Japan: Privacy and Data Protection-related Laws

The Act on the Protection of Personal Information (APPI) requires business operators holding a personal information database consisting of more than 5,000 individuals identified by personal information on any day in the past 6 months to protect this information (see here). This law was later amended to apply to all businesses in Japan. There is an option for business operators to disclose information to third parties, and the requirements for disclosure are clarified in the amendments.

Anti-money laundering regulations and minimum consumer protection rules

AML/CFT rules:

-VC exchange service provider to be added as “designated service provider” under Act on Prevention Transfer of criminal proceeds(APTCP) and subject obligations:

• KYC process in opening an account

• Preparation and maintenance of books and records

• Filling of suspicious activity report

• Internal control system (internal rules, training, appointment of manager etc.) -Using others’ ID in VC trading is a crime (felony equicalent if engaged as business)

Consumer protection:

-Prudential standard

• Minimum capitalization JPY 10M; Qualitative financial standard necessary to carry on the business properly

• Submission of auditing report by external auditor

-Disclosure; transparency

• Explaining users about selling VCs( eg. VC is not a currency so that it is not guaranteed for conversion into currency risked involved with the VCs)

• Information provision(details of transaction, transaction charges, ADR information etc)

• Provision of written documents upon transaction

-Conduct of business rules

• Notification to authority upon change in registered items

• Registered provider may not let a third party use its name and engage in VC exchange business

-Organization and operational standards

• Information security management

• Management of outsources

• Internal control system(internal rules,training,appointment of manager etc.)

• Personal data protection measures

Co-regulation framework attempting to strike a best balance between consumer protection and encouragement of innovation

Consumer protection:

-Segregation of assets

• Clients’ assets to be managed separately from own assets

• Annual audit by external auditor as to appropriateness of the separation

-Books and records

• Preparation and maintenance of books and records

• Submission of annual report to authority

-Monitoring by authority

• VC exchange business providers to be monitored by local finance bureau

• Reporting in case of mismanagement

• Inspection, corrective order, suspension of business, and revocation of license

Self-regulatory organization:

-VC Exchange Business providers may establish a self-regulatory organization, which is certified by the FSA

• FSA expects self-regulation to work to keep less governmental restrictions

• Self-regulation will become important as a soft-law to be complied with by VC exchange business providers

-Alternative dispute resolution for vC exchange services to be handled by a certified self regulatory organization

-Certified self-regulatory organization to be formed in April

Foreign VC exchange operators:

-Foreign VC exchange is eligible for registration only if it is licensed under its home jurisdiction

• To be registered in Japan, foreign vC exchanger must have an office in Japes, e residing in Japan

• To be registered in Japan, foreign VC exchanger must appoint a representative residing in Japan

• Foreign VC exchanger may not engage in marketing activities toward Japanese residents unless registered in Japan

most foreign exchanges attempt to set up a Japan subsidiary and obtain a license as Japanese company

Key sources

Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus