JAPAN: An Introduction

Moving Forward to a Cashless Society 

Introduction 

There were significant developments in the Japanese Fintech market in 2018 with revisions to the Banking Act (which aim to promote open banking API (Application Programming Interface)), the introduction of a Regulatory Sandbox scheme, and E-KYC being permitted. In addition, governmental authorities are trying new regimes and systems to encourage companies to conduct innovative businesses, with the “Growth Strategy 2018” issued by the Japanese government in June 2018 aiming to make the cashless settlement ratio double over the next 10 years. Japan’s Financial Services Agency (“FSA”) published its “Finance Digitalization Strategy” in September 2018 setting out 11 measures designed to promote digitalization in the finance sector, and a proposed shift from an entity-based regulatory framework to a function-based, cross-sectoral regulatory framework under which the same regulations would apply to activities with the same functions and risks. On the negative side, there were two massive thefts involving virtual currency exchanges which prompted the FSA to reconsider the regulatory framework for crypto-assets and to emphasize governance control, anti-money laundering and the protection of users.

Open API 

In order to encourage banks to make customer data available to third parties, the Banking Act amendments, which came into force on 1 June 2018, enable the FSA to develop a registration system for electronic settlement agents providing payment initiation services and/or account information services, to promote innovation and ensure user protection. The amendments also impose obligations on banks to make efforts to open up their APIs to electronic settlement agents by 2020. Before this amendment was introduced, only a few banks had opened up their APIs to Fintech companies and, as a result, it was necessary for Fintech companies to use account scraping methods to aggregate customers’ information from their bank accounts. The FSA’s main aim is to enhance the effectiveness of open APIs by encouraging banks to develop their API systems and to promote the efficient circulation of private sector data concerning individuals through prohibiting discriminatory treatment among service providers (i.e., electronic settlement agents).

The major points from the Banking Act amendments are:

a. Adoption of a registration system for electronic settlement agents. The following service providers are defined as “electronic settlement agents”, and, as such, became subject to registration: (i) providers of electronic money transfer services, which convey money transfer instructions to relevant banks according to the instructions of the depositor by using electronic data processing systems, and (ii) providers of account information management services, which obtain account information in relation to a depositor from banks and provide that information to the depositor in accordance with the instructions of the depositor by use of electronic data processing systems.
b. Obligations of electronic settlement agents: When carrying out electronic settlement agency services, electronic settlement agents are now required to clarify to users such things as the authority granted by the depositor, complaints procedures and help-desk services, to take the necessary measures to avoid giving the misconception that such services are being provided by banks, and to introduce certain measures for security management and management of external vendors. In addition, prior to carrying out electronic settlement agency services for a bank, an electronic settlement agent must execute an agreement on electronic settlement agency services with the bank and which includes certain required items.
c. Measures required to be taken by banks: Upon the execution of the aforementioned agreement with an electronic settlement agent, a bank is required to stipulate and make public the criteria the electronic settlement agent must comply with. The bank must also endeavour to establish a system for carrying out interconnections through an API by 2020.

According to the ‘Policy regarding Collaboration and Cooperation with Electronic Settlement Agents’ published by certain financial institutions on 1 March 2018, 130 Japanese banks have expressed their intention to introduce open APIs, and we anticipate that the collaboration and cooperation between banks and Fintech companies will increase, with more innovative financial services being offered to customers.

Promoting a cashless society 

A framework for promoting cashless settlement is also being developed. Cashless settlement is developing in Japan mainly because of (i) an increase in international investment and international remittances, (ii) an increase in mobile payments, (iii) a need to provide a stress-free means of payment for foreign tourists in Japan, (iv) the enhancement of new settlement methods by Fintech companies, (v) the introduction of new legal systems to facilitate cashless settlement, such as the introduction of “electronic settlement agencies” under the amended Banking Act and “payment service providers” under the amended Installment Sales Act, and (vii) a need to fulfil the AML/CFT requirements.

