Evolution of the Japanese Fintech Market

During the past few years, there have been notable developments in the non-fungible token (NFT) sector and the digital securities’ sector – as well as in respect of “buy now pay later” (BNPL) services.

NFT-related businesses have been popular since late 2020, especially in the online gaming sector. In addition, content holders, digital artists and advertising agencies have rushed to these new markets.

Digital security businesses gained traction in 2021, with their main focus on digital corporate notes and tokenised equity interests in real estate funds.

Among mobile payment services, BNPL services have been growing rapidly in tandem with the development of this business abroad.

Trends for 2025

On 4 March 2022, the Bill for Partial Amendment to the Act on Payment Services Act, etc, for the Purpose of Establishing a Stable and Efficient Funds Settlement System (the “Amendment Act”) was submitted to the Diet. It was approved on 3 June 2022, and subsequently came into effect in June 2023. The Amendment Act aims to establish a stable and efficient funds settlement system that is responsive to the digitalisation of finance and other fields against the backdrop of:

• a rise in issuance and circulation of stablecoins overseas;
• growing needs for improvement in transaction monitoring by banks, etc; and
• the increasing prevalence of prepayment instruments that enable payment by electronic means.

In connection with the rise in issuance and circulation of stablecoins overseas, the Amendment Act also introduced the concept of “electronic payment instruments” (EPIs), which corresponds to the concept of stablecoins (Article 2, paragraph 5 of the Amended Payment Services Act (Amended PSA)).

Under the Amended PSA:

• stablecoins that are redeemable for fiat currencies (fiat-backed stablecoins) are regulated as EPIs, while non-fiat-backed stablecoins such as DAI will continue to be regarded as crypto-assets;
• only banks, fund transfer services providers, trust banks and trust companies that are licensed or registered in Japan may issue EPIs directly to residents of Japan;
• an entity is required to obtain a licence as an electronic payment instruments transaction service provider (EPI-TSP) if, as a business, it:
1. sells or buys EPIs;
2. acts as an intermediary, a broker or an agency of sales and purchases of EPIs; or
3. provides custody services of EPIs, as a business;
• an EPI-TSP is subject to AML/CFT regulations, including the travel rule;
• an EPI-TSP that continuously sends or receives EPIs to or from overseas virtual asset service providers (VASPs) must check whether such VASPs are conducting appropriate due diligence of users for AML/CFT purposes; and 
• an EPI-TSP must segregate users’ EPIs from its proprietary assets.

In Japan, almost every area of finance has been benefiting from robust fintech innovation. Online or mobile payment services, cryptocurrency-based businesses and other blockchain-based tokens, robo-advisers and financial account aggregation services that utilise OpenAPI (Application Programming Interface) are among the predominant sectors.

One indication that the fintech business is maturing is the shift in major players from fintech start-ups to well-established companies (such as traditional major financial institutions and telecommunications companies).

Apart from the regulations applicable to crypto-asset exchange services (CAES) and EPI services, there is no specific regulatory framework for fintech businesses. If the services provided by the fintech companies are subject to existing financial regulations, such as obtaining applicable authorisation (licences or registrations), then they are required to comply with them. What follows is a high-level outline of the regulations that apply to popular fintech services.

Online/Mobile Payment

Although there are many payment methods and instruments in Japan, there is no comprehensive payment law.

A prepaid payment instrument (PPI) is an instrument that records a certain value charged in advance of its use and is then debited as payment of consideration for goods and/or services. PPIs are regulated under the PSA.

Instalment payments made in consideration for goods or services that are divided over two months or more are regulated under the Instalment Sales Act. The Act substantially covers all credit card payments and BNPL services.

Remittance or money transfer is regulated pursuant to the Banking Act and the PSA. The PSA classifies fund transfer services (FTS) into the following three categories:

• FTS involving remittances exceeding JPY1 million per transaction;
• FTS that correspond to the current classification of FTS in the PSA; and
• FTS involving remittances of small amounts (ie, several tens of thousands of yen).

Services Related to Crypto-Assets

CAES providers (CAESPs) are regulated under the PSA. Most of the so-called payment tokens and utility tokens would fall within the definition of a crypto-asset. Those who provide CAES (or custody services thereof) must register with the FSA.

Crypto-asset derivatives are regulated as financial derivatives under the Financial Instruments and Exchange Act (FIEA). A company that provides crypto-asset derivatives products has to undergo registration as a Type 1 Financial Instruments Business Operator (Type 1 FIBO).

Digital Securities

Amendments to the FIEA that came into effect in May 2020 introduced a new regulatory framework for the transfer of securities via electronic data processing systems. An issuer of tokenised securities is, unless exempt, required to file a securities registration statement and issue a prospectus upon making a public offering or secondary distribution. Any person who engages in the sale, purchase or handling of a public offering of tokenised securities must be registered as a Type 1 FIBO.

Robo-Advisers

Under the FIEA, a robo-adviser that provides users with automated access to investment products must be registered as:

• an investment manager (for provision of discretionary investment management services); or
• an investment adviser (for provision of non-discretionary investment advisory services).

Open Banking/Electronic Payment Intermediate Service Providers

Entities that act as intermediaries between banks and customers – for example, by using IT to communicate payment instructions to banks based on entrustment from customers or by using IT to provide customers with information regarding their financial accounts deposited in banks – are categorised as EPI service providers under the Banking Act and are required to register with the FSA.

Financial Services Intermediary Businesses

In June 2020, the Act on Sales, etc, of Financial Instruments (ASFI), which was later renamed “the Act on Development of Specified Integrated Resort Districts”, was amended to enable the establishment of financial services intermediary businesses that are capable of intermediating the cross-sectoral banking, securities and insurance financial services under a single licence.

