Name
Global FinTech Guide
Country _ Name
Japan
SectionTitle
RegTech and compliance management
Body
RegTech is composed of the words “regulatory” and “technology”. It is a collective term for the application of modern technologies, to get the increasing regulation in the banking- and financial sector under control both from an IT and a legal standpoint.

Introduction

Attitude of the country towards RegTech-services

While the concept of RegTech has not yet been fully recognized in Japan the same way as in other countries, RegTech solutions are becoming more utilized especially by sophisticated financial institutions. Recent increased expectations by financial supervisory authorities and the complexity of regulations have made the private sector understand the importance of utilizing technology for regulatory compliance. The Digital Agency in Japan has managed a RegTech consortium.

In the financial sector, the Japanese Financial Services Agency (“FSA”) promotes RegTech and published a report on the status of digitalization efforts in financial monitoring in June 2019. In particular, the FSA has conducted rigorous monitoring in AML/CFT spaces since the issuance of AML/CFT Guidelines, which were published in February 2018. The FSA’s AML/CFT Guidelines recommends financial institutions to utilize AI, blockchain, RPA, and other technologies for AML/CFT to implement effective and efficient risk management.

There have been no regulations for RegTech service providers in Japan. However, the Japanese government amended the Payment Services Act in 2022 to introduce a new business category, called "Funds Transfer Transaction Analysis Service." A Funds Transfer Transaction Analysis Service means sanction screening and transaction monitoring services outsourced by banks and requires a license from the FSA to operate. A Funds Transfer Transaction Analysis Service provider is also expected to analyze data received from banks by using machine learning and to provide feedback to these banks. Three service providers have obtained licenses from the FSA as of May 2024.


Legal affairs

Obligations and requirements to provide RegTech-services

As described in the previous section, a RegTech service provider does not need to have a license or registration in principle, as such services contribute to compliance with existing regulations through utilization of technology. It should be noted that RegTech service providers should contemplate whether their services meet financial regulations for acceptance of these services by financial institutions.

A Funds Transfer Transaction Analysis Service outsourced by banks requires a license under the Payment Services Act, with some exceptions such as a service provider accepting outsourcing from 20 or less banks. An applicant must demonstrate a certain level of financial stability and human resources to be able to obtain this license.
Recently, there has been a keen interest in AI-based RegTech solutions. RegTech service providers in financial industry should understand the guidelines published by the Japanese government on AI technologies and models. For instance, the Japanese government published “AI Guidelines for Business Ver 1.0” in April 2024, regarding uses of AI in a broad range of business activities, not only in the financial sector. The latest version thereof is Ver 1.1 issued in March 2025. The FSA published “Principles for Model Risk Management” for financial institutions with systemic importance in 2021. The FSA also published “AI Discussion Paper” to emphasize the "risk of inaction" for use of AI potentially causing technological stagnation of financial institutions in March 2025.

Additional comments regarding the legal situation for RegTech-services or what RegTech’s must be aware of in this business area

It is essential to collect and manage a vast array of data in order to leverage AI and other RegTech solutions with sufficient care for regulations controlling data management. For instance, the Act on the Protection of Personal Information (“APPI”) stipulates that, in principle, provision of personal data to a third party requires the consent of the person. However, provision of personal data accompanied by business outsourcing does not constitute the provision of personal data to a third party.

In this connection, the Japanese government has announced the below interpretation regarding circumstances where a Funds Transfer Transaction Analysis Service provider receives personal data from banks. This interpretation of the APPI can be useful for other RegTech solutions.

  • If a Funds Transfer Transaction Analysis Service provider implements the following measures, banks can provide personal data of their customers to the Funds Transfer Transaction Analysis Service provider without the customers’ consent.
    • Handling personal data provided by each bank only within the scope of the bank’s outsource, and segregate the date respectively by each bank. This means that a Funds Transfer Transaction Analysis Service provider does not mix personal data from a one Bank with those from other banks.
    • Notify the results of analyses on transactions, including personal data provided from a one bank, only to that bank. This means that a Funds Transfer Transaction Analysis Service provider cannot share these results with other banks.
  • If a Funds Transfer Transaction Analysis Service provider generates a parameter through machine learning that is made from personal data provided by a specific bank, and thereby eliminates the connection between the parameter and the personal data, the provider can share this parameter internally and utilize it for analysis on transactions outsourced by other banks.

Economic conditions

Market size for RegTech-services and biggest companies in this business area
The current market size of RegTech services in Japan is not very large. However, the importance of utilizing AI and other technologies has been more and more recognized due to complex and stricter financial regulations, as well as a shortage of specialized human resources. For example, the following RegTech services have been used recently:

  • Online KYC for AML/CFT regulatory compliance.
  • Extracting negative news from a large volume of business news and labeling it as important by AI, in order to improve efficiency of due diligence on customers and business partners.
  • Information sharing by database, where a member company registers phone numbers, email addresses, IP addresses, and types of fraudulent transactions used in fraudulent transactions. Other member companies refer to such information and utilize it for their counter measures.
  • Detection of impersonation to prevent unauthorized money transfers.
  • Scoring of interview records at the time of solicitation and sales of financial products by AI for compliance checks and customer protection.
  • Scoring of high-risk transactions by AI for suspicious transactions reporting under AML/CFT regulations.
The number of companies providing RegTech services in Japan will almost certainly increase in the future.

Additional comments regarding the economic situation for RegTech-services or what RegTech’s must be aware of in this business area

Not in particular.



Authors

Close

Choose country