Name
Global FinTech Guide
Country _ Name
Japan
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The Act on Prevention of Transfer of Criminal Proceeds (“APTCP”) plays a central role in Japan's legal framework for AML, as it imposes legal obligations on the private sector. The APTCP has been in effect since March 2008. The Japanese government amended the Act on Customer Identification by Financial Institutions to cover business operators other than financial institutions under the AML regulatory framework. The APTCP defines business operators handling higher risk services from an AML perspective as “Specified Business Operators” and imposes, among others, the following obligations:

  • Conducting customer due diligence (CDD) when performing services.
  • Detecting suspicious transactions and reporting them to a competent administrative authority.
  • Establishing a management system including training for employees, preparation of internal rules to implement CDD, appointment of an AML/CFT officer to oversee and manage internal audits and other operations, and preparation of a risk assessment sheet.
Specified Business Operators subject to these obligations include financial institutions, real estate brokers, dealers in precious metals and stones, postal receiving service providers, telephone receiving/forwarding service providers, and professionals such as lawyers and CPAs. The list is fully enumerated in the APTCP.

The Financial Services Agency (“FSA”) supervises most financial institutions, such as banks, securities companies, insurance companies, trust companies, money lenders, crypto asset exchangers, fund transfer service providers, and prepaid payment instruments providers, by setting industry related laws and preparing guidelines for each respective industry. These are the Banking Act for banks, Financial Instruments and Exchange Law for securities companies, fund management companies and others, Insurance Business Act for insurance companies, Trust Business Act for trust companies, Money Lending Business Act for money lenders, Payment Services Act for crypto asset exchangers, fund transfer service providers and prepaid payment instruments providers, and others. The FSA supervises APTCP compliance of financial institutions by these acts and guidelines.

As financial institutions handling higher-risk services from an AML perspective, the FSA published AML/CFT Guidelines in February 2018, requiring stricter countermeasures for financial institutions on top of the APTCP. In addition, the FSA drafted FAQs regarding AML/CFT Guidelines in March 2021, to elaborate on the requirements described in the AML/CFT Guidelines. As such, financial institutions under the supervision of the FSA need to comply with the AML/CFT Guidelines by referring to the FAQs, in addition to the APTCP.


National regulator or relevant authority for AML controls
The Act on Prevention of Transfer of Criminal Proceeds (“APTCP”) plays a central role in Japan's legal framework for AML, as it imposes legal obligations on the private sector. The APTCP has been in effect since March 2008. The Japanese government amended the Act on Customer Identification by Financial Institutions to cover business operators other than financial institutions under the AML regulatory framework. The APTCP defines business operators handling higher risk services from an AML perspective as “Specified Business Operators” and imposes, among others, the following obligations:

  • Conducting customer due diligence (CDD) when performing services.
  • Detecting suspicious transactions and reporting them to a competent administrative authority.
  • Establishing a management system including training for employees, preparation of internal rules to implement CDD, appointment of an AML/CFT officer to oversee and manage internal audits and other operations, and preparation of a risk assessment sheet.
Specified Business Operators subject to these obligations include financial institutions, real estate brokers, dealers in precious metals and stones, postal receiving service providers, telephone receiving/forwarding service providers, and professionals such as lawyers and CPAs. The list is fully enumerated in the APTCP.

The Financial Services Agency (“FSA”) supervises most financial institutions, such as banks, securities companies, insurance companies, trust companies, money lenders, crypto asset exchangers, fund transfer service providers, and prepaid payment instruments providers, by setting industry related laws and preparing guidelines for each respective industry. These are the Banking Act for banks, Financial Instruments and Exchange Law for securities companies, fund management companies and others, Insurance Business Act for insurance companies, Trust Business Act for trust companies, Money Lending Business Act for money lenders, Payment Services Act for crypto asset exchangers, fund transfer service providers and prepaid payment instruments providers, and others. The FSA supervises APTCP compliance of financial institutions by these acts and guidelines.

As financial institutions handling higher-risk services from an AML perspective, the FSA published AML/CFT Guidelines in February 2018, requiring stricter countermeasures for financial institutions on top of the APTCP. In addition, the FSA drafted FAQs regarding AML/CFT Guidelines in March 2021, to elaborate on the requirements described in the AML/CFT Guidelines. As such, financial institutions under the supervision of the FSA need to comply with the AML/CFT Guidelines by referring to the FAQs, in addition to the APTCP.


