Tokenised Paragraph 1 Securities or ERTRs is required to undergo registration as a Type 1 FIBO. In light of the higher degree of freedom in designing Tokenised Paragraph 1 Securities or ERTRs and the higher liquidity of these securities, a Type 1 FIBO that handles these digital securities will be required to control risks associated with digital networks such as blockchain used for digital securities.

Regulation on Issuers of Stablecoins

Under the amended PSA, only banks, fund transfer services providers, trust banks and trust companies that are licensed or registered in Japan may issue EPIs directly to Japan residents. See 1.1 Evolution of the Fintech Market for more details on the regulations applicable to intermediaries of EPIs.

Trading Platforms for Crypto-Assets

An operator of a trading platform for purchases, sales or exchanges of crypto-assets is regulated under the PSA. More specifically, a person who engages in intermediary, brokerage or agency activities for the trading or exchange of crypto-assets as a business is regarded as a CAESP and is required to register under the PSA. A typical example of a CAESP is a regulated crypto-asset exchange, such as bitFlyer or Coincheck. See 12.8 Impact of Regulation on “DeFi” Platforms regarding peer-to-peer trading platforms for crypto-assets.

Trading Platforms for NFTs

See 12.9 Non-fungible Tokens (NFTs).

Trading Platforms for Digital Securities

25 December 2023 saw a highly anticipated first secondary trading of digital securities on a PTS (ie, an equivalent of an alternative trading system in the USA). The PTS, known as START, is operated by Osaka Digital Exchange Co. Ltd under the FSA’s authorisation. Currently, only two issues of digital securities are traded on START, but this is expected to increase in the near future.

The regulator’s attitude towards the secondary market for digital securities is stringent, so the introduction of a pure peer-to-peer trading platform for digital securities in Japan will require careful analysis as to its legality – as well as significant discussion with the FSA, particularly from the consumer protection viewpoint.

Crypto-Asset Investment Funds

Funds in the form of a collective investment scheme that invests in crypto-assets are subject to the same rules and regulations as other investment funds that take the form of a partnership. Therefore, in order to solicit investments, the operator of the fund must register as Type 2 FIBO unless:

• there are no more than 49 non-professional investors with one or more professional investors and notification in connection therewith has been made to the FSA; or
• the fund delegates its solicitation and marketing activities to a registered Type 2 FIBO.

The operator of a fund that mainly invests in crypto-assets is not required to register as an investment management business operator because that registration obligation is only triggered when an operator mainly invests in securities and derivatives.

In addition, investment in crypto-assets by the operator of a fund is not likely to trigger the requirement to register as a CAESP under the PSA because the trading of crypto-assets for the fund’s own investment purposes is not considered to be the trading of crypto-assets “as a business”, which is one of the requirements for the registration obligation.

In Japan, the typical and most practical legal forms adopted by such crypto-assets investment funds would be:

• a Tokumei Kumiai, a partnership formed pursuant to the Commercial Code; or
• an offshore fund, including a Cayman limited partnership, because of its flexibility in structuring the scheme while mitigating any regulatory risks.

On the other hand, an investment trust fund under the Investment Trust and Investment Corporation Act may not be used as a vehicle for investment in crypto-assets or crypto-asset exchange-traded funds, because, currently, crypto-assets are excluded from the specified asset classes in which an investment trust fund is allowed to invest under the Act.

Funds Investing in Digital Securities

In general, the operator of an investment fund that mainly invests in securities and derivatives must register as an investment management business operator. Digital securities constitute securities under the FIEA, so investing in digital securities may trigger the registration obligation as described earlier.

Also, if a fund expects to invest mainly in securities (including digital securities) and if the number of investors acquiring fund interests is expected to be 500 or more, a disclosure obligation will be triggered under the FIEA when raising capital.

The registration obligation with respect to self-solicitation as described previously will also be applicable to a fund investing in digital securities.

