Crypto & Blockchain Regulation & Licensing in Japan

Japan operates one of the most codified crypto and blockchain regulatory frameworks globally. Any business offering virtual asset exchange, custody, or transfer services to Japanese users must obtain a Crypto Asset Exchange Service Provider (CAESP) registration from the Financial Services Agency (FSA). Failure to register before commencing operations exposes operators to criminal liability, forced cessation, and reputational damage that is extremely difficult to reverse. This article covers the legal basis, licensing procedure, ongoing compliance obligations, common pitfalls for foreign entrants, and the strategic choices that determine whether a crypto or blockchain business can operate sustainably in Japan.

Japan';s primary legislative instrument for virtual assets is the Payment Services Act (資金決済に関する法律, Shikin Kessai ni Kansuru Hōritsu), most recently amended to incorporate a dedicated crypto asset chapter. Article 2(7) of the Payment Services Act defines "crypto assets" as property values that can be used as payment to unspecified persons, transferable via electronic data networks, and not denominated in legal tender. This definition is broad enough to capture most fungible tokens but requires case-by-case analysis for non-fungible tokens and utility tokens.

The Financial Instruments and Exchange Act (金融商品取引法, Kin';yū Shōhin Torihiki Hō), known as the FIEA, governs tokens that qualify as securities or collective investment scheme interests. Under Article 2(2) of the FIEA, a token representing profit-sharing rights or investment returns from a pooled enterprise is classified as a Type II Financial Instrument, triggering a separate registration requirement with the FSA. This dual-track structure - Payment Services Act for exchange services, FIEA for security tokens - is a defining feature of the Japanese regime and a frequent source of misclassification by foreign operators.

The Act on Prevention of Transfer of Criminal Proceeds (犯罪による収益の移転防止に関する法律) imposes anti-money laundering and know-your-customer obligations on all registered CAESP operators. Article 8 of that Act requires designated business operators to verify customer identity at account opening and to file suspicious transaction reports. Japan';s Financial Intelligence Unit, the Japan Financial Intelligence Center (JAFIC), receives and processes these reports.

The Stablecoin Act, formally an amendment to the Payment Services Act enacted in 2022 and effective from 2023, introduced a new category of "electronic payment instruments." Under the amended Article 2(5), stablecoins pegged to legal tender and redeemable at face value are classified separately from crypto assets and require either a banking licence, a fund transfer licence, or a trust company licence to issue. Foreign stablecoin issuers distributing tokens to Japanese users without a compliant domestic intermediary face direct regulatory exposure.

The Crypto Asset Exchange Service Provider registration is the central licensing mechanism under the Payment Services Act. An applicant must submit a registration application to the FSA through the relevant Local Finance Bureau (地方財務局, Chihō Zaimu Kyoku) with jurisdiction over the applicant';s principal place of business in Japan. A domestic legal presence - typically a kabushiki kaisha (株式会社, joint-stock company) or gōdō kaisha (合同会社, limited liability company) - is mandatory. Foreign companies cannot register directly without a Japanese subsidiary or branch with substantive local management.

The application package includes, at minimum:

• A business plan describing the services, target users, and revenue model
• An IT security assessment report prepared by an independent qualified auditor
• An internal control manual covering AML/KYC, cybersecurity, and customer asset segregation
• Financial statements demonstrating sufficient net assets (the FSA expects a minimum of JPY 10 million, though in practice adequacy is assessed holistically)
• Biographical and criminal background documentation for all officers and major shareholders

The FSA review period is not fixed by statute but typically runs between six and twelve months from submission of a complete application. The FSA conducts substantive interviews with management and may issue multiple rounds of supplementary questions. Incomplete or inconsistent documentation is the single most common cause of delay. Applicants should budget for legal and compliance advisory fees starting from the low tens of thousands of USD, with more complex structures - particularly those involving security token services or stablecoin functions - reaching significantly higher.

A common mistake by foreign operators is to begin user onboarding under a "pre-registration" assumption, believing that filing an application confers interim permission. The Payment Services Act contains no such interim authorisation. Operating without a completed registration is a criminal offence under Article 63-3, carrying penalties of up to three years'; imprisonment or a fine of up to JPY 3 million for individuals, and a fine of up to JPY 300 million for corporate entities.

To receive a checklist of CAESP registration documents and pre-submission requirements for Japan, send a request to info@vlolawfirm.com

When a blockchain project involves tokens that confer economic rights resembling equity or debt, the FIEA framework applies in parallel or instead of the Payment Services Act. The FSA';s 2019 guidance and subsequent amendments to the FIEA created the concept of "electronically recorded transferable rights" (電子記録移転権利, denshi kiroku iten kenri), commonly abbreviated as ERTR. An ERTR is a security interest recorded on a distributed ledger that is transferable to a broad investor base.

