According to reports, Japan’s Financial Services Agency is preparing new rules that would force companies providing management systems to crypto exchanges to give prior notice or register before they start work.
Under current law, exchanges must follow strict rules for holding users’ money, including storing funds in cold wallets. But outside vendors that run trading software or custody tools operate without the same legal footprint.
Regulators say that gap leaves room for mistakes and security holes. The plan would require exchanges to deal only with registered providers, creating a clearer line of responsibility.
If passed, the system would likely include checks on security practices, incident reporting rules, and clearer lines for who is responsible when things go wrong.
The FSA plans to compile a full report of the discussions and push for changes to the Financial Instruments and Exchange Act at the 2026 ordinary Diet session.
That timetable gives legislators time to consider the details and for industry groups to weigh in. Some in the market warn the new rules could mean extra compliance work for smaller vendors. Others say that may be a fair trade for stronger protections for customers.
The regulator has also supported a pilot stablecoin effort involving major banks MUFG, SMBC, and Mizuho Bank.
The push for change gained speed after a major hack in 2024. Reports have disclosed that hackers stole over 48 billion yen — roughly $311 million — in Bitcoin from DMM Bitcoin.
Investigators later traced the breach to Ginco, a Tokyo-based firm that managed parts of DMM’s trading system. That case made it plain to many officials that outsourcing critical operations can spread risk beyond the exchange itself.
Featured image from Unsplash, chart from TradingView
