The Black Swan Summit India 2026, held in Bhubaneswar, Odisha, highlighted a significant transformation in India’s Global Capability Centers (GCCs). Traditionally known as an offshore development hub focused on cost efficiency, India is now evolving into a global center for financial innovation and advanced digital capabilities.
Historically, Japanese and global financial institutions leveraged India for IT outsourcing, including system development and back-office operations. However, this model is rapidly shifting. GCCs are increasingly established as in-house, strategically controlled global hubs responsible for high-value functions such as AI development, data analytics, risk management, and even global business strategy. India has become the world’s largest GCC hub, with over 1,700 centers.
This shift is particularly evident in the financial sector, where increasing regulatory complexity, AML requirements, fraud detection, and AI-driven risk management demand deeper integration of business knowledge and technology. As a result, companies are moving away from outsourcing toward internal capability building through GCCs.
Odisha represents a new phase in this evolution. While traditional GCC hubs were concentrated in major cities like Bengaluru and Hyderabad, rising costs and talent competition are driving expansion into Tier-2 cities. Odisha is positioning itself as a FinTech-focused GCC destination, leveraging India’s Digital Public Infrastructure (DPI)—including UPI, Aadhaar, and ONDC—to create a unique environment for financial innovation. The state is also investing in advanced talent development, particularly in AI.
For financial institutions, this marks a structural shift. GCCs are no longer limited to downstream implementation tasks but are increasingly responsible for upstream functions such as business design, algorithm development, and innovation. In areas like credit modeling and fraud detection, GCCs are becoming central to competitive advantage.
For Japan, the implications are significant. Amid domestic IT talent shortages, Indian GCCs—especially in emerging regions like Odisha—can be redefined not merely as cost-saving options but as strategic partners in co-creating financial digital transformation (DX). This perspective is already reflected in the growing interest of major Japanese financial institutions, such as MUFG and SMBC, in expanding their presence and collaboration in India.
Overall, the evolution of GCCs in India represents a transition from efficiency-driven outsourcing to innovation-driven global R&D strategy, supported by both the scale and quality of India’s talent pool.ns capable of making concrete strategic choices will capture the next wave of growth.
The report outlines major trends shaping the fintech landscape in 2026, marking a transition from experimentation to full-scale implementation. Over the past decade, collaboration between startups and traditional financial institutions has matured, moving beyond “proof-of-concept fatigue” toward meaningful business integration, including investments and acquisitions. Against this backdrop, 2026 is expected to be a decisive year for execution and scaling.
1. Expansion of Stablecoins and Crypto Regulation
Global momentum around stablecoins has accelerated following regulatory developments such as the U.S. GENIUS Act. In Japan, yen-denominated stablecoins have emerged, and further practical use cases—such as cross-border payments and interoperability with USD stablecoins—are expected. At the same time, crypto assets may be reclassified as financial instruments, introducing stricter regulations including insider trading rules.
2. Growth of Tokenization
Tokenization of assets, particularly real estate, is expanding rapidly in Japan, with market size doubling year-on-year. New asset classes such as private equity are entering the space, signaling broader adoption. Standardization of issuance, custody, and trading infrastructure will be critical for scaling.
3. Practical Use of Generative AI and AI Agents
Generative AI is moving from experimental use to real-world applications, including customer-facing advisory services. The evolution toward AI agents—capable of autonomously executing tasks—is expected to reshape operational processes, starting with workflow-based systems and progressing toward more autonomous models.
4. Advancement of Personalization
AI-driven personalization will transform financial services by leveraging customer data to provide tailored financial advice and products. In insurance, usage-based models incorporating behavioral and IoT data (e.g., wearables, smart homes) will become more prominent.
5. Expansion of Cloud Adoption
Cloud migration in core banking systems is accelerating, driven by improved security, regulatory flexibility, and cost efficiency. While digital banks are leading, regional banks face challenges in expertise and governance, highlighting the need for talent development.
6. Rise of Embedded Finance and BaaS
Financial services are increasingly embedded into non-financial platforms, making finance seamless within everyday services. BaaS models are diversifying, enabling tailored banking solutions for SMEs, foreign residents, and specific industries.
