The pseudo-anonymous and borderless nature of crypto-assets (暗号資産 - angō shisan) has, from their inception, raised significant concerns among global regulators about their potential misuse for money laundering (ML), terrorist financing (TF), and proliferation financing (PF). Japan, as a prominent member of the Financial Action Task Force (FATF) and a major crypto-asset market, has implemented a robust Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) framework. Crypto-Asset Exchange Service Providers (CAESPs) (暗号資産交換業者 - angō shisan kōkan gyōsha) operating in Japan are at the forefront of these regulatory efforts and are subject to stringent obligations to prevent the illicit use of their platforms.

This article provides an in-depth overview of the key AML/CFT obligations imposed on CAESPs in Japan, detailing the legal framework, core duties, and the rigorous supervisory expectations of the Financial Services Agency (FSA).

The Legal and Regulatory Framework for AML/CFT in Japan

Japan's AML/CFT regime for CAESPs is primarily built upon the following pillars:

1. The Act on Prevention of Transfer of Criminal Proceeds (APTCP) (犯罪による収益の移転防止に関する法律 - Hanzai ni yoru Shūeki no Iten Bōshi ni Kansuru Hōritsu, commonly abbreviated as 犯収法 - Hanshūhō): This is the principal AML/CFT legislation in Japan, laying down the core obligations for various types of businesses, including financial institutions and CAESPs.
2. CAESPs as "Specified Business Operators" (特定事業者 - tokutei jigyōsha): Under the APTCP, CAESPs are explicitly designated as "Specified Business Operators." This designation brings them squarely within the scope of the Act and subjects them to its full range of AML/CFT requirements, such as customer due diligence, record-keeping, and reporting of suspicious transactions.
3. The Payment Services Act (PSA) (資金決済に関する法律 - Shikin Kessai ni Kansuru Hōritsu): While the APTCP sets out the AML/CFT duties, the PSA governs the registration and overall supervision of CAESPs. The FSA assesses an applicant's proposed AML/CFT systems as a critical part of the CAESP registration process and during ongoing supervision.
4. Financial Services Agency (FSA) (金融庁 - Kin'yū-chō): The FSA is the competent authority responsible for supervising CAESPs' compliance with AML/CFT obligations. It issues detailed guidelines, conducts inspections, and has strong enforcement powers.
5. FSA Guidelines (事務ガイドライン - jimu gaidorain): The FSA publishes comprehensive supervisory guidelines that elaborate on the practical implementation of APTCP requirements for financial institutions, including a specific volume for CAESPs. These guidelines detail the FSA's expectations regarding internal controls, risk assessment, customer due diligence procedures, and other AML/CFT measures.
6. FATF Standards: Japan is committed to implementing the FATF Recommendations, which are recognized as the global AML/CFT standards. Japanese regulations for CAESPs (referred to as Virtual Asset Service Providers or VASPs by FATF) are heavily influenced by these standards, including requirements related to the "Travel Rule" for crypto-asset transfers.

Core AML/CFT Obligations for CAESPs in Japan

CAESPs in Japan must implement a comprehensive, risk-based AML/CFT program encompassing several key duties:

I. Customer Due Diligence (CDD) / Know Your Customer (KYC)

Referred to in the APTCP as "Transaction-time Confirmation" (取引時確認 - torihiki-ji kakunin), robust CDD is the cornerstone of any effective AML/CFT program. As per Article 4 of the APTCP, CAESPs must:

1. Identify and Verify Customers:
   • Individual Customers: Verify their name (氏名 - shimei), residential address (住所 - jūsho), and date of birth (生年月日 - seinengappi) using reliable, independent official identification documents (e.g., driver's license, passport, My Number Card, resident card for foreign nationals).
   • Corporate Customers: Verify the corporation's official name (名称 - meishō) and the location of its head office or principal place of business (本店又は主たる事務所の所在地 - honten mata wa shutaru jimusho no shozaichi) using official documents like a certificate of registered matters. CAESPs must also identify and verify the identity of the natural person conducting the transaction on behalf of the corporation (the representative - 代表者等 - daihyōsha-tō).
2. Identify and Verify Beneficial Owners (実質的支配者 - jisshitsu-teki shihaisha): For corporate customers, CAESPs must identify and take reasonable measures to verify the identity of their beneficial owners – the natural person(s) who ultimately own or control the customer or on whose behalf a transaction is being conducted. This often involves understanding the ownership and control structure of the corporation.
3. Confirm Purpose of Transaction (取引を行う目的 - torihiki o okonau mokuteki): Inquire about the purpose of the transactions the customer intends to conduct.
4. Confirm Occupation (for Individuals) or Business Activities (for Corporations) (職業又は事業の内容 - shokugyō mata wa jigyō no naiyō): Understand the nature of the customer's economic activity.
5. Enhanced Due Diligence (EDD) (厳格な顧客管理 - genkaku na kokyaku kanri): CAESPs must apply EDD measures in situations that present a higher risk of ML/TF. This is required for, among others:
   • Transactions with Foreign Politically Exposed Persons (PEPs) (外国PEPs等 - gaikoku PEPs tō) and their family members: These individuals are considered higher risk due to their position and influence. EDD includes obtaining senior management approval to establish or continue the business relationship, taking reasonable measures to establish the source of wealth and funds, and conducting enhanced ongoing monitoring.
   • Transactions with customers located in or connected to High-Risk Jurisdictions: Countries identified by the FATF or Japanese authorities as having deficient AML/CFT regimes.
   • Transactions where there is a suspicion of ML/TF: Or where the customer is suspected of providing false identification information.
     EDD measures may involve obtaining more detailed information about the customer, their source of funds/wealth, the intended nature of the business relationship, and conducting more frequent and intensive ongoing monitoring.
6. Ongoing Due Diligence: AML/CFT is not a one-time check at onboarding. CAESPs must continuously monitor their business relationships and scrutinize transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the CAESP's knowledge of the customer, their business and risk profile, and, where necessary, the source of funds. CDD information must also be kept up-to-date through periodic reviews.
7. Prohibition of Anonymous or Fictitious Name Accounts: CAESPs are strictly prohibited from opening or maintaining anonymous accounts or accounts in demonstrably fictitious names.