The PSA defines “crypto-asset” and requires a person who provides CAES to be registered with the FSA. The term “crypto-asset” is defined in the PSA as:

• proprietary value that may be used to pay an unspecified person the price of any goods, etc, purchased or borrowed or any services provided and may be sold to or purchased from an unspecified person – limited to that recorded on electronic devices or other objects by electronic means and excluding Japanese and other foreign currencies, currency denominated assets and EPIs (excluding currency denominated assets) (the same applies in the following item) – and that may be transferred using an electronic data processing system (collectively, Type I crypto-assets); or
• proprietary value that may be exchanged reciprocally for proprietary value specified in the preceding item with an unspecified person and that may be transferred using an electronic data processing system (Type II crypto-assets).

“Currency denominated assets” means any assets that are denominated in Japanese or other foreign currency. Such assets do not fall within the definition of crypto-assets. For example, prepaid e-money cards are usually considered currency denominated assets.

DeFi refers to a decentralised financial system consisting of blockchain applications (generally referred to as decentralised applications, or “Dapps”). It is a general term for financial systems and projects that are accessible and transparent to the general public. The terms and degree of decentralisation would vary from project to project.

There are no regulations relating specifically to DeFi in Japan. However, where DeFi activities fall within regulated activities under any existing law, such activities may be subject to the relevant regulations. By way of an example, within the scope of DeFi, DEXs may be subject to regulations relating to CAES as an intermediary for the sale or exchange of crypto-assets under the PSA. See 7.6 Rise of Peer-to-Peer Trading Platforms for further details.

NFTs are generally non-substitutable tokens that are issued on a blockchain, with values and attributes unique to the token itself. A central issue in the context of NFTs is whether they constitute crypto-assets under the PSA, since NFTs, like crypto-assets, are tokens issued on the blockchain.

In this regard, according to the Crypto Asset Guidelines dated 24 March 2023 issued by the FSA, an important factor in determining whether a token constitutes a Type I crypto-asset is whether the token is “an asset that can be purchased or sold using legal fiat currency or crypto assets under socially accepted norms. Specifically, a token that satisfies the two points below generally will not constitute a Type I crypto-asset. The same applies to the determination of whether a token constitutes a Type II crypto-asset.

• The issuer, etc, has made clear that the token is not intended to be used as a means of payment for goods, etc, to unspecified parties. This can be achieved by, for example, stating clearly in the terms and conditions of the issuer or its business-handling service provider, or in the product description, that use of the token as a means of payment to unspecified parties is prohibited, or that the token or related system is designed in a way that does not enable it to be used as a means of payment to unspecified parties.
• (Where use of the token as a means of payment for goods, etc, to unspecified parties is permitted) certain requirements on the price and quantity of the relevant goods, etc, and on the technical characteristics and specifications of the token must be met. For example, at least one of the following characteristics must be present:
1. the minimum value per transaction must be sufficiently high (ie, JPY1,000 or more); or
2. the number of tokens issuable as a proportion of a transaction of minimum value is limited (ie, not exceeding one million).

The Japanese government is trying to accelerate the shift to open banking. Specifically, banks were legally obligated to make efforts to complete the development of an OpenAPI system by 31 May 2018. However, banks are not legally obligated to release APIs, and fees and other terms must be agreed upon separately between a fintech company and a bank.

In many cases, banks impose security requirements on the users of OpenAPI, and conduct pre-screening and regular monitoring on such users. Banks also carry out security audits through third parties when necessary.

There are no laws or regulations in Japan that relate specifically to fraud in the context of financial services or fintech.

Under the current legal framework in Japan, there would be a finding of fraud if (i) an act of deception has been committed, (ii) the act causes another party to make a mistake, and (iii) such other party delivers goods or property benefits based on such mistake (Article 246 of the Criminal Code), regardless of whether the fraudulent act was committed in the context of financial services, fintech or otherwise.

In recent years, there has been an increase in issues surrounding crypto-assets that are traded electronically via the internet. In addition, there has been an increase in the number of cases where people have made investments in connection with the exchange of crypto-assets and suffered losses as a result.

In this connection, the Consumer Affairs Agency of Japan (CAA), jointly with the Financial Services Agency of Japan (FSA) and the National Police Agency of Japan (NPA), has issued a warning on matters that consumers should approach with caution.

For example, the CAA has handled cases in which consumers have made investments based on promises of “guaranteed profits” through seminars, SNS, and the like, but ended up making losses, or were unable to get refunds or withdraw their funds.