The Financial Technology Law Review: Japan
The Japanese government has embarked on a string of legislative amendments and other measures aimed at enabling fintech to contribute to the development of Japan's economic and financial environment, with the expectation that promoting innovation will lead to improved convenience for users and strong growth for companies. As businesses work on creating new financial services that improve users' convenience and productivity through the use of data, a proactive regulatory response to the efforts of various players is essential, while taking into account the risk of new services. In light of this, Japanese regulators have accelerated the promotion of data utilisation and innovative businesses. They are further developing functional and cross-sectional financial intermediary regulations that cover financial platform providers.
Fintech companies, including start-ups, are also actively engaged in initiatives such as making policy recommendations and setting up self-regulation by forming industry associations and pursuing dialogue with existing financial institutions and the government. The new brokerage legislation, which is scheduled to be enacted in 2020, responds to industry demand. This new rule will allow financial service intermediaries to engage in cross-industry intermediary services in banking, securities and insurance under a single licence.
As a general reference resource about fintech in Japan, the Fintech Association of Japan (an industry association composed of fintech companies, financial institutions, and other related parties) provides a broad introduction to Japanese fintech companies on its English website.2
i Licensing and marketing
Like other jurisdictions, the legal framework of financial regulations in Japan has been fragmented. Specifically, there are: (1) for the products and services layer, licences for designing and providing the products and services, such as banking, insurance, settlement, and remittance; (2) for the sales and marketing layer, licences for selling and marketing the corresponding products and services; and (3) for the infrastructure layer, regulations such as on money laundering regulations and personal information protection. As shown below, a cross-sectional intermediary licence will likely be introduced in banking, securities and insurance.
|Products/ services layer||Banking services||Prepaid payment instruments; credit; credit- purchasing intermediaries||Fund transfer services||Crypto|
|Moneylending businesses||Type I/II financial instruments (including security tokens) businesses; investment management services;||Insurance businesses|
|Sales/ marketing layer||Bank agency services; electronic settlement agency services||Crypto|
|Moneylending businesses||Financial instruments brokerages||Insurance agents or brokers|
|financial services intermediaries||financial services intermediaries|
|Infrastructure layer||Money laundering regulations and personal information protection regulations|
In principle, the FSA grants and supervises licences for fintech enterprises (e.g., crowdfunding operators, cryptoasset exchanges, and electronic settlement agents) in addition to traditional financial institutions (e.g., banks, insurance companies and financial instruments business operators).
However, for credit card issuers (instalment sales), acquirers and payment service providers (PSPs), licensing and supervision are performed by the Ministry of Economy, Trade and Industry.
It is necessary to obtain a banking services licence to engage in accepting deposits together with lending funds or discounting bills as a business, or to engage in fund transfer transactions as a business.
Bank agency services
For operators to engage in agency or intermediary services for banking transactions as a business as entrusted by a bank, they must obtain permission to engage in bank agency services. For financial services intermediary business proposed in 2020, see below.
Electronic settlement agency services
Until 2017, when the Banking Act was amended, Japan did not have any regulations in place for services where operators, as entrusted by customers, instruct banks to perform fund transfer transactions, or conduct services to obtain account information and provide it for clients (known as 'account aggregation'). Since 1 June 2018, the Banking Act requires registration as electronic settlement agents for them to conduct these services as entrusted by customers. This is a regulatory framework established to cover operators as equivalent to the payment initiation service providers and account information service providers under the EU Payment Services Directive 2 (PSD2).
Payments (settlement and remittance)
Registration or notification is necessary for non-banks to engage in certain types of payment services, including: fund transfer transactions; issuances of prepaid payment instruments (e.g., electronic money and gift vouchers); credit purchase intermediation (e.g., issuance of credit cards); and acquirer or PSP operations. See Section IV.
