KYC in Japan After the Crypto Reclassification: What Exchanges Must Do Now

What Changed: Payment Services Act vs FIEA

The Old Framework

Under the Payment Services Act, crypto exchanges operated as "crypto-asset exchange service providers" registered with the Japan Financial Services Agency (JFSA). The KYC requirements were designed for payment processors: verify customer identity at account opening, maintain transaction records, and report suspicious transactions.

The penalty structure reflected the payment-service context: operating without registration carried a maximum of 3 years imprisonment and fines up to ¥3 million. Enforcement was primarily administrative — license suspension, corrective orders, and business improvement orders.

The New Framework

Under the FIEA, crypto exchanges will operate under the same framework as securities brokerages. The registration requirements are more stringent. The capital requirements are higher. The ongoing compliance obligations are more detailed. And the penalty structure is dramatically more severe.

Operating without registration now carries up to 10 years imprisonment (more than triple the previous maximum) and fines up to ¥10 million. Insider trading — using material non-public information about a crypto asset to trade — is explicitly prohibited for the first time, carrying its own criminal penalties. Token issuers must file annual financial disclosures with the JFSA, similar to public company reporting requirements.

The New KYC Requirements

Customer Identification

Under the FIEA framework, exchanges must verify customer identity to a standard equivalent to securities brokerage onboarding. The minimum requirements include full legal name (as registered in the Basic Resident Register or the family register), date of birth, residential address, and nationality.

For individual Japanese residents, identification requires the My Number Card (Individual Number Card), which contains the 12-digit Individual Number, a photograph, and an IC chip with biometric data. Alternatively, a Japanese passport or driver's license paired with a separate proof of address document is accepted.

For non-resident users, a valid passport with a residence card or special permanent resident certificate is required. The exchange must verify both the identity document and the residence status.

My Number Card Verification

The My Number Card is the gold standard for identity verification in Japan. Introduced in 2016, it serves as both an identity document and a social security number card. The IC chip enables electronic verification against government databases, providing a higher assurance level than document-only verification.

For exchanges, My Number Card verification provides the strongest identity confirmation available. The chip contains the holder's photograph, date of birth, address, and Individual Number — all cryptographically signed by the issuing authority. NFC-based chip reading (similar to passport chip verification) provides a definitive identity check that is resistant to document forgery.

However, My Number Card adoption, while growing, is not universal. Exchanges must support alternative document types for users who have not obtained a My Number Card, while incentivizing its use for the superior verification assurance it provides.

Enhanced Due Diligence

Securities-grade KYC requires enhanced due diligence for higher-risk customers. Under the FIEA framework, exchanges must apply EDD to politically exposed persons, customers with unusual transaction patterns, customers from higher-risk jurisdictions, customers conducting transactions above specified thresholds, and corporate accounts (which require UBO identification and verification).

EDD measures include additional identity documentation, source of funds verification, senior management approval for account opening, and increased monitoring frequency.

Ongoing Monitoring

The FIEA framework requires continuous transaction monitoring — not just point-in-time checks at onboarding. Exchanges must implement real-time surveillance for unusual trading patterns (potential insider trading), large or rapid movements of assets (potential money laundering), structured transactions designed to avoid reporting thresholds, and trading activity that correlates with the release of material non-public information.

This monitoring requirement is significantly more demanding than the Payment Services Act's transaction reporting obligations. Exchanges must build (or procure) surveillance systems comparable to those used by traditional securities trading platforms.

Insider Trading: The New Prohibition

What It Covers

The insider trading prohibition applies to any person who possesses material non-public information about a crypto asset and trades on that information. This includes exchange employees who learn about listing or delisting decisions before they are announced, token issuers' employees who have advance knowledge of partnership announcements, protocol updates, or tokenomics changes, and any person who receives material non-public information from an insider.

Compliance Requirements

Exchanges must implement insider trading prevention measures including information barriers between business units (listing decisions, market surveillance, customer service), employee trading restrictions and monitoring, policies for handling material non-public information, and whistleblower channels for reporting suspected insider trading.

The Compliance Timeline

The legislation was approved by Japan's cabinet on April 10, 2026. Full implementation is targeted for fiscal year 2027 (beginning April 1, 2027), pending parliamentary approval during the current session. This gives exchanges approximately 12 months to upgrade their compliance infrastructure from payment-service grade to securities grade.

The practical timeline is shorter. Exchanges that wait until the legislation is finalized to begin preparation will not have enough time. The JFSA has historically provided limited transition periods for regulatory changes, and the expectation is that exchanges will begin adapting immediately.