There are no regulations specifically targeting fintech companies in connection with compensation models. The compensation restrictions under traditional finance regulations are also applicable to fintech services.

There are no specific regulatory incentives applicable to fintech companies. Fintech companies are on equal footing with legacy players.

The Japanese regulatory sandbox was introduced in June 2018 and can be used by both Japan residents and overseas companies. It enables companies to apply and receive approval for innovative and new projects and services that are not yet contemplated under current regulations without the need for amendment of existing regulations. Approved projects may not be carried out as a business but rather as a proof of concept or demonstration under certain conditions, including limitations on the number of participants and duration of operations. There are no limitations on the business sectors that can benefit from the sandbox.

The main regulatory body for fintech businesses is the FSA, including the local finance bureaus to which it has delegated certain aspects of its authority. The Ministry of Economy, Trade and Industry (METI) has jurisdiction over credit cards and instalment payments. The Ministry of Land, Infrastructure, Transport and Tourism has jurisdiction over some types of real estate fund businesses. The NPA, FSA and Ministry of Finance have co-jurisdiction over matters of AML/CFT. The Personal Information Protection Committee is the prime regulator of personal information. However, the FSA shares regulatory power over the protection of personal information in the financial sector.

The FSA’s “no-action letter” system grew out of a paper entitled “Regarding the Introduction of Prior Confirmation Procedures on the Application of Laws and Regulations by Administrative Agencies”, pursuant to Cabinet decision on 27 March 2001. It is stated in the paper that, “With respect to fields that may catalyse new industries and new products and services, including information technology and finance, in order to enhance the ability of private enterprises to anticipate whether a certain action would conflict with laws and regulations, administrative agencies will be arranged such that private-sector enterprises can inquire in advance as to the relationship between the action concerned and the provisions of certain laws and regulations. In addition, in order to ensure the fairness of administration and promote increased transparency, contents of the inquiries concerned and the administrative agencies’ responses will be made public”. To this end, the Cabinet established guidelines with regard to the above, stating that “...the responses of administrative agencies with jurisdiction to enforce certain laws and regulations in reply to inquiries by private enterprise, etc, to seek advance confirmation on whether proposed actions relating to the enterprise’s business are regulated, will be made public”.

Based on this Cabinet decision, the FSA introduced a no-action letter system on 16 July 2001. This system is explained below.

The laws and regulations that are the subject of the FSA no-action letter procedures are those laws (including subsidiary regulations) over which the FSA has jurisdiction. Inquiries regarding those laws and regulations should be made in accordance with the 27 March 2001 Cabinet Decision (entitled “Regarding the Introduction of Prior Confirmation Procedures on the Application of Laws and Regulations by Administrative Agencies’’), to meet the aim of the Cabinet Decision. The aim of the Cabinet Decision was to create a system under which (i) procedures are established to enable private enterprise, etc, to seek advance confirmation with the administrative agency having jurisdiction to enforce certain laws and regulations on whether proposed actions in connection with enterprise’s business activities are regulated, (ii) the relevant administrative agency provides a response to the relevant enterprise and (iii) such response from the relevant administrative agency is made public. In this connection, inquiries are classified into the following categories:

• cases where the provision concerned is used for determining the basis for disposition of an application (as the term “application” is defined in Article 2, Item 3 of the Administrative Procedures Law (Law No 88, promulgated 12 November 1993)) and violations of the provision concerned are subject to penal sanctions;
• cases where the provision concerned is used for determining the basis for identifying activities that require notification of certain matters to administrative agencies and violations of the provision concerned is subject to penal sanctions;
• cases where the provision concerned is used for determining the basis for unfavourable disposition (as the term “unfavourable disposition” is defined in Article 2, Item 4 of the Administrative Procedures Law); and 
• cases where the provision concerned imposes obligations on private companies or restricts their rights directly, with or without unfavourable disposition, where the FSA finds it necessary.

In principle, the director of the relevant section of the administrative agency that receives the inquiry will issue a response to the inquiry within 30 days of receipt of a written inquiry from the inquirer at the contact point. However, there are circumstances in which the timeframe exceeds 30 days, as discussed below. The FSA is required to ensure that its response time, including the period for submitting additional or corrected documents, is as short as possible.

• In cases where the inquiry involves advanced finance techniques or technology, and for which a response requires careful judgment, the FSA will issue a response within 60 days (in principle) of its initial receipt of the inquiry.
• In cases where the quantity of inquiries exceeds the specific section’s capacity to issue timely responses, a response will be issued within a reasonable time period exceeding 30 days.
• In cases where the regulations/laws in question are jointly administered by the FSA and another government agency, a response will be issued within 60 days (in principle) of initial receipt of the inquiry.

If the FSA is unable to issue a response to an inquiry within 30 days, the FSA will notify the inquirer of the reason for the delay and the expected timeframe for its response.

Under Japanese law, when a business operator engaging in a regulated business outsources part of its business, it is obliged to conduct proper supervision of the outsourcee in accordance with applicable laws and regulations. By way of example, when outsourcing part of its CAES to a third party (including outsourcing in two or more stages), a CAESP regulated under the PSA is required to supervise such third party and take such other necessary measures to ensure proper and reliable execution of the outsourced functions.

Under Japanese law, providers of fintech-related services are responsible as gatekeepers within the scope of the applicable regulations – for example, as a gatekeeper providing a platform for the exchange of fiat currency and crypto-assets, CAESPs are subject to various obligations concerning user protection and AML/CFT. Specifically, from the viewpoint of user protection, CAES providers are obligated to provide certain information to users.

In addition, from an AML/CFT perspective, CAESPs are required – as specified business operators under the Act on Prevention of Transfer of Criminal Proceeds (APTCP) – to take steps to ascertain certain information when commencing transactions with users.