In 2016, the Payment Services Act (PSA) was amended to include new regulations on cryptocurrency (from 2020, cryptoasset) exchange businesses. Buying and selling cryptoassets (that mainly cover what are called 'currency tokens' or 'payment tokens') or exchanging them with other cryptoassets is regarded as cryptoasset exchange business, for which cryptoasset exchanges must obtain registration from the local finance bureau. From 1 May 2020, the revised PSA will change the term from 'cryptocurrency' to 'cryptoasset' and impose stricter regulations on cryptoasset exchanges. See Section V.
To provide moneylending and intermediary services, a business must obtain registration as a moneylending business. As described in Section IV below, registration as a moneylending business is also required to operate loan-type crowdfunding (crowd-lending or peer-to-peer lending).
The Financial Instruments and Exchange Act (FIEA) applies to investments in securities and derivatives transactions.
Type I/II financial instruments businesses
Under the FIEA, securities are classified as highly liquid 'Paragraph 1 securities,' such as stocks and share options, or 'Paragraph 2 securities,' such as fund equities. Broadly speaking, registration as a type I financial instruments business is necessary to purchase and sell Paragraph 1 securities or to act as an intermediary, broker or agent for the sale and purchase of such securities, and to register as a type II financial instruments business is necessary to trade Paragraph 2 securities or to act as an intermediary, broker, or agent for the sale and purchase of such securities.
The amendment of the FIEA in 2014 resulted in some deregulation, and it became sufficient to obtain a more relaxed licence if the operator is only engaged as a business in crowdfunding in which a certain small amount of funds is gathered via the internet (see Section IV).
The amendment of the FIEA in 2019, which will come into force on 1 May 2020, includes security tokens ('electronically recorded transferable rights' (ERTRs)) in Paragraph 1 securities. See Section V.
Investment management services
Under the FIEA, operators must obtain registration as investment management services operators in order to manage assets by executing discretionary investment contracts with investors who entrust them with the discretion to make investment decisions. Investment management business operators assume a fiduciary duty and duty of loyalty toward investors, and are subject to regulations regarding conduct, such as an in-principle prohibition on engaging in conflict-of-interests transactions, and prohibition on compensating investors for losses.
Investment advisory and agency services
To provide advice on investment decisions as a business without being entrusted by clients with the discretion to make the actual investment decisions, operators must obtain registration to provide investment advisory and agency services.
Financial instruments brokerages
In addition, business operators entrusted by Type I financial instruments business operators or investment management services operators to act as intermediaries or the like to trade in securities or market derivatives transactions are required to obtain registration as financial instruments brokerages.
Operators must obtain a licence as an insurance business operator to engage in underwriting insurance as a business.
Insurance agents or brokers
In order to solicit and sell insurance as a business as entrusted by insurance companies, registration as an insurance agent must be obtained. Conversely, to negotiate with insurance companies and act as intermediaries for the conclusion of insurance contracts as entrusted by clients, registration as an insurance broker must be obtained.
Financial services intermediaries
In March 2020, bills were submitted to replace the Financial Instruments Sales Act with the Financial Services Intermediary Act to create a financial services intermediary business. A financial services intermediary business is a licence that allows an intermediary to provide cross-sectional brokerage services in the fields of banking, securities and insurance under a single registration, as opposed to the current system of registration for agents and brokers in each field. If certain requirements are met, registration for electronic settlement agency services is also not required. This new licence will only allow financial services that do not require a highly complex explanation (e.g, brokerage of unlisted stocks and derivatives are prohibited). In order to ensure compensation for damage to customers, a financial services intermediary business requires a deposit. Obligations and prohibited acts will be set depending on the characteristics of the financial services.
iii Cross-border issues
Applicability of Japanese regulations to foreign business operators
Since the purpose of Japan's financial rules is to protect Japanese consumers, operators are in principle subject to the application of Japanese laws and must obtain a Japanese licence when seeking to provide financial services.
In addition, under Japanese financial rules, in principle, a licence cannot be obtained unless the company is governed by the laws of Japan (for licences permitting individuals to perform services, the individual must be a resident of Japan) when providing various types of financial services to Japanese consumers.
