Crypto Exchange License in Japan: FSA Registration as a CAESP

In Japan, a crypto exchange does not hold a "license." It holds a registration as a Crypto-Asset Exchange Service Provider (CAESP) under the Payment Services Act, supervised by the Financial Services Agency. Searches for a "crypto exchange license Japan" are looking for this registration regime, which is among the most demanding in the world.

This guide explains the regime as it actually works: who supervises it, what activities pull you into it, the corporate and substance requirements, and the custody controls that define Japanese crypto regulation, including the cold-wallet rule and the Segregated User Management Trust. Where a frequently quoted figure (minimum capital, the hot-wallet limit, a fixed timeline) is not confirmed in the primary statutory text, we say so rather than publish it as fact.

Japan does not issue a crypto "license" - it requires FSA registration

Japan operates a registration regime, not a licensing one. To run a crypto exchange business, you register as a Crypto-Asset Exchange Service Provider (CAESP) with the Prime Minister under the Payment Services Act, Article 63-2. Supervision is delegated to the Financial Services Agency (FSA) and the Local Finance Bureaus. There is no separate document called a "license."

That distinction matters more than wording. A registration regime means a substantive examination of your business, your custody design, and your AML systems before you can operate, with continuing supervision afterward. The fact that the FSA publishes a register of approved providers, rather than issuing licenses, is the clearest signal that this is a registration framework. We keep the keyword "license" in the heading because that is what founders type, then use the legally correct term, registration, throughout.

Crypto-Asset Exchange Service Provider (CAESP) defined

A CAESP is the legal role you take on once registered. The Payment Services Act defines a "Crypto-Asset Exchange Service" in Article 2(7) as a set of activities: exchange transactions in crypto-assets, brokerage or intermediation in connection with those acts, and the management of users' money or crypto-assets in connection with them. If your business performs any of these as a commercial undertaking, you fall within the definition and the registration requirement of Article 63-2 applies.

The takeaway is that "exchange" in the statutory sense is broad. It captures pure trading venues, brokers, and custodians alike, which is why the scope section below is the part most operators underestimate.

Why the old "Virtual Currency" wording still appears

If you read the official English translation of the Payment Services Act, you will see the term "Virtual Currency" rather than "Crypto-Asset." This is a translation artifact, not a different regime. The 2019 amendments to the Payment Services Act and the Financial Instruments and Exchange Act renamed "Virtual Currency" to "Crypto-Asset" in the Japanese statute, but some provisional English translations still carry the legacy wording. The substance, the registration duty, the scope, and the custody rules, is the same. When a source says "Virtual Currency Exchange Service," read it as "Crypto-Asset Exchange Service."

Who regulates crypto exchanges in Japan?

Crypto exchanges in Japan are supervised by the Financial Services Agency (FSA) and the Local Finance Bureaus, acting on behalf of the Prime Minister, with the JVCEA serving as the FSA-certified self-regulatory organization. Statutory authority sits with the FSA; day-to-day self-regulation, including rules on user-property management, runs through the JVCEA, whose standards are read into FSA supervision.

This two-layer structure, a statutory supervisor plus a certified self-regulator, is a defining feature of the Japanese model. Understanding which body owns which rule helps you prepare an application that satisfies both.

FSA, Local Finance Bureaus and the Prime Minister

Formally, registration is "with the Prime Minister" under Payment Services Act Article 63-2. In practice, that authority is delegated. The FSA Guideline for Supervision of Crypto-Asset Exchange Service Providers describes business-improvement orders under Article 63-16 and revocation or business suspension under Article 63-17 being handled by the Director-General of the Local Finance Bureau in coordination with the FSA Commissioner. So your supervisory relationship runs through both the FSA and the relevant Local Finance Bureau, not a single counter.

JVCEA, the certified self-regulatory organization

The Japan Virtual and Crypto assets Exchange Association (JVCEA) is the FSA-certified self-regulatory organization for the crypto-asset exchange business, as well as crypto-asset-related derivatives, electronic payment instruments, and funds transfer. The FSA Guideline directs supervisors to "seriously regard" the rules made by certified associations alongside statutory regulation, and it repeatedly applies JVCEA's named rules, such as the "Rules on Management of Users' Property relating to the Crypto-Asset Exchange Services," in its supervisory standard.

