“Are AI police and AI judges on the way?” – The turning point between a surveillance society and a fair society
Contracts |
DD |
Exchanger |
M&A |
PMI |
Regulatory Compliance |
Scheme Selection |
To operate a cryptoasset exchange in Japan requires registration as a cryptoasset exchange service provider (CESP) under the Payment Services Act (PSA).
As of the date of writing, there are 28 registered CESPs. Both domestic and foreign companies are continuously seeking to enter the Japanese cryptoasset exchange industry.
Obtaining registration often takes two to three years, including the application preparation period, and in some cases requires an initial investment of several billion yen, including system development and personnel costs.
Due to these high hurdles, many companies are seeking to acquire an already registered CESPs rather than obtaining a new license. While acquiring an already registered CESPs is generally considered to have lower hurdles than obtaining a new registration, there are different issues to consider compared to other M&A transactions due to the Japanese financial regulations involved.
This article provides an overview of key points to consider at each phase of M&A of CESPs, focusing on the relevant laws and regulations.
M&A of CESPs involves a wide range of issues, including technology, accounting, taxation, and customer protection, but from a legal standpoint, the most important issue is the relationship with financial regulations, particularly the PSA.
CESPs are legally required to have a system in place to carry out their cryptoasset exchange service “properly and reliably.”1
Failure to meet these requirements may result in on-site inspections by regulatory authorities, business improvement orders, and even revocation of registration (see also the FSA Administrative Guidelines in section 4.1 below).2
Maintaining compliance is a continuous requirement both before and after an M&A transaction. Even after closing, if there are any issues before or after the transaction, the company may be subject to administrative sanctions from regulatory authorities later. The corporate value and business continuity of CESPs depend heavily on the maturity of their compliance systems, and understanding the regulations in this field is essential for successful M&A of CESPs.
In this regard, as described in section 3 and onwards, the following points should be taken into consideration:
| 1. Compliance with Laws and Regulations: Ensuring compliance with laws and regulations is a prerequisite for CESPs. Foreign companies that are not familiar with Japan’s financial regulations should also be aware of this point. 2. Acquisition Scheme: Given that CESP registration is linked to legal personality, a share transfer scheme is typically adopted if a company wishes to maintain its license. 3. Negotiations with Regulatory Authorities: Since the required systems for a CESP must be established both before and after an M&A, negotiations with regulatory authorities are essential in practice. 4. Due Diligence and Contract Adjustment: During legal due diligence, it is important to confirm regulatory compliance. Based on the results, contract terms, such as representations and warranties and preconditions based on negotiations with authorities, must be adjusted. 5. Post-integration process: During the post-M&A integration process, consultations and coordination with regulatory authorities and self-regulatory organizations (JVCEA) are required in accordance with applicable regulations regarding changes to registers, amendments and integration of internal regulations and terms of use, and organizational changes. 6. Antimonopoly Act and Foreign Exchange Act: As with regular M&A transactions, depending on the scale and scheme of the deal, it may be necessary to consider merger control requirements under the Antimonopoly Act. Furthermore, in the case of an acquisition by a foreign company, filings and reports under the Foreign Exchange and Foreign Trade Act may also be required. |
Because the cryptoasset exchange service is a financial industry that is subject to strict regulations, it is necessary to accurately understand the scope of the target company’s license and applicable regulations at the early stages of M&A.
(1) What is a Cryptoasset Exchange Service?
A cryptoasset exchange service, which requires a license (registration with the FSA), means carrying out any of the following act in the course of trade under the PSA.3
| ① Purchase and sale of a cryptoasset or exchange with another cryptoasset, ② Intermediary, brokerage or agency services for the act set forth in ①, ③Management of users’ money, carried out by persons in connection with their acts set forth in ① and ②, ④ Management of cryptoassets on behalf of another person (custody services). Cryptoasset lending and staking services (staking users’ cryptoassets and returning rewards) are generally not considered to fall under the category of cryptoasset exchange services. In addition, different laws and regulations apply to electronic payment instruments such as stablecoins, prepaid payment instruments, and cryptoasset derivative transactions. |
(2) License details
Even for CESPs, the license details vary depending on the operator. Specifically, the names of the cryptoassets to be handled and the details and methods of business must be notified to the FSA in advance, and these are registered in the CESP registry (which can be viewed by anyone at each local finance bureau).4 In addition , the target company may also hold licenses in related fields (e.g., financial instruments business related to cryptoasset derivatives, stablecoin-related electronic payment instruments services). Therefore, a prerequisite for M&A is to accurately understand the scope of the target company’s licenses and clarify what it can and cannot do with its current licenses.
