Data Driven Innovation and Regulatory Consolidation
Authored by Yuri Suzuki, Takafumi Ochiai, Ryosuke Oue, Naoki Kanehisa and Kenichi Tanizaki, Atsumi & Sakai
There were significant amendments to the existing regulations related to fintech businesses in 2019, which will come into force in 2020. Following massive thefts involving virtual currencies in 2018, more obligations of cryptoasset exchange providers will be required and new regulations on custody services and derivatives using cryptoassets will be introduced. Guidelines related to “information banking businesses” and the Banking Act were amended in order to enhance data utilization. It is expected that e-KYC procedures will become popular due to the new, stricter rules applied to a physical KYC. Like trends in other countries, there have been many issues with large digital platformers and the Japanese government aims to establish digital market rules, including preparation of a new law, amendments of the existing data privacy law, and revisions of the antimonopoly act guidelines. For fintech companies in payment industries, major reforms of regulations are expected in 2020.
Cryptoassets: Amendments in 2019
The Financial Services Agency of Japan (FSA) submitted a proposal (the Bill) to the Diet to amend the Payment Services Act (PSA) and the Financial Instruments and Exchange Act (FIEA). The Bill was passed in the Diet on 31 May 2019.
The Bill proposes to redefine the legal term ‘virtual currencies’ to ‘cryptoassets’, reflecting the use of the term cryptoassets by the G20. The background to this change is the fact that most cryptoassets do not function as money.
Requirements for cryptoasset exchange service providers
A cryptoasset exchange service provider will be required to separately hold and manage users’ cryptoassets by a method less likely to lack user protection (for example, in a cold wallet).
The Bill will also require a cryptoasset exchange service provider to provide prior notification when it intends to change the name of a cryptoasset. Based on this notification, the FSA and the certified self-regulatory institution, Japan Virtual Currency Association (JVCEA), will review whether cryptoasset exchange service providers can deal in the cryptoassets described in the notification. With respect to self-regulation, the FSA will refuse registration applications made by companies unless they have either become members of JVCEA or have established internal rules equivalent to JVCEA’s self-regulation.
The Bill further proposes that a cryptoasset exchange service provider will be prohibited from making false statements in its advertisements and promotions.
New Regulations on custody services and derivatives using cryptoassets
The Financial Action Task Force (FATF) recommends that countries ensure that virtual asset service providers, which includes providers of services for the safekeeping and/or administration of virtual assets or instruments, be regulated for AML/CFT purposes, are licensed or registered. In response to the FATF’s recommendation, custody services will be added to the definition of cryptoasset exchange services, so that custody service providers will be regulated by the AML/CFT regulations and required to be registered with the FSA.
The Bill also proposes the establishment of regulations similar to those for foreign-exchange margin trading (forex trading) by amending the FIEA. The proposed amendments to FIEA include adding cryptoassets to the definition of financial instruments, and therefore making derivatives transactions using cryptoassets subject to the regulations for derivatives.
Regulatory framework for STO
To clarify the regulatory framework for ICOs, investment-type ICOs will also be regulated by securities regulations (FIEA). Consequently, as with stocks, a system of disclosure to investors and regulations for offerings and solicitations will be established.
Rights to receive the distribution of profits indicated by property value that may be transferred using an electronic data processing system will be subject to a system of disclosure of corporate affairs, as established in the FIEA after revision by the Bill in Paragraph (1) Securities. In addition, selling and purchasing such rights as a business will become subject to the revised FIEA pertaining to “Type I Financial Instruments Business: securities companies.”
It was reported that unfair activities are sometimes seen in cryptoasset transactions. In response to these reports, the Bill proposes the addition of new provisions prohibiting improper conduct, spreading of rumours, and price manipulation in relation to both cryptoasset transactions and derivatives transactions using cryptoassets.
