The Financial Technology Law Review: Japan

Overview

The Japanese government has embarked on a string of legislative amendments and other measures aimed at enabling fintech to contribute to the development of Japan's economic and financial environment, with the expectation that promoting innovation will lead to improved convenience for users and strong growth for companies. As businesses work on creating new financial services that improve users' convenience and productivity through the use of data, a proactive regulatory response to the efforts of various players is essential, while taking into account the risk of new services. In light of this, Japanese regulators have accelerated the promotion of data utilisation and innovative businesses.

Fintech companies, including start-ups, are also actively engaged in initiatives such as making policy recommendations and setting up self-regulation by forming industry associations and pursuing dialogue with existing financial institutions and the government. The new brokerage legislation that came into effect in 2021 responds to industry demand. This new rule allows financial service intermediaries to engage in financial intermediary platform services in banking, securities and insurance under a single licence.

Furthermore, as the entire socio-economy becomes increasingly digitalised, the digitalisation of finance is accelerating, including the use of blockchain technology and non-fungible token transactions. In light of these developments, for the purpose of promoting innovation in the private sector and at the same time ensuring appropriate user protection, the Financial Services Agency (FSA) established a study group for digitalised and decentralised finance in July 2021, which is currently examining how to deal with the digitalisation of means of payment and security.

As a general reference resource about fintech in Japan, the Fintech Association of Japan (an industry association composed of fintech companies, financial institutions and other related parties) provides a broad introduction to Japanese fintech companies on its English-language website.2

Regulation

i Licensing and marketing

Regulatory overview

Like other jurisdictions, the legal framework of financial regulations in Japan has been fragmented. Specifically: (1) for the products and services layer, there are licences for designing and providing products and services, such as banking, insurance, settlement and remittance; (2) for the sales and marketing layer, there are licences for selling and marketing the corresponding products and services; and (3) for the infrastructure layer, there are regulations such as for money laundering and personal information protection. As shown below, a cross-sectional intermediary licence will likely be introduced in banking, securities and insurance.

BankingSettlementRemittanceExchangeLendingInvestmentInsurance
Products/services layerBanking servicesPrepaid payment instruments; credit; credit-purchasing intermediariesFund transfer servicesCryptoasset exchangesMoneylending businessesType I/II
financial instruments (including security tokens) businesses; investment management services
Insurance businesses
Sales/marketing layerBank agency services; electronic settlement agency servicesCryptoasset exchangesMoneylending businessesFinancial instruments brokeragesInsurance agents or brokers
Financial services intermediariesFinancial services intermediaries
Infrastructure layerMoney laundering regulations and personal information protection regulations

In principle, the FSA grants and supervises licences for fintech enterprises (e.g., crowdfunding operators, cryptoasset exchanges and electronic settlement agents) in addition to traditional financial institutions (e.g., banks, insurance companies, financial instruments business operators and financial services intermediaries).

However, for credit card issuers (instalment sales), acquirers and payment service providers (PSPs), licensing and supervision are performed by the Ministry of Economy, Trade and Industry.

ii Services

Banking services

It is necessary to obtain a banking services licence to engage in accepting deposits together with lending funds or discounting bills as a business, or to engage in fund transfer transactions as a business.

Bank agency services

For operators to engage in agency or intermediary services for banking transactions as a business entrusted by a bank, they must obtain permission to engage in bank agency services. For financial services intermediaries, the legislation came into effect in November 2021 (see below).

Electronic settlement agency services

Until 2017, when the Banking Act was amended, Japan did not have any regulations in place for services in which operators, as entrusted by customers, instruct banks to perform fund transfer transactions or conduct services to obtain account information and provide it to clients (known as 'account aggregation'). Since 1 June 2018, the Banking Act has required electronic settlement agents to register so that they can conduct these services on behalf of customers. This is a regulatory framework established to cover operators as equivalent to the payment initiation service providers and account information service providers under the second EU Payment Services Directive.