Issuers of ERTRs must register as Type I Financial Instruments Business Operators (第一種金融商品取引業者) under Article 29 of the FIEA, unless an exemption applies. This registration is more demanding than the CAESP registration: it requires a minimum net capital of JPY 50 million, appointment of a compliance officer, membership in a self-regulatory organisation, and ongoing reporting to the FSA. The process typically takes twelve to eighteen months.

Intermediaries - platforms facilitating secondary trading of ERTRs - must also hold a Type I registration. A platform that holds only a CAESP registration and begins listing tokens that qualify as ERTRs without a FIEA registration commits a separate regulatory breach. In practice, several foreign projects have entered Japan assuming their tokens were utility tokens, only to receive FSA guidance reclassifying them as ERTRs after user acquisition had already begun. Reversing that position requires either restructuring the token';s economic rights, obtaining the FIEA registration retroactively, or ceasing Japanese operations.

For projects raising capital from Japanese investors through token sales, the FIEA';s prospectus and disclosure requirements under Articles 4 and 5 apply to public offerings. A private placement exemption exists for offerings to fewer than 50 professional investors, but the definition of "professional investor" under the FIEA is narrower than equivalent concepts in EU or US law and requires formal written acknowledgment from each investor.

Registration is the beginning, not the end, of regulatory engagement in Japan. The FSA conducts regular on-site inspections and off-site monitoring of all registered CAESP operators. The FSA';s "Crypto Asset Exchange Service Provider Inspection Manual" sets out the examination criteria, covering governance, cybersecurity, customer asset management, and AML/KYC systems.

Customer asset segregation is a non-negotiable requirement under Article 63-11 of the Payment Services Act. Operators must hold customer crypto assets in cold storage (offline wallets) for at least 95% of total holdings. The remaining 5% held in hot wallets must be covered by equivalent value in the operator';s own assets or by insurance. This rule emerged directly from the Coincheck incident, where approximately JPY 58 billion in NEM tokens were stolen from a hot wallet in 2018, and it represents one of the strictest cold storage mandates globally.

Travel Rule compliance is mandatory under the Act on Prevention of Transfer of Criminal Proceeds, as amended to align with FATF Recommendation 16. From October 2023, registered operators must transmit originator and beneficiary information for all virtual asset transfers above JPY 100,000. Operators must implement technical solutions - typically using the TRUST, Sygna, or similar Travel Rule protocols - to exchange this data with counterpart VASPs. A non-obvious risk is that transfers to or from unhosted wallets (wallets not held at a regulated VASP) require enhanced due diligence and, in some cases, may need to be declined entirely if the operator cannot verify the counterpart';s identity.

Annual financial reporting, suspicious transaction reporting to JAFIC, and notification of material changes to business operations or ownership are ongoing statutory obligations. A change of more than 20% in shareholding, or the appointment of a new director, requires prior notification to the FSA under Article 63-5 of the Payment Services Act. Failure to notify is treated as a compliance breach and can trigger a business improvement order.

To receive a checklist of ongoing compliance obligations for CAESP operators in Japan, send a request to info@vlolawfirm.com

Scenario one - a foreign crypto exchange seeking Japanese users. A Singapore-incorporated exchange with no Japanese entity begins marketing its services in Japanese and accepting registrations from Japanese IP addresses. Under the Payment Services Act, offering crypto asset exchange services to Japanese residents without FSA registration constitutes an unlicensed operation regardless of where the operator is incorporated. The FSA has issued public warnings against foreign platforms in this position and has coordinated with overseas regulators to restrict access. The operator must either establish a Japanese subsidiary, obtain CAESP registration, and ring-fence Japanese operations, or geo-block Japanese users entirely. The cost of establishing and licensing a Japanese subsidiary - including legal, compliance, and IT audit fees - typically starts from the low hundreds of thousands of USD when accounting for the full pre-registration preparation period.

Scenario two - a blockchain startup issuing a governance token. A project issues tokens that grant holders voting rights over a protocol treasury and a proportional share of protocol fees. The FSA';s analytical framework under the FIEA looks at whether the token confers rights to profit distributions from a business managed by others. If the answer is yes, the token is likely an ERTR, and the issuer must either register under the FIEA or restructure the token so that fee distributions are removed or made non-contractual. Many projects underappreciate that "governance rights" alone do not insulate a token from FIEA classification if economic rights are bundled in.

Scenario three - a stablecoin issuer targeting Japanese retail users. A USD-pegged stablecoin issuer incorporated in the Cayman Islands distributes tokens through a Japanese DeFi interface. Under the 2023 stablecoin amendments to the Payment Services Act, the stablecoin qualifies as an electronic payment instrument. Distribution to Japanese users requires a licensed domestic intermediary - a registered bank, fund transfer operator, or trust company. The issuer cannot self-distribute without establishing a Japanese licensed entity. The trust company route is the most commonly used by foreign stablecoin issuers but requires minimum capital of JPY 1 billion and a separate FSA approval process that can take eighteen months or more.