Applying for the right to receive the distribution of profits
Although many professionals argued that the word ‘money’, as used in the FIEA, referred to only fiat currency, and not to virtual currency, the FSA announced that, in cases where the law had been circumvented, virtual currencies could be regarded as ‘money’ under the FIEA. The Bill clarifies that cryptoassets contributed by a person who, due to such contribution, has the right to receive a distribution of profits, will be deemed to be money, and that the provisions of the FIEA are clearly applicable in such cases.
Enhancing Data Utilization
Information banking business
The use of personal and other information has been increasing exponentially due to rapid development of information communication technology. Businesses now recognize the importance and high value of the information provided by a business operator’s customers which is stored, analysed, and used for the business operator’s own business and, subject to certain safeguards, provided by the business operator to third parties.
However, individuals in Japan feel anxious about how business operators use their personal data, and are worried about losing control of their own personal data. At the same time, business operators are concerned that these consumer anxieties mean that problems with data handling or data security may risk damaging the reputations of the businesses they operate.
In order to dispel these concerns and enhance further data utilization, the Ministry of Internal Affairs and Communications (MIC) and the Ministry of Economy, Trade and Industry (METI) introduced the concept of “information banking business” in 2018. The information banking business is defined as a business that manages and provides personal information based on the consent of data subjects with regard to provision of such information to third parties for the purpose of ensuring data subjects’ controllability and promoting distribution and utilization of personal data. An information bank would be operated by a reliable certified agent for data subjects. Despite the appearance of the word “banking” in the name of the business activity, a banking licence is not required to run an information banking business.
MIC and METI issued the “Guidelines of Certification Schemes Concerning Functions of Information Trust ver.1.0” on June 2018, which were amended, with version 2.0 released on October 2019 (Certification Guidelines). The Certification Guidelines provide: (1) standards for the certification of information banking businesses; (2) items to be included in agreements between information banking business operators, their data subjects, and/or third parties to which personal information will be disclosed; and (3) the scheme under which private certification bodies will certify information banking business operators.
Based on the Certification Guidelines, the MIC appointed the Information Technology Federation of Japan as the certifying body. The Federation then issued its “Guidebook on Application for Certification as an Information Banking Business ver.1.0”, clarifying the standards for the certification of information banking business operators. Any entity seeking to be certified as an information banking business operator will have to submit an application to the Federation and undergo its scrutiny. As of December 2019, there are two business operators certified as information banking business operators. Since a wide range of businesses are eligible to be certified, and because there are no limits on the scope of the methods of use of the personal information, the pool of certified information banking business operators is expected to be quite diverse, including businesses in various sectors, including, for example, finance, IT, travel, advertising, retail, and paper manufacturing.
Upcoming Enactment of the Amended Banking Act and Amended Insurance Business Act in 2020
On 31 May 2019, the Banking Act, Insurance Business Act and other relevant statutes were amended. After the amended acts have been enacted (expected in 2020), the restrictions on the scope of business that financial institutions are permitted to engage in will be relaxed as follows:
(a) Banks will be allowed to engage in the business of providing data related to banking business to third parties;
(b) Insurance companies and Type I financial instruments business operators (i.e., securities companies) will be allowed to engage in the business of providing data related to their businesses to third parties; and
(c) Insurance companies will be allowed to own, as subsidiaries, companies engaged in a business which contributes, or is expected to contribute, to the advancement of the insurance business by utilizing information technologies and other technologies.
Background of the Amendment
As the utilization of information and data has become more sophisticated, companies developing new user-friendly services using these new tools, started to emerge out of non-Fintech companies as well as Fintech companies. At the same time, traditional financial institutions (such as banks, insurance companies, and securities companies) are, at present, only permitted to engage in the businesses that are listed in each applicable law, i.e., the Banking Act, the Insurance Business Act, and the Financial Instruments and Exchange Act.