The upsurge of the Japanese crypto-asset market was stalled in January 2018 when one of the largest CAES providers in Japan announced losses of approximately USD530 million due to a cyber-attack on its network. This hacking incident prompted inspections of CAESPs by the FSA, which found internal weaknesses in most of the inspected entities – particularly in the areas of AML/CFT and cybersecurity. As a result, business improvement orders or business suspension orders were issued to these entities.

In addition, it was reported in November 2022 that FTX Trading Limited (FTX Trading) – the parent company of FTX Japan KK, which is a CAESP and a Type 1 FIBO – had been experiencing financial problems. In light of the capital and business relationship between FTX Trading and FTX Japan KK, the FSA issued a business suspension order and a business improvement order to FTX Japan KK, citing the need to:

• immediately halt new transactions by users; and
• take all possible measures in order to prevent the flow of FTX Japan KK’s assets to affiliated companies outside Japan and subsequent harm to users’ interests.

Further, on 31 May 2024, an incident occurred at DMM Bitcoin, a CAESP, in which 4,502.9 BTC entrusted to it by its customers was illegally leaked. As a result, a business improvement order was issued to DMM Bitcoin on 26 September 2024, under which DMM Bitcoin was required to investigate and analyse the specific facts and root causes of the leakage, respond to customers and ensure proper and reliable business operations going forward.

The Act on the Protection of Personal Information (APPI) is a principle-based regime for the processing and protection of personal data in Japan, which generally follows the eight basic principles of the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data. The Act is applicable to all private businesses, including fintech business operators. Based on the requirements of the APPI, every governmental ministry in Japan issued administrative guidelines applicable to the specific industry sectors under its supervision. Fintech businesses are required to comply with the “Guidelines on Personal Information Protection” that concern the financial services industry.

In Japan, accounting/audit firms are the only entities that review the activities of industry participants. For some industries, however, self-regulatory organisations also conduct reviews separately from regulators or accounting/audit firms under the applicable laws or regulations. By way of example, the Japan Virtual and Crypto-Assets Exchange Association (the JVCEA) is a self-regulatory organisation authorised under the PSA to review its CAESP members.

An NFT is not defined under Japanese regulation. However, it is generally understood to refer to an irreplaceable token minted on a blockchain. Since NFTs are digital items minted on a blockchain, the question is whether NFTs also constitute crypto-assets under the PSA.

NFTs are increasingly being used in various fields because, although they are digital data generated on a blockchain, they are characterized as irreplaceable owing to the unique values assigned to them.

NFTs are unlikely to constitute crypto-assets if:

• the specifications or functions of NFTs are limited in the same manner as trading cards and in-game items; and
• NFTs do not serve economic functions (such as being a means of payment) in the way that crypto-assets do.

See 10.12 Non-fungible Tokens (NFTs) for further details.       

In Japan, AML rules are regulated by the APTCP. The APTCP requires “specified business operators” to conduct KYC and the like. The term “specified business operators” refers to business operators like fintech companies (among others) that are subject to financial regulations.

The APTCP is not directly applicable to unregulated fintech companies that do not fall within the definition of “specified business operators”. Accordingly, the AML policies (if any) of such unregulated fintech companies would only be those they have established on their own initiative.

Travel Rule

When a CAESP or EPI-TSP transfers digital assets to a customer of another CAESP or EPI-TSP (including any foreign CAESP or EPI-TSP) at the request of a customer, the transferring CAESP or EPI-TSP must notify the receiving CAESP or EPI-TSP of the identification information, including the name and blockchain address, pertaining to the sender and the receiver (the so-called “Travel Rule”). However, transfers to a CAESP or an EPI-TSP in countries that do not yet have any Travel Rule legislation are not subject to the rule. In addition, when a CAESP or an EPI-TSP transfers digital assets to an unhosted wallet at the request of a customer, it is not subject to the Travel Rule. Nevertheless, even for transactions that are not subject to Travel Rules, information on the counterparty (such as name, blockchain address, and the like) must be obtained and recorded.

Japan’s AML and sanctions regulations generally adhere to the standards set by the Financial Action Task Force (FATF).

The APTCP serves as the primary AML legislation, requiring financial institutions and certain designated businesses to conduct customer due diligence (CDD), report suspicious transactions to the authorities, and implement internal compliance measures.

Under Japanese law, there is no equivalent concept of reverse solicitation.

In other words, Japanese financial regulatory law would essentially apply when a foreign entity provides financial services to Japanese residents, even if the foreign entity does not actively solicit Japanese residents itself.

Japanese financial laws do not require different business models for different asset classes, per se.

Legacy players are proactively utilising robo-advisers. Having said that, unlike in the USA, the Japanese robo-adviser market is relatively small and a couple of independent robo-advisory companies are deemed market leaders.

Currently, there are no specific rules and no guidance applicable to robo-advisers in connection with best execution of customer trades.

There is no significant business or regulatory difference in online lending based on whether the borrower is an individual or a corporation.

With the exception of commercial banks and certain banks incorporated for specific purposes, engaging in the loan business requires registration under the Money Lending Business Act (the “MLB Act”) and is subject to the MLB Act regulations. Under the MLB Act, a loan provider must prepare a written contract and certain explanatory documents and receipts. Further, the interest rate of a loan is subject to:

• the Interest Rate Restriction Act; and
• the Act Regulating the Receipt of Contributions, the Receipt of Deposits, and Interest Rates.

Loan interest rate per annum must not exceed 20% for loans with a principal amount of less than JPY100,000, 18% for loans with a principal amount of between JPY100,000 and JPY999,999, or 15% for loans with a principal amount of JPY1 million or more. These regulations apply to loans to corporate borrowers as well as individual borrowers.

