JAPAN |
In Japan, the first entirely internet-based bank opened in October 2000. At the time it was commonly referred to as an “internet bank”. Subsequently, with the spread of smartphones, Japan’s traditional financial institutions (megabanks and regional banks) gradually started to offer banking service apps that enabled transactions to be completed entirely online.
More recently, some banks have begun working with securities and insurance companies to offer super-apps that allow users to not only access banking services, but also trade securities and purchase insurance.
As in other countries, digital banking in Japan became increasingly popular from 2020 onwards following the pandemic outbreak. In addition to operating their own banking business, some banks have started to offer banking as a service (BaaS) platforms through application programming interfaces (APIs) to companies.
Up until now, many of Japan’s internet banks have been offering services primarily targeting individuals. However, in 2023, a bank group announced the establishment of a digital bank specialising in lending for companies online, aiming to open for business by the end of 2024.
These days, banks are not the only players when it comes to digital banking in Japan. Unbundling is one of the features of Japan’s recent financial regulations, and the government has arranged a different type of licence for businesses that perform some of the traditional banking services.
LICENSING SYSTEM
The Banking Act defines banking as performing either: (1) Acceptance of deposits or instalment savings, as well as lending funds or discounting of bills and notes; or (2) Dealing in funds transfer transactions, stating that a licence must be obtained from the prime minister to engage in banking. This means that a licence must be obtained from the prime minister when also providing banking services as a digital bank.
The Banking Act stipulates two examination criteria for a banking licence:
(1) The applicant must have sufficient financial resources to perform services of a bank soundly and efficiently, and have good prospects for income and expenditure in connection with those services;
(2) Regarding personnel, the applicant must have the knowledge and experience to perform services of a bank appropriately, fairly and efficiently, and have sufficient social credibility.
In addition, the Banking Act and the Order for Enforcement of the Banking Act require banks to have stated capital of at least JPY2 billion (USD13.4 million).
Note “knowledge and experience to perform the services of a bank appropriately, fairly and efficiently” in criteria (2) means knowledge and experience sufficient to understand and enforce the aims of banking services indicated in the Banking Act and other related regulations and supervisory guidelines, along with sufficient compliance and risk management knowledge and experience necessary for sound and appropriate management of banking services.
In addition, supervisory guidelines issued by the Financial Services Agency describe the main supervisory aims of licence examinations for banks that do not have manned offices and specialise in non-face-to-face transactions such as internet transactions.
The guidelines state that matters to be checked during licence examination are:
(1) Whether the bank has systems in place to: appropriately handle complaints and consultations from customers; respond to customers in the wake of a system shutdown; fulfil accountability to customers based on laws and regulations; make disclosures; and fulfil the duty of checking at the time of transaction, reporting suspicious transactions to counter organised crimes including money laundering, even without manned offices;
(2) Regarding prospective income and expenditure, whether the bank has clear contingency plans in case of a worsening business environment – such as the entry of competitors or system obsolescence – and whether the plan anticipates a certain level of earnings;
(3) Whether the bank has a solid measure to ensure liquidity in case of a temporary and massive customer churn, taking into account interest rates or any other condition-sensitive customer segment, as well as transactions for which cancellations and changes are easily made; and
(4) Whether the security level of the bank’s system is satisfactory, and has appropriately set up any security management system for system operations (including the management of any outsourced contractor) and crisis management systems in case of the occurrence of failure – for which the submission of evaluation documents from an external institution is required.
KEY ISSUES
Since digital banks provide their services online, in addition to inherent risks – such as the inability to confirm unusual transaction patterns – banks also need to take information security measures from a user-protection perspective.
The supervisory guidelines issued by the Financial Services Agency expand on points to keep in mind for internet banking licensing examination. Regarding developing an internal control environment for countermeasures against criminal activities, the guidelines require the measures be positioned among highest priority management issues, and that banks: implement a necessary review by the board of directors to improve the security level; develop a control environment to provide customers with explanations of points to keep in mind when using internet banking services; and establish an environment in which each division shares information on its current status, and issues are addressed by the entire bank to secure the sound and proper operation of internet banking.
The guidelines also require that the PDCA cycle – conducting risk analysis, setting a plan, and practising, evaluating and reviewing security measures – works well. Furthermore, to ensure security, banks are required to take measures according to the characteristics of their customers and operations, while identifying risk arising at the time of structuring its IT system and each phase of use, based on the content of discussions at the Study Group on Cyber Security.
The guidelines also require banks to aim at improving security as a whole, rather than taking individual measures in an impromptu manner, by combining multiple effective measures, as well as determining necessity and measures to take prompt action on recognising the existence of risk sufficiently, and developing a control environment to prepare a verified security programme against various crimes, revisable as needed.
FINTECH AND STABLECOIN
(1) Remittance and payments. Following enactment of the Payment Services Act in 2010, a funds transfer services licensing system was introduced enabling banks to conduct funds transfers of up to JPY1 million per transaction without a banking licence. A system of issuers of prepaid payment instruments was also introduced that focuses more on the payment function than on fund transfers.
At that time, electronically issued prepaid payment instruments were not common, but in recent years they have become widely recognised as non-refundable electronic money. Subsequently, the revised Payment Services Act, enacted in 2021, resulted in the introduction of three types of licensing systems for fund transfers: one for transactions of more than JPY1 million; another for transactions of above JPY50,000 and below JPY1 million; and a third for transactions under JPY50,000.
This was accompanied by the imposition of strict regulations such as requiring type 1 fund transfer services with no maximum remittance amount to be not only registered but also licensed.
(2) Stablecoins. Japan’s revised Payment Services Act, enacted in 2017, introduced a registration system for crypto asset exchange services. However, the regulatory treatment of subsequently launched stablecoins was unclear, so Japan led the world in introducing regulations on stablecoins, clarifying their position in financial regulations. These regulations are expected not only to contribute to user protection in Japan, but also stimulate innovative financial services using blockchains.
As of 18 March 2024, there are no examples of businesses registered for electronic payment instruments business to conduct the purchase and sale of electronic payment instruments, namely stablecoins. But several businesses are expected to obtain licences and begin distributing stablecoins in Japan by the end of 2024.
(3) Financial service intermediary business. The Act on the Provision of Financial Services, enacted in 2021, established a new financial services intermediary business that enables intermediary business operations in all areas of banking, securities, insurance and money lending by submitting just one registration.
This licence is primarily used by fintech companies developing businesses enabling users to access a variety of financial services through a single app, and non-financial businesses, to enter financial businesses.
CHUO SOGO LAW OFFICE
Hibiya Kokusai Building 18th floor,
2-2-3 Uchisaiwai-cho,
Chiyoda-ku, Tokyo 1000011, Japan
Tel: +81 3 3539 1877
Email Address: info@clo.gr.jp
www.clo.jp/english