Because non-financial companies are unfettered by such laws, they are able to adapt to the new digital world more quickly than traditional financial institutions. In light of this, in order to foster an environment to help traditional financial institutions adapt to these societal changes, many felt it necessary to change the laws. After this amendment, for example, banks will be permitted to engage in the business of providing third parties with information related to or obtained from customers (if customers consent thereto), or any other information maintained by the bank, so long as the provision of such information improves the bank’s services or promotes greater convenience for its customers.
Banking Act reform
A bill to reform the Banking Act was passed on 31 May 2019, under an initiative by the Financial Services Agency. Prior to the reform, Japanese banks were generally only allowed to use customer information and data which they held for their own banking businesses. The Banking Act amendments provide for “services to provide customer information, with customer consent, and services to provide any other information held by a bank, to third parties, both of which contribute to the advancement of banking services or the enhanced convenience of bank customers, to be treated as services incidental to a bank’s main business” (the “information provision service”). The amended Banking Act is scheduled to take effect in 2020.
While the concept of information banking is expected to be quite broadly defined under the Certification Guidelines and therefore quite diverse, banks, which are regulated under the Banking Act, are permitted to engage in the information banking businesses only within the framework of an ‘information provision service’ under the Banking Act. That said, it is noteworthy that a bank itself is allowed to offer information provision services, as a bank possesses an enormous volume of information.
Insurance Business Act Reform
Simultaneously, the Insurance Business Act and other relevant statutes also were amended. After the amended acts have been enacted (expected in 2020), insurance companies and securities companies also will be allowed to engage in the business of providing (with the customer’s consent where necessary) customer information to third parties (for instance, a company that offers services for local companies and users) if it ‘contributes to the advancement of the business of financial institutions or the improvement of the convenience of its users’. Also, after this amendment, insurance companies are allowed to have technology companies, including overseas insurtech companies, related to their insurance business as subsidiaries. It is expected that such a change would result in Japanese insurance companies making a greater contribution to their customers’ businesses and convenience as users.
Amendment of Know Your Customer (KYC) proceduresIt is anticipated that KYC procedures in non-face-to-face transactions will be stricter and more burdensome from 1 April 2020.
Under the current rules, KYC procedures may be completed merely by submitting a copy (not an original) of one’s identification documents, so long as additional procedures are completed thereafter, such as sending documents pertaining to the transaction (e.g., cash cards or credit cards) to a notified address via registered mail which cannot be forwarded even if the recipient has relocated.
The weak link in this system, in the eyes of the Financial Action Task Force (FATF), is the use of copied documents. Modifying a copied document is much easier than modifying an original document, or creating a false original document. Consequently, conducting KYC procedures merely by examining copies of documents increases the risk of identity theft, fraud, or unauthorized transactions. For this reason, in the eyes of FATF, this examination standard was too lenient. The new KYC system that is expected in 2020 will have a more stringent identification requirement, and if original documents are not submitted, then copies of two identification documents will need to be submitted. This will likely push business entities to adopt electronic KYC (e-KYC) procedures, which, became legal on 30 November 2018.
Reigning in Big Tech
Today no one doubts that large technology companies (“Big Tech”) such as GAFA (Google, Apple, Facebook, and Amazon) have powerful influence in the digital marketplace. Among the many problems with Big Tech, a few problems have inspired government action. For example, Big Tech companies have a tendency to require their business customers to accept unfairly one-sided arrangements, and they collect and oligopolize data, and distort fair trade. To address these issues, the Japanese government set up the Digital Market Competition Division in September 2019, with the goal of establishing digital market rules, including preparation of a new law, amendments of the existing data privacy law, and revisions of the antimonopoly act guidelines.
