M&A of Cryptoasset Exchange Service Providers – Regulatory Specificities
The Financial Services Agency’s Financial System Council “Working Group on Cryptoasset Systems” has been examining the revision of cryptoasset regulations since its establishment on June 25, 2025. At the sixth meeting held on November 26, a draft report1 summarizing the results of the deliberations was mostly approved.
Going forward, based on the final report of the Council, draft amendments to relevant laws and regulations are expected to be submitted to the ordinary Diet session in 2026, with new regulations potentially being introduced as early as spring 2027.
The most significant point in this draft report is the transfer of cryptoasset-related regulations from the Payment Services Act (PSA) to the Financial Instruments and Exchange Act (FIEA). This fundamental revision repositions cryptoassets from “payment instruments” under the PSA (regulated since 2016) to “financial instruments,” representing a critical system change for the cryptoasset industry.
This article will organize the overall picture of the draft report and then outline what impacts are anticipated for existing cryptoasset-related businesses if this content is implemented.
The draft report presents issues accompanying the use of cryptoassets as investment targets and proposes the following:
As a major change accompanying the transition to FIEA, the draft report proposes establishing an obligation to provide information at the time of new sales and a continuing information provision obligation, based on the necessity of providing information to users in cryptoasset transactions.
From the perspective of eliminating information asymmetry, the draft report states that information should be provided regarding the nature and functions of cryptoassets, supply volume, underlying technology, accompanying rights and obligations, inherent risks, etc. Additionally, for centralized cryptoassets (*), information provision regarding the centralized administrator is also required in addition to the above information.
For centralized cryptoassets, the draft report states that their scope should be determined by focusing on control over distribution aspects (issuance and transfer authority) and content aspects (authority to design and change specifications), citing the following types as examples:
Regarding entities subject to information provision obligations, the draft report states that Cryptoasset Exchange Service Providers (CESPs) should play the fundamental role and should establish a system to collect necessary information and provide it to users. On the other hand, for centralized cryptoassets, when their centralized administrators raise funds from general users, information provision obligations should be imposed on those centralized administrators.
For cryptoassets issued overseas that are handled by domestic CESPs, it is considered that CESPs will provide information regardless of whether a centralized administrator exists.
| Type | Issuer Fundraising | Information Provision Obligor | Main Information to be Provided | Notes |
| Centralized Cryptoassets | Yes | Issuer/ CESP | – Nature, functions, supply volume, underlying technology – Risks (liquidity, dilution, business, technological) – Issuer information, use of funds, business plan – Holdings, product characteristics, etc |
Unclear which party is primarily responsible |
| No | CESP | – Nature, functions, supply volume, underlying technology – Risks – Issuer information, etc. |
— | |
| Decentralized Cryptoassets | — | CESP | – Nature, functions, supply volume, underlying technology – Risks, product characteristics, etc. |
— |
| Foreign Issued | — | CESP | – According to the above | Measures to ensure accuracy and objectivity under consideration |
| Private Placement/Private Offering | Yes | Exempt | — | Measures to ensure accuracy |
The draft report states that due to the nature of cryptoassets, events that affect investment decisions such as specification changes and business progress are likely to occur, and therefore, timely disclosure obligations should be imposed on issuers or CESPs when significant events occur. Additionally, to supplement timely disclosure, it is appropriate to require issuers to provide periodic information once a year regarding the issuer’s business activities, etc.
With the transition to the FIEA framework, the draft report indicates a direction to strengthen business operations, user asset management, security measures, etc., centering on regulations equivalent to Type I Financial Instruments Business for businesses conducting cryptoasset trading, etc.
Concurrent business regulations refer to regulations where Type I Financial Instruments Business Operators conducting securities trading, etc., and Investment Management Business Operators conducting fund management, etc., cannot in principle conduct businesses other than those listed in FIEA, and require prior approval or notification to conduct other businesses.
The draft report requires CESPs to undergo prior checks when conducting other businesses from the perspective of preventing conflicts of interest and protecting users, similar to concurrent business regulations under FIEA. However, businesses incidental to cryptoasset exchange service, such as consulting services related to blockchain, etc., do not require notification or approval, and it is considered that other businesses may only require prior notification.
