Japan’s History of Crypto Asset Regulation: 2014-2020

2014: Mt. Gox hack leads to crypto study group
2016: Japan’s PSA recognizes Bitcoin as legal tender
2017- Japanese “deemed and quasi-exchanges” must register
2018- Coincheck & Zaif hacks lead to JVCEA and new laws
2019 – FSA restarts registration and updates PSA and FIEA
2020- JFSA enforces new laws and recognizes JSTOA as SRO
2011-2019: Timeline of Japanese exchange hacks


On 1 May 2020, the Financial Services Agency of Japan (JFSA/FSA) began enforcing new amendments to the Payment Services Act (PSA) and the Financial Instruments and Exchange Act (FIEA), the country’s main crypto-facing legislative acts.
(Read our comprehensive guide to Japanese crypto asset regulation here)

Japan’s new digital asset legislation comprehensively redefines the types of crypto assets, demarcates trading limits on cryptocurrency derivatives and regulatory oversight, and outlines the licensing requirements for Japan’s virtual asset service providers (VASPs) looking to do business in 2020 and beyond. 

These changes are a far cry from the early days of Japanese crypto adoption. Up until 2016, cryptocurrencies were largely unregulated in Japan.

The country’s authorities, eager not to stifle innovation in this dynamic nascent industry that spawned brilliant new technologies like blockchain and digital assets, kept a largely progressive view on virtual asset regulation despite the damaging Mt.Gox hack in 2014, in which over 850,000 Bitcoin were stolen. 

2014: Mt. Gox hack leads to Japanese crypto study group

Mt. Gox users protest after its 2014 hack

The Mt. Gox hack in 2014 reverberated across the world and scandalized Japan’s crypto industry. It laid bare the porous and lax security measures and dangerous non-regulation of exchanges to both authorities and investors.

In 2014 the JFSA established a study and working group to look into the sophistication of payment and settlement operations in Japan, which concluded in 2015. 

The group submitted their final report to the Financial Council of the FSA with the following recommendations:

  • To introduce a registration system for virtual currency (renamed in 2019 as “crypto asset”) exchange businesses. 
  • To ensure crypto-asset transactions are compliant with anti-money laundering (AML) regulations
  • To create a system that protects cryptocurrency users

The report formed the basis of a draft bill that led Japan’s parliament the National Diet to amend the PSA in 2016, with the changes taking effect on April 1, 2017. 

In 2016, Japan amended its Payment Services Act and Fund Settlement Law in a landmark legislative action that would forever alter the face of crypto regulation in Japan.

The laws established cryptocurrency like Bitcoin, then called virtual currency, as legal tender for payment in Japan and also required virtual currency exchange platforms (VCEPs) to register with authorities.

japan flag with bitcoin on it
Source: cryptonewz.com

Article 2, paragraph 5 of the amended PSA defined Bitcoin and other cryptocurrencies as:

1. Property value that:
can be used by unspecified persons for payment of equivalent value for purchased goods, rental fees, or services,
can be purchased by or sold to unspecified persons
is transferable via an electronic data processing system (limited to property values that are stored electronically on electronics, excluding currency and currency denominated assets); or

2. Property value that can be mutually exchangeable for one above with unspecified persons and is transferable via an electronic data processing system.

2017- Japan’s “deemed and quasi-exchanges” must register

image of mount fuji and bitcoin

On 1 April 2017, the PSA’s newly promulgated rules finally came into effect to reform the trading of cryptocurrencies.

All 21 exchanges that were operating in Japan before April 2017 were thus classified as “deemed crypto exchanges”. They were required to register with the FSA, and were allowed to continue their operations as so-called “quasi-exchanges” while their registration applications were being reviewed. 

By Sept 2017, the first 11 “deemed crypto exchanges” were licensed, while the remaining ten’s applications were still under review by the FSA. At the end of 2017, there were officially 16 registered exchanges in Japan, leaving only 5 of the “deemed” exchanges still out in the cold. 

2018: JVCEA forms and JFSA tightens rules after record exchange hacks

Just as Japanese regulators started to feel confident about the new regulations they put in place for crypto exchanges, disaster struck. Two massive Japanese exchange hacks in 2018 changed everything and created renewed pressure for a dramatic overhaul of how the country’s crypto industry is policed.

In January 2018, Coincheck suffered the biggest exchange hack of all time, losing $500m in NEM assets in January 2018. The fallout from this snowballed into the launch of the Japanese Virtual Currency Exchange Association (JVCEA) in April 2018 to help rebuild trust in local exchanges.

Coincheck management apologize after hack (Forbes)
Coincheck management apologize after $534m hack (Forbes)

Then, in September, the exchange Zaif got hacked for 6000 BTC to the value of $60m. 

Both Coincheck and Zaif were later acquired by reputable and established financial institutions in 2019 and are still operating in 2020.

New owners Monex and Fisco have respectively overhauled Coincheck and Zaif’s operations in order to retain their licenses, and these exchanges are licensed and compliant with JFSA requirements.

These two devastating breaches left both Japanese regulators and exchanges with the proverbial egg on their faces. 

