AML Effectiveness Testing in Japan: How the FSA Validates That Your Programme Works

Since 2024 Japan's FSA has assessed whether AML/CTF programmes produce outcomes — not whether they exist. This guide covers what effectiveness examiners request and the most common evidence gaps at mid-market institutions.

AML Guide  ·  June 2026  ·  RegTech

Until 2024, an FSA examination at a mid-market financial institution typically assessed whether the institution had the required policies, procedures, and systems in place.

The FSA’s Effectiveness Assessment Framework

The FSA’s effectiveness assessment draws on FATF’s 11 Immediate Outcomes framework, adapted to Japan’s domestic supervisory context. For mid-market financial institutions, the Immediate Outcomes most directly relevant to compliance programme performance are:

  • IO.3: supervisors appropriately supervise, monitor, and regulate financial institutions for compliance with AML/CTF requirements commensurate with the risks in each sector.
  • IO.4: financial institutions and other relevant entities adequately apply AML/CTF preventive measures commensurate with their risks, and report suspicious transactions.
  • IO.5: legal persons and arrangements are prevented from misuse for ML/TF, and information on their beneficial ownership is available without impediment to competent authorities.
  • IO.6: financial intelligence and all other relevant information are appropriately used by competent authorities for ML/TF investigations.
  • IO.7: ML offences and activities are investigated and offenders are prosecuted and subject to effective, proportionate sanctions.

What FSA Examination Teams Specifically Request

Transaction Monitoring Performance Data

  • Alert volume statistics for the examination period by category and month, showing trends over time.
  • False positive rates — the proportion of alerts reviewed that did not result in further investigation — with evidence that these rates are actively managed and periodically reviewed.
  • Alert resolution times: the average time from alert generation to disposition decision, with trend analysis showing whether the queue is growing or being managed.
  • STR filing rates as a proportion of alerts reviewed, with analysis of whether this rate is consistent with the institution’s assessed risk profile.
  • Monitoring parameter documentation: the specific rules and thresholds applied, the date of last review, and the documented rationale connecting the parameters to the risk assessment.

STR Quality and Consistency

  • Total STRs filed in the examination period, with month-by-month trend analysis.
  • Sample STR quality review: examiners will select specific filed STRs and assess whether they contain the information JAFIC requires to take action — not just whether they were filed.
  • The complete process from monitoring alert to JAFIC submission, with timestamps at each stage documenting detection, review, investigation, decision, and filing.
  • Not-filed disposition records: where alerts were reviewed and an STR was not filed, the documented rationale for that decision for each closed alert.

CDD Programme Quality

  • Sampling of customer CDD records across risk tiers — examiners select records at their discretion, not the institution’s. Examiners assess completeness, consistency with the assigned risk tier, and evidence of periodic review.
  • EDD records for PEP customers and high-risk customers: evidence of senior management approval, source of wealth and funds documentation, and monitoring calibration appropriate to the elevated risk level.
  • PEP screening results with the database used and its coverage — examiners will specifically test whether domestic Japanese PEP screening was conducted.
  • Beneficial ownership verification records for corporate customers, tracing through to ultimate individual controllers.

Governance Evidence

  • Board and senior management meeting minutes for the examination period — typically 12 to 24 months — demonstrating that AML/CTF risk appeared as a substantive agenda item with evidence of engagement.
  • Management information reports provided to the board: examiners assess whether the information was meaningful and whether it gave the board the visibility required for effective oversight.
  • Internal audit reports on AML/CTF compliance, with findings, severity ratings, and management responses.

Why Technology Infrastructure Determines Evidence Quality

The common thread running through all elements of the FSA’s effectiveness assessment is evidence quality. Manually maintained records — spreadsheets, email chains, individually filed documents — cannot generate the volume, consistency, or tamper-evidence that the FSA’s effectiveness standard requires.

The difference between a well-configured compliance platform and a manual compliance system is not merely operational efficiency — it is examination readiness. Specifically:

  • Alert disposition records: a platform that requires documented rationale before an alert can be closed generates complete records automatically. A manual system produces variable documentation quality depending on which analyst closed the alert.
  • STR workflow documentation: a platform that manages the entire STR process — from alert through investigation to JAFIC submission — generates a complete, timestamped chain of evidence. A manual process requires reconstruction from emails, spreadsheets, and filing system records.
  • Monitoring calibration evidence: a platform that stores rule parameters with version history and associated calibration rationale provides FSA-ready evidence on demand. Manual documentation of rule sets requires manual maintenance and is frequently incomplete.
  • Management reporting: a platform with built-in reporting dashboards produces consistent, frequency-controlled management information. Manual reporting is only as consistent as the compliance officer who produces it.

Frequently Asked Questions

The FSA assesses whether the compliance framework produces real outcomes — not whether the framework exists. Examiners assess: whether monitoring parameters are calibrated to actual risk, whether false positive rates are managed, whether STR filing rates reflect the institution’s risk profile, whether CDD records evidence consistent application of the risk-based approach, and whether board governance is substantive.
FSA examiners typically request: alert volume statistics by category and month, false positive rates with evidence of active management, alert resolution times, STR filing rates as a proportion of alerts reviewed, and monitoring parameter documentation including calibration rationale and the date of last review.
Examiners review total STR filing volume, trends over time, and whether rates are consistent with the institution’s assessed risk exposure. They also conduct quality reviews of sampled STRs and review the complete process trail from monitoring alert to JAFIC submission with timestamps at each stage.
Examiners review board meeting minutes for evidence of substantive AML/CTF governance engagement, management information reports presented to the board for quality and meaningfulness, and internal audit reports with findings and management responses.
A well-configured compliance platform generates system-stamped, immutable records of every alert, CDD step, monitoring parameter setting, and STR workflow event — automatically. This directly addresses the most common evidence gaps found in FSA examinations.

AML Effectiveness Testing Japan: FSA Examination Guide | Nexiant

The FSA now assesses AML/CTF effectiveness — not just framework existence. A guide to the examination framework, what examiners request, common evidence gaps, and how technology drives evidence quality.

Speak to our team

This article was accurate at the time of publication in June 2026 and is intended for general informational purposes only. It does not constitute legal, regulatory or compliance advice. Organisations should seek qualified professional guidance in relation to their specific obligations.