7. Evolution of Digital Identity and KYC
Japan’s digital ID infrastructure, centered on the My Number card, is becoming the foundation for identity verification. Regulatory changes will phase out less secure methods, pushing financial institutions toward more robust digital authentication systems.
8. Corporate Account Risks and Opportunities
Corporate accounts are under greater scrutiny due to fraud and money laundering risks. At the same time, competition to serve SMEs is intensifying, with opportunities to expand lending using alternative data and improved user experience.
9. Increase in Digital Financial Crime
Cybercrime is becoming more sophisticated, including account takeovers and ransomware attacks. Financial institutions must adopt multi-layered security strategies, while AI-driven fraud detection will play a key role.
10. Emergence of Quantum Technology Risks
Although practical quantum computing is still years away, the threat to current cryptography is driving early adoption of post-quantum cryptography (PQC). Financial institutions are expected to begin preparing migration strategies.
Conclusion
These ten trends are interconnected and collectively push fintech into a new phase of implementation. Technologies such as stablecoins, tokenization, AI, and cloud are no longer theoretical—they are actionable. In 2026, success will depend on how decisively organizations move from concept to execution.
Financial institutions must redesign their business models to integrate into broader ecosystems.
Fintech companies must deliver scalable, regulation-compliant solutions.
Policymakers must balance innovation with risk management.
Ultimately, 2026 will be a year where only organizations capable of making concrete strategic choices will capture the next wave of growth.
The report examines recurring cases of fraudulent disclosure among startups, highlighted by the accounting scandal of a recently listed Japanese company that collapsed shortly after its IPO. Similar cases—such as inflated revenues through circular transactions, fictitious sales, premature revenue recognition, and misleading disclosures—demonstrate that financial misconduct is not isolated but systemic.
Why Fraud Repeats
The report identifies common underlying factors:
Strong pressure to show rapid growth and achieve high valuations
Lack of integrity in top management
Weak internal controls and governance
Inadequate responses to auditors
Investor bias toward cutting-edge sectors such as AI or biotech
Fraud often begins even before IPO preparation and typically follows three patterns: revenue manipulation (e.g., circular transactions), exaggeration of business performance, and governance failures.
Key Investor Checkpoints
Investors—especially in growth-stage startups—should critically assess:
Related-party transactions and goodwill accounting
Strength of internal controls and audit quality
Disclosure practices and management behavior
The report stresses that financial figures alone are insufficient; understanding the underlying business reality is essential.
Role of AI in Fraud Detection
Advances in AI are enabling earlier detection of fraud signals through:
Automated analysis of contracts, invoices, and financial transactions
Cross-checking external data (registries, news, credit data)
Verification of scientific and technical claims via global databases
Sentiment and consistency analysis of disclosures
Continuous monitoring of news, social media, and business metrics
AI can generate risk scores, dashboards, and audit trails, improving transparency in investment decisions. However, it should be viewed as a “sensor” for early warning, not a definitive detector.
Implications for Startup Investment
The adoption of AI shifts the paradigm from post-fact detection to early-stage prevention of fraud. As regulatory reforms expand startup investment opportunities in Japan, enhancing disclosure reliability becomes increasingly important.
Going forward, investors will need to integrate not only financial data but also non-financial and societal impact metrics, supported by AI-driven analysis, to make more robust investment decisions.
Ransomware, a compound word of “ransom” and “software,” is malicious programming designed to infect systems and encrypt data files, rendering them unusable. The attackers then demand a ransom payment—often in cryptocurrency—in exchange for the decryption key. While this threat is decades old, its evolution has led to devastating, large-scale attacks targeting major corporations.
In recent high-profile cases, the scope of damage has been immense. Beverage giant Asahi Group Holdings recently faced operational disruption to its shipping business following a ransomware attack. Last year, the attack on KADOKAWA caused major service outages (including the video platform “NICO-NICO”), coupled with the exposure of over 250,000 pieces of personal information, underscoring the severe social impact of these breaches.
The Evolving Threat Landscape
The journey of ransomware has moved far beyond simple, indiscriminate attacks to sophisticated, high-impact operations.