Payments (settlement and remittance)

Registration or notification is necessary for non-banks to engage in certain types of payment services, including fund transfer transactions, issuances of prepaid payment instruments (e.g., electronic money and gift vouchers), credit purchase intermediation (e.g., issuance of credit cards) and acquirer or PSP operations. The amended Payment Services Act (PSA), which came into effect in May 2021, divides fund transfer service providers into three types: Type I is subject to approval, and Types II and III are subject to registration, enabling the provision of fund transfer services according to the amount of remittance. See Section IV.

Cryptoasset exchanges

In 2016, the PSA was amended to include new regulations on cryptocurrency (from 2020, 'cryptoasset') exchange businesses. Buying and selling cryptoassets (that mainly cover currency tokens or payment tokens) or exchanging them with other cryptoassets is regarded as cryptoasset exchange business, for which cryptoasset exchanges must obtain registration from the local finance bureau. From 1 May 2020, the revised PSA changed the term from 'cryptocurrency' to 'cryptoasset' and imposes stricter regulations on cryptoasset exchanges. See Section V.

Lending

To provide moneylending and intermediary services, a business must obtain registration as a moneylending business. As described in Section IV, registration as a moneylending business is also required to operate loan-type crowdfunding (crowd-lending or peer-to-peer lending).

Investments

The Financial Instruments and Exchange Act (FIEA) applies to investments in securities and derivatives transactions.

Type I/II financial instruments businesses

Under the FIEA, securities are classified as highly liquid 'Paragraph 1 securities,' such as stocks and share options, or 'Paragraph 2 securities,' such as fund equities. Broadly speaking, registration as a Type I financial instruments business is necessary to purchase and sell Paragraph 1 securities or to act as an intermediary, broker or agent for the sale and purchase of these securities, and it is necessary for Type II financial instruments businesses to register so as to trade Paragraph 2 securities or to act as an intermediary, broker or agent for the sale and purchase of these securities.

The amendment of the FIEA in 2014 resulted in some deregulation, and it became sufficient to obtain a more relaxed licence if the operator is only engaged as a business in crowdfunding in which a certain small amount of funds is gathered via the internet (see Section IV).

The amendment of the FIEA in 2019, which came into force on 1 May 2020, includes security tokens ('electronically recorded transferable rights' (ERTRs)) in Paragraph 1 securities. See Section V.

Investment management services

Under the FIEA, operators must obtain registration as investment management services operators to manage assets by executing discretionary investment contracts with investors who entrust them with the discretion to make investment decisions. Investment management business operators assume a fiduciary duty and duty of loyalty towards investors, and are subject to regulations regarding conduct, such as an in-principle prohibition on engaging in conflict-of-interest transactions, and prohibition on compensating investors for losses.

Investment advisory and agency services

To provide advice on investment decisions as a business without being entrusted by clients with the discretion to make the actual investment decisions, operators must obtain registration to provide investment advisory and agency services.

Financial instruments brokerages

In addition, business operators entrusted by Type I financial instruments business operators or investment management services operators to act as intermediaries or the like to trade in securities or market derivatives transactions are required to obtain registration as financial instruments brokerages.

Insurance

Insurance businesses

Operators must obtain a licence as an insurance business operator to engage in underwriting insurance as a business.

Insurance agents or brokers

To solicit and sell insurance as a business as entrusted by insurance companies, registration as an insurance agent must be obtained. Conversely, to negotiate with insurance companies and act as intermediaries for the conclusion of insurance contracts as entrusted by clients, registration as an insurance broker must be obtained.