If you plan to launch new services after the acquisition and the content of those services exceeds the scope of the CESP’s current license, you will need to go through procedures such as changing the license (for example, adding cryptoassets to be handled, changing the statement of operational procedures, etc.). Furthermore, if you make major changes to the systems or structure, you will need to consult and negotiate with the authorities in advance.
In particular, if you acquire an CESP with almost no customer base and an underdeveloped system and start an entirely new business, you may need to establish a system and undergo regulatory review equivalent to a new registration. In such cases, it may take a considerable amount of time (six months to a year or more) and cost (in the hundreds of millions of yen) to start operations, so you will need to plan for a sufficient time and budget.
In a typical M&A transaction, a variety of structures may be used, such as share transfers, business transfers, mergers, company splits, etc.
However, in the case of an M&A of CESPs, it is necessary to take into account that the registration of CESPs is linked to their legal personality.
(1) Acquisition by a Non-CESP Company
If a non-CESP company wishes to acquire a CESP and start a new business, in principle, it must use a share transfer scheme (see also the FSA Administrative Guidelines in 4.1 below).
This is because the CESP registration cannot be transferred through a business transfer or merger, and a new registration is required after the transaction.
(2) Acquisition by a CESP Comapny
On the other hand, if a company that is already registered as a CESP acquires another CESP in order to acquire its customer base, systems, or personnel, it may choose a scheme such as business transfer or merger.
However, these methods are only available if the acquiring party is a registered CESP, and the registration itself will not be transferred.
Therefore, both companies that transfer their cryptoasset exchange business and companies that disappear through a merger must file a notification of cancellation of CESP registration.5
| Scheme | Maintaining the license | Commentary |
| Share transfer | ✓ | The most common scheme |
| Business transfer (CESP → CESP) | ✓ (Transferee) |
Abolished for transferors. May be used in M&A between CESPs. |
| Business transfer (CESP → non-CESP) | × | It’s meaningless because the license has been abolished. |
| Merger (between CESPs) | ✓ (surviving company) |
The disappearing company’s registration is abolished. May be used in M&A between CESPs. |
| Merger (non-CESP survives) | × | It’s meaningless because the license has been abolished. |
A cryptoasset exchange service is a financial business, and when engaging in M&A, it is necessary to consider how to respond to regulatory authorities (the FSA and the Local Finance Bureaus). In this regard, it is important to be aware of the provisions of the FSA Administrative Guidelines (Volume 3: Financial Companies) Section 16. Cryptoasset Exchange Service Providers6
The guidelines state that for M&A through share transfers, “attention must be paid to appropriate business structures after closing,” and require efforts to “gather information through daily communication” in addition to notifying major shareholders of changes.
This clearly shows that the authorities place importance on information sharing and dialogue regarding business models and governance structures after share transfers, even before closing.