However, examples of foreign corporations with business establishments in Japan that are permitted to obtain Japanese licences include type I and II financial instruments business operators, investment management service operators, investment advisers and agents, third-party prepaid payment instrument issuers, acquirers and PSPs.
In addition, examples of foreign corporations that have a foreign licence corresponding to a Japanese licence for financial services, by obtaining a licence in Japan under certain conditions, and are allowed to provide financial services in Japan include banks, insurance companies, fund transfer service providers and cryptoassets exchanges. However, to obtain a licence in Japan, they must satisfy certain requirements, such as having a business office in Japan and a representative in Japan (who is a Japanese resident).
Regulations on foreign ownership
Foreign companies are not prohibited from owning shares or equity in financial-related businesses, including fintech companies. If a foreign company acquires shares or equity in a financial-related business operator, including fintech companies, it is required to submit a report to the authorities through the Bank of Japan in accordance with the Foreign Exchange and Foreign Trade Act.
In addition, other individual laws regulate shareholders (major shareholders) who own more than a certain percentage of their equities. Shareholders holding at least 20 per cent of the equity of a bank or insurance company (in certain cases, 15 per cent) are required to obtain authorisation under the Banking Act or Insurance Business Act. In addition, shareholders holding 20 per cent or more of the shares of financial instruments business operators (in certain cases, 15 per cent or more) are required to file a notification in accordance with the FIEA, and the eligibility of major shareholders is also examined in the registration of financial instruments business operators. In the event that a foreign company is a shareholder, the authorisation of major shareholders and registration examination of financial instruments business operators will include examinations into whether the influence of the foreign company will harm the soundness of Japan's financial services business operators and its financial system.
Digital identity and onboarding
i Digital identity
In Japan, the Public Identity Verification Act provides a structure for personal authentication using e-certificates. In order to use the public identity verification service, individuals must apply at a local government office to receive an individual number card (a 'My Number' card). My Number is a 12-digit number assigned to all people (including non-Japanese) who are registered with their local governments as residing in Japan. It is an individual number introduced to improve the efficiency of administration and convenience for the public by managing personal information in different administrative areas, such as social security and tax, using a common number.
The use of this service was formerly limited to administrative procedures such as tax returns and registry applications, but recent amendments to the Public Identity Verification Act have made it possible for private businesses certified by the Minister of Internal Affairs and Communications to use the service. This may expand the use of the public identity verification service to online account services such as online shopping and banking.
However, at present, the service is not widely used in the private sector due to the lack of widespread use of My Number cards and the need for users to prepare IC card readers or similar devices for reading e-certificates.
ii Digitised onboarding of clients
Until 2018, in order for financial service business operators to confirm their clients' identity through non-face-to-face transactions, such as those conducted online, they were required to adopt one of the following methods. Mailing procedures were necessary in most cases and therefore know-your-customer procedures were not completed by the digital method alone.
Mailing a copy of identity confirmation documents
A copy of the identity confirmation documents is sent by the client (not limited to post) and the transaction-related documents are mailed by registered post to the client's residence.
Use of personal receipt post
Transaction-related documents are mailed to the client's residence by personal receipt post. In this case, the postal service provider confirms the client's residence and receives a document to confirm the client's identity.
Use of electronic signatures
Although confirmation of a person's identity by authentication using an electronic signature is permitted, it has not been widely adopted since the user must obtain a digital certificate in advance and prepare an IC card reader or other similar device.
Use of public identity verification service
Formerly limited to use by administrative agencies, the public identity verification service is now available to private businesses and accepted as a method of identification by financial institutions. However, it is not generally popular since the user must obtain a My Number Card in advance and prepare an IC card reader or other similar device.