Customer Due Diligence

Conduct of a typical KYC identification process
A financial institution to which the APTCP applies must conduct CDD as verification at the time of a transaction falling under the Act when they enter into, among others, certain transactions, such as opening of an account or a cash transaction of JPY 2 million or more. Specifically, in the case of a transaction with an individual person, a financial institution must confirm identity information, such as name, residential address, date of birth, transaction purpose, and occupation. As for legal persons, a financial institution confirms identity information, such as the entity’s name, location of head office or principal place of business as well as transaction purpose, details of its business, identity information of beneficial owners, and identity information and authority of its representative for the transaction.

In face-to-face transactions, a financial institution verifies the identity information mentioned above by, among others, requesting original government-issued ID such as a driver's license, and social insurance number card ("My Number Card”). For non-face-to-face transactions, online KYC is available, whereby the CDD process can be completed online by receiving image/motion picture data of IDs and customer's appearance via an app which is provided by a financial institution. A financial institution can implement CDD by a combination of receiving copies of two IDs by mail from a customer and sending a transaction-related document to the customer's address indicated on the copies by a non-forwarding mail service. In June 2025, the Japanese government issued the amendment of regulations under APTCP to the effect that, among other things, online KYC methods will be, in principle, integrated into the public personal authentication by My Number card or verification of IC chip information in driver’s licenses or others, and to abolish online KYC by image/motion picture data of IDs and non-face to face identification by non-original copies of IDs. This amendment will be effective in April 2027,

Transactions with customers residing in certain countries, currently Iran and the DPRK, and with foreign PEPs (politically exposed persons) fall within particularly higher-risk transactions and require additional measures described in the APTCP. Transactions with Myanmar are also recognized as higher risk transactions requiring additional control measures under the APTCP. As such, a financial institution confirms in their CDD process whether a transaction falls within one of these categories.
AML/CFT Guidelines issued by the FSA require financial institutions to implement relevant measures under a risk-based approach. For example, the guidelines require financial institutions to conduct risk assessments of all customers and to implement CDD at onboarding, as well as ongoing CDD based on the customer risk assessment.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

This is possible. Article 13 of the Enforcement Regulations of the APTCP stipulates that a Specified Business Operator can rely on CDD results conducted by a third-party Specified Business Operator in the following cases, on the condition that these Specified Business Operators executes an agreement prior to the reliance:

  • When a Specified Business Operator provides a financial service or other certain services, the fees of which are paid by a remittance from a bank account, the Specified Business Operator can rely on CDD information obtained by the bank during the opening of the bank account, if the CDD information is properly recorded by the bank and the Specified Business Operator confirms this record.
  • When a Specified Business Operator provides a financial service or other certain services, fees of which are paid by a credit card, the Specified Business Operator can rely on CDD information obtained by the credit card company during the opening of the credit card account, if the CDD information is properly recorded by the credit card company and the Specified Business Operator confirms this record.
It should be noted that Article 13 of the Order for Enforcement of the APTCP stated that the obligation to perform CDD is exempt in the below cases. In addition, a Specified Business Operator can utilize CDD information which it obtains through a merger, business transfer, and other similar transactions under certain conditions.

  • When a financial institution or credit card company outsources formation of contract with a customer related to their service to another Specified Business Operator who already conducted CDD on the customer, the financial institution or credit card company is not required to conduct CDD if the information obtained by the Specified Business Operator is properly recorded and the financial institution or credit card company confirms this record.
It should be noted that the reliance and exemption mentioned above cannot be used if transaction is a higher-risk transaction such as suspected impersonation.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

This is possible. A Specified Business Operator can outsource CDD to a third party, who is not subject to the APTCP. However, the Specified Business Operator must be responsible for compliance with obligations of CDD and record keeping under the APTCP. If the third party does not properly conduct CDD, the Specified Business Operator can be subject to an administrative action.
A Specified Business Operator can outsource preparation and recording of CDD information to a third party on the condition that the Specified Business Operator can immediately retrieve these records, when necessary, in the same manner as when information is recorded by the Specified Business Operator itself.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

No particular requirement.


Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)
Yes credit institutions
Yes financial institutions
auditors, external accountants, and tax advisors
notaries and other independent legal professionals
other trust or company service providers
estate agents
other persons trading high-value goods
providers of gambling services


Authors

Close

Choose country