In Japan, loan providers do not engage in underwriting for non-professional investors. If a non-bank loan provider sells its loan receivables, its assignee would also be subject to the MLB Act regulations. This regulatory restriction makes it difficult to implement the underwriting of loan receivables for non-professional investors.

Selling loan receivables to professional, institutional investors who can comply with the MLB Act may be a practical option. However, underwriting transactions – ie, the transfer of loan receivables immediately after a loan transaction – are not usually entered into. Instead, a loan provider is more likely to sell the loan receivables for financial purposes after it has had sufficient time to observe performance of the loan receivables.

Most of the funds raised for loans are lender-raised capital. Securitisation of online lending receivables has not been typical and it is also uncommon to raise funds for specific lending transactions from general investors.

Online lending services in the form of syndicated loans are not available in Japan.

A payment rail widely used by traditional banks in Japan for domestic fund transfers is the Japanese Banks’ Payment Clearing Network, also known as “Zengin Net”. However, it is not mandatory for banks or fund transfer service providers to use this payment rail. Indeed, more and more fintech service providers are offering fund transfer services or other payment services that do not involve existing payment rails, such as services using stablecoins.

Remittances of funds from Japan are generally permitted except in limited cases involving restrictions under the Foreign Exchange and Foreign Trade Act (FEFTA). Specifically, the FEFTA prohibits (i) remittances to designated parties such as terrorists, and (ii) remittances conducted for designated purposes such as contributions to North Korea’s and Iran’s nuclear activities.

Where any resident in Japan makes a remittance exceeding JPY30 million to a destination outside Japan, such resident must also file a Payment Report to the Bank of Japan (after the remittance) through the bank or fund transfer service provider used by the remitter to make the fund remittance, in accordance with the FEFTA.

In Japan, marketplaces are governed by laws and regulations, depending on the type of financial instrument in question – for example, securities such as stocks are regulated by financial instruments exchanges under the FIEA. Commodities such as gold or crude oil, on the other hand, are regulated by commodity exchanges under the Commodity Futures Act. Crypto-assets are regulated by CAESPs as marketplaces under the rules of the PSA. See 6.2 Regulation of Different Asset Classes.

As mentioned in 6.1 Permissible Trading Platforms, financial instruments are regulated under different laws and regulations, depending on their type. Securities such as stocks are regulated by the FIEA and are classified as Paragraph I Securities (defined in 10.4 Regulation of “Issuers” of Blockchain Assets) or Paragraph II Securities (also defined in this section) based on their degree of tradability, and are subject to strict registration requirements, disclosure regulations and conduct rules.

Commodities such as gold or crude oil are regulated under the Commodity Futures Act and are subject to regulations similar to those for securities under the FIEA. However, the competent authority in respect of commodities is not the FSA but the Ministry of Agriculture, Forestry and Fisheries or the METI. The disclosure requirements applicable to commodities are not as strict as those applicable to securities.

Crypto-assets are regulated under the PSA and CAESPs that provide a venue for the trading of crypto-assets are subject to regulation. As is the case with securities under the FIEA, CAESPs are subject to strict registration requirements and conduct rules. The PSA does not impose strict disclosure regulations (as it does on securities) because the purpose of the PSA is limited to ensuring fairness of settlement instruments.

Japan has emerged as one of the largest global crypto-asset markets and was the first country to establish a regulatory framework for crypto-assets. Besides enabling the registration of CAESPs wishing to provide CAES to residents in Japan, such framework seeks to protect customers of CAESPs and prevent crypto-related money laundering and terrorism financing.

Under the PSA, CAESPs are required to:

• take such measures necessary to ensure the safe management of information available to them;
• provide sufficient information to customers;
• take such measures necessary for the protection of customers and for the proper provision of services;
• segregate the property of customers from their own property and subject such segregation to regular audits by a certified public accountant or audit firm; and
• establish internal management systems to enable the provision of fair and appropriate responses to customer complaints, as well as implement measures for the resolution of disputes through financial ADR proceedings.

It should be noted that a CAESP is required under the PSA to both manage the money of users separately from its own money and to entrust users’ money to a trust company or any other similar entity in accordance with the provisions of the relevant Cabinet Office Ordinance. In other words, a CAESP is required to not only manage the money of users in bank accounts separately from its own, but also to entrust such money to a trust company or trust bank acting as trustee.

In addition, the FIEA prohibits, with penalties, unfair acts in crypto-asset trading (without limitation as to the victims of such acts) for purposes of protecting users and preventing unjust gains. However, insider trading regulations have not been included within the scope of the FIEA because of the difficulties in identifying issuers and undisclosed material facts pertaining to crypto-assets.

The criteria for the listing of crypto-assets by CAESPs is set out not in the PSA, but in the “Rules on Handling of New Crypto-Assets” formulated by the JVCEA.

Specifically, CAESPs must carefully determine whether it is appropriate for them to handle crypto-assets if the relevant crypto-assets have any of the following characteristics (per the JVCEA Pre-Assessment):

• the crypto-asset is being used or will likely be used in a way that violates laws, regulations, or principles of public order and morals;
• the crypto-asset is used or will likely be used for criminal purposes;
• the crypto-asset is used or will likely be used for money laundering or terrorist financing;
• the crypto-asset presents significant impediments or concerns to the updating or maintenance of transfer or retention records;
• the crypto-asset issuer is unable or unwilling to be properly audited by a chartered accountant or an audit firm; or
• the crypto-asset cannot be managed or disbursed in a systematic or otherwise secure manner (or it will be difficult to do so).