Introduction of eKYC procedures
The FSA, together with industry associations, established a working group to examine online transactions in June 2017. The working group discussed ways to realise a more efficient digitised onboarding of clients. Based on the results of such discussions, Japanese anti-money laundering laws and regulations were amended in 30 November 2018 to make customer identity verification methods more flexible through electronic methods for non-face-to-face transactions. New KYC procedures that were introduced include:
- transmission of the picture of the identity confirmation documents (attached with a face photo) and the picture of the customer's appearance; and
btransmission of the IC information and the picture of the customer's appearance.
Digital markets, payment services and funding
i Payment services
Registration or notification is necessary for non-banks to engage in certain types of payment services, including: remittances (fund transfer transactions); issuances of prepaid payment instruments (e.g., electronic money and gift vouchers); credit purchase intermediation (e.g., issuance of credit cards); and acquirer or PSP operations.
ii Funds transfer services
To mitigate the significant burden of obtaining a banking services licence, the PSA, established in 2010, made it possible to make small-amount fund transfers of ¥1 million or less through a single remittance instruction by obtaining registration as a fund transfer service provider without obtaining a banking services licence. As of 29 February 2020, there are 74 businesses registered as fund transfer service providers in Japan.
The bill to amend the PSA was proposed in March 2020 to change the regulations of the fund transfer services. In particular, the bill proposes that the current fund transfer service, which can only handle remittances of ¥1 million or less, should be divided into three types. The Type I fund transfer service would allow authorised providers to transfer money in excess of ¥1 million. This type is based on the needs of overseas remittances. The providers would generally not be allowed to retain customer funds or to accept funds without specific remittance instructions in order to protect customers in the event of their bankruptcy. The Type II fund transfer service would maintain the current fund transfer services framework. The Type III fund transfer service would allow providers to handle transmittance with just tens of thousands of yen, while segregated accounts would be allowed, which provide less safeguarding of customer assets than other types.
On a separate note, in relation to the payment of compensation for goods and services, 'billing agency services' (whereby a business operator receives payment of such consideration on behalf of a goods or service provider (a payee) and delivers the received funds to such payee) are not considered to fall under the definition of 'funds transfers' in Japan and thus do not require registration as fund transfer service providers. Many businesses, such as convenience stores, provide these services. The proposed amendment to the PSA in March 2020 clarifies that the services that transfer money among individuals (such as sharing payment apps) are subject to the regulation as money transfer businesses. On the other hand, most of the above conventional billing agency services that accept payments incidental to commercial transactions as agents are expected to remain out of the scope of the money transfer services.
Issuances of prepaid payment instruments
The PSA regulates issuers of prepaid payment instruments to protect consumers and help establish safe and sound payment and settlement systems. Issuers distributing prepaid payment instruments used to pay for goods or services offered by the issuers and third-party merchants ('third-party type' prepaid payment instruments) must register with the local finance bureau having jurisdiction over the issuer.
If the prepaid payment instruments are used only to pay the issuer ('own business type' prepaid payment instruments), the issuer must file a notice with the local finance bureau when the unused balance of the prepaid payment instruments exceeds ¥10 million on a reference date (each of 31 March and 30 September).
Furthermore, all issuers of prepaid payment instruments must reserve at least 50 per cent of the total amount of the issuance once the unused balance exceeds ¥10 million as of either reference date. Except for certain cases, the issuer may not redeem or buy back the instruments.
Under the PSA, prepaid payment instruments must have all of the following three elements: record of value; issuance in exchange for consideration; and use as payment or demand. If the instrument satisfies certain exception criteria, such as having a usage period limited to six months or less, it will not constitute a prepaid payment instrument and will be exempt from application of the PSA.
Credit cards, acquirers and PSPs
Japan requires credit card issuers (irrespective of whether they issue physical cards) to be registered as 'comprehensive credit purchase intermediaries'. The amendment of the Installment Sales Act (ISA) came into force in June 2018, by which (1) acquirers that acquire and manage the merchants who use credit cards; or (2) certain types of payment service providers (PSPs) that enter into contracts with merchants to permit the handling of credit cards, became required to be registered. These services are subject to several obligations, such as proper management of customer credit card numbers. PSPs are not required to be registered if the acquirers have the final decision to conclude merchant agreements and the PSPs' operations are limited to only the first stage examination of whether to conclude the agreements.
