Financial watchdog’s tough new registration standards aim to promote compliance and protect customer assets
Japan’s Financial Services Agency is imposing stricter review standards for cryptocurrency exchange operators that register with it, aiming to forestall another digital currency heist like the Coincheck scandal that grabbed headlines in January, Nikkei has learned.
“We need to introduce a new perspective in reviews of registrations,” an official from the FSA said in a meeting this April. The registration process would go beyond mere documentation and include preliminary visits that make detailed investigations into how operations are managed.
The government had worked to nurture the budding industry since it began recognizing bitcoin and other virtual currencies as a valid form of payment in April 2017. But it is now focusing on improved compliance and measures to protect customer assets.
Exchange operators registering with the government will now need to satisfy five broad criteria. First, they will be subject to tougher standards on system management. They will not store currency in internet-connected computers and will have to set multiple passwords for currency transfers.
Second, they will need to work harder to prevent money laundering, through such means as verifying customer identification for large transfers.
To ensure that customer assets are carefully managed separately from exchange assets, operators will have to check customer account balances multiple times a day for signs of any diversions. The FSA will also require operators to have rules in place to keep their officers from using client money or virtual currencies.
There will also be new restrictions on the kinds of cryptocurrencies allowed at government-registered exchange operators. Those granting a high level of anonymity and easily used for money laundering will as a general rule be banned.
Lastly, the FSA will require stricter internal regulations. Operators will need to separate shareholders from management. System development roles will also be separated from asset management roles to keep employees from manipulating the system for their own gain.
“Without the necessary know-how, we’ve been feeling our way through the dark on how thoroughly we should check these different aspects,” a source from the FSA said. The new five-point framework will let the agency perform a detailed assessment and identify potential risks in advance.
The FSA will first review documents submitted by operators seeking government registration. It will then send inspectors to those that pass the initial screening to review their system operations and verify the number of employees.
The Coincheck theft shed light on lax practices at various cryptocurrency exchange operators. The FSA will start using the new framework when it begins accepting new registration applications again, likely this summer, and urge those falling short to exit the business. It will require existing operators to meet the new standards as well.