From the perspective of user protection, the draft report requires CESPs to establish more robust management systems. In particular, the following system development is required:
Based on the indication that issuers have weak economic incentives to meet user expectations after fundraising through IEOs and other cryptoasset solicitations and offerings, the draft report proposes the following user protection measures:
Regarding management of user assets, the draft report maintains the current segregated management obligation as the basic approach. On the other hand, considering the increasing sophistication of methods in recent unauthorized outflow cases, it states that new safety management measures need to be legally mandated, while also premising flexible response through guidelines, etc.
Additionally, when CESPs receive provision of important systems for cryptoasset management from external businesses, it is appropriate to establish a system where prior notification, supervisory authority, and conduct regulations are introduced for such businesses, and CESPs can only receive provision from notified businesses.
The draft report states that since hacking outflow risks exist even for cryptoassets managed in cold wallets, etc., there needs to be preparation to appropriately provide necessary compensation to customers. Therefore, while being considerate not to impose excessive burdens on CESPs, it should require the accumulation of reserve funds at appropriate levels based on past outflow case occurrence situations and security levels.
Additionally, from the perspective of broadening options for securing compensation sources, it is organized that insurance enrollment, etc., should be considered either as an alternative to reserve funds or in combination with reserve funds.
Regarding lending businesses where cryptoassets are borrowed from users for staking or re-lending, the draft report states that since these are acts where users take risks to pursue returns, from the perspective of user protection, they should be subject to business regulations under FIEA, and the following system development obligations and conduct regulations should be imposed2:
The draft report states that issuers selling cryptoassets directly must maintain exchange service registration, except for private placements or offerings. When delegating to CESPs, issuer registration becomes unnecessary.
Based on recent recommendations by the International Organization of Securities Commissions (IOSCO), legislation in Europe and South Korea, and law enforcement cases in the United States, the draft report states that cryptoasset insider trading regulations with a surcharge system should be established.
Specifically, it is necessary to prohibit (i) persons in a special position (insiders) who have access to (ii) “material facts” regarding “target cryptoassets” from engaging in any transactions that (v) undermine users’ confidence in the trading venues before (iv) the “public disclosure” of such facts.
Target cryptoassets for regulation are cryptoassets handled at domestic CESPs, including cryptoassets for which formal handling applications have been made to CESPs .
Material facts are appropriately individually enumerated for the following three types while supplemented with basket clauses:
Regarding regulatory targets, it is appropriate to target cases where persons in special positions with access to material facts know internal information due to being in such positions. Specifically, depending on the type of material fact, it is anticipated that related parties of issuers of centralized cryptoassets, related parties of CESPs, related parties of those conducting large-scale transactions, and primary information recipients from these parties will be targeted.
In addition to insider trading regulations, among unfair trading regulations for securities—such as stealth marketing regulations– that are considered applicable to cryptoassets should also be established:
Criminal penalties for unregistered businesses will be strengthened (imprisonment of not more than 5 years or a fine of up to 5 million yen, or both), and enforcement such as emergency injunctions established for unregistered financial instruments businesses will be arranged. Additionally, investment management and investment advice regarding cryptoassets should also be subject to Investment Management Business and Investment Advisory Business.
Regarding DEX, no detailed proposals have been made as a regulatory plan at this time, but it is stated that consideration of appropriate regulations matching technical characteristics will continue.
Additionally, for those providing UI such as apps connecting to DEX to domestic residents, it is stated that there is a need to deepen understanding of regulatory trends in each country and actual service conditions, with the intention of imposing appropriate regulations according to risks, including obligations to explain risks related to connection destinations and AML/CFT measures including identity verification obligations under the Act on Prevention of Transfer of Criminal Proceeds.
The following summarizes the anticipated impact on practice by business type/business format if the content of the draft report is realized, to the extent that can be anticipated.