| FSA Administrative Guidelines (Volume 3: Financial Companies) 16. Cryptoasset Exchange Service Providers (text was underlined by the authors) III-1-8 Points to Note in Share Transfers, etc. (1) Points to Note in Share Transfers Recently, there have been cases in which major shareholders of cryptoasset exchange service providers have sold or transferred their cryptoasset exchange business by transferring their shares to other businesses. Since such share transfers often involve significant changes to the business model, officers and employees, internal control systems, trading systems, etc., it is important to pay attention to whether the system is in place to ensure appropriate business operations after the share transfer. Therefore, supervisory authorities should strive to obtain such information through daily communication with cryptoasset exchange service providers . Given that changes in major shareholders are required to be notified (after the fact) under the PSA, after receiving the notification, they should re-examine the appropriateness of the cryptoasset exchange service provider’s overall internal control system, including governance and compliance, based on in-depth interviews with the cryptoasset exchange service provider’s executives and other relevant personnel. If there are doubts about the soundness and appropriateness of the business, such as if the entity is a “corporation that has not established a system to properly and reliably carry out the cryptoasset exchange business” as stipulated in Article 63-5, Paragraph 1, Item 4 of the Act, a report will be requested pursuant to Article 63-15 of the Act as necessary, and if a serious problem is found, the issuance of administrative measures (III-3), such as a business improvement order pursuant to Article 63 of the Act, will be considered. (2) Points to note when transferring business: When a cryptoasset exchange service provider transfers its business to another entity, it should be noted that unless the party acquiring the business is a cryptoasset exchange service provider registered with the Local Finance Bureau, it will be required to re-register as a cryptoasset exchange service provider. |
As mentioned in section 3.2, a typical M&A of a CESP will adopt a share acquisition scheme. In the case of a share acquisition, under the PSA, it is sufficient to submit a notification regarding a change in major shareholders after closing.7
However, as mentioned in section 4.1, the FSA’s Administrative Guidelines explicitly emphasize “gathering information through daily communication” regarding structural changes accompanying share transfers, rather than merely post-notification. Therefore, in practice, information sharing with authorities prior to closing is strongly recommended, in order to ensure the appropriateness of post-acquisition business operations.
The specific timing for pre-consultation is to begin communication with authorities after the signing of the memorandum of understanding (MOU) and before detailed due diligence begins. During the consultation, it is possible to organize and share information such as the purpose and background of the acquisition, the acquisition scheme, financing methods, post-acquisition business plan, and details of structural changes.
Including the items requiring prior notification regarding the registry changes described in section 4.4(2), consultations with regulatory authorities may take several months. When formulating an M&A schedule, it is important to take into account the time required to respond to authorities.
As mentioned above, if there is a change in major shareholders of CESPs8, it must notify the FSA promptly. Specifically, it must submit a change notification form (Cabinet Office Ordinance Form 10-2) along with a list of shareholders (Form 07) that lists the names of shareholders, the number and percentage of voting rights they hold, and other such information.9
After the acquisition, in accordance with the aforementioned FSA administrative guidelines, the FSA will conduct a hearing to re-examine the appropriateness of the CESP’s overall internal control system, including its management structure and compliance with laws and regulations.
(1) Confirmation of the eligibility of the new structure
During the post-closing hearing, the following points are expected to be confirmed in particular, taking into account the contents of the pre-consultation.
If the acquisition will result in significant changes to the business model or internal control system, more careful verification will be conducted.
| ・Financial soundness: The impact of the financial structure after the acquisition on the fulfillment of segregated management obligations, etc. ・Governance system: Management system for conflicts of interest with the parent company group, ensuring independence of business operations ・Technology and operations: Continuity of the cryptoasset management system, risk management associated with system integration ・Compliance system: Maintenance and strengthening of AML/CFT systems, system for responding to JVCEA regulations ・Human resources and organization: Continuity of specialized human resources, impact of organizational integration on business continuity |
(2) Changes to the Register
As mentioned in section 4.3, changes to the major shareholders must be reflected in the register. In addition, if there are changes to the business operations or structure after the acquisition, notification of changes to other matters recorded in the register must also be submitted.
Of these, the addition of cryptoassets to be handled and changes to business content and methods (such as changes to the method of accepting applications from users and changes to the method of segregated management) are, in principle, matters that require prior notification.10 On the other hand, post notification is sufficient for changes in officers, changes in the type of other business, cessation of handling cryptoassets, and other minor changes.
Pre-notification is required when providing new services or adding cryptoassets to the M&A process, so it is important to consult with the authorities in advance and design a schedule that takes into account the review period. In particular, for matters requiring pre-notification, the review may take several months depending on the content, so it is important to leave sufficient time in the overall M&A schedule.