From Spray-and-Pray to Targeted Extortion
The earliest forms of ransomware relied on “spray-and-pray” tactics, relying on phishing emails or malicious websites to infect wide swaths of users. However, the scene quickly changed around 2013 with the emergence of powerful tools like CryptoLocker and the rise of Ransomware-as-a-Service (RaaS), which diversified and scaled attacks.
Today, the primary trend is targeted attacks, where highly sophisticated groups focus on specific, high-value entities like government agencies or major corporations, ensuring a larger payoff and maximizing disruption.
The Shift to Multi-Layered Blackmailing
Modern ransomware groups rarely rely solely on encryption. They have adopted advanced extortion tactics to increase pressure:
Double Extortion: Attackers first exfiltrate (steal) the data before encrypting it. They then demand a ransom not only for the decryption key but also in exchange for not publishing the stolen data on the dark web.
Triple Extortion: This method adds another layer of pressure, often involving a Distributed Denial of Service (DDoS) attack on the victim’s network during the crisis to prevent business recovery and force compliance.
Non-Encryption Extortion: Some groups skip the encryption step entirely, simply stealing the data and demanding ransom in exchange for keeping the theft and data secret.
The primary entry points for these sophisticated attacks often include vulnerabilities in VPNs (Virtual Private Networks) used by remote workers and flaws in Remote Desktop Protocol (RDP) systems.
The Critical Threat of Third-Party Risk in Finance
Financial Institutions (Fls) are prime targets due to the high value of the data they hold (account details, personal information, transaction records) and the massive societal impact of system disruption. While major FIs maintain robust, state-of-the-art security, the attacks are shifting to their peripheral partners.
Supply Chain Attacks: The Weakest Link
Direct successful ransomware attacks on the core systems of major FIs remain relatively rare. However, increasing threats are being seen through supply chain attacks targeting third-party vendors who provide crucial, yet often less-protected, services.
Examples of Vendor Breaches Affecting Japanese FIs:
Accounting/Consulting Firms: A ransomware attack on the Takano Comprehensive Accounting Group led to the potential leakage of customer information belonging to client FIs, including Tokyo Marine & Nichido, Iyo Bank, and Sumitomo Mitsui Trust Bank.
Printing Services: The printing major Iseto was attacked, resulting in the confirmed outflow of customer data from multiple FIs (including over 250,000 records from Iyo Bank alone), as the firm handled confidential print jobs and stored associated client data.
These incidents highlight that any vendor, from specialized IT services to seemingly low-risk functions like accounting and printing, represents a potential security vulnerability—a Third-Party Risk—that FIs must mitigate.
Regulatory Imperatives and the Path Forward
In response to the growing severity of ransomware and supply chain attacks, the Japanese Financial Services Agency (FSA) has tightened its regulatory guidance, emphasizing proactive prevention and robust response capabilities.
The FSA’s directives across various guidance documents establish strict requirements for FIs:
Focus Area
FSA Guidance Requirement
Third-Party Management
FIs must pre-assess the security posture of external vendors, clearly define responsibilities and oversight in contracts (including procedures for sub-contracting), and periodically monitor the vendors’ security status.
Incident Response & Recovery
Response plans must prioritize the customer and include procedures for rapid identification of affected areas. Crucially, plans must detail steps for rapid recovery from backups, which must be secured offline.
Defense in Depth
FIs must implement multi-layered defenses: Inlet (strong filtering against phishing/malware), Internal (privileged ID management and network segmentation), and Outlet (log analysis and blocking suspicious communication).
Board Governance
The Board of Directors must acknowledge cyber risk as a critical business issue, integrating it into enterprise-wide risk management and ensuring adequate resources and specialized personnel are allocated.
Conclusion: Actionable Checklist for FIs and FinTech startups
For FinTech startups seeking partnerships with major FIs, and for FIs managing their vendor relationships, compliance with these regulatory requirements are non-negotiable.
Category
Key Action Items (Based on FSA Guidance)
Vendor Management
Pre-assess the security posture of external vendors. Ensure contracts clearly stipulate responsibilities, oversight, and procedures for sub-contracting. Monitor the vendor’s security compliance status regularly.
Defense in Depth
Inlet: Implement robust filtering against phishing and web intrusion. Internal: Secure privileged ID management and maintain network segmentation. Outlet: Block suspicious communications and conduct log monitoring.