Currently, the cashless settlement ratio in Japan is only 20%, which is quite low when compared to countries such as the U.S. and the U.K. where the ratio is about 40 and 50%, respectively. One of the reasons for the low cashless settlement ratio in Japan is the high fees associated with credit card settlement, being on average around 3.24% of the settlement amounts (0.89% for the acquirer, 2.25% for the issuer, and 0.1% for international brands) and the introduction costs of credit card terminals which could be up to several thousand dollars. In order to realize a cashless society in Japan, it is essential to reduce these fees and introduction costs. A possible solution could be two-dimensional code (QR code) settlements, which could have fees/costs of less than 1% without the need for any special terminals, in addition to being a simple and secure payment method.

The expected targets for the introduction of cashless settlement include shops operated by small and medium-sized enterprises (“SMEs”), regional tourism areas, and “mom-and-pop” stores, the ratio of cashless settlement already being high in department stores, hotels, shopping malls and drug stores, most of which are operated by large companies. A low cost means of cashless payments for settlement of small amounts by these SMEs, such as QR codes, has been awaited for some time.

Given these circumstances, the Growth Strategy 2018 aims for a cashless society and the doubling of the cashless settlement ratio over the next 10 years. To achieve this goal, the Payments Japan Association was established in July 2018 by several banks, credit card issuers, payment service providers, department stores and many other diverse business sectors.

The number of businesses providing QR code settlement is rapidly increasing in response to the government’s efforts; for example, several business sectors such as the mega- or middle-sized banks, the Japan Post Bank, major IT companies, and IT venture companies, are expected to develop, or have developed, original QR code settlement methods. However, multiple QR code settlement methods have developed and there is a concern that the burden for stores in introducing QR code settlements will increase and that operations for settlement at stores will become overly complicated. The Payment Japan Association is seeking to standardize QR code formats in order to facilitate and realize simple QR code settlement schemes; it is expected that simpler cashless settlement methods, such as QR code settlements, will promote a cashless society.

In addition to the aforementioned measures for the increase in the cashless settlement ratio, the Tokyo Metropolitan Government (“TMG”) is looking at the problem of the long time it takes for foreign employees to open bank accounts in Japan and has proposed “payroll cards” which would enable foreign employees to receive their salary in a digital money wallet and use that digital money for shopping and transfers of funds to their home countries. However, the current Labor Standards Act requires wages to be paid in cash directly to employees, though payment by transferring funds into an employee’s bank account or securities account is common. In response to the TMG’s proposal, the Ministry of Health, Labour and Welfare (“MHLW”) is considering relaxing these requirements to enable the use of a “payroll card” for both foreign and Japanese employees. According to recent media reports, it is likely that any relaxation would only apply to digital money services provided by funds transfer services operators registered under the Payment Services Act (“PSA”) and designated by the MHLW, though the position is still under discussion.

FSA’s “Finance Digitalization Strategy” 

Fintech is a phenomenon where businesses which are not financial institutions participate in the financial industry. For instance, Fintech companies, which were originally in the e-commerce sector, have started providing payment services, traditionally financial services provided by banks. At the same time, the development of the utilization of data could drastically affect businesses. In response to these circumstances, the FSA published its “Finance Digitalization Strategy” in September 2018, under which it will take the eleven measures described below.

To facilitate the use of information:
1. (i) Improving the data sharing environment by enhancing payment settlement and promoting open API, (ii) considering a shift to function-based, cross-sectoral financial regulations, and (iii) organizing dialogue with financial institutions on the strategic utilization of information technology (IT) and IT governance;
2. (i) promoting digitalization of customer identification, (ii) ensuring anonymity of customers in the use and application of the information provided, (iii) protecting personal data, including ensuring the credibility of customer data, and (iv) promoting initiatives towards customer protection with new technologies, such as blockchain technology; and
3. promoting improvement of users’ information and financial literacy.

To realize digitalization for public and private infrastructure:
4. Promoting the enhancement of user convenience and corporate productivity, as well as the development of cashless infrastructure, including increased sophistication of corporate finance and payment processes, and utilization of blockchain technologies in the securities industry; and
5. digitalizing its administrative services, which include considering the future establishment of a RegTech ecosystem that enables financial institutions to decrease system expenditures, as well as the authority for the FSA to ascertain the actual state of financial institutions in a timely manner, and providing disclosure information via open API of EDINET (Electronic Disclosure for Investors’ NETwork).

