Japanese Bitcoin Exchange Regulation

A law enacted in June 2016 introduces regulation for bitcoin exchanges in Japan. As of now, the law is not yet in force.

On December 28th, the Financial Services Agency published drafts for executive orders on the details. The draft concerning bitcoin exchanges is here.

People so inclined can comment on this draft until January 27th, 5 p.m. Japanese local time. The FSA notice says that the law is scheduled to come into force in April.

I have a couple of comments.

For one, the Japanese government publishes these drafts in a format which is hard to read on a computer screen. They use PDF files with the text running from top to the bottom. If you want to fit one page on the screen, you need to zoom out, resulting in hard to read small fonts. Or you need to print out the whole document.

They should really offer a text only alternative.

The way I am dealing with this is opening a new Word document, pasting the whole PDF file into that document, and then adding the necessary formatting while reading it.

On the other hand, the Japanese government should be congratulated on enacting this. There won’t be another MtGox in Japan. Here are just a couple of things that change in the future:

Address Requirement

I recall that MtGox didn’t even tell their costumers where they were located. It took me quite some effort at the time to establish this basic fact. They published different addresses on their website, none of them correct. One of the addresses was outdated, another one didn’t even exist.

That can’t happen again.

The new law helpfully requires in Article 63-3, Paragraph 1, Number 1 that anyone applying for registering a bitcoin exchange provide their address. And Article 17 Paragraph 1 Number 1 of the executive order requires informing customers of that address.

Where Are Our Bitcoins?

Under Article 63-11, exchanges are required to hold their own cash and bitcoins separate from costumers’ cash and bitcoins. And they also need to face regular audits (at least once a year under Article 23 of the executive order).

With MtGox, no one could get cash out, which was bad. But even worse, no one could get information out. People had no idea where their cash or bitcoins were.

That can’t happen again.

Article 20, Paragraph 1 of the executive order requires that costumers’ cash be held in a bank account that is set up separately for this purpose. And Paragraph 2 allows the exchange to hold costumers’ bitcoins themselves, but requires that it is always possible to immediately make sure which bitcoins are costumer property.

It might be better to have a trusted third party control costumer bitcoins, just like banks are required to control costumer cash.

But right now, Japanese banks don’t even offer bitcoin accounts. So this is impossible.

Another way of minimizing costumer risk would be to require that the bitcoins are not transferred to an exchange in the first place and all transactions of bitcoins run directly from the seller to the buyer.

The Japanese regulation does not adopt this model. This of course means that while exchanges will be more transparent in the future, costumers can still lose coins if an exchange goes down. It is still a good idea to withdraw bitcoins immediately after buying them to an address you control yourself.

Theft Protection

As far as I can see, the new regulations don’t require any level of security against theft of bitcoins.

The MtGox bankruptcy allegedly was caused by a massive theft of bitcoins. Therefore, it would make sense to require minimum protection countermeasures.

Article 63-8 of the law and Article 13 of the executive order require adequate protection against leaking of customer personal information. They don’t seem to have protection against bitcoin theft in mind, though.

Of course it is also in the self-interest of any exchange to avoid theft of bitcoins. And as the industry matures, the countermeasures dealing with this threat mature as well. The occasion to steal a hundreds of millions of dollars worth of bitcoins as easily as with MtGox may be gone for the future.

But I think it would make sense to mention this point somewhere in the executive order, probably best in Article 20, Paragraph 2 of the regulation.

Minimum Financial Requirements

The executive order requires capital of at least 10 million yen to apply for registration (Article 9, Number 1). That may be somewhat of a hurdle for startups.

Article 63-5, Number 2 of the law also requires foreign bitcoin exchanges operating in Japan to have a representative living in Japan. And under Article 63-22 of the law foreign bitcoin exchanges that are not registered in Japan are not allowed to advertise their business to Japanese residents.

 

2 Comments

  1. Edmund Edgar

    > The MtGox bankruptcy allegedly was caused by a massive theft of bitcoins. Therefore, it would make sense to require minimum protection countermeasures.

    The problem with this is that you either define what “minimum protection countermeasures” means or you don’t. If you don’t, it’s meaningless; No exchange is going to run without what they consider to be minimum protection countermeasures. If you do, you need a government body to work out the right way to protect bitcoins, which is more likely to worsen security than improve it, because it’s evolving all the time and a lot of the best approaches won’t be the ones they think of.

    • Karl-Friedrich Lenz

      Thank you for your comment and a happy new year.
      The proposals do require protection measures against leaking of personal data, without specifying them.
      I don’t see any reason why the government should be worse at security than individual exchanges. How could anyone leave the door wider open than MtGox?

Comments are closed.