Detection
Implement systems (like EDR) for the early detection of ransomware infection. Establish mechanisms for log analysis and unauthorized access detection.
Incident Response
Create a clear response plan for incidents, prioritizing the customer. Securely and regularly back up critical data, storing backups offline (air-gapped). Periodically test rapid recovery procedures from backups.
Governance
The Board of Directors must recognize cyber risk as a key management issue. Ensure specialized departments and personnel are in place, and conduct regular security audits and reviews.
Information Sharing
Participate in industry information networks (like FISC) and maintain frameworks for sharing threat intelligence with domestic and international authorities.
The era of ransomware requires both FIs and their entire ecosystem to move from simple defense to comprehensive, multi-layered risk management where vendors are held to the same high security standards as the institution itself.
In July 2025, 01Bank, the new digital bank launched by regional banking group, Ikeda Senshu HD, is capturing significant attention. Unlike traditional financing models reliant on collateral and balance sheets, 01Bank pioneers “business value-based lending” by leveraging transaction data from e-commerce and cloud services. It is not a coincidence that the mega-bank like SMBC is expanding their reach to SME customers with their new digital banking offering “Trunk” service. These digital finance competitions to capture the SME market in Japan seem to heat up.
Ikeda Senshu HD’s 01Bank: New Challenge
Ikeda Senshu Holdings, long dedicated to SME support, recognized the limitations of conventional lending for evaluating the growth potential of micro-businesses and new ventures. To solve this, the firm, which announced the concept in September 2023, officially launched 01Bank as a wholly-owned subsidiary in July 2025.
The launch is driven by three core strategic objectives: (1) To establish a new revenue model for regional financial institutions. (2) To expand data-driven finance. (3) To cultivate new markets through platform collaborations.
The Core Model: Business Value-Based Lending
01Bank’s primary service is an online-only lending model designed to visualize creditworthiness using data that traditional financial reports cannot measure. Companies apply via the web, sharing data on sales performance and project completion rates (in addition to financial statements) to enable faster screening and loan execution.
This evaluation relies heavily on Platformers (PFers)—partner companies like the major crowdfunding platform Makuake—which provide data integration infrastructure. This “PFer data model” enables a multifaceted assessment of business viability, allowing funding for newly established or unprofitable companies based on their customer base and business model. The reliability of this data model is crucial to mitigating fraud seen in the past score model lending.
Infrastructure and Strategy
01Bank’s infrastructure utilizes “BaaS by GMO Aozora Net Bank,” ensuring a flexible and scalable system while keeping development costs low. This lean approach is reflected in its initial capitalization of 2 billion yen (4 billion yen including capital surplus), a small fraction of the 10 billion yen typically raised by the past net banks.
Looking forward, 01Bank plans to expand services beyond lending into payments and account services, aiming to evolve from a regional bank model into a comprehensive digital platform dedicated to supporting startups and local entrepreneurs.
SMBC’s Trunk: The Mega-bank Strategy for Efficiency
Sumitomo Mitsui Banking Corporation (SMBC) launched “Trunk” in May 2025, targeting SMEs and new corporations. The initiative aims to replicate the success of its individual-focused service, “Olive,” while addressing the corporate need for greater account convenience and efficient fund management.
Trunk offers a major differentiator in speed, allowing applications via smartphone or PC with service starting as early as the next business day, matching or exceeding net bank speeds while retaining mega-bank reliability. Notably, the service restricts enrollment to non-existing SMBC corporate account holders, positioning it as a tool for new customer acquisition.
A Deep Dive into Trunk: Low Cost and Integration
Trunk’s core features include:
Low Cost: Free transfers to SMBC accounts and a flat 145 yen (tax included) fee for other banks, significantly undercutting existing mega-bank services.
Operational Efficiency: It automates payments for taxes, social insurance, and Japan Finance Corporation repayments. Future integration includes features like a bill payment function that uses smartphone photos to automate data entry and transfers.
Ecosystem Integration: Trunk integrates financial and business support by offering simultaneous application for the Sumitomo Mitsui Card Business Owners card (requiring no corporate registration documents) and providing free limited-time access to key SaaS platforms (Google Workspace, Microsoft 365, freee accounting, etc.).