Because JVCEA's self-regulatory rules are read into supervision and applications are processed in collaboration with it, membership is the practical baseline for any serious applicant. The primary statutory text we reviewed does not assert a hard "must join" mandate, so we treat membership as operationally necessary rather than as a confirmed statutory requirement.

What activities require CAESP registration?

Registration is triggered by activity, not by labels. The Payment Services Act defines the regulated service by what you do with crypto-assets and with users' money, which means a business that never calls itself an "exchange" can still need to register.

The three covered activities are exchange transactions, brokerage or intermediation in connection with those acts, and custody. The third is the one operators most often miss.

Exchange, brokerage and custody under PSA Art. 2(7)

Under Payment Services Act Article 2(7), a Crypto-Asset Exchange Service comprises three activity types:

• Exchange transactions: buying, selling, or exchanging crypto-assets, including crypto-to-fiat and crypto-to-crypto.
• Brokerage and intermediation: acting as an intermediary, broker, or agent in connection with those exchange acts.
• Management of users' money or crypto-assets: holding or administering users' money or crypto-assets in connection with the above.

Any of these, conducted as a business, brings you within Article 63-2 and the duty to register. There is no de minimis carve-out for "small" exchanges in the fetched statutory text.

Custody alone can trigger registration

This is the differentiating point. The FSA Guideline confirms that the "management of Crypto-Assets on behalf of another person" can itself require registration, even when you are not running a trading venue or acting as a broker. A pure custodian that holds users' crypto-assets falls within the Crypto-Asset Exchange Service definition.

For founders, this means a custody-only or wallet-as-a-service model is not a way around the regime. If you hold user crypto-assets, plan to register as a CAESP and build the full custody control set described below.

Requirements to register a crypto exchange in Japan

The core requirements fall into three groups: corporate form, local presence, and financial standing. The Payment Services Act sets the structure of these requirements and defers the numeric thresholds to subordinate legislation (the Cabinet Order and Cabinet Office Order), which is why some commonly quoted figures are flagged rather than stated here.

Corporate form and local presence

The applicant must be a corporation. Payment Services Act Article 63-5 lists as a ground for refusal "a person other than a corporation," and adds that a foreign corporation without a business office in Japan is also refused. Practically, that means two things: you need a corporate vehicle, and you need a real presence in Japan.

A foreign corporation must additionally have a representative in Japan, alongside the Japanese business office, to satisfy the refusal grounds and the application particulars of Article 63-3. The statute we reviewed says "a corporation"; it does not, in the fetched provisions, specifically mandate a kabushiki kaisha (stock company). In practice the structure is typically a kabushiki kaisha, but treat that as registration practice rather than a confirmed statutory rule.

Capital and net-asset standards

Payment Services Act Article 63-5 conditions registration on meeting capital and net-asset standards "specified by Cabinet Order." The statutory text itself does not state a number. The figure commonly reported in the market, around JPY 10 million in stated capital plus a non-negative net-asset requirement, sits in the Cabinet Office Order, which we have not yet confirmed as a primary source. We therefore do not publish it as a sourced fact. Treat the capital threshold as set by Cabinet Order and confirm the current figure against the Cabinet Office Order before relying on it.

Refusal grounds (PSA Art. 63-5)

The fact that Article 63-5 enumerates refusal grounds tells you the examination is substantive, not a registration formality. Grounds include not being a corporation, lacking a Japanese business office (for foreign corporations), and failing the capital and net-asset standards set by Cabinet Order. The FSA assesses business-management systems, custody and segregation design, AML/CFT readiness, IT-system risk, and crypto-asset appropriateness before approving an application, so weak preparation on any of these is a route to refusal.

Custody and segregation of user assets (the core control)

If one section defines Japanese crypto regulation, it is this one. The Payment Services Act and the Cabinet Office Order require providers to keep users' property strictly separate from their own, to hold user crypto-assets in cold storage, and to reconcile balances daily. These controls are the most authoritative, differentiating part of the regime and the part the legacy market commentary most often skips.

