Japan: Financial institutions and fintechs must prioritise KYC, AML and CFT

IFLR is part of Legal Benchmarking Limited, 4 Bouverie Street, London, EC4Y 8AX

Copyright © Legal Benchmarking Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Japan: Financial institutions and fintechs must prioritise KYC, AML and CFT

Sponsored by

atsumi-400px.png
magnifying glass

KYC, AML and CFT will take centre stage again in Japan as legal changes strive to strengthen safeguards, writes Takafumi Ochiai of Atsumi & Sakai

With the fourth round of mutual evaluations between Japan and the Financial Action Task Force on Money Laundering (FATF) approaching, know-your-customer (KYC), anti-money laundering (AML) and terrorism countermeasures (CFT) are central topics of discussion. According to a survey of Japanese financial institutions conducted by The International RegTech Association, KYC and AML are some of the fields in which financial institutions expect to be able to improve their business efficiency by introducing technology.

However, progress in this regard is not only important for Japanese financial institutions, but also for Japanese fintech firms, for which the obligation under the Act on Prevention of Transfer of Criminal Proceeds to implement such measures is one of the most cost- and labour-intensive compliance tasks.

Below is a list of the biggest topics in AML, KYC and CFT under discussion in Japan.

1. Amendment of the Ordinance for the Enforcement of the Act on Prevention of Transfer of Criminal Proceeds ― using e-KYC to tighten identity verification

The Ordinance was amended in October 2018, allowing the identity verification required of certain business operators to be performed online. The amendment followed some concerning reports, such as the case of one fintech firm that said that 40% of its customers failed the KYC process based on previous regulations, because those regulations included not-to-be-redirected mail mailing procedures, which are burdensome for the customers.

The changes in the amendment include, for instance, provisions allowing for four different methods for the use of image data for identification purposes, such as by using software provided by specified business operators. Such software has to be capable of verifying features including name, address, date of birth and a customer's photo on documents (such as a driving licence) to certify identification, and be able to determine the thickness of a document in order to confirm it has not been altered. One year after the amendment came into force, some companies have begun offering such regtech software services to financial institutions and other fintech firms.

The previous methods of non-face-to-face and sending not-to-be-redirected mail to customers were often used to commit fraud, such as submitting an application with a false address and having someone wait at the mailing address to receive the verification mail. Identity verification using not-to-be-redirected mail is now subject to stricter regulations, for example by combining it with verification methods, such as receiving the original identification documents from customers by mail or by having mail delivery personnel confirm the existence of the actual person by checking a photo ID.

2. Entrustment of KYC

In addition to implementing the above forms of e-KYC measures for identity verification, there was strong demand from fintech companies to be able to use the results of identity verification performed by other specified business operators, for instance where there are multiple business operators with financial licences within one corporate group.

The proposal was tested at the Financial Service Agency's (FSA) FinTech Proof-of-Concept (PoC) Hub, where three Japanese megabanks and other financial institutions experimented with sharing the results of identity verification performed using blockchain. It was concluded that the results of identity verification performed by a specified business operator can be used by certain other specified business operators on the basis of entrustment of KYC.

However, it seems that subsequently there were differences of opinion between the FSA and the National Police Agency, which has administrative jurisdiction over the Act on Prevention of Transfer of Criminal Proceeds, with the final conclusions only announced in October 2019. The conclusions stated that identity verification results may be used even if all the procedures leading up to the execution of a contract are not entrusted to another specified business operator (outsourced party), provided that the outsourced party acts between the entrusting business operator and the customer, for example as an agent or intermediary, i.e. situations such as where the outsourced party's name is displayed on the entrusting business operator's website at the time the customer is conducting the application procedures with the entrusting business operator, and the outsourced party is positioned between the entrusting business operator and the customer and it is the outsourced party that requests the customer to enter its login ID and password.

3. Strengthening KYC and AML/CFT ahead of the FATF

In April 2019, the FSA revised the AML/CFT guidelines it had established in February 2018. The revisions include requiring non-profit organisations to be evaluated when there is a risk of AML, and recommendations for measures based on the Foreign Exchange and Foreign Trade Act as well as United Nations Security Council resolution 1267, such as the prevention of funding of the proliferation of weapons of mass destruction.

In addition, the guidelines emphasise the need for risk assessment and review in a risk-based approach and suggest that consideration should be given to matters such as increasing the frequency of surveys of high-risk customers (or decreasing the frequency for low-risk customers).

With respect to cryptoassets, laws such as the Payment and Services Act have been revised to require wallet service providers to register with the FSA. In addition, the self-imposed regulations of the Japan Virtual Currency Exchange Association require that cryptoasset exchange operators take AML/CFT measures in addition to those required by laws and regulations.

At the G20 meeting in June 2019, Japan included discussions on the regulations relating to cryptoassets and decentralised finance, and showed its willingness to share the results of its advanced regulations with other countries.

There is also a call from the FSA and financial institutions that conduct business with fund transfer service providers for those providers to strengthen their AML/CFT measures.

About the author

takafumi-ochiai.jpg

 

Takafumi Ochiai

Partner, Atsumi & Sakai

Tokyo, Japan

T: +81 (0)3 5501 2111

E: takafumi.ochiai@aplaw.jp

W: www.aplaw.jp

Takafumi Ochiai is a partner in Atsumi & Sakai and a core member of the firm's fintech team. He is a member of the general secretariat of the Fintech Association Japan; the Ministry of Economic Trade and Industry's Committee to Discuss Legal System for Blockchain; Japan Bank Association's research committee for the promotion of open API; and the Innovative Technology/Business model Evaluation Committee for Regulatory Sandbox of the Cabinet Office.


Gift this article