To support new business challenges:
6. Promoting various innovative challenges via sandbox platforms, such as the FinTech Innovation Hub, FinTech PoC Hub and FinTech Support Desk; and
7. encouraging existing financial institutions and Fintechs to collaborate with each other by promoting open API.

To establish infrastructure towards digitalization:
8. Establishing a framework for cooperation with Fintech regulators overseas, organizing an annual “FinTech Summit” conference and contributing to the establishment of global rules for crypto-assets;
9. promoting blockchain, AI, and big data technologies that serve as infrastructure for digitalization, including undertaking multinational joint research projects on blockchain technologies, and collecting information on underlying technologies though the “FinTech Innovation Hub”;
10. encouraging financial institutions to adapt new and effective measures to prevent cyber-risks, promoting international cooperation on cyber security and responding to the risks in the financial system which may arise from digitalization; and
11. considering moving to function-based, cross-sectoral financial regulations to resolve the issues mentioned above and meet challenges.

Revising financial services regulations 

Financial regulations are currently applied in Japan based on the sector the regulated entity operates in. For instance, the Banking Act applies to banks and the PSA applies to non-bank funds transfer services operators, though the function of funds transfer is common to these two sectors. Fintech has an impact on the regulatory environment in that new services benefit from the development of IT unbundling and rebundling of traditional financial services; it may also result in drastic changes to the financial system, financial services, and financial institutions.

In response to such major changes, the FSA has discussed a possible shift from a sector-based regulatory framework to a function-based, cross-sectoral regulatory framework under which the same regulations apply to activities with the same functions and risks, financial services being divided into four functions, being payment and settlement, lending, investment, and risk transfer, with rules being revised based on the differences in the nature and risks of services in each function.

The interim report addressing the basic idea of revising financial services regulations to respond to the development of innovation was published 19 June 2018.

Crypto-assets 

A registration system for virtual currency exchanges, including user protection rules, was introduced in 2016. Under this regime, virtual currency exchanges must be registered and must establish systems and procedures to enable them to comply with user protection rules, particularly the segregated management of virtual currency and money deposited by its users. Virtual currency exchanges must also be audited by an accounting firm or certified public accountant, and are responsible for verifying the identity of users, thus enhancing the anti-money laundering regime under the Act on Prevention of Transfer of Criminal Proceeds (the “Criminal Proceeds Act”).

The FSA had been confident in the virtual currency regulatory regime, but the theft of 500 million NEM coins (worth a total of USD 534 million) from the Tokyo-based Coincheck on 26 January 2018 dented that confidence, and the FSA subsequently conducted on-site inspections of a significant proportion of virtual currency exchanges, issuing reporting orders and improvement orders to many of them. An interim report published by the FSA on 10 August 2018 gave the outcome of the inspections, revealing that most of the exchanges could not establish sufficient internal control systems corresponding to the size of their business as their trading volume increased very rapidly in a short period of time. The Japan Virtual Currency Exchange Association became the self-regulatory body under the PSA for virtual currency exchanges on 24 October 2018 and has published more than twenty self-regulatory rules and guidelines aiming to address gaps in the rules in current legislation.

The FSA has discussed a wide range of issues related to virtual currencies with exchange operators and other interested parties, recent issues including derivative transactions, initial coin offerings, custody services and unfair trade practices (spreading of rumours, price manipulation, and insider trading, etc.) and a report addressing these issues was published on 21 December 2018. The FSA also invited overseas regulators and international organizations to a “Roundtable on Supervisory Oversight of Crypto-Assets – Recent Developments and Challenges Going Forward” in Tokyo on 28 September 2018 at which the participants discussed issues including recent technological developments and challenges with crypto-assets, supervision of crypto-asset trading platforms, possible areas of international cooperation and investor protection and market integrity.

e-KYC 

On 30 November 2018 several methods for online KYC procedures were introduced by an amendment to the Criminal Proceeds Act. Before the amendment, if a person wanted to open a bank account, the account opening procedures could not all be completed online; whilst they were able to apply to open an account online, additional procedures were required, i.e., sending the necessary documents (such as a password for a login) to a notified address by registered post where only the addressee could sign the acknowledgement of receipt and would have to provide an identification verification document when doing so to verify that the applicant was the authentic principal.