In addition, as of 26 December 2022, the JVCEA self-regulatory rules were amended to introduce a system to relax the handling of new crypto-assets by member CAESPs. Specifically, two systems were introduced:

• a “Green List System” to exempt certain member CAESPs (Green List Eligible Members) from the JVCEA Pre-Assessment for certain prescribed crypto-assets; and
• a Crypto-Asset Self-Check System to exempt certain member CAESPs from the JVCEA Pre-Assessment except in specific cases.

Under the Green List System, crypto-assets are designated by the JVCEA on the home page of its website as “crypto-assets widely handled in Japan” and crypto-assets for which JVCEA Pre-Assessment is not required when handled by a Green List Eligible Member if they meet all of the following four criteria:

• crypto-assets that have been handled by three or more member CAESPs;
• crypto-assets that have been handled by one member CAESP for at least six months;
• crypto-assets for which the JVCEA has not set any ancillary conditions for handling; and
• crypto-assets that are not deemed inappropriate by the JVCEA under the Green List System for any other reason.

Regarding transactions of crypto-assets, the JVCEA’s self-regulatory “Rules Concerning Development of Order Management Systems for Crypto-Asset Exchange Services” regulates the system for order management in CAESPs by stipulating the processes necessary to carry out proper business operations regarding acceptance of orders and processing of contracts from users when CAESPs carry out transactions related to the exchange of crypto-assets with users. Specifically, CAESPs are required to formulate internal rules for the development of order management systems in order to control unfair transactions and to execute transactions on the best terms.

Recently, decentralised exchanges (DEXs) – ie, exchanges of crypto-assets accessible to the general public – have emerged as a form of decentralised finance. Their trading volume has rapidly increased in the past few years.

Under Japanese law, there are no specific regulations for DEX. However, if the services provided by DEXs fall within regulated activities under the existing law, such DEXs may be subject to the relevant regulations. More specifically, DEXs may be subject to the regulations on CAES as an intermediary for the sale or exchange of crypto-assets under the PSA.

However, DEXs are characterised as decentralised exchanges with no specific centralised administrator. Therefore, if DEXs are so decentralised that no specific operator is conceivable and the person required to register as a CAESP is not conceivable, it would be difficult to apply the PSA to such an operator in a practical manner.

There are no specific regulations on payment for order flow in Japan.

The purpose of the FIEA is to ensure fairness in the issuance of securities and in transactions of financial instruments, etc, in order to facilitate the circulation of securities, ensure fair price formation of financial instruments and – via full operation of the functions of capital markets – contribute to the sound development of the national economy and the protection of investors. Accordingly, the FIEA prohibits any person from engaging in unfair transactions in respect of the purchase and sale of securities, other transactions, or derivative transactions.

As regards crypto-assets, there have been cases in which undisclosed information (ie, the commencement of handling of a new crypto-asset) was leaked outside a CAESP and those who obtained such information allegedly profited from it. The FIEA also prohibits any person from engaging in unfair trading in the spot trading of crypto-assets or crypto-related derivative transactions.

Given the increased volume of high-frequency trading (HFT) and its influence on the market, Japan implemented regulations relating to this type of trading in 2018. Although commonly referred to in English as HFT, this type of trading is known in Japan as “high-speed trading (HST)” (kousoku torihiki) pursuant to the FIEA. In line with this terminology, the frequency of trading is not a requirement for HST pursuant to the FIEA.

The FIEA specifies certain categories of trading as HST, including:

• the sale or purchase (or entrustment thereof) of securities or market transactions of derivatives;
• the management of funds or other assets constituting the sale or purchase; and
• the execution of over-the-counter derivative transactions that cause a counterparty to conduct the sale or purchase.

These categories constitute HST when the trading decision is made automatically through an electronic information processing system and the information necessary for the trade based on that decision is communicated through IT to the financial instruments exchange or proprietary trading system (PTS) via a method used to shorten the time typically required for that communication.

A trader engaging in HST is required to register as a high-speed trader and establish an operational control system, manage risks, and provide certain information relating to that trading to the FSA. However, simply developing or creating trading algorithms or other electronic trading tools is not regulated under the FIEA.

There is no such requirement under the FIEA.

HST regulations under the FIEA are principally applicable to traders (including funds) – although certain reporting requirements are also applicable to dealers (ie, financial instruments business operators registered under the FIEA) when the dealers are engaging in proprietary trading. A financial instruments business operator may not accept HST orders from:

• a trader who is not registered pursuant to the FIEA; or
• a registered trader for which the financial instruments business operator is unable to confirm the appropriate trading system management has been implemented.

There is no such regulation under the FIEA (see 7.1 Creation and Usage Regulations).

In Japan, when a company (including fintech companies) engages in insurance solicitation (ie, acts as an agent or intermediary for the conclusion of insurance contracts), it must be registered as an insurance agent or insurance broker under the Insurance Business Act.

In Japan, no distinction is made between different types of insurance in terms of their treatment by the regulators.

There is no regulation in Japan that relates specifically to providers of regtech. Accordingly, such providers are regulated under the existing legal framework, depending on their activities.

Regtech is not yet prevalent in Japan; however, the FSA officially announced in its Assessments and Strategic Priorities for 2018 that it would enhance regtech and suptech (supervisory technology) in Japan. One legislative change in this area was the 2018 amendment of the subordinate regulations of the APTCP in order to provide for various methods by which e-KYCs may be conducted in Japan.

There have not been many cases in which financial institutions have used regtech services.

In addition, there are no laws and regulations or industry practices that require financial institutions to stipulate a clause in their contracts with service providers that assures the accuracy of services provided when using a regtech service.

In connection with the use of blockchain technology, the most significant developments in the traditional financial service industry have been those relating to digital securities, NFTs and stablecoins.