In legal due diligence (DD) for M&A of CESP, the most important thing is to investigate the regulatory compliance status specific to the cryptoasset exchange service.
| item | point |
| Separate management obligation | Integrity of accounting books, contracts with trust companies, and separate management of wallets |
| System requirements | Securing specialized personnel, meeting minimum net assets, and establishing internal regulations and auditing systems |
| AML/CFT system | Implementation status of identity verification procedures and |
| Cryptoasset handled | Securities eligibility, issuer risk, selection criteria |
| Government response history | Details of the violation and its impact on customers, corrective measures and measures to prevent recurrence, reporting to and response to authorities |
CESPs are obligated to strictly segregate the assets entrusted to them by their customers. Money must be kept separate from their own money and entrusted to a trust company, and cryptoassets must be kept separate from their own cryptoassets, with at least 95% of them managed in a cold wallet.11
During due diligence, it is advisable to check the consistency between customer ledger records and actual balances, the content and implementation status of contracts with trust companies, and the appropriate separation and management of cold and hot wallets.
CESPs are subject to a number of ongoing requirements to ensure that their operations are carried out properly and reliably, including the securing of specialized personnel such as system administrators and AML/CFT officers, the fulfillment of minimum net assets, and the establishment of internal regulations and audit systems. If changes to the management structure or personnel composition are planned after the acquisition, it is necessary to consider whether these requirements can continue to be met, in addition to communicating with the authorities.
It is necessary to check the status of customer identity verification procedures based on the Act on Prevention of Transfer of Criminal Proceeds, customer management based on a risk-based approach, and suspicious transaction reporting records. If the customer base expands due to an acquisition, or if new money laundering risks may arise due to the business characteristics of the parent company group, it will also be necessary to consider whether the existing AML/CFT system can address these issues.
We also recommend analyzing the legal nature and regulatory risks of the cryptoassets handled by the target company. In particular, if the cryptoassets handled may be considered securities under the Financial Instruments and Exchange Act, registration as a CESP alone is not sufficient to handle them. Therefore, consideration of whether they qualify as securities is also necessary. Tokens issued through IEOs and tokens with project investment characteristics require careful consideration.
Furthermore, for cryptoassets with existing issuers, factors such as the issuer’s creditworthiness, project sustainability, and clarity of the issuer’s location are also evaluated. The JVCEA’s self-regulatory rules also stipulate selection criteria for cryptoassets handled, and compliance with these criteria and internal rules must also be confirmed. Furthermore, for highly anonymous cryptoassets, the risk of being forced to discontinue handling them in the future due to stricter regulations on anti-money laundering measures must be considered.
It is difficult to fully verify a target company’s regulatory compliance, including the above, within the limited due diligence period. Therefore, the history of past on-site inspections and administrative actions by regulatory authorities is an important indicator for assessing the maturity of the target company’s compliance system.
If the target company has previously filed a notice of violation of laws and regulations or received a business improvement order or business suspension order from a regulatory authority, it is particularly important to carefully examine the specific details of the violation, the extent of its impact on customers, the implementation status of corrective measures and preventive measures, the history of reporting to the authorities, and the response status. The results of these investigations can be important factors in determining the content of representations and warranties, the setting of closing conditions, and price adjustments.
| item | point |
| Representations and Warranties | No reasons for cancellation of registration and violations of laws and regulations, the status of fulfillment of the obligation to manage customer assets separately, and past administrative sanctions |
| Prerequisites | No particular concerns have been raised by regulatory authorities and there are no significant security risks |
| Transition Support Agreement | Supporting negotiations with authorities, wallet management and system migration, and customer notification |
M&A of CESPs requires contractual design that takes into account their unique characteristics. In particular, representations and warranties often require more detailed assurances than usual regarding matters directly related to industry regulations, such as grounds for registration cancellation, whether or not there have been any violations of laws and regulations, the status of fulfillment of the obligation to segregate customer assets, and past administrative sanctions.
Furthermore, as a prerequisite for transactions, it is not uncommon for key executives and employees, such as system administrators and compliance officers, to be required to continue working. Additionally, assuming the need for prior consultation with regulatory authorities, it may be necessary to consider including conditions such as “no particular concerns raised by regulatory authorities” regarding M&A transactions or changes to registration details. However, because authorities are not in a position to grant legal approval or permission in advance, adjustments to the wording of the clauses will be necessary in this regard.
When conducting due diligence on technology and security systems, it may be necessary to confirm the results of external audits and vulnerability tests to confirm that no significant security risks exist or that they have been addressed as a condition of closing.