The bill to amend the ISA proposed in March 2020 responds to diverse payment services and providers with the progress of payment technology. For instance, it proposes less strict registration than credit card issuers for services that provide small amounts (ten thousand yen in total) of post-payment services. In addition, the bill allows credit card issuers to use advanced and diverse screening methods to calculate a customer's payment capacity using their accumulated data. Further, the bill requires broader services, such as QR code payment service providers, to manage customer credit card numbers properly.
iii Collective investment schemes
The FIEA lists specific forms of instruments as securities. If a product or service (including tokens) falls within any of these securities, then the FIEA regulations apply. In addition to this list, the FIEA also comprehensively defines what is called a 'collective investment scheme' (CIS) in order to regulate various types of funds (including foreign funds), regardless of their legal form. CIS arrangements must have all of the following elements:
- monetary contribution (or monetary equivalent) from investors;
- business using the contributions; and
- investors' entitlement to the distribution of profits arising from the business or of assets relating to the business.
As described below, investment equity interests in investment-type crowdfunding (crowd-lending or peer-to-peer lending) and tokens may be considered CIS equity interests.
For CIS equity interests, subject to some exceptions, registration under the FIEA is required for solicitation for acquisition of the equity interests and management of the assets invested.
Issuers of CIS equity interests are, in principle, required to be registered as type II financial instruments businesses in order to solicit the acquisition of such equity interests.
To manage the assets invested in the fund by the CIS equity interest holders, the issuer must obtain registration as an investment management business in principle.
In Japan, crowdfunding is classified into 'donation-type', 'purchase-type', 'loan-type' and 'investment-type' crowdfunding. A licence is not required to engage in crowdfunding as a business in cases such as 'donation-type' crowdfunding (where users donate funds without receiving any consideration in exchange) or 'purchase-type' crowdfunding (where users receive products or services in exchange for their funds).
Loan-type crowdfunding (crowd-lending and peer-to-peer lending)
Loan-type crowdfunding (crowd-lending or peer-to-peer lending) involves crowdfunding business operators who intermediate between users and parties seeking funds, and such operators must obtain registration as moneylending businesses. The business operators typically solicit funds for loans from the public in the form of investments in fund vehicles and lend such funds to fund users. In order to engage in loan-type crowdfunding, as a general rule, the operators must register as type II financial instruments businesses to solicit investments in the fund, and they must also register as moneylending businesses to provide loans.
Investment-type crowdfunding is divided into investments in (1) more highly liquid 'Paragraph 1 securities', such as stocks and share options, and (2) 'Paragraph 2 securities', such as equity interests in funds.
Prior to the FIEA amendment in 2014, operators had to obtain registration as type I financial instruments businesses in order to trade in or perform brokerage, intermediary, and agency services to trade paragraph 1 securities, and registration as type II financial instruments businesses in order to conduct brokerage and agency services for the sale and purchase of paragraph 2 securities, irrespective of whether a crowdfunding transaction, in which only a small amount of funds is collected, was conducted.
Following the FIEA amendment in 2014, the regulations were relaxed so that operators who only engage in crowdfunding where a certain small amount of funds are collected through the internet can obtain a more relaxed registration as a 'small-amount electronic public offering business'. However, at present, there are few advantages to being registered as such a business, so many businesses registered as type I or type II financial instruments businesses engage in crowdfunding businesses in conjunction with other businesses.
If a fund intends to invest in real estate, additional rules under the Real Estate Specified Joint Enterprise Act have applied, which made it difficult for funds to invest directly in real estates. In December 2017, the revised Act came into force, which mitigated the regulations, such as allowing for funds to provide online disclosure documents. Real estate investment crowdfunding is expected to boom following this revision.