Financial services intermediaries

In November 2021, the Financial Services Intermediary Act came into effect, replacing the Financial Instruments Sales Act, to create financial services intermediary businesses. A financial services intermediary business is a licence that allows an intermediary to provide cross-sectional brokerage services in the fields of banking, securities and insurance under a single registration, as opposed to the current system of registration for agents and brokers in each field. If certain requirements are met, registration for electronic settlement agency services is not required. This new licence only allows financial services that do not require a highly complex explanation (e.g., brokerage of unlisted stocks and derivatives are prohibited). To ensure compensation for damage to customers, a financial services intermediary business must pay a deposit while it is conducting its service. Obligations and prohibited acts will be set depending on the characteristics of the financial services.

iii Cross-border issues

Applicability of Japanese regulations to foreign business operators

Because the purpose of Japan's financial rules is to protect Japanese consumers, operators are in principle subject to the application of Japanese laws and must obtain a Japanese licence when seeking to provide financial services.

In addition, under Japanese financial rules, in principle, a licence cannot be obtained unless the company is governed by the laws of Japan (for licences permitting individuals to perform services, the individual must be a resident of Japan) when providing various types of financial services to Japanese consumers.

However, examples of foreign corporations with business establishments in Japan that are permitted to obtain Japanese licences include Type I and Type II financial instruments business operators, investment management service operators, investment advisers and agents, third-party prepaid payment instrument issuers, acquirers and PSPs.

In addition, examples of foreign corporations that have a foreign licence corresponding to a Japanese licence for financial services, by obtaining a licence in Japan under certain conditions, and are allowed to provide financial services in Japan include banks, insurance companies, fund transfer service providers and cryptoasset exchanges. However, to obtain a licence in Japan, they must satisfy certain requirements, such as having a business office in Japan and a representative in Japan (who is a Japanese resident).

Regulations on foreign ownership

Foreign companies are not prohibited from owning shares or equity in financial-related businesses, including fintech companies. If a foreign company acquires shares or equity in a financial-related business operator, including fintech companies, it is required to submit a report to the authorities through the Bank of Japan in accordance with the Foreign Exchange and Foreign Trade Act.

In addition, other individual laws regulate shareholders (major shareholders) who own more than a certain percentage of their equities. Shareholders holding at least 20 per cent of the equity of a bank or insurance company (in certain cases, 15 per cent) are required to obtain authorisation under the Banking Act or the Insurance Business Act. In addition, shareholders holding 20 per cent or more of the shares of financial instruments business operators (in certain cases, 15 per cent or more) are required to file a notification in accordance with the FIEA, and the eligibility of major shareholders is also examined in the registration of financial instruments business operators. In the event that a foreign company is a shareholder, the authorisation of major shareholders and registration verification of financial instruments business operators will include examinations into whether the influence of the foreign company will harm the soundness of Japan's financial services business operators and its financial system.

Digital identity and onboarding

i Digital identity

In Japan, the Public Identity Verification Act provides a structure for personal authentication using e-certificates. To use the public identity verification service, individuals must apply at a local government office to receive an individual number card (a 'My Number' card). My Number is a 12-digit number assigned to all people (including non-Japanese) who are registered with their local governments as residing in Japan. It is an individual number introduced to improve the efficiency of administration and convenience for the public by managing personal information in different administrative areas, such as social security and tax, using a common number.

The use of this service was formerly limited to administrative procedures such as tax returns and registry applications, but recent amendments to the Public Identity Verification Act have made it possible for private businesses certified by the Minister of Internal Affairs and Communications to use the service. This may expand the use of the public identity verification service to online account services such as online shopping and banking.

ii Digitalised onboarding of clients

Until 2018, there were various methods available to financial service business operators for confirming their clients' identity through non-face-to-face transactions. Postal procedures were necessary in most cases and therefore know-your-customer (KYC) procedures were not completed by the digital method alone.

Introduction of eKYC procedures

Japanese anti-money laundering (AML) laws and regulations were amended on 30 November 2018 to make customer identity verification methods more flexible through digitalised onboarding methods for non-face-to-face transactions. New KYC procedures that were introduced include: (1) transmission of a picture of identity confirmation documents alongside a picture of the customer; and (2) transmission of the information stored on an integrated circuit chip alongside a picture of the customer.