Cold-wallet custody and secret keys

For users' crypto-assets, the FSA Guideline requires the provider to record and manage the secret keys necessary for transferring the target crypto-assets on electronic devices that are always unconnected to the Internet, in other words, cold-wallet storage, or by equivalent technical security measures. The Guideline is strict about what "always unconnected" means: a device that has been connected to the Internet even once does not qualify. That rules out the common shortcut of moving keys onto a temporarily online machine.

The narrow hot-wallet exception

The cold-storage default has only a narrow carve-out. The FSA Guideline limits the exception to "Target Entrusted Crypto-Assets" that satisfy Payment Services Act Article 63-11(2) and Cabinet Office Order Article 27(2). This is the statutory hook behind the de-facto hot-wallet limit that the market often quotes as a percentage. The exact percentage is not in the primary text we reviewed; it sits in the Cabinet Office Order and JVCEA rules. We therefore describe the exception as narrow and limited to qualifying entrusted assets, rather than publishing a specific figure.

Segregated User Management Trust for user money

User money is handled differently from user crypto-assets. Under Payment Services Act Articles 63-11 and 63-11-2 and the related Cabinet Office Order provisions, users' money must be managed via a Segregated User Management Trust meeting Cabinet Office Order Article 26(1). The required segregated amount is recalculated every business day, so the trust always tracks current user balances rather than a stale snapshot.

Daily reconciliation and shortfall rules

Segregation is backed by an audit discipline. The FSA Guideline requires user crypto-assets to be held in a different wallet and in clearly segregated devices from the provider's own assets, whether managed in-house or through a third party. On-chain balances must be reconciled against book balances every business day, and any shortfall must be resolved within five business days. This daily-and-five-day cadence is a measurable operational obligation, not a best-effort target, and it shapes how you staff and tool your custody operation.

AML/CFT and governance obligations

Custody is only half the supervisory picture. The FSA also examines anti-money-laundering systems, governance, and IT-system risk, and it expects JVCEA self-regulatory rules to be reflected in your controls. These obligations are continuous: they apply from registration onward, not just at the application stage.

Risk-based AML/CFT and customer verification

Providers must apply risk-based AML/CFT measures under the FSA Guidelines on Anti-Money Laundering and Counter-Terrorist-Financing Measures, identifying and assessing money-laundering and terrorist-financing risk and applying proportionate controls. Customer-verification duties (in the context of the Act on Prevention of Transfer of Criminal Proceeds) apply at transaction onboarding, and JVCEA self-regulatory rules are reflected into the supervisory standard. For a deeper treatment of the underlying program, see our guide to AML and KYC requirements.

Crypto-asset appropriateness and system-risk management

Two further supervisory viewpoints round out governance. First, crypto-asset appropriateness: which assets a provider may handle is screened in collaboration with the JVCEA, so listing decisions are themselves a compliance question. Second, system risk: the FSA Guideline treats business-management framework, IT-system risk management, internal controls, and management-team accountability as explicit supervisory viewpoints. A robust governance and technology story is part of being registrable, not an afterthought.

PSA vs FIEA: spot and custody vs crypto derivatives

A common planning error is assuming one registration covers everything you want to offer. It does not. Spot exchange and custody sit under the Payment Services Act; crypto-asset derivatives sit under a separate statute, the Financial Instruments and Exchange Act (FIEA). Knowing which regime a product falls under before you build it avoids an expensive scope surprise.

What the PSA spot/custody registration covers

A CAESP registration under the Payment Services Act authorizes the spot and custody side of the business: exchange transactions, brokerage and intermediation in connection with those acts, and management of users' money and crypto-assets. That is the scope of Article 2(7) and the registration of Article 63-2, and it is what most "crypto exchange" operators need first.

When you also need FIEA authorization

Crypto-asset derivatives and margin trading fall under the Financial Instruments and Exchange Act (FIEA), a separate regime from the PSA spot and custody registration. A spot CAESP registration does not by itself authorize a derivatives business. If your roadmap includes leveraged or derivative products, you need to plan for FIEA authorization in addition to, not instead of, your CAESP registration.