| No. | Business Type/Format | Impact Level | Main Impact Items | Notes |
| 1 | Cryptoasset Exchange Service Providers | ◎ | – Obtaining licenses under FIEA – Information provision regulations (new sales/continuing) -Examination of centralized cryptoasset applicability -Concurrent business regulations – Business management system development -Safety management measure development -Suitability principle/best execution obligation -Reserve fund accumulation -Unfair trading regulations |
-Cryptoasset exchanges (order book trading) excluded from market opening regulations -Businesses incidental to exchange service do not require notification/approval; other businesses require prior notification -Providers of wallets, etc., limited to notified businesses -Although outside the scope of the draft report, possibilities of tax reform and leverage regulation relaxation |
| 2 | Financial Instruments Business Operators | △? | – Possibility of recognizing concurrent business regulation relaxation (prior notification) for businesses only conducting cryptoasset derivative trading | -Cryptoasset derivative order book trading excluded from market opening regulations -Although outside the scope of the draft report, possibility of cryptoasset ETF |
| 3 | Electronic Payment Instrument/Cryptoasset Service Intermediary Business Operators | 〇 | – Transition to Financial Instruments Intermediary Business -Application of regulations such as sales representative system |
— |
| 4 | Electronic Payment Instrument Issuers/Electronic Payment Instrument Service Providers | × | — | – Electronic payment instruments excluded from scope |
| 5 | Cryptoasset Issuers (Centralized Type) | 〇 | -Information provision regulations (new sales/continuing) -Prohibition of advantageous issuance during/after listing examination -Lock-up period setting before/after listing -Unfair trading regulations |
– Fundraising through secondary trading also subject to information provision regulations |
| 6 | System Providers (Wallets, etc.) | ◎ | -Subject to prior notification regulations -Setting of disqualification reasons, conduct regulations, supervisory authority |
-Attention to appropriate level of regulation -Necessary transitional measures also under consideration |
| 7 | Lending (Borrowing) Business Operators | ◎ | -Subject to FIEA regulations -Obligation to develop risk management systems -Obligation to develop cryptoasset safety management systems -Risk explanation obligations to users and advertising regulations |
-Attention to appropriate level of regulation -Necessary transitional measures also under consideration -Borrowing by institutional investors and individuals from CESPs excluded from regulation |
| 8 | Staking Service Providers | × | — | -Not mentioned in draft report -Impact exists if applicable to cryptoasset lending or management |
| 9 | Investment Management/Investment Advisory Business Operators | ◎ | – Investment management and investment advice regarding cryptoassets subject to Investment Management Business and Investment Advisory Business -Possibility of requiring cybersecurity system development for cryptoasset investment management operators |
— |
| 10 | Financial Instruments Exchanges | × | – Listing of cryptoasset spot difficult for the time being | — |
| 11 | Banks/Insurance Companies (Main Entity) | △ | -Trading/intermediation continues to be prohibited -Investment management of cryptoassets also prohibited -Investment purpose holding under consideration |
– Investment purpose holding premised on sufficient risk management and system development |
| 12 | Banks/Insurance Companies (Subsidiaries, etc.) | 〇 | -Trading/intermediation possible -Investment management of cryptoassets/investment purpose holding possible |
– Same as subsidiaries for sibling and affiliated companies |
| 13 | DEX Operators | × | – Regulations under continued consideration | -International discussion necessary -Risk awareness by authorities and exchange operators, etc. |
| 14 | DEX UI Providers | △ | -Considering regulations such as risk explanation obligations, AML/CFT measures -Efforts to understand regulatory trends in each country and actual conditions |
|
| 15 | Unregistered Businesses | 〇 | -Strengthening of criminal penalties -Strengthening of enforcement -Consideration of creating civil effect provisions invalidating contracts as profiteering acts |
– Note that if civil effect provisions invalidating contracts as profiteering acts are established, impact may become ◎ |
| 16 | Mining Business Operators | × | — | -Not mentioned in draft report -Subject to regulation if applicable to funds |
| 17 | NFT Business Operators | × | — | – NFTs in principle excluded from regulation – If applicable to cryptoassets or security tokens, already subject to regulation under current law and will remain subject to regulation after amendment |
| 18 | Blockchain Game Business Operators | × | — | – Free distribution and automatic token distribution as rewards not fundraising, therefore excluded from regulation |
| 19 | Proprietary Trading | × | — | – Excluded from regulation if not conducted “as a business” |
Key: ◎=Major Impact, 〇=Significant Impact, △=Limited Impact, ×=No Impact
Reservations
M&A of Cryptoasset Exchange Service Providers – Regulatory Specificities
“Are AI police and AI judges on the way?” – The turning point between a surveillance society and a fair society
Sustainability and Web3: Can Web3 become a sustainable social infrastructure?
Digital Asset Treasury Strategies and Legal Issues – Practical Considerations for Japanese Companies
SEC ICO Warning (Dec 2017)
Initial Coin Offerings (ICO) under Japanese laws
Guidance Note on the Japanese Virtual Currency Legislation
New Crypto Regulations of Japan
Impacts upon enforcement of the Act concerning Work Style Reform
Stable Coins under Japanese Laws
Libra, Maker’s Dai and other Stable Coins under Japanese Laws
Security Token Offerings in Japan