Core AML/CTF Obligations for Registered Electronic Payment Institutions
Registered electronic payment service providers are specified business operators under the APTCP. Their AML/CTF obligations follow the same structural framework as banks:
Customer Due Diligence
Identity verification at account opening and at prescribed transaction trigger points. For consumer platforms, this means verification at the point of account creation, with enhanced verification for higher-value or higher-risk transactions. For business-to-business payment platforms, this includes beneficial ownership verification for corporate customers.
Ongoing Transaction Monitoring
Transaction monitoring calibrated to the platform’s specific risk profile — taking into account the transaction velocity, anonymity characteristics, and cross-border exposure of digital payment transactions. The risk profile of a domestic BNPL product with average transaction values below ¥50,000 and a verified consumer base is materially different from a cross-border payment aggregator processing ¥500,000 business payments. The monitoring programme must reflect that difference.
Suspicious Transaction Reporting
STR filing with JAFIC under Article 9 of the APTCP where transactions give rise to reasonable suspicion of criminal proceeds or terrorism financing. For high-volume payment platforms, the practical requirement is automated monitoring that identifies reportable activity at scale — manual review at digital payment volumes is not operationally viable.
Record-Keeping
Retention of CDD records, transaction records, monitoring records, and STR documentation for the prescribed periods. Record-keeping must be at the transaction level — aggregate platform-level records do not satisfy APTCP Article 8 requirements.
Technology Requirements: Why Manual Processes Are Not Viable
Digital payment platforms process transactions at volumes and velocities that make manual compliance processes structurally inadequate from day one. The compliance infrastructure requirement for registered electronic payment institutions therefore starts from a technology architecture foundation, not a manual process foundation:
- API-native compliance integration: the compliance platform must integrate directly with the payment processing infrastructure through APIs, not operate on periodic batch exports. A BNPL platform processing 50,000 transactions per day cannot run compliance screening as a daily batch process — the transaction is long settled by the time the batch runs.
- Real-time PEP and sanctions screening at transaction initiation: screening must execute at the point of each payment transaction, before the transaction is processed, not retrospectively.
- Scalable monitoring architecture: transaction monitoring must operate at payment platform transaction volumes without performance degradation as the business grows — from early-stage to licensed and regulated.
- Transaction-level audit trail: each screening event must be recorded at the individual transaction level. Aggregate reporting — ‘X transactions screened this month, Y results’ — does not satisfy APTCP record-keeping requirements. Each transaction must have its own compliance record.
Frequently Asked Questions
AML Compliance for Electronic Payment Institutions Japan | Nexiant
Japan’s 2022 PSA amendment and June 2026 effective date brought electronic payment service providers within AML/CTF obligations mirroring those of banks. A guide for BNPL, e-money, and payment processors.
Speak to our teamThis article was accurate at the time of publication in June 2026 and is intended for general informational purposes only. It does not constitute legal, regulatory or compliance advice. Organisations should seek qualified professional guidance in relation to their specific obligations.