Furthermore, to ensure a smooth post-acquisition integration, it is common to enter into a transition support agreement with the seller for a certain period of time. This agreement must predetermine the content, duration, compensation, and terms of extension and termination of support for reporting and consultation to regulatory authorities, migration of wallet management and AML/CFT-related systems, and customer notifications.
As with general corporate acquisitions, M&A of CESPs must also take into account regulations under the Antimonopoly Act and the Foreign Exchange and Foreign Trade Act (Foreign Exchange Act).
Depending on the scale of the project, notification to or prior consultation with the Japan Fair Trade Commission may be required. The number of registered CESPs is limited (28 companies), and merging existing CESPs could pose market share challenges, so it is important to confirm whether notification is required. If notification is required, the review period (usually 30 days, or 120 days if extended) must be factored into the M&A schedule.
When a foreign investor acquires shares in a Japanese CESP, this constitutes “inward direct investment, etc.” under the Foreign Exchange Act, and as a general rule, prior notification is required to the Minister of Finance and the relevant minister via the Bank of Japan. Because CESPs are included in the “auxiliary financial businesses, etc.” category of industries subject to prior notification, investment execution is restricted for 30 days from the date of acceptance of the notification. While this period is often shortened to 14 days in practice, the submission of additional documents may be required depending on the foreign investor’s attributes, investment ratio, and level of management involvement. Therefore, when formulating an acquisition schedule, it is not uncommon for a period of 30 days or more from the acceptance of the notification to be incorporated into the overall M&A schedule.
| Item | point |
| Response to Authorities | Financial soundness, governance system, technology and operations, compliance system, human resources and organization |
| Registry changes | (Pre-closing) Changes in cryptoassets handled, changes in the content and methods of cryptoasset exchange (Post-closing) Changes in major shareholders, changes in officers, types of other businesses |
| Customer Service | Notification content and timing, revisions to terms of use |
| Company regulations | Integration based on new structure and business operations |
Acquisitions of CESPs face many practical challenges, even after closing, including customer service, internal regulation revisions, personnel recruitment, and system integration. Continuing communication with regulatory authorities and registry change procedures are discussed in Section 4.4.
Regarding customer service, upon announcing the acquisition, appropriate information will likely be provided via website and email regarding the continuity of cryptoasset transactions, changes to service content, the safety of customer assets, and revisions to terms of use. Internal regulations required for CESPs will also need to be integrated and revised to conform to the new post-acquisition structure. Regarding systems, prior investigations are required to ensure technical compatibility, security risks associated with the integration, and operational structure during the integration period to avoid any issues.
To ensure a smooth integration process, it may be necessary to obtain a certain period of cooperation from the seller based on the transition support agreement described in Section 6. Clearly defining the support period and conditions for early termination or extension at the contract stage will contribute to a smooth integration.
M&A of CESPes involves many challenges that differ from typical corporate acquisitions, including the unique regulatory environment, technological complexity, and a high reliance on specialized personnel. Dealing with regulators, from pre-acquisition consultations to ongoing post-acquisition supervision, requires considerable time and cost. In addition, contractual risk allowances are also required, given the limited due diligence period, which makes it difficult to comprehensively verify regulations and practices.
While the regulatory environment is expected to continue to change, with discussions on the transition of cryptoasset regulations to the Financial Instruments and Exchange Act, we hope this article will provide an overview when considering M&A of CESPs.
Reservations
“Are AI police and AI judges on the way?” – The turning point between a surveillance society and a fair society
Sustainability and Web3: Can Web3 become a sustainable social infrastructure?
Digital Asset Treasury Strategies and Legal Issues – Practical Considerations for Japanese Companies
Crypto Payments and Japanese Law (2nd Edition)
SEC ICO Warning (Dec 2017)
Initial Coin Offerings (ICO) under Japanese laws
Guidance Note on the Japanese Virtual Currency Legislation
New Crypto Regulations of Japan
Impacts upon enforcement of the Act concerning Work Style Reform
Stable Coins under Japanese Laws
Libra, Maker’s Dai and other Stable Coins under Japanese Laws
Security Token Offerings in Japan