Introduction
E-money cards like Suica and nanaco, yen-denominated stablecoins like JPYC, and crypto assets like Bitcoin and Ethereum all let you move value digitally. Under Japanese law, however, each falls under a different business category and requires its own notification or registration. This article walks through the three categories — Prepaid Payment Instruments Issuer, Electronic Payment Instruments Business, and Crypto Asset Exchange Service — and explains why the registration regime exists at all, from both the operator’s and the user’s perspective. It reflects Microfund’s own product-design experience and observations of other operators, based on publicly available information as of May 13, 2026.
Who This Article Is For
- Operators and startups thinking about issuing their own e-money, points, stablecoins, or tokens
- Teams planning payment-processor, wallet, or exchange-style services who need to map out the right registration up front
- Anyone planning to use JPY- or USD-pegged stablecoins (e.g., JPYC, USDC) in a business context
- Individual users of crypto exchanges who want to understand why KYC is so strict
- Business professionals who want to read financial-regulation news with confidence
The goal is to draw a clear map of the three categories and the reasons behind the regime — not to describe the exact filings. For real-world cases, always consult the FSA, your local Finance Bureau, or qualified counsel.
The Three Categories at a Glance
Before drilling in, here is the big picture in one diagram.
All three are anchored in Japan’s Payment Services Act, supervised by the Financial Services Agency (FSA) and local Finance Bureaus. Because the nature of the value and the risks to users differ, the law uses distinct frameworks.
1. Prepaid Payment Instruments Issuer
What it is
Issuing a token of prepaid value — a card, a server-stored balance, or an ID — that customers later exchange for goods or services. Examples include transit IC cards like Suica and PASMO, nanaco and WAON, QUO cards, gift certificates, in-game currency, and in-app coin purchases.
Two sub-types
- Self-issued: usable only at the issuer or closely related entities (e.g., a department store voucher). If the unused balance exceeds JPY 10 million at the end of March or September, the issuer must file a notification with the Finance Bureau.
- Third-party: usable at unrelated, multiple merchants (e.g., general-purpose prepaid cards). Registration with the Finance Bureau is required before issuance. Capital and governance requirements make this a higher bar than the self-issued type.
The core user-protection rule
Issuers must deposit at least half of unused balances. If the issuer fails, users can recover a portion through the deposit-refund process. Cash refunds are, in principle, not allowed (with limited exceptions). Think of it as a ticket meant to be spent.
2. Electronic Payment Instruments Business
What it is
This is a newer category, created by the June 2023 amendments to the Payment Services Act. It covers operators that buy, sell, exchange, custody, or broker electronic payment instruments — broadly, stablecoins pegged to a fiat currency such as JPY or USD.
An “electronic payment instrument” is, loosely, a token designed so its value tracks a fiat currency, that can be used to settle debts with unspecified parties, and that is transferable electronically. Trust-backed JPYC and USDC handled inside Japan are the easiest examples to picture. It has drawn attention for programmable payments, cross-border remittance, and tokenized commerce.
The key difference from crypto assets
Even among tokens on a blockchain, the law splits them based on whether the value is designed to track fiat currency. If yes, it’s an electronic payment instrument; if no (e.g., BTC, ETH), it’s a crypto asset.
Related articles
3. Crypto Asset Exchange Service
What it is
This category was introduced by the April 2017 amendments to the Payment Services Act. Anyone buying, selling, exchanging, custodying, or brokering crypto assets such as Bitcoin, Ethereum, or XRP as a business must register with the FSA / Finance Bureau.
Main obligations
- Segregation of user assets from the operator’s own assets, with at least 95% of crypto assets held in cold wallets as a general rule
- Pre-listing review of crypto assets and compliance with the self-regulation rules of the Japan Virtual and Crypto Assets Exchange Association (JVCEA)
- KYC, suspicious-transaction reporting, and adherence to the Travel Rule
- Disclosure to users (risks, prices, fees, etc.)
Lessons from 2017–2018
The 2018 Coincheck incident (about JPY 58 billion of NEM stolen) and the Zaif breach triggered a step-change in asset segregation, cold storage, and self-regulation across the industry. Today’s regime stands on the shoulders of those real-world incidents and responses.
Side-by-side comparison
| Dimension | Prepaid | Electronic Payment Instruments | Crypto Asset |
|---|---|---|---|
| Nature of value | Prepaid claim | Pegged to fiat | Market-driven |
| Transfer to third parties | Restricted in principle | Allowed (electronic) | Allowed |
| Cash refund | Not allowed as a rule | Yes, via redemption | Yes, via sale |
| Procedure | Notification or registration | Registration | Registration |
| User-asset safeguard | Deposit of unused balance | Trust-based backing | Segregation / cold storage |
| Typical players | Transit / retail e-money | JPYC, in-scope USDC | Japanese crypto exchanges |
Why Notification and Registration Exist
1. User protection
This is the single biggest reason shared across all three categories. Prepaid issuers rely on deposits, electronic payment instruments rely on trust or bank-deposit backing, and crypto exchanges rely on asset segregation and cold storage. For these safeguards to actually work, the government must know who the operators are and be able to inspect them. Operating these businesses without registration would leave users with little recourse if the operator collapsed.