II. Record-Keeping (記録の作成・保存 - kiroku no sakusei hozon)

Under Articles 6 and 7 of the APTCP, CAESPs must create and maintain detailed records:

1. CDD Records: All documents, data, and information obtained through CDD measures (e.g., copies of identification documents, verification records, information on beneficial owners, purpose of transaction) must be kept for seven years from the date the specific transaction ends or the business relationship with the customer is terminated.
2. Transaction Records: Records of all transactions conducted for customers, including details of crypto-asset transfers (such as type of crypto-asset, amount, value, date, wallet addresses involved, and information required under the Travel Rule), must also be maintained for seven years from the date of the transaction.

These records must be readily accessible for inspection by the FSA or for provision to law enforcement authorities when legally required.

III. Reporting of Suspicious Transactions (STRs) (疑わしい取引の届出 - utagawashii torihiki no todokede)

Article 8 of the APTCP obliges CAESPs to promptly file an STR with their supervisory authority (the FSA for CAESPs) if they suspect, after conducting due diligence and reviewing a transaction, that assets received in connection with the transaction are criminal proceeds or that a customer is attempting to engage in ML or TF. The FSA then forwards these STRs to Japan's Financial Intelligence Unit (FIU), known as JAFIC (Japan Financial Intelligence Center - 日本国金融情報分析センター - Nihon-koku Kin'yū Jōhō Bunseki Sentā), which is housed within the National Police Agency.

• Grounds for Suspicion: Suspicion can arise from various factors, including:
  • Transactions that are unusual in size, frequency, or pattern compared to the customer's known profile or business activities.
  • Transactions involving crypto-assets known to be favored for illicit activities (e.g., certain privacy-enhancing coins, though handling these is often restricted by CAESPs).
  • Use of mixers, tumblers, or other obfuscation techniques.
  • Transactions linked to known illicit addresses (e.g., darknet markets, ransomware addresses, sanctioned wallets).
  • Customer behavior that is evasive, uncooperative, or provides suspicious information.
• No Tipping-Off: CAESPs and their officers/employees are strictly prohibited from disclosing to the customer involved or any third party that an STR has been filed or is being considered (the "no tipping-off" rule).

IV. Establishment of an AML/CFT Internal Control Framework (体制整備 - taisei seibi)

Under Article 11 of the APTCP and detailed FSA guidelines, CAESPs must establish and maintain a robust internal AML/CFT compliance program. This framework should be risk-based and include:

1. ML/TF Risk Assessment (リスク評価 - risuku hyōka): Regularly conducting a comprehensive assessment of the CAESP's specific ML/TF risks, considering factors such as its customer base, the types of crypto-assets and services offered, delivery channels, and geographic exposure. The findings of this risk assessment should inform the design and implementation of AML/CFT policies and procedures.
2. Development of Internal Policies and Procedures: Creating and maintaining clear, written AML/CFT policies, procedures, and controls covering all aspects of the APTCP obligations (CDD, record-keeping, STRs, Travel Rule, etc.). These must be approved by senior management and regularly updated.
3. Appointment of a Compliance Officer (統括管理者 - tōkatsu kanrisha): Designating a qualified individual at the management level who is responsible for overseeing and managing the CAESP's AML/CFT program. This person should have sufficient authority, independence, and resources.
4. Employee Training (研修 - kenshū): Providing regular and comprehensive AML/CFT training to all relevant employees, including management, customer-facing staff, and compliance personnel. Training should cover legal obligations, internal policies, ML/TF typologies, and procedures for identifying and reporting suspicious activity.
5. Independent Audit/Review (監査 - kansa): Periodically having the AML/CFT program reviewed or audited by an independent party (either internal audit function with sufficient independence or an external auditor/consultant) to assess its effectiveness, identify weaknesses, and ensure compliance.