Trunk is designed to evolve into a comprehensive financial platform offering factoring and AI-powered financial advice. By the 2026 fiscal year, SMBC plans to introduce new cards with an AI credit engine and the “Finance Agent” concept, an AI that predicts funding needs and assists with subsidy applications.
The Evolving Landscape of SME Finance
The concurrent launches of 01Bank and Trunk underscore the escalating demand for digital services among Japan’s over 3 million SMEs. This growth is attracting major financial players, as seen by Mizuho Bank’s acquisition of a controlling stake in UPSIDER (July) and Mitsubishi UFJ Bank’s collaboration with LayerX (September) on operational efficiency tools.
The competitive landscape now includes net banks like GMO Aozora Net Bank (BaaS provider) and Sumishin SBI Net Bank (which launched Bill One Bank in 2024). Traditional players like Rakuten Bank and PayPay Bank are also actively expanding their corporate account base.
For regional banks, maintaining customer engagement requires enhancing digital capabilities. The specialized, lending-focused service of 01Bank, supported by BaaS, offers a clear roadmap for other regional financial institutions. Since competing with mega-banks on comprehensive strength is difficult, regional players must focus on developing distinctive, targeted services.
(Original Video in Japanese was published on the FINOLAB CHANNEL on Sep. 16, 2025 by Makoto Shibata)
In this article, we’ll break down the Financial Administration Policy for the 2025 business year, announced by Japan’s Financial Services Agency (FSA), with a special focus on key fintech-related measures.
A New Direction: Leveraging Digital Tech to Address Structural Issues
The FSA’s policy emphasizes encouraging financial institutions to “take on the challenge of leveraging innovative technology,” particularly with the rapid rise of generative AI. At the same time, the FSA acknowledges structural issues like a shrinking population and aging society, aiming to balance user protection with financial system stability.
The policy highlights three key priorities: “Contributing to the sustainable growth of financial institutions,” “Ensuring the stability and integrity of the financial system,” and “Building an organization that constantly evolves to serve the public.” A recurring theme is the continuous focus on “adapting to the transformation of financial services through digital technology.”
Key Fintech Action Plans
The Administration Policy outlines several key action plans related to fintech:
1. Crypto Assets and Stablecoins
Recognizing the growing activity in this space globally, the FSA views crypto assets and stablecoins as key drivers of innovation in financial services.
User Protection: The policy calls for necessary institutional reforms to protect investors while promoting innovation.
Tax Reform: The FSA is moving toward a serious discussion on taxing crypto assets with “separate taxation,” similar to other financial products.
Enhanced Supervision: The FSA plans to strengthen its oversight of unregistered firms and establish a regulatory framework for Japanese yen-pegged stablecoins.
2. Support for AI and Fintech
AI Discussion: The FSA will launch a public-private AI forum based on its “AI Discussion Paper” to address practical challenges in the field.
Continued Support: Existing initiatives like “Japan Fintech Week,” the Fintech Support Desk, and the Fintech Sandbox will continue to be promoted.
3. Startup Support and Corporate Value Enhancement
In its push to make Japan a leading nation for asset management, the FSA has included measures to strengthen capital supply for startups.
Venture Capital: The policy aims to make venture capital a more attractive investment and will follow up on a 2024 report that outlined recommended actions for VCs.
Collaboration with the TSE: The FSA will work with the Tokyo Stock Exchange (TSE) to enhance support for companies before and after they list on the Growth Market.
Creating a Better Investment Environment: The FSA is exploring new frameworks, such as allowing unlisted stocks to be included in investment trusts, to expand venture investment opportunities.
4. Strengthening Risk Management
Measures to combat money laundering (AML) and cyberattacks are a high priority.
AML/CFT: The FSA will work to improve its anti-money laundering and counter-terrorist financing measures in preparation for the fifth round of mutual evaluations by the FATF.
Cybersecurity: The policy emphasizes the need to recognize cyber risk not just for financial institutions, but also for their outsourced partners.
Financial Crime: The FSA will work to strengthen its comprehensive measures against financial crimes, such as scams and fraudulent access to securities accounts.