Cryptocurrencies, initial coin offerings (ICO) and security tokens
i Types of cryptocurrencies (cryptoassets) and initial coin offerings
Under Japanese law, businesses that issue, sell and exchange tokens, including token issuances through initial coin offerings (ICOs) or security token offerings (STOs), may fall under the regulations of the PSA or FIEA depending on how they are structured. Businesses involved in ICOs or STOs should adequately fulfil their duties required by related laws and regulations, such as registration when their services are regulated by those Acts.
Under current Japanese law, tokens are likely to fall under the regulatory categories of cryptoassets under the PSA (payment tokens), prepaid payment instruments and securities (especially ERTRs, security tokens). The regulatory framework under the revised PSA and FIEA that will come into effect on 1 May 2020 is described below.
ii Cryptoasset exchange businesses (payment tokens)
The PSA defines cryptoassets and regulates cryptoasset exchange businesses. Current prevailing payment tokens, such as Bitcoin and Ethereum, fall under cryptoassets in the PSA.
Definition of cryptoasset under the PSA
The PSA defines a cryptoasset as electronically recorded proprietary value other than legal currency and assets denominated in any legal currency that:
- can be used to pay unspecified persons for goods and services, can be mutually exchanged into fiat currencies with unspecified persons, and is transferrable through an electronic network (type I cryptoasset); or
- is mutually exchangeable with a type I cryptoasset between unspecified persons and is transferable through an electronic network (type II cryptoasset).
A 'cryptoasset exchange business operator' means one that engages in the business of: (1) selling and purchasing cryptoasset or exchanging cryptoasset with another cryptoasset; (2) acting as an intermediary, broker, or agent for the services in item (1); or (3) managing the monies or cryptoassets of users in connection with items (1) or (2).
Cryptoasset exchanges must manage the funds and cryptoassets deposited by users separately from the operators' own funds and cryptoassets. As of 30 March 2020, there are 23 companies registered as cryptoasset exchanges in Japan. The FSA did not accept registration of the applicant exchanges and strengthened its role in supervising and inspecting cryptoasset exchanges in 2018, but has gradually restarted the examination process. In 2018, two major cryptoasset-related businesses industry groups merged and set up strict self-regulations to restore public and regulatory confidence in cryptoasset business.
New regulations on cryptoassets
The environment surrounding cryptoasset faced several issues in 2018, including multiple cases of theft of customer assets from cryptoasset exchanges, the realisation that internal control at cryptoasset exchanges was not keeping pace with the sudden increase in transactions, cryptoassets becoming a source of speculative trading owing to wildly fluctuating prices, and the appearance of new types of transactions using cryptoasset such as ICOs and derivatives transactions. Based on these issues, the PSA and FIEA were amended in 2019, which will come into effect on 1 May 2020.
The revised PSA replaced the term 'cryptocurrencies' with 'cryptoassets', which mainly covers payment tokens. It also obliges cryptoasset exchanges to address the risk of cryptoasset theft (such as requiring exchanges to maintain both net assets and cryptoassets in an amount equal to or greater than customer cryptoassets stored in 'hot wallets', to ensure that the customer right to claim return of cryptoassets is not subject to subordination, and to disclose financial statements), and seeks to strengthen regulations aimed at ensuring appropriate operations (such as requiring public disclosure of transaction price information, prohibiting advertisement or solicitation that encourages speculative trading, and requiring exchanges to notify the regulator before changing which cryptoassets they handle).
Further, it widens the scope of cryptoasset management regulations and anti-money laundering regulations also to cover custody services for cryptoassets, requiring them to be registered.
