In the wake of one of the largest cryptocurrency heists in history, Japan’s Financial Services Agency (FSA) unveiled a sweeping five-point regulatory framework on May 7, 2018, that would fundamentally reshape how cryptocurrency exchanges operate in the world’s third-largest economy. The new criteria, applicable to both existing operators and new applicants, represent Tokyo’s most aggressive response yet to the January 2018 Coincheck hack that saw approximately $531 million worth of NEM stolen from the exchange.
TL;DR
- Japan’s FSA imposed five new mandatory criteria on all cryptocurrency exchanges
- Rules directly target vulnerabilities exposed by the $531 million Coincheck hack
- Cold storage, multi-password transfers, and customer asset separation now required
- Privacy coins like Monero face effective ban from Japanese exchanges
- On-site inspections mandatory before any exchange approval
- Approximately 100 companies are waiting to apply for exchange registration
The Coincheck Catalyst
The catalyst for Japan’s regulatory crackdown was the devastating Coincheck hack of January 2018, which saw thieves make off with 58 billion yen — roughly $531 million — worth of the cryptocurrency NEM. The breach exposed critical weaknesses in Japan’s cryptocurrency oversight, despite the country having been one of the first major economies to formally recognize Bitcoin as legal tender in April 2017.
Coincheck, which had been operating under a provisional registration while awaiting full FSA approval, was subsequently acquired by Monex Group, a leading online brokerage firm. The incident served as a wake-up call for regulators who realized that the existing framework, established under the revised Fund Settlement Act, was insufficient to protect consumers and maintain market integrity.
Breaking Down the Five Criteria
The first criterion addresses system management, mandating that exchanges must not store digital currencies in internet-connected computers — effectively requiring cold storage for the majority of customer funds. Additionally, exchanges must implement multiple passwords for currency transfers, adding layers of security against unauthorized access.
The second criterion targets anti-money laundering (AML) efforts. Exchanges are now required to strengthen customer identification procedures, particularly for large transfers. This means more rigorous KYC (Know Your Customer) verification processes and enhanced transaction monitoring systems.
Third, and perhaps most critically for consumer protection, customer assets must be carefully managed and separated from exchange assets. The FSA now requires exchanges to check customer account balances multiple times throughout the day to detect any signs of fund diversion. Rules must be in place preventing officers and employees from using client money or virtual currencies for personal purposes.
The fourth criterion introduces new restrictions on which cryptocurrencies can be listed on Japanese exchanges. Digital assets that grant a high level of anonymity and could easily be used for money laundering will, as a general rule, be banned. This effectively targets privacy-focused coins like Monero, Dash, and Zcash — a development that had been rumored for weeks, with reports circulating that the FSA was pressuring exchanges to delist privacy coins.
Finally, the fifth criterion mandates stronger internal governance. Exchanges must separate shareholders from management and ensure that system development roles are distinct from asset management roles. This separation of duties is designed to prevent employees from manipulating exchange systems for personal gain.
Impact on Japan’s Crypto Landscape
At the time of the announcement, 16 government-approved cryptocurrency exchanges were operating in Japan, with an additional seven operating provisionally under the revised Fund Settlement Act while their applications were under review. The new five-point framework applies equally to all of them. Exchanges that cannot comply are being encouraged to exit the business voluntarily.
The FSA indicated it would begin accepting new registration applications in the summer of 2018, with approximately 100 companies reportedly expressing interest in entering the Japanese crypto market. However, the bar has been raised significantly — on-site inspections will now be conducted on all exchanges prior to approval, moving beyond the previous documentation-only review process.
Ethereum was trading at approximately $754 at the time, having recovered from lows near $380 after the broader market correction from January’s all-time highs. Bitcoin stood at roughly $9,373. The regulatory tightening in Japan, while initially causing some market uncertainty, was broadly seen as a positive long-term development that could attract more institutional capital by providing clearer legal frameworks.
Why This Matters
Japan’s regulatory response to the Coincheck hack became a template for cryptocurrency oversight worldwide. By mandating cold storage, customer asset separation, and governance reforms, the FSA was effectively writing the playbook that other regulators would study and adapt. The decision to restrict privacy coins also set a precedent that would reverberate across global exchange policies for years to come. For an industry still reeling from the reputational damage of multi-million-dollar hacks, Japan’s willingness to regulate rather than ban represented both a challenge and an opportunity — the difference between the Wild West and a functioning market.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making investment decisions.