Conclusion
The 2025 Administration Policy clearly shows the FSA’s commitment to embracing new technologies like generative AI and stablecoins while also strengthening the foundations of Japan’s financial infrastructure through startup support and robust risk management. Fintech companies should closely monitor these regulatory trends, as they will have a significant impact on future business development.
(Original Video in Japanese was published on the FINOLAB CHANNEL on Aug. 28, 2025 by Makoto Shibata)
The FINOLAB CHANNEL’s FintechTopics #119 video discusses the latest global stablecoin developments, particularly regulatory progress in the United States, Hong Kong, and Japan, defining stablecoins and explaining their impact on financial markets.
Stablecoin Definition and Background
Stablecoins are crypto assets that, unlike other volatile cryptocurrencies, typically maintain a 1:1 value peg to a fiat currency (such as the US dollar) and are backed by liquid assets like fiat currency, short-term government bonds, or central bank deposits. Historically, there have been cases like Terra, where a stablecoin collapsed due to a significant drop in the price of its underlying crypto asset. Therefore, new regulations explicitly define that stablecoins must be backed by stable assets like fiat currencies or government bonds, not by other unstable crypto assets.
US Stablecoin Regulationl (Genius Act)
The US legislation regarding stablecoins, known as the “Genius Act,” was passed by the Senate on June 17th and by the House of Representatives on July 17th, subsequently signed by the President, officially becoming law.
• Definition and Classification: The act clearly defines stablecoins as digital assets whose value is backed by stable liquid assets such as fiat currencies (e.g., US dollar), US short-term government bonds, or central bank deposits, and which can be redeemed at par value. It explicitly states that stablecoins are not securities, deposits, or bank liabilities.
• Issuer Qualification: Only authorized issuers are permitted to issue stablecoins. These include financial institutions covered by deposit insurance and licensed by the Office of the Comptroller of the Currency (OCC) (such as banks and credit unions), federally licensed non-bank issuers, and state-licensed issuers certified by the Treasury Secretary as meeting federal standards. Foreign issuers may also be approved if they are supervised under a regulatory framework equivalent to that of the US and agree in writing to comply with US regulations.
• Prudential Standards:
◦ Issuers must hold full reserves, meaning they must maintain reserves consisting of deposits or US short-term government bonds equal to the value of all issued stablecoins.
◦ Clear redemption methods must be published, and the monthly composition of reserves must be disclosed.
◦ Re-collateralization (issuing new stablecoins backed by other stablecoins) is prohibited.
◦ False reporting on reserve obligations is subject to criminal penalties.
◦ Issuers must adhere to regulatory standards regarding capital, liquidity, and operational risk, and establish systems for anti-money laundering (AML) checks and sanctions screening.
◦ In the event of bankruptcy, stablecoin holders are granted the highest priority claim on reserve assets.
• Regulation and Supervision:
◦ Scaled regulation is implemented: Issuers of stablecoins exceeding $10 billion in circulation are subject to mandatory federal supervision. Issuers below $10 billion may choose state-level supervision, but state regulations must be certified by the Treasury Secretary.
◦ Regulatory agencies are determined by the issuer type: national banks are regulated by the OCC, state member banks by the Federal Reserve (FRB), state non-member banks by the Federal Deposit Insurance Corporation (FDIC), credit unions by NCIA, and all non-bank issuers are regulated by the OCC.
• Impact on the Market:
◦ The act is expected to increase demand for US Treasury bonds, as regulations require stablecoin reserves to include short-term government bonds. Currently, the two largest stablecoin issuers, Tether and Circle, already hold substantial amounts of US short-term government bonds (Tether around $125 billion, Circle around $55.2 billion), indicating their actions significantly influence the supply and demand in the US Treasury market.
◦ Major banks such as Goldman Sachs, JPMorgan, Citi, and Bank of America have expressed their intention to enter the stablecoin market following the enactment of this law.
◦ The proliferation of stablecoins is expected to enhance the US dollar’s status and presence in international financial markets and settlements.
◦ The act effectively “ratifies” existing stablecoins (like USDT, USDC), and their circulation is expected to continue growing. Some believe that stablecoins could become a de facto alternative to a US Central Bank Digital Currency (CBDC), thereby maintaining the dollar’s dominance in the decentralized finance (DeFi) sector.