The JFSA had had enough. It soon announced that in order to rebuild the industry, it would revise and tighten its existing registration review process for its crypto exchanges, both for those already registered and those under review as quasi-operators. 

What are “quasi-operator” exchanges?

Up until this point, these exchanges with registrations-in-process (which included Coincheck) were allowed to continue business as “quasi-operators”.

New measures included stricter AML/KYC measures and on-site inspections.

The FSA and newly-formed JVCEA inspected the security of Japanese exchanges and found a “sloppy reality” – several instances of inadequate security that still left VCEPs vulnerable to hacks.

These findings resulted in the JFSA handing out no new VCEPs in 2018. This caused several quasi-operators, including rapidly growing new exchange Binance (who “relocated” to crypto-friendly Malta), to either close shop or move to another country. 

By June 2018, there will still 16 quasi-operators with registration applications under review, while 100 new exchanges were trying to enter the market. These numbers decreased dramatically after the FSA rejected its first application, that of the quasi-operator and deemed dealer exchange FSHO. 

By September 2018, only 3 deemed exchanges were left: Coincheck, Everybody’s Bitcoin, and Lastroots.

In April 2018 Monex Group, the Japanese online brokerage giant, bought Coincheck and set out to rebuild its system and reputation in line with the new regulations. It received its operating license in 2019, in a remarkable turnaround that received praise from the Japanese virtual asset industry. 

Japan’s Business Improvement Orders

The 16 exchanges already registered in 2017 were also scrutinized anew by the FSA to ensure that they also conformed with the new regulations.

Six exchanges did not, and received an unwelcome “Business Improvement Order” that required them to improve their AML/KYC systems, including Bitflyer and Fisco, who acquired Zaif following the crypto exchange’s hack. 

Bitflyer, Japan’s most popular exchange by May 2018, was forced to cease accepting new users while it improved its KYC and management processes to the FSA’s satisfaction. Bitflyer finally got the all-clear and started accepting new registrations again in 2019. 

2019 – JFSA restarts registration and updates PSA and FIEA

By 2019, happy with the industry’s implementation of their new standards, the FSA started greenlighting new crypto asset exchanges again.

The Japanese financial regulator kicked off in January with the now fully compliant Coincheck and ended the year with the licensing of the 21st and also last “deemed exchange”, the aptly called LastRoots exchange.

The FSA also confirmed in mid-2019 that over 110 companies had expressed interest in registering as a crypto exchange with FSA. 

PSA and FIEA legislation updated 

The FSA further announced in April 2019 that it would once again reform its existing legislation. Some of the key changes:

  • the term “virtual currency” was to be abandoned in favor of “crypto asset”,
  • crypto exchanges are not allowed to mix user funds with their own and should use trusted third-parties who use cold storage
  • limiting the risk that derivatives like margin trading pose
  • bring certain virtual asset service providers, such as crypto custodians, under its oversight. 
  • making it a punishable offense to spread false rumors about a cryptocurrency 

2020- JFSA enforces new PSA/FIEA and licenses JSTOA as SRO

Japan’s FSA headquarters in Tokyo

On 1 May 2020, Japan’s Financial Services Agency finally began enforcing the new 2019 changes to the PSA and FIEA.

It also recognized another self-regulated organization in addition to the JVCEA- the Japan Security Token Offering Association (JSTOA), who must now help regulate STO and ICO projects.

This clearer regulation should help Japan’s STO market grow significantly in the next few years and attract institutional investment.

Timeline of hacked Japanese exchanges: 2011-2019

2011- Mt.Gox (2,643 BTC)

2014 – Mt. Gox (850,000 BTC)

2018- Coincheck ($532m in NEM)

2018- Zaif ($60m – 6,000BTC)

2019- Bitpoint ($30m)


The previous decade of cryptocurrency highs and lows will forever be intertwined with Japan’s innovative approach to cryptocurrency regulation. Japanese regulators’ hands-off approach helped digital assets to prosper and evolve, despite cryptocurrency heists that would’ve likely meant the banning of virtual currencies in other less forward-thinking countries.

The JFSA’s gradual and measured iterations on Japanese crypto asset regulations, and its growing cooperation with its crypto industry’s SROs and exchanges, have allowed Japan to take its place at the forefront of how AML/CFT regulations like FATF’s travel rule evolve and are implemented.

With a pioneering and mature digital asset framework in place, Japan is again poised to lead the way for other countries on how to regulate crypto assets in 2020 and beyond.

About CoolBitX and Sygna Bridge

How Sygna Works

CooBitX is a Taiwanese blockchain security pioneer who received Series B investments from SBI Holdings and the Monex Group, owners of two licensed Japanese CASPs, in February 2020.

CoolBitX’s FATF Travel Rule solution for VASPs, Sygna Bridge, is currently being implemented by exchanges in Japan and other countries to help crypto-asset exchange service providers worldwide adhere to FATF’s amended Recommendation 16.

Learn more about Sygna Bridge at sygna.io/bridge.

Consensus 2020: CoolBitX Shares Asia's FATF Travel Rule Lessons for Crypto Exchanges

Guide: FinCEN's Suspicious Activity Report (SAR) for VASPs