Registration process and timeline

The process is an application under the Payment Services Act followed by a substantive FSA examination, conducted in collaboration with the JVCEA. It is widely regarded as one of the slowest and most demanding crypto registration processes in the world, though a fixed statutory timeline is not published. After registration, the FSA retains broad enforcement powers.

How the application works (PSA Art. 63-3)

You file a registration application under Payment Services Act Article 63-3, supplying the required particulars: corporate name, capital amount, business-office location, and officers, per the Cabinet Office Order. The FSA or Local Finance Bureau then processes the application in collaboration with the certified association (JVCEA). The review covers business-management systems, separate-management and custody design, AML/CFT readiness, IT-system risk, and crypto-asset appropriateness. Treat it as a deep examination of your operating model, not a form-filling exercise.

How long FSA registration takes

Japanese crypto-asset registration is widely understood to be among the slowest globally, commonly described as roughly a year or more for unprepared applicants. We have not found an FSA-published statutory processing-time figure in the primary sources, so we frame the timeline qualitatively as lengthy and among the most demanding worldwide. A specific month range often quoted in older material is not primary-sourced, and we do not state one as fact. The practical lever you control is preparation: the better your custody, AML, and governance documentation, the shorter the back-and-forth.

Enforcement after registration (Art. 63-16 / 63-17)

Registration is not the end of supervision. The FSA Guideline sets out post-registration enforcement: business-improvement orders under Payment Services Act Article 63-16, and revocation of registration or business suspension under Article 63-17. These powers sit behind the daily custody and reconciliation duties, which is why ongoing compliance, not just the initial application, defines a sustainable Japanese exchange.

Foreign companies and the FSA published register

Foreign founders frequently ask whether the door is open to them and how to verify who is genuinely registered. Both questions have clear answers in the primary sources: foreign corporations can register if they establish the required Japanese presence, and the FSA publishes the official register of approved providers.

Can a foreign company register?

Yes. A foreign corporation can register as a CAESP, but it must establish a business office in Japan and appoint a representative in Japan, as required by the refusal grounds of Payment Services Act Article 63-5 and the application particulars of Article 63-3. Without that local presence, the application is refused. In substance, foreign access to the Japanese market runs through a properly resourced Japanese entity.

The official register of registered exchanges

The FSA maintains and publishes the official "Crypto-asset Exchange Service Providers" register as a downloadable PDF and Excel file under its Regulated Institutions page. This register is both a due-diligence tool and proof that the regime is registration-based: approved firms are listed publicly. If a counterparty claims to be a registered Japanese exchange, the register is where you confirm it.

Cost orientation and how we help

Japan is one of the more expensive crypto jurisdictions to enter, driven less by official fees than by the substance the regime demands: a real Japanese entity, a fully built custody operation, and the governance and AML systems the FSA examines. We do not publish a price list, because every project's cost depends on its product scope and timeline. We do help you scope the work realistically before you commit.

What drives the cost of FSA registration

The main cost drivers are predictable once you understand the regime:

• Legal and advisory work to prepare a registration that survives a substantive examination.
• Capital and net-asset standing set by Cabinet Order (confirm the current figure before budgeting).
• Custody build-out: cold-wallet infrastructure, secret-key management, and the Segregated User Management Trust.
• Ongoing compliance: daily reconciliation, AML/CFT systems, JVCEA membership, and governance staffing.

To frame these against your wider budget, see our exchange license budget guide. To compare Japan against other markets, our comparison of crypto jurisdictions and our overview of Singapore's MAS DPT regime put the Japanese cost and timeline in context.

From our practice

Across Asian crypto registrations, the pattern we see repeatedly is that founders underestimate the Japanese custody and segregation build, not the paperwork. Teams arrive with a solid AML policy and a corporate plan, then discover that the cold-wallet rule, the always-offline secret-key standard, the daily-recalculated Segregated User Management Trust, and the five-business-day shortfall fix reshape their entire technology and operations model. The work that moves an application forward is rarely the application form; it is demonstrating to the FSA that the custody and reconciliation discipline already exists and runs day after day. We sequence projects around that reality, treating custody design as the first deliverable rather than the last. For the broader playbook, see our pillar on how to start a licensed crypto exchange, and our Crypto-License.io hub for the full jurisdiction set.