Hong Kong Stablecoin Bill
Hong Kong’s stablecoin bill was passed in May and came into effect on August 1st.
• Regulatory Framework: The Hong Kong Monetary Authority (HKMA) has established a dedicated website to explain the implementation details. Hong Kong aims to distinguish its relatively flexible crypto asset policy from mainland China’s digital yuan (CBDC) operations to maintain its status as an international financial hub.
• Applicable Scope and Definition: The act targets stablecoins pegged to fiat currency, termed “Fiat-referenced Stablecoins” (FRS). A license is required for stablecoins issued within Hong Kong or those issued abroad but offered to Hong Kong residents. Providing services or engaging in marketing activities to Hong Kong without a license is prohibited.
• Licensing Requirements:
◦ Reserves and Redemption: Full asset backing, clear redemption procedures, and segregated management of customer assets are required (similar to the US).
◦ Capital Requirements: A minimum paid-up capital equivalent to HKD 25 million must be maintained.
◦ Risk Management and Governance: A three-lines-of-defense framework involving directors and executives, internal controls, oversight systems, credit/liquidity risk management, and stress testing must be established, meeting the risk management standards of financial institutions.
◦ AML/CTF: Robust anti-money laundering and counter-terrorist financing measures must be implemented in accordance with HKMA guidelines.
◦ Service Recipient Restrictions: After obtaining a license, services are primarily directed at institutional investors, with only limited access for individual investors.
• Goals and Current Status: The Hong Kong government aims to promote Web3 and cross-border payments based on the principle of “same activity, same risk, same regulation,” while balancing financial stability. This is considered leading legislation in Asia, aligning with the EU’s MiCA and US laws. Currently, no institutions have yet received licenses, and the HKMA anticipates issuing the first licenses early next year, showing caution towards market exuberance.
Japan’s Stablecoin Developments
Japan revised its Payment Services Act in 2020, implementing it the following year to legally define stablecoins.
• Recent Progress: On August 18, 2025, JPYC announced it had obtained registration as a money transfer business, with plans to issue a Japanese yen stablecoin within the year. This will be the first JPY stablecoin to enter the market.
• Expected Benefits:
◦ Positive Impact on the Japanese Government Bond (JGB) Market: As the issuance of JPY stablecoins increases, their reserves may require the purchase of JGBs, potentially increasing bond liquidity and affecting interest rates.
◦ Strengthened Domestic Remittance and Settlement Infrastructure: The introduction of JPY stablecoins will enable anytime, anywhere settlements and remittances via blockchain, significantly reducing the time and cost associated with traditional bank transfers.
◦ Promotion of Digital Finance Innovation: JPYC plans to issue on chains like Ethereum, Avalanche, and Polygon, supporting Web3 and programmable settlements driven by smart contracts. This will enable new features such as conditional automated settlements and automated recurring payments that were previously difficult to automate.
◦ Enhanced International Presence of the Japanese Yen: The emergence of JPY stablecoins is expected to increase the use of the Japanese yen in international transactions, boosting its international presence.
Conclusion
Globally, stablecoin regulatory frameworks are rapidly evolving, with countries striving to balance financial innovation and stability. The legislative and issuance practices in the US, Hong Kong, and Japan indicate that stablecoins will play an increasingly important role in the future international financial system, potentially transforming traditional financial landscapes and payment methods.
The recently enacted GENIUS ACT, a comprehensive stablecoin regulation in the United States, has sparked global interest due to its potential impact on financial markets and international monetary dynamics. While Japan led the world in creating legal frameworks for stablecoins, it now finds itself lagging in actual implementation. This article explores the content and significance of the new U.S. legislation, its potential consequences for the global financial system, and the four key areas Japan must re-evaluate moving forward.
Overview of the GENIUS ACT: U.S. Stablecoin Law
Background and Definition
The GENIUS ACT was passed with bipartisan support, approved by the U.S. Senate on June 17, 2025, and by the House of Representatives on July 17, 2025, before being signed into law by President Trump. The law defines stablecoins as digital assets backed by highly liquid reserves such as U.S. dollars, short-term U.S. Treasuries, or central bank deposits, and redeemable at face value.