Discussion of a possible bill addressing transparency of transactions between Big Tech companies and SMEs
While digital platforms, such as the large-scale online malls and application markets, could enable small and medium sized enterprises (SMEs) to access and develop their markets, there are some concerns about the transactions between such Big Tech companies and SMEs: (i) unilateral imposition of the terms and conditions of a contract, (ii) imposition of services and excessive cost burdens, and (iii) excessive restriction of access to data. It is expected that the bill on improving transparency of digital platform transactions, which does not impede innovation and, at the same time, addresses the above concerns, will be submitted to the Diet in 2020. The bill may include provisions that require a digital platform to disclose to business users its terms and conditions for transactions, such as the reasons the platform might reject a transaction, the main elements which determine display sequence of products or services on the platform, the conditions for giving preferential treatment to the digital platform’s own products and services, possibility of access to data, etc.
Discussion of possible amendments to the Act on the Protection of Personal Information
Firstly, to address consumers’ concerns about how Big Tech handles their personal information, amendments could be made to strengthen an individual’s right to request that business operators delete or cease the use of his/her personal information. Secondly, in order to balance the need to protect personal information while also promoting innovation, a more flexible framework for the use of personal data is being considered. Thirdly, in order to put domestic and overseas business operators on a more equal footing, the extraterritorial enforcement of reporting obligations and administrative orders may be considered. It is anticipated that the proposed amendments which address these issues, which are in a bill amending the Act on the Protection of Personal Information, will be submitted to the Diet in 2020.
Proposed amendments to the business combination guidelines and policies
After the European Commission and the US Federal Trade Commission approved Facebook’s acquisition of WhatsApp in 2014, Facebook integrated data held by WhatsApp and Facebook and then oligopolized the data. To clarify how business combinations involving digital services are reviewed, the Japan Fair Trade Commission (JFTC) disclosed the drafts of the revised Guidelines to Application of the Antimonopoly Act Concerning Review of Business Combinations and the revised Policies Concerning Procedures for Review of Business Combination. The draft guidelines address (i) the way to delineate a market in case of digital services, and (ii) the way to analyse competition restraints in a business combination between companies doing research and development, a digital platform operator’s acquisition of a start-up holding data, and so on. The draft policies clarify the criteria by which the JFTC will review business combinations which, under the existing rules, are not subject to the notification requirement. After a public consultation process, the revised guidelines and policies will be published by the end of 2019.
Proposed guidelines to protect consumers who provide personal information to Big Tech
Among consumers there is an increasing concern that digital platforms could acquire and use consumers' personal information improperly. The JFTC disclosed the draft Guidelines Concerning Abuse of a Superior Bargaining Position under the Antimonopoly Act on Transactions between Digital Platformer Operators and Consumers that Provide Personal Information. The draft guidelines clarify that a digital platform operator has a superior bargaining position over consumers who provide personal information when consumers, even though suffering detrimental treatment from the said operator, are compelled to accept such treatment in order to use the services provided by the operator. The draft also lists up the examples of unjustifiable acquisition and use of personal information as the types of abuses of a superior bargaining position. After a public consultation process, the guidelines will be published by the end of 2019.
Establishing a cross-sectional system on Payment Services, etc.
As a cashless society gradually develops in Japan, it is becoming clear that the present legal system regulating payment services is not well equipped to foster continuous and sound development of a cashless society.
As it stands now, the Banking Act and the Payment Services Act are the laws that regulate payment services in Japan. The basic premise behind those statutes in regulating payment is a principle that the payment is the foundation of economic activities and therefore, a firm and secure completion of payment is strongly required under those acts. While the importance of this principle certainly cannot be denied, given the situation in which the improvement of user convenience as well as the reduction of costs incurred by business operators are both expected through our further transition into a cashless society, it is viewed by many to be incompatible with the present situation.
For example, even though there is a demand, a funds transfer service provider is not currently allowed under the Payment Services Act to conduct fund transfer services in excess of JPY1 million per transaction. Also, as an example of payment methods or provision and use of payment service being diversified through the use of ICT, prepaid payment instruments for a third party business whose value is recorded on IC chips or network servers are quite prevalent recently and can be used as one type of fund transfer method. However, there is no definite rule for these services as a fund transfer method. In addition, the contours of the receiving agent services or the point services that have not been specifically regulated have become clearer than before as ICT develops and now there is reason for further and more in-depth discussions on those unclarified services.