The revised FIEA covers several features of cryptoasset transactions that need securities-like regulations. For instance, similar to regulations governing the shares of listed companies, the revised FIEA introduces regulations against unfair transactions of cryptoassets. These regulations would prohibit behaviour such as improper activity on cryptoasset transactions, the spreading of rumours and market manipulation, and impose obligations on cryptoasset exchanges to screen transactions. The revised FIEA also regulates cryptoasset derivatives transactions, as in the case of foreign exchange margin trading. It requires registration for exchanges that provide cryptoasset derivatives businesses and introduces similar regulation to foreign exchange margin trading.
iii Financial instruments businesses (security tokens)
The revised FIEA includes security tokens (ERTRs), except for certain less liquid tokens, in Paragraph 1 securities. Therefore, the issuance of security tokens, including STOs, is subject to disclosure and registration obligations under the FIEA. Public placement of ERTRs requires an issuer of ERTRs to file a registration statement and circulate an offering memorandum. Private placement to qualified institutional investors will mitigate the disclosure requirements.
As for registration, in order to register as a type I financial instruments business it is necessary to purchase and sell ERTRs or to act as an intermediary, broker or agent for the purchase and sale of ERTRs (including public and private placement). If an ERTR issuer itself solicits their ERTRs to investors, such an issuer will also likely be required to register as a type II financial instruments business. However, if such solicitation falls under certain private placement (an exempted solicitation to qualified institutional investors and a limited number of accredited investors), simply filing is required instead of registration.
ERTR transactions, including STOs, would also be subject to regulations concerning unfair transactions equivalent to those governing traditional securities.
Other new business models
Intellectual property and data protection
i Intellectual property
In principle, the ideas themselves that pertain to business models are not protected by intellectual property rights such as patent or copyright. However, inventions in which such ideas are realised using information and communication technology may enjoy patent protection in certain cases. In regard to software, the Patent Act defines 'products' as a concept that includes 'programs, etc.', which means that software is subject to patent protection and can be copyrighted. In addition, information that companies manage as trade secrets will be protected under the Unfair Competition Prevention Act.
There have also been patent-related disputes that have attracted attention such as a patent infringement suit in which two leading venture companies in the fintech industry battled over an accounting software algorithm that automatically determines the category of accounting items (Tokyo District Court case of 27 July 2017).
For inventions created by employees, the right to obtain a patent may be assigned to or originally acquired by the employer in accordance with its internal rules. Such employers shall compensate their employees in accordance with such rules; provided, however, that if the rules are found to be unreasonable, the court may decide the compensation in light of the profits arising from the exclusive rights and employer's contribution to an invention.
The right to file patent applications on inventions made by independent contractors is held by the contractor, unless otherwise agreed between the parties.
ii Data protection
As in other industries, compliance relating to data protection and security is an important issue for fintech businesses. In regard to data protection, the Act on the Protection of Personal Information (APPI) imposes certain obligations on private businesses that use personal information to, for instance: undertake necessary and appropriate measures to safeguard personal information; not use personal information except to the extent necessary for the purposes disclosed to the subject individuals; not disclose personal information data to any third party (subject to certain exemptions); and conduct necessary and appropriate supervision over employees and contractors.
The first significant amendment to the APPI came into force on 30 May 2017 to eliminate ambiguity in the scope of personal information and facilitate the proper use of anonymised data. The fintech industry is also subject to the application of the 'Guidelines for Personal Information Protection in the Financial Field'. Further, the Personal Information Protection Commission has announced a bill to amend the APPI in March 2020 based on its three-year review, which will likely be enacted within 2020.
In regard to security, the FSA supervisory guidelines governing financial institutions emphasise the importance of matters such as being aware of system risks and enhancing cybersecurity, and operators are required to appropriately follow the PDCA cycle of 'Plan, Do, Check and Act'.
Year in review
The following events that occurred from late 2018 to present in relation to the development of regulations and legal approaches regarding fintech in Japan are of particular importance.