The new regulatory framework has clarified the manner of application of regulations on digital securities (as described in 10.4 Regulation of “Issuers” of Blockchain Assets). As a result, a considerable number of financial institutions have entered into this new market. For more details on recent developments in this area, see 1.1 Evolution of the Fintech Market.

Regulatory discussions and developments on NFTs and NFT platforms in Japan have accelerated in tandem with global trends in the field of NFTs. For the legal implications of such developments in Japan, see 2.13 Conjunction of Unregulated and Regulated Products and Services and 10.12 Non-Fungible Tokens (NFTs).

In addition, the FSA introduced new regulations on stablecoins ahead of regulators in other jurisdictions (as described in 1.1 Evolution of the Fintech Market), thereby clarifying the rules applicable to issuers and intermediaries. Stablecoins to be issued in compliance with the new regulations are expected to be used for settlement transactions in respect of digital securities or other types of assets (including NFTs) on blockchain.

Generally speaking, financial regulators in Japan are receptive to fintech innovation — including those using blockchain and technology-driven new entrants in the regulated financial services markets — and are actively participating in discussions taking place in this industry.

However, various consumer protection issues have arisen in connection with the Japanese fintech industry. These have resulted in a decision made by regulators to strengthen the regulations governing emerging fintech businesses in order to address new risks to consumers arising from the new services. Notably, the regulatory framework for crypto-assets was amended to enhance customer protection by introducing stricter regulations. This was in response to a major incident in January 2018 in which one of the largest crypto-asset exchanges in Japan announced it had lost approximately USD530 million worth of crypto-assets after a hacking attack on its network. The new regulatory framework entered into force on 1 May 2020.

In Japan, regulations applicable to certain blockchain assets (ie, tokens issued on blockchain) may vary, depending on the nature of those assets (as per the following classifications). 

Crypto-Assets

The authors believe that a large proportion of tokens issued on blockchain constitute crypto-assets as defined in the PSA. See 10.11 Virtual Currencies for regulations applicable to issuers of crypto-assets.

Prepaid Payment Instruments

Tokens issued on blockchain that are similar to prepaid cards, in that the tokens may be used as consideration for goods or services provided by token issuers, may be regarded as PPIs as defined under the PSA. See 10.4 Regulation of “Issuers” of Blockchain Assets for regulations applicable to issuers of PPIs.

Non-Fungible Tokens (NFTs)

NFTs are irreplaceable tokens minted on a blockchain. The applicability of the PSA to an NFT depends on whether such NFT constitutes a crypto-asset. However, NFT platforms that enable the conduct of NFT-related transactions are not subject to financial regulation. See 2.13 Conjunction of Unregulated and Regulated Products and Services and 10.12 Non-Fungible Tokens (NFTs).

Digital Securities

Tokens issued on blockchain that represent any securities as defined in the FIEA would be regulated under FIEA as described in 10.1 Use of Blockchain in the Financial Services Industry and 10.4 Regulation of “Issuers” of Blockchain Assets.

Stablecoins

Stablecoins that are redeemable for fiat currencies (fiat-backed stablecoins) are regulated as EPIs, as noted in 1.1 Evolution of the Fintech Market.

Regulation on Issuers of Crypto-Assets

See 10.11 Virtual Currencies.

Regulation on Issuers of Prepaid Payment Instruments

An issuer of PPIs is required to comply with applicable rules under the PSA. If a PPI may only be used for payments to the issuer for its goods or services, that issuer will not be required to register under the PSA; however, it must still comply with certain notice requirements. By contrast, an issuer of PPIs that may be used not only for payments to the issuer for its goods or services, but also for payments to other parties designated by the issuer, will be required to register as an “issuer of PPIs” under the PSA.

Regulation on Issuers of NFTs

See 10.12 Non-Fungible Tokens (NFTs).

Regulation on Issuers of Digital Securities

As mentioned in 6.2 Regulation of Different Asset Classes, the FIEA has conventionally classified securities into:

• traditional securities such as shares and bonds (Paragraph 1 Securities); and
• contractual rights such as trust beneficiary interests and collective investment scheme interests (Paragraph 2 Securities).

Whereas Paragraph 1 Securities are subject to relatively stricter requirements in terms of disclosures and licensing/registration because they are highly liquid, Paragraph 2 Securities are subject to relatively looser requirements because they are less liquid. However, if securities are issued using an electronic data processing system such as blockchain, it is expected that such securities may have higher liquidity than securities issued using conventional methods – regardless of whether they are Paragraph 1 or Paragraph 2 Securities. For this reason, the FIEA introduced a new regulatory framework for securities that are transferable through electronic data processing systems. Under the FIEA, such securities are classified into the following three categories:

• Paragraph 1 Securities such as shares and bonds, which are transferable by using electronic data processing systems (Tokenised Paragraph 1 Securities);
• contractual rights such as trust beneficiary interests and collective investment scheme interests, which are conventionally categorised as Paragraph 2 Securities and are transferable by using electronic data processing systems (electronically recorded transferable rights (ERTRs)); and
• contractual rights such as trust beneficiary interests and interests in collective investment schemes, which are conventionally categorised as Paragraph 2 Securities and are transferable by using electronic data processing systems but have their negotiability restricted to a certain extent (Non-ERTR Tokenised Paragraph 2 Securities).

An issuer of Tokenised Paragraph 1 Securities or ERTRs is, in principle, required to file a securities registration statement (as is the case for traditional Paragraph 1 Securities) before making a public offering or secondary distribution, unless the offering or distribution falls under any category of private placements. Any person who engages in the business of the sale, purchase or handling of the offering of Tokenised Paragraph 1 Securities or ERTRs is required to undergo registration as a Type 1 FIBO. In light of the higher degree of freedom in designing Tokenised Paragraph 1 Securities or ERTRs and the higher liquidity of these securities, a Type 1 FIBO that handles these digital securities will be required to control risks associated with digital networks such as blockchain used for digital securities.