The FSA';s enforcement posture toward crypto businesses has hardened since 2018. The agency uses a combination of business improvement orders (業務改善命令, gyōmu kaizen meirei), business suspension orders (業務停止命令, gyōmu teishi meirei), and registration revocation to address compliance failures. A business improvement order requires the operator to submit a remediation plan within a specified period, typically thirty to sixty days, and to implement corrective measures under FSA supervision. Repeated or serious violations escalate to suspension or revocation.

Criminal referrals are reserved for the most serious cases - unlicensed operation, fraud, or deliberate AML evasion - but the FSA has demonstrated willingness to use them. The reputational consequences of a public FSA enforcement action in Japan are severe: Japanese institutional partners, banking counterparts, and major exchanges typically terminate relationships immediately upon publication of an FSA order.

A loss caused by incorrect strategy at the entry stage is particularly costly in Japan because the FSA';s institutional memory is long and its examination of reapplications is more intensive where a prior compliance failure is on record. An operator that launches prematurely, receives a business improvement order, and then attempts to remediate faces a substantially longer and more expensive path to full registration than an operator that structures correctly from the outset.

The Japan Virtual and Crypto assets Exchange Association (JVCEA), the FSA-recognised self-regulatory organisation for CAESP operators, plays a significant role in setting operational standards. Membership in the JVCEA is effectively mandatory for registered operators, and the JVCEA';s rules on listing standards, margin trading limits, and customer suitability assessments carry quasi-regulatory force. Foreign operators unfamiliar with the JVCEA framework often discover mid-registration that their proposed product features - particularly leveraged trading products - are restricted or prohibited under JVCEA rules even if not explicitly banned by statute.

The risk of inaction is concrete: an operator that delays structuring its Japanese compliance framework while continuing to serve Japanese users accumulates regulatory exposure that compounds over time. The FSA';s enforcement timeline from identification of an unlicensed operator to formal action has historically run between six and eighteen months, but the agency has accelerated its monitoring of foreign platforms in recent years.

We can help build a strategy for entering the Japanese crypto and blockchain market in a compliant manner. Contact info@vlolawfirm.com to discuss your specific situation.

To receive a checklist of enforcement risk mitigation steps for crypto and blockchain operators in Japan, send a request to info@vlolawfirm.com

What is the most significant practical risk for a foreign crypto business entering Japan without local legal advice?

The most significant risk is misclassifying the token or service under the wrong regulatory track - treating a security token as a utility token, or assuming a CAESP registration covers stablecoin issuance. Each misclassification triggers a separate and more demanding licensing obligation. The FSA does not treat misclassification as a minor administrative error: it treats it as operating outside the scope of any authorisation, which carries the same consequences as operating without any licence at all. Foreign operators also frequently underestimate the FSA';s expectation of substantive local management - appointing a nominee director with no operational role does not satisfy the agency';s governance requirements.

How long does the CAESP registration process take, and what does it cost in practical terms?

The formal FSA review period runs between six and twelve months from submission of a complete application, but preparation of the application itself - including IT security audits, internal control documentation, and corporate structuring - typically adds three to six months before submission. Total elapsed time from project initiation to registration approval is commonly twelve to twenty-four months for a well-resourced applicant. Legal, compliance, and technical advisory costs start from the low tens of thousands of USD for straightforward exchange-only applications and rise substantially for multi-service platforms or those involving security token or stablecoin functions. Ongoing compliance costs - including JVCEA membership fees, annual audits, and Travel Rule infrastructure - add a recurring annual burden that operators must factor into their business economics before committing to the Japanese market.

When should a crypto business choose the FIEA track over the Payment Services Act track, and can both apply simultaneously?

Both tracks can and frequently do apply simultaneously. A platform that operates a crypto asset exchange (Payment Services Act) and also facilitates secondary trading of security tokens (FIEA) must hold both a CAESP registration and a Type I Financial Instruments Business Operator registration. The decision of which track to prioritise depends on the core product: if the primary service is spot exchange of non-security crypto assets, the Payment Services Act registration is the foundation. If the primary service involves tokenised securities, real estate investment trusts on-chain, or structured products, the FIEA registration is the foundation. In practice, most internationally competitive platforms in Japan hold both registrations, which requires maintaining separate compliance functions, capital adequacy calculations, and reporting lines for each regulatory framework.

Japan';s crypto and blockchain regulatory framework is demanding but transparent. The Payment Services Act, the FIEA, the stablecoin amendments, and the AML legislation together create a comprehensive regime that rewards operators who invest in proper structuring from the outset. The FSA';s enforcement posture makes non-compliance a high-cost option. Foreign businesses that approach the Japanese market with a clear understanding of the applicable licensing track, a realistic timeline, and adequate compliance infrastructure are well-positioned to access one of the world';s most mature and liquid crypto markets.

Our law firm VLO Law Firms has experience supporting clients in Japan on crypto and blockchain regulatory and licensing matters. We can assist with CAESP registration preparation, token classification analysis, FIEA compliance structuring, stablecoin distribution frameworks, and ongoing FSA engagement. To receive a consultation, contact: info@vlolawfirm.com