V. Implementation of the "Travel Rule" for Crypto-Asset Transfers (トラベルルール - toraberu rūru)

In line with FATF Recommendation 16, Japan has implemented the Travel Rule for crypto-asset transfers. This requires CAESPs, when conducting a crypto-asset transfer on behalf of a customer to another VASP (CAESP), to:

• Obtain, hold, and transmit required and accurate originator (sender) information.
• Obtain and hold required beneficiary (recipient) information.
• Transmit this information to the beneficiary VASP immediately and securely.
  The specific information to be collected and transmitted typically includes names, wallet addresses (or equivalent), and potentially other identifiers like physical addresses or customer ID numbers, depending on the transaction value and regulatory specifics.

The purpose of the Travel Rule is to ensure that crypto-asset transfers have the same level of transparency as traditional wire transfers, allowing authorities to trace illicit funds and take action. Implementation presents technical and operational challenges, particularly when dealing with VASPs in jurisdictions with differing or no Travel Rule requirements, or with unhosted (private) wallets. Japanese CAESPs often use industry-developed solutions to facilitate Travel Rule compliance.

FSA Supervision and Enforcement

The FSA takes AML/CFT compliance by CAESPs extremely seriously:

• Intense Scrutiny During Registration: An applicant's proposed AML/CFT framework is a critical part of the FSA's review process for new CAESP registrations. Deficiencies are a common reason for delays or rejections.
• Ongoing Supervision: Registered CAESPs are subject to continuous FSA supervision, including off-site monitoring of STR filings and other data, and regular on-site inspections that thoroughly examine AML/CFT systems and their effectiveness.
• Strong Enforcement Powers: The FSA has a range of enforcement tools to address AML/CFT deficiencies, including:
  • Issuing administrative guidance or requests for reports.
  • Issuing Business Improvement Orders (業務改善命令 - gyōmu kaizen meirei) mandating specific corrective actions.
  • Issuing Business Suspension Orders (業務停止命令 - gyōmu teishi meirei) for serious violations.
  • In cases of severe or persistent non-compliance, revoking the CAESP's registration (登録取消し - tōroku torikeshi).
    The FSA has not hesitated to use these powers when it has identified significant AML/CFT failings at CAESPs.

Specific AML/CFT Risks in the Crypto Sector

CAESPs face unique ML/TF risks that require tailored mitigation strategies:

• Anonymity-Enhancing Technologies: Privacy coins, mixers, tumblers, and decentralized exchanges can obscure transaction trails. CAESPs must develop policies for assessing and mitigating risks associated with these technologies, which may include restricting or prohibiting transactions involving them.
• Cross-Border Transactions: The global nature of crypto-assets increases risks, especially when facilitating transfers to or from high-risk jurisdictions or dealing with VASPs with weak AML/CFT controls.
• Unhosted Wallets (Private Wallets): Transactions involving unhosted wallets present challenges for CDD and Travel Rule implementation, as there is no intermediary VASP to collect or provide counterparty information. The FSA expects enhanced scrutiny for such transactions.
• Rapidly Evolving Threats and Typologies: Illicit actors continuously develop new methods to exploit crypto-assets (e.g., related to ransomware, sanctions evasion, DeFi exploits, fraudulent ICOs/NFTs). CAESPs must stay informed about these evolving typologies and adapt their risk assessments and controls accordingly.

The Role of Self-Regulatory Organizations (SROs)

While the FSA sets the primary regulatory requirements, SROs like JVCEA often develop more detailed operational guidelines and best practices for their members. These SRO rules can provide practical guidance on implementing AML/CFT measures, such as specific KYC procedures, transaction monitoring scenarios, or risk assessment methodologies tailored to the crypto-asset industry.

Conclusion: A Non-Negotiable Imperative for Operating in Japan

For Crypto-Asset Exchange Service Providers in Japan, establishing and maintaining a robust and effective AML/CFT program is not merely a compliance exercise but a fundamental prerequisite for doing business. The obligations under the Act on Prevention of Transfer of Criminal Proceeds and detailed FSA guidelines are comprehensive, covering customer due diligence, ongoing monitoring, record-keeping, suspicious transaction reporting, robust internal controls, and adherence to international standards like the Travel Rule.

The FSA maintains a rigorous supervisory and enforcement stance, and deficiencies in AML/CFT systems can lead to severe consequences, including substantial operational restrictions or loss of license. Therefore, a proactive, risk-based, and continuously updated AML/CFT framework, supported by strong management commitment and adequate resources, is absolutely essential for CAESPs to operate responsibly, protect their platforms from illicit use, and maintain their good standing in Japan's regulated crypto-asset market.