A brief overview of the global precedent set by the Financial Services Agency (FSA).
by Edmund Yong
Japan is one of the earliest adopters and most progressive regimes in the world for cryptocurrencies. It amended its Payment Services Act in 2016 to require “exchange businesses” to register with its regulatory body, the Financial Services Agency (FSA), being one of the first jurisdictions to do so. This took formal effect in April 2017, one month after the Virtual Currency Act was passed in March 2017.
Japan is also a pioneer in allowing industry self-regulation, which other jurisdictions are trying to emulate. It granted industry bodies like the Japan Virtual Currency Exchange Association (JVCEA) with the status of a “self-regulatory organization” (SRO) within the ambit of its Payment Services Act in October 2018, with the power to police and penalize its member exchanges.
Self-regulation does not mean that regulators are taking a hands-off or docile approach in enforcement. The opposite is true. Two of the biggest heists ever in crypto history happened on its shores, Mt. Gox and Coincheck, so regulators are vigilant. Following the latter, regulators raided several exchanges in March 2018, the first action of its kind in the world, and published findings from its on-site inspections of 23 exchanges which reveal “a sloppy reality that the maintenance of internal control system(s) have not kept up with the rapid expansion of transactions”.
The FSA had released a five-point agenda for exchanges in May 2018 and expanded it to 9 focus areas in its final report of proposed rules (Dec 2018). Broadly it covers:
- Robust security standards especially for crypto storage and custody. At the very least, there need to be safeguards that the funds are not just stored on online wallets which are notoriously prone to hacking, and adequate two-factor authentication (2-FA) to prevent unauthorized transfers. Under the latest rules, where the private keys of users are managed online, the exchanges are also required to maintain enough net assets and funds for reimbursement of the same or greater amount.
- Customer due diligence to prevent money laundering. Users have to be onboarded with stringent know-your-customer (KYC) processes to verify identity, residence, source of funds, among others. FSA has been issuing “business improvement orders” or warnings to multiple exchanges in this regard. Six were sent in June 2018, namely to bitFlyer, Quione, Bitbank, BITpoint, BtcBox, and Tech Bureau Corp (which operates Zaif and has since gotten three such orders). GMO Coin received one in March 2018.
For context, the FSA has been busy beefing up its anti-money-laundering (AML) procedures, before it hosts the Group of 20 summit this year and the Summer Olympics in 2020. According to Japan Times, the Financial Action Task Force (FATF), an intergovernmental body that combats terrorist funding and illegal financial transactions, has previously pointed out that Japan’s AML measures were insufficient and is due to re-examine the situation in 2019.
- Restrictions on privacy coins that hides user identities and remove their trace. This supports the earlier point to have greater transparency of users, and to prohibit the listing and trading of privacy-centric or anonymous coins that are convenient for money laundering activities. The ban came into effect in June 2018, and those like Monero (XMR), Dash (DASH), Augur’s Reputation (REP), and ZCash (ZEC) were pulled out or delisted from exchanges.
- Sequestration of funds with checks and balances. Customer assets must be managed separately from corporate exchange assets; regular daily checks performed on customer account balances to prevent any manipulation; and having systems in place to prevent internal employees from making unauthorized trades with user funds. The new rules also propose a framework to entitle customers to a ‘statutory lien’ that secures their claim to the deposited funds.
- Organizational independence and how it operates. FSA has called for the clear division of structures between company shareholders and management team to avoid conflicts of interest, and between development and asset management roles to prevent insider trading and other forms of internal system manipulation. Other key areas include mandatory disclosures relating to financial statements and information relating to trading price, and prohibition of advertising, promoting or encouraging speculative trading and “unfair acts”.
The main takeaway from the Japanese experience is that rigorous compliance has not deterred market players. The FSA employs an extremely lengthy procedure to review each application that is submitted to it (a process which can take anywhere between two to six months from the date of submission), according to reports. Not only that, the FSA also requires applicants to answer more than 400 questions before they approve or decline any submission.
In spite of this, more and more are seeking to enter the Japanese market and become licensed operators. At last count, there were over 190 applicants in December 2018 (a list that include top names like Yahoo! Japan, Line Corp, and Daiwa Securities Group), even though only 17 exchanges have been registered by the FSA to date.
The view expressed in this article is intended to provide a general guide to the subject matter and does not constitute professional advice. You are advised to seek proper advice for your specific situation.
 https://www.fsa.go.jp/news/30/virtual_currency/20180810-1.pdf cited in https://news.bitcoin.com/japan-on-site-inspections-crypto-exchanges/
 https://bitcoinist.com/japan-introduces-five-point-agenda-for-cryptocurrency-exchange-regulations/ and https://news.bitcoin.com/japanese-regulator-rules-cryptocurrency-service-providers/