With the 4th round of mutual evaluations between Japan and the Financial Action Task Force on Money Laundering (FATF) approaching, know your customer (KYC), anti-money laundering (AML) and terrorism countermeasures (CFT) are central topics of discussion. According to a survey of Japanese financial institutions conducted by The International RegTech Association, KYC and AML are some of the fields in which financial institutions expect to be able to improve their business efficiency by introducing technology.

However, progress in this regard is not only important for Japanese financial institutions, but also for Japanese Fintech firms, for which the obligation under the Act on Prevention of Transfer of Criminal Proceeds to implement such measures is one of the most cost- and labor-intensive compliance tasks.

This article offers an overview of the latest topics in AML, KYC and CFT under discussion in in Japan.

1. Amendment of the Ordinance for the Enforcement of the Act on Prevention of Transfer of Criminal Proceeds ― Tightening of identity verification methods through implementation of electronic KYC (EKYC)
The Ordinance was amended in October 2018, allowing the identity verification required of certain business operators to be performed online. The amendment followed reports such as the case of one Fintech firm that said that 40% of its customers failed the KYC process based on previous regulations, because those regulations included not-to-be-redirected mail mailing procedures, which are burdensome for the customers.

The changes in the amendment include, for instance, provisions allowing for four different methods for the use of image data for identification purposes, such as by using software provided by specified business operators. Such software has to be capable of verifying features such as name, address, date of birth and the photograph of the customer on documents (such as a driver license document) for certifying identification, and be able to determine the thickness of a document in order to confirm it has not been altered. One year after the amendment came into force, some companies have begun offering such regtech software services to financial institutions and other Fintech firms.

The earlier methods of non-face-to-face and sending not-to-be-redirected mail to customers were often used to commit fraud, such as submitting an application with a false address and having someone wait at the mailing address to receive the verification mail. Identity verification using not-to-be-redirected mail is now subject to stricter regulations, for example combining it with verification methods, such as receiving the original identification documents from customers by mail or by having mail delivery personnel confirm the existence of the actual person by checking photo identification.

2. Entrustment of KYC
In addition to implementing the aforementioned forms of EKYC measures for identity verification, there was strong demand from fintech companies for the ability to use the results of identity verification performed by other specified business operators, such as where there are multiple business operators with financial licenses within one corporate group.

The proposal was tested at the Financial Service Agency’s (FSA) "FinTech Proof-of-Concept (PoC) Hub," at which three Japanese megabanks and other financial institutions, etc. experimented with sharing the results of identity verification performed using blockchain. It was concluded that the results of identity verification performed by a specified business operator can be used by certain other specified business operators on the basis of entrustment of KYC.

However, it seems that later there were differences of opinion between the FSA and the National Police Agency, which has administrative jurisdiction over the Act on Prevention of Transfer of Criminal Proceeds, and final conclusions were only announced this October. The conclusions stated that identity verification results may be used even if all the procedures leading up to the execution of a contract are not entrusted to another specified business operator (“outsourced party”), provided that the outsourced party acts between the entrusting business operator and the customer, for example as an agent or intermediary, i.e. situations such as where the outsourced party's name is displayed on the entrusting business operator's website at the time the customer is conducting the application procedures with the entrusting business operator, and the outsourced party is positioned between the entrusting business operator and the customer and it is the outsourced party that requests the customer to enter its login ID and password.

3. Strengthening of KYC and AML/CFT ahead of the FATF evaluation
In April this year, the FSA revised the AML/CFT guidelines it established in February 2018. The revisions include requiring non-profit organizations to be evaluated when there is a risk of AML, and recommendations for measures based on the Foreign Exchange and Foreign Trade Act as well as United Nations Security Council resolution 1267, such as the prevention of funding of the proliferation of weapons of mass destruction.

In addition, the guidelines emphasize the need for risk assessment and review thereof in a risk-based approach and suggest that consideration should be given to matters such as increasing the frequency of surveys of high-risk customers (or decreasing the frequency for low-risk customers).

With respect to crypto assets, laws such as the Payment and Services Act have been revised to require wallet service providers to register with the FSA. In addition, the self-imposed regulations of the Japan Virtual Currency Exchange Association require that crypto asset exchange operators take AML/CFT measures in addition to those required by laws and regulations.

In discussions at the G20 Meeting in June 2019, Japan included discussions on the regulations relating to crypto assets and decentralized finance, and showed its willingness to share the results of its advanced regulations with other countries.
There is also a call from the FSA and financial institutions that conduct business with fund transfer service providers for the strengthening of AML/CFT measures by those providers.