Although the required information is contained in an IC chip on certain cards, such as the Social Security and Tax Number Card, which could ideally be used to complete the account opening procedures, the fact that such cards are not widespread, and the need for a reading terminal to access the IC chip information, pose significant obstacles to using this method and it is not yet widely used.

In order to improve this situation, the FSA, the Fintech Association of Japan, and the Japan Association of New Economy established a study group in 2017 to study various issues regarding trading in the age of Fintech, including seeking ways to design efficient methods of customer identification.

The 2018 amendment to the Criminal Proceeds Act introduced the following four types of online identity verification:
a. Receipt of images of both of (i) the customer’s appearance and (ii) an identity verification document with the customer’s photo, by which the customer’s name, address and date of birth can be verified and the authenticity of which can be confirmed from its appearance;
b. receipt of images of both of (i) the customer’s appearance and (ii) the information contained in an IC chip built into an identification verification document with the customer’s photo by which the customer’s name, address, date of birth and facial image for face recognition can be verified;
c. both of (a) receipt of an image of (i) the customer’s appearance and (ii) either of (A) an identity verification document (limited to certain kinds of documents which will be issued one time only, such as driver licence) with the customer’s photo, with the customer’s name, address, date of birth, and the authenticity of which can be confirmed from its appearance, or (B) information contained in an IC chip built into the identification verification document, and (b) confirming that another bank or credit card issuer has completed its own KYC procedures in relation to the customer; and
d. receipt of information from the record of a money transfer transaction made by a business operator to the customer’s bank account (limited to the circumstances where the bank has completed its own KYC procedures in relation to the customer), in addition to the information referred to at (a)(i) and (ii) of item c. above.

The procedures in the amendment are expected to be widely used by financial institutions, Fintech companies, and business entities in the non-financial sector.

Data protection and usage of data: An overview of policy in Japan

Personal data is not widely used by businesses in Japan because individuals feel anxious over the utilization of their data by business operators and not having control of their own data, and as business operators are concerned over reputation risk due to those anxieties. However, developments in data protection and IoT in 2018 show that the Japanese government clearly intends to promote the greater utilization of data, and intends to develop further systems for the promotion of data utilization as described below.

The government has developed two systems in order to promote the utilization of personal data. Firstly, the anonymizing of personal data whereby the elements of personal information which can identify the person in question are removed so identification is no longer possible, the resultant information then being freely useable.

The second way is promoting the transfer of firsthand information based on the consent of the person the subject of the information. For example, the Ministry of Internal Affairs and Communications issued guidelines on the amended Banking Act regarding APIs of banks, and the Ministry of Economy, Trade and Industry (“METI”) issued guidelines regarding APIs in connection with utilization of credit card data. In addition, to promote the utilization of industrial data, the so-called Productivity Revolution Act came into force last year to support the usage of data, including tax reductions on investments in equipment for sharing data. The government and private organizations are also discussing the utilization of digital receipts in connection with cashless payments.

The use of data is very important in the context of Fintech, so discussions on the security of information held in all business sectors are particularly important for the Fintech sector. As noted above, Japanese companies are wary of the huge reputation risks associated with the use of personal data contrary to the intentions of data principals. In order to resolve this problem, the Japanese government is proposing a framework for an “information trust bank”; the information trust bank would receive a data principal’s personal information with the principal’s consent and then be able to transfer it to third parties based on a general instruction from the data principal instead of requiring its consent in each case. An information trust bank would need to satisfy strict requirements regarding systems ensuring data security and systems responsive to the instructions given by data principals. Both traditional banks and companies not related to the financial sectors could establish information trust banks if they satisfied the relevant requirements.