Digital markets, payment services and funding

i Payment services

Registration or notification is necessary for non-banks to engage in certain types of payment services, including remittances (fund transfer transactions), issuances of prepaid payment instruments (e.g., electronic money and gift vouchers), credit purchase intermediation (e.g., issuance of credit cards) and acquirer or PSP operations.

ii Funds transfer services

To mitigate the significant burden of obtaining a banking services licence, the PSA, established in 2010, made it possible to conduct fund transfer business by obtaining registration as a fund transfer service provider without obtaining a banking services licence. As at 31 January 2022, there were 80 businesses registered as fund transfer service providers in Japan.

The amended PSA, which came into effect in May 2021, divides transfer service providers into three types: Type I is subject to approval, and Types II and III are subject to registration, enabling the provision of fund transfer services according to the amount of remittance. The Type I fund transfer service allows authorised providers to transfer money in excess of ¥1 million. This type is based on the needs of overseas remittances. The providers are generally not allowed to retain customer funds or to accept funds without specific remittance instructions to protect customers in the event of their bankruptcy. The Type II fund transfer service maintains the previous fund transfer services framework: transfer of ¥1 million or less through a single remittance instruction is allowed. The Type III fund transfer service allows providers to handle transmittance and customer accounts with an individual maximum of ¥50,000, while segregated accounts would be allowed, but provide less safeguarding of customer assets than other types.

On a separate note, in relation to the payment of compensation for goods and services, 'billing agency services' (whereby a business operator receives payment of the consideration on behalf of a goods or service provider (a payee) and delivers the received funds to the payee) are not considered to fall under the definition of 'funds transfers' in Japan and thus do not require registration as fund transfer service providers. Many businesses, such as convenience stores, provide these services. However, the amended PSA clarifies that 'billing agency services' where the payee is an individual fall under the definition of 'funds transfers' and are subject to the fund transfer service licence, except for billing agency services that accept payments incidental to commercial transactions on a commercial platform as agents or escrow services. This clarifies that the services that transfer money among individuals (such as sharing payment apps) are subject to regulation as money transfer businesses.

Issuances of prepaid payment instruments

The PSA regulates issuers of prepaid payment instruments to protect consumers and help establish safe and sound payment and settlement systems. Issuers distributing prepaid payment instruments used to pay for goods or services offered by the issuers and third-party merchants ('third-party type' prepaid payment instruments) must register with the local finance bureau that has jurisdiction over the issuer.

If the prepaid payment instruments are used only to pay the issuer ('own business type' prepaid payment instruments), the issuer must file a notice with the local finance bureau when the unused balance of the prepaid payment instruments exceeds ¥10 million on a reference date (both 31 March and 30 September).

Furthermore, all issuers of prepaid payment instruments must reserve at least 50 per cent of the total amount of the issuance once the unused balance exceeds ¥10 million as of either reference date. Except for certain cases, the issuer may not redeem or buy back the instruments.

Under the PSA, prepaid payment instruments must have all of the following three elements: record of value; issuance in exchange for consideration; and use as payment or demand. If the instrument satisfies certain exception criteria, such as having a usage period limited to six months or less, it will not constitute a prepaid payment instrument and will be exempt from application of the PSA.

Credit cards, acquirers and PSPs

Japan requires credit card issuers (irrespective of whether they issue physical cards) to be registered as 'comprehensive credit purchase intermediaries'. The amendment of the Instalment Sales Act (ISA) came into force in June 2018, by which acquirers that acquire and manage the merchants who use credit cards or certain types of PSPs that enter into contracts with merchants to permit the handling of credit cards became required to be registered. These services are subject to several obligations, such as proper management of customer credit card numbers. PSPs are not required to be registered if the acquirers have the final decision to conclude merchant agreements and the PSPs' operations are limited to only the first stage examination of whether to conclude the agreements.