|September 2018||The FSA released 'Strategic Directions and Priorities' and 'Progress and Assessment of the Strategic Directions and Priorities'.|
|November 2018||The anti-money laundering regulations were amended, by which e-KYC was introduced.|
|January 2019||The financial system study group of the FSA released a white paper, based on which the revision bills were proposed that allow financial institutions to utilise data that they obtain and introduce a new approval system for 'insurance business innovation companies' to be held as subsidiaries of insurance companies.|
|March 2019||Bills to amend the PSA and FIEA were proposed, in accordance with the white paper released by the cryptocurrency exchanges study group of the FSA.|
|March 2020||Bills to amend the PSA to introduce new types of fund transfer services and establish the Financial Services Intermediary Act to introduce financial services intermediary business were proposed. A bill to amend the ISA to introduce less strict registration for small-amount post-payment services and allow credit card issuers to use advanced and diverse screening methods to calculate a customer's payment capacity was proposed.|
|On 1 May 2020||The revised acts proposed in January 2019 and March 2019 above will come into effect.|
Outlook and conclusions
The following are some of the major legal and regulatory initiatives and developments that are expected in Japan based on the latest financial administrative policy announced by the FSA.
i Studies into revising the legal framework to make it functional and cross-sectional
From November 2017, sessions of a financial system study group have been convened at the FSA to examine revising the legal framework relating to the financial system (which, as described in Section II above, is currently differentiated by 'business' type) to one that is cross-sector and differentiated by 'function'.
Based on the content of its interim report published in June 2018, the study group has been engaged in discussing the following matters:
- how to promote appropriate utilisation of information;
- how to design a legal framework for the payment services area;
- how to address the emergence of platform businesses under a functional and cross-sectional financial regulatory system; and
- revising the regulations that govern banks and banking groups.
The study group issued a report in January 2019 summarising the results of issues discussed thus far, including a proposal that banks, insurance companies and Type I financial instruments business operators be permitted to provide services that utilise data obtained from customers. From the perspective of improving sophistication and user convenience in the insurance business, the report stated that it would be appropriate for 'insurance business innovation companies' to be held by insurance companies as subsidiaries, as in the case of 'banking business innovation companies' that banks are allowed to own as their subsidiaries. The revised acts based on this proposal will come into effect on 1 May 2020.
The study group subsequently considered introducing cross-sectional financial intermediary services. In March 2020, bills were submitted to replace the Financial Instruments Sales Act with the Financial Services Intermediary Act to create a financial services intermediary business and to revise the PSA to introduce new types of fund transfer services. For financial services intermediary business, see Section II.ii. For new fund transfer services, see Section IV.ii.
ii Policy to enable fintech to lead development of Japan's innovation environment
With the view that pursuing open innovation (collaboration and coordination) between financial institutions and fintech companies is important to promoting innovation, the Japanese government has been reviewing various systems, such as: developing environments aimed at the adoption of open APIs; strengthening support for starting new financial businesses and services through initiatives such as a fintech support desk and fintech proof-of-concept hub; and revising methods of customer identity verification for non-face-to-face transactions and examining bank agency service issues.
On 9 March 2018, a cabinet office ordinance was released prescribing detailed rules concerning the amended Banking Act in relation to electronic settlement agents and open APIs, and a guideline was also released indicating the government's interpretation as to whether such activities constitute bank agency services. Hundreds of banks and other financial institutions are going to promote open APIs at the time of writing and this is anticipated to help promote open innovation between financial institutions and fintech companies in Japan.
In November 2018, amendments to the Japan's anti-money laundering regulation introduced new e-KYC methods for remote transactions, permitting the use of video chat and facial recognition as well as the use of APIs for verifying financial institution details. It is anticipated that these changes will promote the adoption of e-KYC and lead to frictionless procedures for the opening of accounts.
From 2018 to 2019, several projects have been selected as the first projects to receive assistance through the FSA's fintech proof-of-concept hub and approved under the newly introduced regulatory sandbox in Japan. The government also plans to actively work on providing sandbox infrastructure in the future.
iii IT governance and cybersecurity at financial institutions
The Japanese government is working to accumulate insight on IT governance in the financial and non-financial industries and further examine better methods of IT governance. In order to further enhance the stability of the financial system as a whole, the government is also seeking to strengthen the cybersecurity measures of financial institutions and working with authorities in various countries to contribute to the formulation of detailed cybersecurity policies.