Adapting the idea of data portability into the Personal Information Protection Act (“PIPA”) (which governs the protection of personal information in Japan) is difficult at present because strong objections are expected from many industries and organizations which now possess substantial amounts of data. However, the concept of data portability is regarded as a way of promoting data usage and competition policies preventing big IT companies from controlling markets. Data portability may have different meanings in the EU and Japan, the EU seeing data portability as a person’s natural right, Japan seeing it as a matter of industrial policy.

In addition:
• The Fair Trade Commission is discussing how to deal with undue data collection from SMEs by large platform companies, etc. under the Anti-Monopoly Act;
• METI issued the “Guideline for Contracts in Connection with Utilization of Data of AI and Data”;
• the Japanese Bankers Association issued examples of API Utilization Agreements based on the Banking Act; and
• the Personal Information Protection Commission of Japan (“PPC”) is implementing adequate levels of protection in relation to cross-border transfers of data under the General Data Protection Regulation (“GDPR”) of the EU, through revisions to the Enforcement Rules of the Personal Information Protection Act in connection with personal data transferred from inside the EU.

The PPC will also review the PIPA in the next two years and may use some articles of the GDPR e.g. on data portability, obligations in the event of data breach notifications and the appointment of a data privacy officer, as a reference point in any resulting revisions to the PIPA.

Regulatory reform in Japan, including the Regulatory Sandbox

Regulatory reform has been recognized as an important policy issue to achieve the sustainability of economic growth led by private demand in Japan. In response, the Japanese government has decided to promote regulatory reform based on a three-layer structure at (a) the national level through discussions at the Council for Regulatory Reform, etc., (b) the regional level through the special zone systems, such as the National Strategic Special Zone, and (c) the enterprise level.

Two notable reforms at the enterprise level have been introduced since January 2014; the “System to Remove Gray Zone Areas” and the “System of Special Arrangements for New Business Activities”. Whilst these two systems presuppose the existence of certain business methods, a new project-based scheme called the “Regulatory Sandbox” that does not necessarily presuppose the existence of a certain business method was introduced in June 2018. The Regulatory Sandbox is expected to enable businesses to conduct demonstration tests and pilot projects for new technologies and business models that are not envisaged under existing regulations.

These regulatory reforms, including the Regulatory Sandbox, may help business operators confirm the legality of their new services or ideas, which is expected to facilitate the development of the cashless society in Japan.

a. The System to Remove Gray Zone Areas The System to Remove Gray Zone Areas ensures the legality of businesses operating in “gray areas”, where applicable rules are not necessarily clear, so encouraging innovation and business operators to enter new fields.

If a business operator planning a new business has concerns over the legality of its plans, it may submit an application to the competent authority seeking confirmation of whether the new business is regulated or not. In general, the authority should give an answer within one month and if the answer is that the new business is regulated, then the authority must provide specific advice to the business operator so that it may make the necessary changes to the business plan to enable it to launch it under current rules, or alternatively make an application under the System of Special Arrangements for New Business Activities.

b. The System of Special Arrangements for New Business Activities The System of Special Arrangements for New Business Activities enables preferential regulatory flexibility to be granted to individual business operators rather than a business sector generally. The difference between conventional deregulation and “special arrangements” is that special arrangements can be applied to individual business operators as long as safety and other requirements are satisfied.

A business operator planning to conduct a new business and wishing to use the special arrangements regime must first submit a proposal to the competent authority to establish a special arrangement for any regulation which would hinder the business. The authority would be expected to respond within one month, and if a special arrangement is established, the business operator must formulate an “action plan for the new business” related to the regulations and submit it to the authority for approval.

The results of efforts to utilize the System to Remove Gray Zone Areas and the System of Special Arrangements for New Business Activities are being announced on a quarterly basis by METI.

c. Regulatory Sandbox As information technologies (e.g., IoT, big data, and artificial intelligence) have rapidly generated innovation in the last few years, industrial structures and international competition are experiencing disruptive changes. To address these changes and lead the global economy by realizing a productivity revolution, the Japanese government approved a New Economic Policy Package in December 2017 in which it decided to implement policies during “A period for productivity revolution and intensive investment” leading up to 2020. In light of this, the “Regulatory Sandbox” regime was introduced in June 2018 under the Act on Special Measures for Productivity Improvement and enables the demonstration of projects in an environment where relevant regulations are not applied immediately by limiting the number of participants and duration.