The amended ISA, which came into effect in April 2021, responds to diverse payment services and providers with the progress of payment technology. For instance, it has introduced less strict registration than credit card issuers for services that provide small amounts (¥10,000 in total) of post-payment services. In addition, the amended ISA allows credit card issuers to use advanced and diverse screening methods to calculate a customer's payment capacity using their accumulated data. Further, the amended ISA requires broader services, such as QR code payment service providers, to manage customer credit card numbers properly.

iii Collective investment schemes

The FIEA lists specific forms of instruments as securities. If a product or service (including tokens) falls within any of these securities, then the FIEA regulations apply. In addition to this list, the FIEA also comprehensively defines a 'collective investment scheme' (CIS) to regulate various types of funds (including foreign funds), regardless of their legal form. CIS arrangements must have all of the following elements:

  1. monetary contribution (or monetary equivalent) from investors;
  2. business using the contributions; and
  3. investors' entitlement to the distribution of profits arising from the business or of assets relating to the business.

As described below, investment equity interests in investment-type crowdfunding (crowd-lending or peer-to-peer lending) and tokens may be considered CIS equity interests.

For CIS equity interests, subject to some exceptions, registration under the FIEA is required for solicitation for acquisition of the equity interests and management of the assets invested.

Issuers of CIS equity interests are, in principle, required to be registered as Type II financial instruments businesses to solicit the acquisition of the equity interests.

To manage the assets invested in the fund by the CIS equity interest holders, the issuer must obtain registration as an investment management business in principle.

iv Crowdfunding

In Japan, crowdfunding is classified into 'donation-type', 'purchase-type', 'loan-type' and 'investment-type' crowdfunding. A licence is not required to engage in crowdfunding as a business in cases such as 'donation-type' crowdfunding (where users donate funds without receiving any consideration in exchange) or 'purchase-type' crowdfunding (where users receive products or services in exchange for their funds).

Loan-type crowdfunding (crowd-lending and peer-to-peer lending)

Loan-type crowdfunding (crowd-lending or peer-to-peer lending) involves crowdfunding business operators who intermediate between users and parties seeking funds; these operators must obtain registration as moneylending businesses. The business operators typically solicit funds for loans from the public in the form of investments in fund vehicles and lend the funds to fund users. To engage in loan-type crowdfunding, as a general rule, the operators must register as Type II financial instruments businesses to solicit investments in the fund, and they must also register as moneylending businesses to provide loans.

Investment-type crowdfunding

Investment-type crowdfunding is divided into investments in (1) more highly liquid 'Paragraph 1 securities', such as stocks and share options, and (2) 'Paragraph 2 securities', such as equity interests in funds.

Prior to the FIEA amendment in 2014, operators had to obtain registration as Type I financial instruments businesses to trade in or perform brokerage, intermediary or agency services to trade Paragraph 1 securities, and registration as Type II financial instruments businesses to conduct brokerage and agency services for the sale and purchase of Paragraph 2 securities, irrespective of whether a crowdfunding transaction, in which only a small amount of funds is collected, was conducted.

Following the FIEA amendment in 2014, the regulations were relaxed so that operators that only engage in crowdfunding where a certain small amount of funds is collected through the internet can obtain a more relaxed registration as a 'small-amount electronic public offering business'.

If a fund intends to invest in real estate, additional rules under the Real Estate Specified Joint Enterprise Act have applied, which made it difficult for funds to invest directly in real estates. In December 2017, the revised Act came into force, which mitigated the regulations, such as allowing for funds to provide online disclosure documents.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

i Types of cryptocurrencies (cryptoassets) and ICOs

Under Japanese law, businesses that issue, sell and exchange tokens, including token issuances through ICOs or security token offerings (STOs), may fall under the regulations of the PSA or FIEA depending on how they are structured. Businesses involved in ICOs or STOs should adequately fulfil their duties required by related laws and regulations, such as registration when their services are regulated by those Acts.

