AML Compliance for Electronic Payment Institutions in Japan: FSA Registration and Obligations

Electronic payment institutions in Japan now face APTCP AML/CTF obligations equivalent to those of banks. This guide covers who is regulated, core obligations, and why manual compliance processes are not viable for digital payment volumes.

AML Guide  ·  June 2026  ·  RegTech

Japan’s approach to regulating electronic payment infrastructure for AML/CTF purposes has evolved materially since 2022.

Core AML/CTF Obligations for Registered Electronic Payment Institutions

Registered electronic payment service providers are specified business operators under the APTCP. Their AML/CTF obligations follow the same structural framework as banks:

Customer Due Diligence

Identity verification at account opening and at prescribed transaction trigger points. For consumer platforms, this means verification at the point of account creation, with enhanced verification for higher-value or higher-risk transactions. For business-to-business payment platforms, this includes beneficial ownership verification for corporate customers.

Ongoing Transaction Monitoring

Transaction monitoring calibrated to the platform’s specific risk profile — taking into account the transaction velocity, anonymity characteristics, and cross-border exposure of digital payment transactions. The risk profile of a domestic BNPL product with average transaction values below ¥50,000 and a verified consumer base is materially different from a cross-border payment aggregator processing ¥500,000 business payments. The monitoring programme must reflect that difference.

Suspicious Transaction Reporting

STR filing with JAFIC under Article 9 of the APTCP where transactions give rise to reasonable suspicion of criminal proceeds or terrorism financing. For high-volume payment platforms, the practical requirement is automated monitoring that identifies reportable activity at scale — manual review at digital payment volumes is not operationally viable.

Record-Keeping

Retention of CDD records, transaction records, monitoring records, and STR documentation for the prescribed periods. Record-keeping must be at the transaction level — aggregate platform-level records do not satisfy APTCP Article 8 requirements.

Technology Requirements: Why Manual Processes Are Not Viable

Digital payment platforms process transactions at volumes and velocities that make manual compliance processes structurally inadequate from day one. The compliance infrastructure requirement for registered electronic payment institutions therefore starts from a technology architecture foundation, not a manual process foundation:

  • API-native compliance integration: the compliance platform must integrate directly with the payment processing infrastructure through APIs, not operate on periodic batch exports. A BNPL platform processing 50,000 transactions per day cannot run compliance screening as a daily batch process — the transaction is long settled by the time the batch runs.
  • Real-time PEP and sanctions screening at transaction initiation: screening must execute at the point of each payment transaction, before the transaction is processed, not retrospectively.
  • Scalable monitoring architecture: transaction monitoring must operate at payment platform transaction volumes without performance degradation as the business grows — from early-stage to licensed and regulated.
  • Transaction-level audit trail: each screening event must be recorded at the individual transaction level. Aggregate reporting — ‘X transactions screened this month, Y results’ — does not satisfy APTCP record-keeping requirements. Each transaction must have its own compliance record.

Frequently Asked Questions

Electronic payment instrument service providers (including yen-pegged stablecoin handlers), registered funds transfer service providers across all three tiers, and settlement intermediaries and payment aggregators meeting specified thresholds under the June 2026 PSA amendment.
The structural framework is the same — CDD, transaction monitoring, STR reporting, and record-keeping under the APTCP — but calibration should reflect the platform’s specific risk profile. A domestic BNPL platform has a different risk profile from a cross-border payment aggregator; the programme must reflect that difference.
The 2025 PSA amendment brought a new category of crypto-asset and payment intermediaries within the regulatory framework. Compliance obligations commenced on the effective date — retrospective compliance from a later date is not acceptable to the FSA.
Digital payment platforms process transactions at volumes — tens or hundreds of thousands per day — that exceed the capacity of any manual compliance process. By the time a daily batch review is completed, transactions are long settled and STR filing windows may have been missed.
Required capabilities include: API-native integration with payment processing infrastructure, real-time PEP and sanctions screening at transaction initiation, scalable monitoring at platform transaction volumes, and a transaction-level audit trail recording each individual screening event.

AML Compliance for Electronic Payment Institutions Japan | Nexiant

Japan’s 2022 PSA amendment and June 2026 effective date brought electronic payment service providers within AML/CTF obligations mirroring those of banks. A guide for BNPL, e-money, and payment processors.

Speak to our team

This article was accurate at the time of publication in June 2026 and is intended for general informational purposes only. It does not constitute legal, regulatory or compliance advice. Organisations should seek qualified professional guidance in relation to their specific obligations.