2. AML / CFT
Following the FATF recommendations, Japan’s Act on Prevention of Transfer of Criminal Proceeds designates these operators as “specified business operators” required to perform KYC and file suspicious-transaction reports. Anything that lets value move anonymously at scale invites criminal misuse, so the law restricts handling to registered operators. The Travel Rule for crypto and stablecoins is an extension of the same logic.
3. Market integrity and fair competition
If unregistered operators proliferate, users cannot tell who is trustworthy. By requiring capital, internal controls, vendor management, and complaint handling at the registration stage, the regime ensures honest operators don’t have to compete against fly-by-night ones on equal footing. Inspections and business-improvement orders by the regulator are part of the same machinery.
4. Transparency for users
Registered operators owe users disclosures about products, fees, and risks. Operating status is reported to the regulator, and registered operators are listed publicly, so users can verify whether the service they’re about to use is properly licensed. Getting into the habit of checking the FSA’s website by operator name helps prevent trouble.
Patterns Seen Among Operators
What tends to work
- Starting with self-issued prepaid: Begin with in-store points or in-app coins and file the notification calmly when the JPY 10 million threshold is crossed. Learning the rules while the business is small prevents the painful “actually, we were unregistered” discovery later.
- Stepwise license-up: Build operational muscle with funds-transfer or prepaid first, then move to the Electronic Payment Instruments or Crypto Asset Exchange category once demand is clear. Going straight for the hardest license is usually slower than maturing operational governance and compliance staffing in between.
- Leading with trust: Operators that prominently display their registration number and supervising regulator win B2B customers faster. In B2B, “FSA-registered” often is the procurement check.
What tends to fail
- Issuing large “points” as if they were exempt: Economically prepaid in nature, but issued under the name “points” and then challenged by the Finance Bureau once the balance threshold is crossed. Economic substance, not the label, determines the category.
- Handling foreign stablecoins without registration: Brokering USDC issued abroad to Japanese users, then realizing too late that the Electronic Payment Instruments Business registration is required. “We’re only selling” or “we just refer customers” rarely escapes the definition of brokering as a business.
- Inadequate incident-response posture: Crypto operators with strong technology but no clear playbook for customer outreach, regulator notification, or third-party investigation often end up under business-improvement orders after an incident. How you behave after a hack is, in many ways, the real point of registration.
- Cross-border services without local registration: Operators serving Japanese users with Japanese-language sites have been issued public warnings and, in some cases, faced criminal proceedings. In cross-border finance, regulation reaches where the user is.
What individual users should keep in mind
- Verify on the FSA list: Crypto asset exchange operators, electronic payment instruments operators, and funds-transfer operators are listed on the FSA website. Check before using an unfamiliar service.
- “Guaranteed return” is a loud red flag: Any operator using words like “guaranteed” or “principal-protected” for crypto or stablecoin products is almost certainly off. Registered operators are not allowed to mislead customers.
- Be wary of prepaid services advertising easy cash-out: Prepaid value is not refundable as a rule. If a service makes “convert to cash anytime” its selling point, it may actually belong to a different category (funds-transfer).
- Registration ≠ guarantee of safety: Registered operators can still fail or get hacked. Deposits, trusts, and segregation are minimum safety nets, not zero-risk shields. The most effective rule is still to use amounts you can afford to lose.
Trends in 2026
- Practical adoption of JPY stablecoins: Trust-backed JPYC is accelerating real use in corporate payments, cross-border remittances, and Web3 commerce.
- Debate on crypto tax reform: Moving crypto-asset gains from comprehensive taxation (up to 55%) toward separate self-assessment taxation remains an active topic at the FSA and the ruling party’s tax commission.
- Deeper Travel Rule implementation: Originator / beneficiary information now travels with crypto transfers between registered exchanges, including across borders.
- Outsourced compliance and BaaS-style models: More operators are partnering with registered entities and operating as merchants or service providers under the registered partner’s umbrella.
Summary
In one line each:
- Prepaid Payment Instruments Issuer: issues prepaid vouchers; needs deposits to protect users.
- Electronic Payment Instruments Business: handles fiat-pegged stablecoins; needs trust-style backing and registration.
- Crypto Asset Exchange Service: handles market-driven crypto assets; needs segregation, cold storage, and registration.
The real purpose of registration is to answer, in advance, three questions: who protects users if the operator collapses, how is misuse prevented, and is the operator in a state where it can be supervised? Regulation is often seen as a constraint, but for well-run operators it is also a differentiator of trust.
This article reflects information as of May 13, 2026. The Payment Services Act and related cabinet / FSA orders are an actively evolving area. Always consult the FSA, your local Finance Bureau, or qualified counsel before launching a business or making investment decisions.
References
- FSA, Payment Services Act and related laws and guidelines
- FSA Comprehensive Guidelines for Supervision of Financial Companies, Volume III: Sections 16 (Prepaid Payment Instruments Issuers), 17 (Funds Transfer Service Providers), 18 (Crypto Asset Exchange Service Providers)
- Japan Payment Service Association, self-regulatory rules
- Japan Virtual and Crypto Assets Exchange Association (JVCEA), self-regulatory rules
- FATF, Updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs
- Act on Prevention of Transfer of Criminal Proceeds
- FSA, Discussion materials on payments modernization and electronic payment handling