To cope with this situation, the FSA is now discussing the establishment of a cross-sectional legal system regarding payment services. The basic concept behind this cross-sectional legal system is as follows: (1) to prevent arbitrage situations caused by circumstances in which, even though the function of payment services and the risks included therein are the same, the regulations imposed on those services are not the same; (2) to achieve greater flexibility in the regulation structure which ensures that the applications of regulations correspond to the degree of risks based on the modes of services; and (3) not to unify the regulations at the most strict level even in an attempt to standardize the regulations so as to secure innovation.
Discussion on Funds Transfer Services
The FSA is now discussing the prospect of tying regulations with amounts to be transferred. For example, (i) for a fund transfer in excess of the present upper limit, the FSA raises an issue as to whether such a large amount of funds should not be accepted without a specific transfer instruction, and a user’s funds may not be reserved for a time frame longer than practically and technologically necessary; (ii) for a fund transfer up to the present upper limit, it is said that the funds retained by the fund transfer service provider are considerably higher than expected, and to reduce the risk to a user’s funds, the FSA asks whether fund transfer service providers must confirm whether a user’s funds are for the funds transfer or not and if it is not confirmed, the fund transfer service provider must request the user to withdraw the funds; and (iii) for a small amount fund transfer, it is said that the fund transfer service provider that deals with only a small amount fund transfer might be subject to less-strict regulations. Segregation of bank accounts as a method of securing the user’s funds is an example of regulations exemplified by the FSA as a less restrict requirement than other methods of fund security (e.g., setting up a trust).
Also, to meet the need for deferred payment of fund transfer fees, a post-payment service for the fund transfer service users is currently under discussion to rationalize regulations in a more risk-based manner, especially in connection with “small-sum lending” that results from the granting of credit that emerges from deferred payments.
Prepaid Payment Instruments
Among prepaid payment instruments, there is one form of prepaid payment instrument that can be transferred from individuals to individuals through the transfer of a charge balance or submission of the numbers of such payment instrument to the transferee, which is to be used by the transferee as the payment method. This led the FSA to ask in its working group whether such prepaid payment instrument should be regulated as a fund transfer service. There are opinions that: (a) prepaid payment instruments cannot be converted into cash, (b) the usage thereof should be limited to certain purposes, and (c) because it is believed that only half of the deposit is secured, there is no reasonable ground to impose on prepaid payment instrument issuers the same degree of regulation as fund transfer service providers.
Receiving Agent Services
Recently, the application for the purpose of splitting bills is widely used among individuals and it is under discussion whether the service provider (who in some circumstances collects a debt on behalf of a payer who has paid a bill for others and then transfers the recovered funds to the payer) should be regarded as a fund transfer service provider that should be regulated. Indeed, the users, creditor and debtor, are both individuals and deserve to be protected in comparison with the traditional receiving agent services conducted by a store, in which case the creditor is a business entity. Also, escrow services for consumers who use personal internet trading services occupy an important position to achieve safe trade between individuals at a distance while being comparable to the traditional receiving agent services under discussion. The FSA asked whether the environment which the escrow services has fostered so far needs to be considered in regulating such services.
Cross-Sectoral Financial Services Intermediaries
In order to promote innovation and to enhance the usability of financial intermediation services, the FSA asked whether it would be worth considering a legal framework for cross-sectoral financial intermediaries that deal with various financial products and services offered by various financial institutions. Key points to this are: (i) how to design the regulation of entry to avoid excessive burdens on intermediaries which depend on financial products and services that they handle; (ii) assuming that the present affiliation system for financial services intermediaries may be quite burdensome, as it requires that financial intermediaries belong to and be monitored by a financial institution, whether the affiliation system could be introduced in a deregulated manner.
It is expected that the Fintech market in Japan will be greatly affected in 2020 based on the many regulatory changes implemented in 2019.