In its application to use a Regulatory Sandbox, a business operator must specify certain matters, such as a demonstration of the business including testing the possibilities of using innovative technologies such as AI, IoT or blockchain for future business, the time and the place of the demonstration, the scope of participants (which must include persons that could suffer a loss from the proposed business), and how the data to be collected through the demonstration would be utilized in the deliberation of regulatory reform.

This regime is open to any company, including foreign companies, though no specific subsidies for this regime are planned.

Conclusions 

Based on these regulatory changes, and the government and authorities’ commitments in 2018, further development of the Fintech market in Japan will be expected in 2019.

AUTHOR BIOGRAPHY 

Yuri Suzuki, a Partner of Atsumi & Sakai, works on a wide range of financings, with a particular reputation for domestic and international syndicated loans, trade finance, asset finance, securitisation, global cash management services, and financial services regulations. As head of the firm’s fintech team and a member of the secretariat of the Fintech Association Japan she has substantial experience in fintech, including payments, lending, invoice trading, wealth management, crowd funding, crypto assets, Insurtech and Regtech.
She also serves as a legal advisor to the Japan Blockchain Association, is a supporter of Tokyo Metropolitan Government Accelerator Programs and an advisor to the MUFG Digital Accelerator Program.

Takafumi Ochiai, a Partner of Atsumi & Sakai, acts for a wide range of Japanese and international clients in the financial and information technology sectors, including related dispute resolution and regulatory matters.
Takafumi is a core member of the firm’s fintech team, and supports the Fintech Association Japan as its secretariat general. He is also a legal advisor of the Japan Blockchain Association, a member of Finomentor, an advisor to the Incubation & Innovation Initiative (III) (a consortium comprising of Sumitomo Mitsui Banking Corporation, NEC and Japan Research Institution), a member of the Ministry of Economic Trade and Industry’s “Committee to Discuss Legal System for Blockchain”, a member of Japan Bank Association’s research committee for promotion of open API, a member of the Innovative Technology/Businessmodel Evaluation Committee for Regulatory Sandbox in Japan of the Cabinet Office, and a member of the "Working Group on Financial Data, Study Group for Ideal Approaches to a Certification Scheme Concerning Functions of Information Trust" of the Ministry of Internal Affairs and Communication.

Ryosuke Oue, a Partner of Atsumi & Sakai, has extensive experience in banking and finance, asset finance, structured finance, acting for a wide range of Japanese and international banks and financial institutions. He also has extensive experience in advising foreign investors on renewable energy projects in Japan. Mr. Oue is a core member of the firm’s fintech team acting for fintech companies as well as a major credit card issuing company.

Naoki Kanehisa, a Partner of Atsumi & Sakai, currently heads and is based in the firm’s London office. He advises Japanese and non-Japanese clients on Japanese law, with a focus on banking and finance, securities regulation and M&A, as well as fintech. He has been assisting UK and European clients including fintech companies to set up their business in Japan.
Naoki presented some seminars on fintech in London, including "Procedures and Licencing Requirements for Japan Market Entry for Asset Management and Fintech Businesses," for “Tokyo-London: Financial Seminar 2018," hosted by the Tokyo Metropolitan Government.

Kenichi Tanizaki, a Partner of Atsumi & Sakai, has experience advising major banks and financial institutions, fintech companies and venture capitalists on a wide range of banking and finance matters, including API developed by a bank, a securities firm, or an insurance company, cashless settlement, money transfer service, and other innovative services, in addition to the regulatory, compliance and AML/CFT issues. Prior to joining Atsumi & Sakai, he worked at one of Japan’s major banks, where he handled a wide range of banking transactions and services.
He presented seminars on fintech, including Bank API, regulatory issues and cashless settlement at domestic and international financial institutions, as well as at seminar companies.