Regulation on Issuers of Stablecoins

Under the amended PSA, only banks, fund transfer services providers, trust banks and trust companies that are licensed or registered in Japan may issue EPIs directly to Japan residents. See 1.1 Evolution of the Fintech Market for more details on the regulations applicable to intermediaries of EPIs.

Trading Platforms for Crypto-Assets

An operator of a trading platform for purchases, sales or exchanges of crypto-assets is regulated under the PSA. More specifically, a person who engages in intermediary, brokerage or agency activities for the trading or exchange of crypto-assets as a business is regarded as a CAESP and is required to register under the PSA. A typical example of a CAESP is a regulated crypto-asset exchange, such as bitFlyer or Coincheck. See 10.9 Decentralised Finance (DeFi) regarding peer-to-peer trading platforms for crypto-assets.

Trading Platforms for NFTs

See 10.12 Non-Fungible Tokens (NFTs).

Trading Platforms for Digital Securities

25 December 2023 saw a highly anticipated first secondary trading of digital securities on a PTS (ie, an equivalent of an alternative trading system in the USA). The PTS, known as START, is operated by Osaka Digital Exchange Co., Ltd under the FSA’s authorisation. Currently, only six issues of digital securities are traded on START, but this is expected to increase in the near future.

The regulator’s attitude towards the secondary market for digital securities is stringent, so the introduction of a pure peer-to-peer trading platform for digital securities in Japan will require careful analysis as to its legality – as well as significant discussion with the FSA, particularly from the consumer protection viewpoint.

There are no provisions for staking under Japanese law. Accordingly, the staking of one’s own crypto-assets or becoming a validator is not regulated in Japan. It should be noted, however, that if staking service providers manage the private keys of users’ crypto-assets, crypto-asset custody service regulations may apply. In addition, fund regulations might apply if the staking service providers distribute rewards to and impose slashing penalties on their users.

Under Japanese law, crypto-asset lending services do not constitute the conduct of money-lending business, which is regulated under the Money Lending Business Act, as no money lending is involved. It should be noted, however, that crypto-asset custody service regulations may apply where a service is considered provision of crypto-asset custody services, and not lending of crypto-assets. According to the Crypto Asset Guidelines issued by the FSA (Crypto Asset Guidelines), one factor that distinguishes between lending and provision of custodial services is whether users can withdraw their assets at any time or whether there is a specific required period of non-withdrawal.

The amended FIEA, which came into force on 1 May 2020, includes specific regulations on crypto-asset derivatives. As a consequence of the inclusion of “crypto-assets” and standardised instruments of crypto-assets created by financial instruments exchanges within the definition of “financial instruments”, as well as the inclusion of crypto-asset prices, interest rates, etc, within the definition of “financial indicators”, respectively, crypto-asset derivative transactions are now subject to the provisions of the FIEA, regardless of the type of derivative transactions involved. For instance, provision of OTC crypto-asset derivative transactions or acting as an intermediary or broker in relation thereto constitutes Type I Financial Instruments Business under the FIEA. Accordingly, a company engaging in these transactions needs to undergo registration as a Type I Financial Instruments Business Operator (Type I FIBO).

In addition to various rules of conduct applicable to those Type I FIBOs providing crypto-asset derivative services under the FIEA, it is noteworthy that the amended FIEA introduced strict leverage ratio regulations. If a Type I FIBO engages in crypto-asset derivative transactions, the amount of margins to be deposited by a customer must: (i) if the customer is an individual, not fall below 50% of the amount of crypto-asset derivative transactions (ie, the leverage ratio is limited to two times); or (ii) if the customer is a corporation, not fall below the amount of crypto-asset derivative transactions, multiplied by 50% or the crypto-asset risk assumption ratio based on the historical crypto-asset volatilities as specified in the public notice issued by the FSA entitled “Establishing the Calculation Method for Crypto Asset Risk Assumption Ratio in Crypto Asset Margin Trading”.

“DeFi” is an abbreviation of decentralised finance. DeFi refers to a decentralised financial system consisting of blockchain applications (generally referred to as decentralised applications, or “Dapps”). It is a general term for financial systems and projects that are accessible and transparent to the general public. The terms and degree of decentralisation would vary from project to project.

There are no regulations relating specifically to DeFi in Japan. However, where DeFi activities fall within regulated activities under any existing law, such activities may be subject to the relevant regulations. By way of an example, within the scope of DeFi, DEXs may be subject to regulations relating to CAES as an intermediary for the sale or exchange of crypto-assets under the PSA. See 6.6 Rise of Peer-to-Peer Trading Platforms for further details.

Crypto-Asset Investment Funds

Funds in the form of collective investment schemes that invest in crypto-assets are subject to the same rules and regulations as other investment funds that take the form of a partnership. Therefore, in order to solicit investments, the operator of the fund must register as a Type 2 FIBO unless:

• there are no more than 49 non-professional investors with one or more professional investors and notification in connection therewith has been made to the FSA; or
• the fund delegates its solicitation and marketing activities to a registered Type 2 FIBO.

The operator of a fund that mainly invests in crypto-assets is not required to register as an investment management business operator because that registration obligation is only triggered when an operator mainly invests in securities and derivatives.

In addition, investment in crypto-assets by the operator of a fund is not likely to trigger the requirement to register as a CAESP under the PSA because the trading of crypto-assets for the fund’s own investment purposes is not considered to be the trading of crypto-assets “as a business”, which is one of the requirements for the registration obligation.