Under current Japanese law, tokens are likely to fall under the regulatory categories of cryptoassets under the PSA (payment tokens), prepaid payment instruments and securities (especially ERTRs, security tokens). The regulatory framework under the revised PSA and FIEA that came into effect on 1 May 2020 is described below.

ii Cryptoasset exchange businesses (payment tokens)

The PSA defines cryptoassets and regulates cryptoasset exchange businesses. Current prevailing payment tokens, such as Bitcoin and Ethereum, fall under cryptoassets in the PSA.

Definition of cryptoasset under the PSA

The PSA defines a cryptoasset as electronically recorded proprietary value other than legal currency and assets denominated in any legal currency that:

  1. can be used to pay unspecified persons for goods and services, can be mutually exchanged into fiat currencies with unspecified persons, and is transferable through an electronic network (Type I cryptoasset); or
  2. is mutually exchangeable with a Type I cryptoasset between unspecified persons and is transferable through an electronic network (Type II cryptoasset).

Cryptoasset exchanges

A 'cryptoasset exchange business operator' means one that engages in the business of: (1) selling and purchasing cryptoasset or exchanging cryptoasset with another cryptoasset; (2) acting as an intermediary, broker or agent for the services in point (1); or (3) managing the monies or cryptoassets of users in connection with points (1) or (2).

Cryptoasset exchanges must manage the funds and cryptoassets deposited by users separately from the operators' own funds and cryptoassets. As at 31 January 2022, there were 30 companies registered as cryptoasset exchanges in Japan. The FSA did not accept registration of the applicant exchanges and strengthened its role in supervising and inspecting cryptoasset exchanges in 2018, but has gradually restarted the examination process. In 2018, two major cryptoasset-related businesses industry groups merged and set up strict self-regulations to restore public and regulatory confidence in cryptoasset business.

New regulations on cryptoassets

The environment surrounding cryptoassets faced several issues in 2018, including multiple cases of theft of customer assets from cryptoasset exchanges, the realisation that internal control at cryptoasset exchanges was not keeping pace with the sudden increase in transactions, cryptoassets becoming a source of speculative trading owing to wildly fluctuating prices, and the appearance of new types of transactions using cryptoassets such as ICOs and derivatives transactions. Based on these issues, the amended PSA and FIEA came into effect on 1 May 2020.

The revised PSA replaced the term 'cryptocurrencies' with 'cryptoassets', which mainly covers payment tokens. It also obliges cryptoasset exchanges to address the risk of cryptoasset theft (such as requiring exchanges to maintain both net assets and cryptoassets in an amount equal to or greater than customer cryptoassets stored in 'hot wallets', to ensure that the customer right to claim return of cryptoassets is not subject to subordination, and to disclose financial statements), and seeks to strengthen regulations aimed at ensuring appropriate operations (such as requiring public disclosure of transaction price information, prohibiting advertisement or solicitation that encourages speculative trading, and requiring exchanges to notify the regulator before changing which cryptoassets they handle).

Further, it widens the scope of cryptoasset management regulations and AML regulations to also cover custody services for cryptoassets, requiring them to be registered.

The revised FIEA covers several features of cryptoasset transactions that need securities-like regulations. For instance, similar to regulations governing the shares of listed companies, the revised FIEA introduces regulations against unfair transactions of cryptoassets. These regulations would prohibit behaviour such as improper activity on cryptoasset transactions, the spreading of rumours and market manipulation, and would impose obligations on cryptoasset exchanges to screen transactions. The revised FIEA also regulates cryptoasset derivatives transactions, as in the case of foreign exchange margin trading. It requires registration for exchanges that provide cryptoasset derivatives businesses and introduces similar regulation to foreign exchange margin trading.

iii Financial instruments businesses (security tokens)

The revised FIEA includes security tokens (ERTRs), except for certain less-liquid tokens, in Paragraph 1 securities. Therefore, the issuance of security tokens, including STOs, is subject to disclosure and registration obligations under the FIEA. Public placement of ERTRs requires an issuer of ERTRs to file a registration statement and circulate an offering memorandum. Private placement to qualified institutional investors will mitigate the disclosure requirements.

As for registration, to register as a Type I financial instruments business it is necessary to purchase and sell ERTRs or to act as an intermediary, broker or agent for the purchase and sale of ERTRs (including public and private placement). If an ERTR issuer itself solicits its ERTRs to investors, it will also likely be required to register as a Type II financial instruments business. However, if the solicitation falls under certain private placement (an exempted solicitation to qualified institutional investors and a limited number of accredited investors), simply filing is required instead of registration.

ERTR transactions, including STOs, would also be subject to regulations concerning unfair transactions equivalent to those governing traditional securities.

Other new business models

i Self-executing contracts

While self-executing contracts are considered to be legal in Japan, there is no special legal framework that applies to them. Therefore, the parties to these contracts can resort to any dispute resolution method, such as lawsuit, arbitration or mediation.

ii Automated investment and artificial intelligence in financial products

The FSA clarifies in its guidelines that the mere distribution or sale of investment analysis software that uses algorithms in the market does not fall under regulated business. However, the guidelines also state that if the distributors or any other parties provide supplemental data or support, the conduct may fall under investment advisory or management services depending on their commitments. Whether a platform service that uses algorithms falls under either category is sometimes difficult to determine and thus requires a case-by-case analysis of the applicable services. Moreover, if the platform service provider uses algorithms that recommend specific financial products to users, the platform may also be required to register as a Type I/II financial instruments business.

The use of algorithms or artificial intelligence in a service may also raise other issues such as the allocation of responsibilities of relevant parties or the prohibition of market manipulation, or invoke certain regulations such as those on insider trading or material non-public information.

iii Third-party websites

Third-party websites or platforms comparing or providing information about financial products are subject to general consumer protection law such as that prohibiting the provision of misleading information. These platform providers should also be aware of financial regulations. The FSA announces in its guidelines that active commitments by platforms such as the provision of information processed by the platforms themselves, not limited to the provision of raw materials or information provided by financial institutions, or the use of certain designs or algorithms that feature specific financial products, may fall under 'solicitation' of products and therefore require a sales or marketing layer licence such as those applicable to financial services intermediaries. See Section II.

Intellectual property and data protection

i Intellectual property

In principle, the ideas themselves that pertain to business models are not protected by intellectual property rights such as patent or copyright. However, inventions in which these ideas are realised using information and communication technology may enjoy patent protection in certain cases. In regard to software, the Patent Act defines 'products' as a concept that includes 'programs, etc.', which means that software is subject to patent protection and can be copyrighted. In addition, information that companies manage as trade secrets will be protected under the Unfair Competition Prevention Act.

There have also been patent-related disputes that have attracted attention, such as a patent infringement suit in which two leading venture companies in the fintech industry battled over an accounting software algorithm that automatically determines the category of accounting items.3

For inventions created by employees, the right to obtain a patent may be assigned to or originally acquired by the employer in accordance with its internal rules. These employers shall compensate their employees in accordance with these rules; however, if the rules are found to be unreasonable, the court may decide the compensation in light of the profits arising from the exclusive rights and the employer's contribution to an invention.

The right to file patent applications on inventions made by independent contractors is held by the contractor, unless otherwise agreed between the parties.

ii Data protection

As in other industries, compliance relating to data protection and security is an important issue for fintech businesses. In regard to data protection, the Act on the Protection of Personal Information (APPI) imposes certain obligations on private businesses that use personal information to, for instance: undertake necessary and appropriate measures to safeguard personal information; not use personal information except to the extent necessary for the purposes disclosed to the subject individuals; not disclose personal information data to any third party (subject to certain exemptions); and conduct necessary and appropriate supervision over employees and contractors.