In Japan, the typical and most practical legal forms adopted by such crypto-assets investment funds would be:

• a Tokumei Kumiai, a partnership formed pursuant to the Commercial Code; or
• an offshore fund, including a Cayman limited partnership, because of its flexibility in structuring the scheme while mitigating any regulatory risks.

On the other hand, an investment trust fund under the Investment Trust and Investment Corporation Act may not be used as a vehicle for investment in crypto-assets or crypto-asset exchange-traded funds, because, currently, crypto-assets are excluded from the specified asset classes in which an investment trust fund is allowed to invest under the Act.

Funds Investing in Digital Securities

In general, the operator of an investment fund that mainly invests in securities and derivatives must register as an investment management business operator. Digital securities constitute securities under the FIEA, so investing in digital securities may trigger the registration obligation as described earlier.

Also, if a fund expects to invest mainly in securities (including digital securities) and if the number of investors acquiring fund interests is expected to be 500 or more, a disclosure obligation will be triggered under the FIEA when raising capital.

The registration obligation with respect to self-solicitation as described previously will also be applicable to a fund investing in digital securities.

The PSA defines “crypto-asset” and requires a person who provides CAES to be registered with the FSA. The term “crypto-asset” is defined in the PSA as:

• proprietary value that may be used to pay an unspecified person the price of any goods, etc, purchased or borrowed or any services provided and may be sold to or purchased from an unspecified person – limited to that recorded on electronic devices or other objects by electronic means and excluding Japanese and other foreign currencies, currency denominated assets and EPIs (excluding currency denominated assets) (the same applies in the following item) – and that may be transferred using an electronic data processing system (collectively, Type I crypto-assets); or
• proprietary value that may be exchanged reciprocally for proprietary value specified in the preceding item with an unspecified person and that may be transferred using an electronic data processing system (Type II crypto-assets).

“Currency denominated assets” means any assets that are denominated in Japanese or other foreign currency. Such assets do not fall within the definition of crypto-assets. For example, prepaid e-money cards are usually considered currency denominated assets.

NFTs are generally non-substitutable tokens that are issued on a blockchain, with values and attributes unique to the token itself. A central issue in the context of NFTs is whether they constitute crypto-assets under the PSA, since NFTs, like crypto-assets, are tokens issued on the blockchain.

In this regard, according to the Crypto-Asset Guidelines, an important factor in determining whether a token constitutes a Type I crypto-asset is whether the token is “an asset that can be purchased or sold using legal fiat currency or crypto assets under socially accepted norms. Specifically, a token that satisfies items (i) and (ii) below” generally will not constitute a Type I crypto-asset. The same applies to the determination of whether a token constitutes a Type II crypto-asset:

(i) the issuer, etc, has made clear that the token is not intended to be used as a means of payment for goods, etc, to unspecified parties. This can be achieved by, for example, stating clearly in the terms and conditions of the issuer or its business-handling service provider, or in the product description, that use of the token as a means of payment to unspecified parties is prohibited, or that the token or related system is designed in a way that does not enable it to be used as a means of payment to unspecified parties); and

(ii) (where use of the token as a means of payment for goods, etc, to unspecified parties is permitted) certain requirements on the price and quantity of the relevant goods, etc, and on the technical characteristics and specifications of the token must be met. For example, at least one of the following characteristics must be present:

• the minimum value per transaction must be sufficiently high (ie, JPY1,000 or more); or
• the number of tokens issuable as a proportion of a transaction of minimum value is limited (ie, not exceeding 1 million).

The Japanese government is trying to accelerate the shift to open banking. Specifically, banks were legally obligated to make efforts to complete the development of an OpenAPI system by 31 May 2018. However, banks are not legally obligated to release APIs, and fees and other terms must be agreed upon separately between a fintech company and a bank.

In many cases, banks impose security requirements on the users of OpenAPI, and conduct pre-screening and regular monitoring on such users. Banks also carry out security audits through third parties when necessary.

There are no laws or regulations in Japan that relate specifically to fraud in the context of financial services or fintech.

Under the current legal framework in Japan, there would be a finding of fraud if (i) an act of deception has been committed, (ii) the act causes another party to make a mistake and (iii) such other party delivers goods or property benefits based on such mistake (Article 246 of the Criminal Code), regardless of whether the fraudulent act was committed in the context of financial services, fintech or otherwise.

In recent years, there has been an increase in issues surrounding crypto-assets that are traded electronically via the internet. In addition, there has been an increase in the number of cases where people have made investments in connection with the exchange of crypto-assets and suffered losses as a result.

In this connection, the Consumer Affairs Agency of Japan (CAA), jointly with the Financial Services Agency of Japan (FSA) and the National Police Agency of Japan (NPA), has issued a warning on matters that consumers should approach with caution.

For example, the CAA has handled cases in which consumers have made investments based on promises of “guaranteed profits” through seminars, SNS and the like, but ended up making losses, or were unable to get refunds or withdraw their funds.

The extent to which a fintech service provider is responsible for customer losses depends on the nature of the service, the applicable laws, and the contractual agreements between the provider and the customer. In principle, there are no special provisions under Japanese law that impose unique liability on fintech service providers solely because they operate in the fintech sector. Their liability is generally governed by standard legal principles, such as contract law, tort law and financial regulations.

With that said, a fintech service provider may be held liable in the following situations.

• Negligence or system failures – if a loss occurs due to a technical malfunction of a service provider’s systems, security breach or operational failure, and the provider failed to implement appropriate safeguards, the service provider may be required to compensate affected customers.
• Regulatory compliance violations – if a provider fails to comply with financial regulations, such as the PSA, the APTCP, the APPI or consumer protection regulations, and such failure leads to customer losses, the provider may face administrative penalties and be required to compensate customers.