The first significant amendment to the APPI came into effect on 30 May 2017 to eliminate ambiguity in the scope of personal information and facilitate the proper use of anonymised data. The fintech industry is also subject to the application of the 'Guidelines for Personal Information Protection in the Financial Field'. Further, the second significant amendment to the APPI was enacted in June 2020 based on its three-year review and will come into effect in April 2022. This 2020 amendment will expand the scope of data subjects' rights, introduce mandatory data breach reporting, broaden extraterritorial enforcement options and impose stricter restrictions on cross-border transfers, while facilitating the use of pseudonymised data.

In regard to security, the FSA supervisory guidelines governing financial institutions emphasise the importance of matters such as being aware of system risks and enhancing cybersecurity, and operators are required to appropriately follow the PDCA cycle of 'Plan, Do, Check and Act'.

Year in review

The following events that occurred from 2020 to the present in relation to the development of regulations and legal approaches regarding fintech in Japan are of particular importance.

May 2020The revised PSA and FIEA regarding cryptoassets regulations came into effect (see Section V)
June 2020Bills to amend the PSA to introduce new types of fund transfer services and establish the Financial Services Intermediary Act to introduce financial services intermediary business were enacted
A bill to amend the ISA to introduce less strict registration for small-amount post-payment services and allow credit card issuers to use advanced and diverse screening methods to calculate a customer's payment capacity was enacted
April 2021The revised ISA came into effect
May 2021The revised PSA came into effect
November 2021The Financial Services Intermediary Act came into effect
January 2022The Payment Services Working Group of the Financial System Council announced a report (see Section IX)
Spring 2022Bills to amend several acts to reflect the report by the Payment Services Working Group will be proposed

Outlook and conclusions

The following are some of the major legal and regulatory initiatives and developments that are expected in Japan based on the latest report by the Payment Services Working Group of the Financial System Council in January 2022.

i Jointly improving AML and combating terrorism financing operations (establishment of joint institutions)

Because the banking industry is currently considering the establishment of joint institutions to improve AML and combating the financing of terrorism (CFT) operations jointly, the licence requirement and regulations is being proposed to ensure the quality of business operations for these joint institutions. The joint institutions will be required to ensure appropriate governance systems, appropriate management and operation of information systems, proper handling of personal information, and implementation of effective transaction filtering and monitoring.

ii Handling of electronic means of payment, including stablecoins

Backed up by the rapid growth of transactions using stablecoins in the US and other countries, which aim to link their value to that of legal tender, the report aims to develop a new regulatory framework of remittance and settlement service that separates issuers from intermediaries. The report defines 'electronic means of payment' as one that can be used for remittance and settlement to unspecified parties and that are recorded electronically and can be transferred using an electronic data processing system; this includes stablecoins. The report supposes issuers as conventional banks and fund transfer service providers. As for intermediaries, the report suggests a regulatory framework similar to cryptoasset exchanges: they will be required to provide information on the electronic means of payment that they handle, respond appropriately to AML/CFT, develop an appropriate system for these measures, and exercise necessary measures for user protection, such as proper management of user assets and information provision. In addition, intermediaries will not be required to handle electronic means of payment that may cause problems in terms of user protection.

iii Strengthening regulations for high-value electronically transferable prepaid payment instruments

Unlike banks and fund transfer service providers, issuers of prepaid payment instruments, which are widely used for small settlements, are not subject to KYC or reporting suspicious transaction obligations under Japanese AML laws because repayment of cash to customers is generally not allowed. There is also no upper limit on the amount of prepaid payment instruments that can be issued to each user under the PSA. However, the report proposes that, from the perspective of AML/CFT and for deterring crime, monitoring by the authorities should be strengthened. For instance, issuers of certain high-value electronically transferable prepaid means of payment will be required to submit additional information in a registration application under the PSA and to submit a business implementation plan. The report also indicates that these issuers will be subject to Japanese AML laws and regulations, such as KYC or reporting suspicious transactions obligations.

Footnotes

1 Atsushi Okada and Takane Hori are partners and Takahiro Iijima is a senior associate at Mori Hamada & Matsumoto.

3 Tokyo District Court case of 27 July 2017.

The Law Reviews content