Issuer Qualifications and Regulatory Standards
Only financial institutions authorized by the Office of the Comptroller of the Currency (OCC) or federally licensed non-bank issuers are permitted to issue stablecoins. The law imposes strict requirements, including:
Full reserves backing all issued coins
Publicly disclosed redemption policies
Monthly reserve disclosures
Prohibition of rehypothecation (reuse of collateral)
Criminal penalties for false disclosures
Adherence to capital, liquidity, and risk management standards
Compliance with AML and sanctions regulations
Priority claims for users in case of issuer bankruptcy
Supervisory Scope and Timeline
Issuers with over $10 billion in circulation must be federally supervised, while smaller issuers may be overseen at the state level. Full enforcement begins in November 2026, and from July 2028, the sale of unauthorized stablecoins will be prohibited.
Three Global Impacts of the U.S. Stablecoin Law
1. Increased Demand for U.S. Treasuries
By institutionalizing U.S. Treasuries—particularly short-term notes—as reserve assets for stablecoins, demand for Treasuries is expected to rise. Currently, stablecoin issuers already hold around $182 billion in U.S. short-term Treasuries, equivalent to the holdings of countries like South Korea and the UAE. Approximately 99% of these reserves are controlled by Tether and Circle, potentially shifting U.S. debt market dynamics.
2. Strengthening the Dollar’s Position in Global Finance
Stablecoins pegged to the U.S. dollar offer low transaction costs, price stability, and real-time settlement, making them attractive for cross-border remittances and value storage—especially in emerging markets. This could accelerate the global use of the U.S. dollar and reinforce America’s financial presence internationally.
3. Strategic Approach to CBDCs
Rather than pushing for a government-issued Central Bank Digital Currency (CBDC), the U.S. now appears to embrace private-sector stablecoins as strategic tools to uphold the dollar’s global dominance. This pivot positions stablecoins as functional substitutes for a digital dollar, particularly as alternatives like China’s digital yuan remain limited and Europe continues to delay CBDC implementation.
Four Critical Issues Japan Must Revisit
Although Japan revised its Payment Services Act in 2022 to regulate stablecoins ahead of the U.S., implementation has been sluggish. The following four points merit urgent attention:
1. Regulatory Operations and Speed
Japan’s approval process for stablecoin businesses can take over two years, with the first U.S. dollar-pegged stablecoin service only launched in March 2025. No Japanese yen stablecoin is operational yet, highlighting the need for more agile regulatory procedures.
(JPYC Inc. was granted a license to issue stablecoin after this article was published and expected to issue Japanese Yen stablecoin in few months time.)
2. Flexibility in Reserve Asset Requirements
Current Japanese rules on reserve composition, transparency, and maturity limits restrict stablecoin structures. This makes it difficult for yen stablecoins to contribute meaningfully to global demand for U.S. Treasuries—a gap Japan may need to close through regulatory loosening.
3. Involvement of Financial Institutions
Unlike the U.S., where banks are explicitly expected to issue stablecoins, Japan faces hurdles such as unclear capital regulations and concerns over competition with bank deposits. It’s time to clearly define stablecoins as distinct “payment currencies” and encourage financial institutions to participate through measures like relaxed capital requirements.
4. International Cooperation and Cross-Border Frameworks
The U.S. law allows foreign issuers to sell stablecoins domestically, laying the groundwork for mutual recognition systems. Japan should also develop a cross-border acceptance framework, aligning with international rules and supporting the global use of yen-pegged stablecoins. In the long term, Japan needs a strategic approach to enhance the yen’s international presence through digital assets.
Conclusion
The enactment of the GENIUS ACT marks a major step in the U.S.’s stablecoin strategy—one that could reshape global finance, boost demand for U.S. Treasuries, and reinforce the dollar’s international dominance. For Japan, this signals an urgent need to rethink its regulatory approach and strengthen its digital currency ecosystem. While Japan was early to legislate, faster implementation, international coordination, and active market engagement will be essential to stay relevant in the evolving global digital finance landscape.
(Original Video in Japanese was published on the FINOLAB CHANNEL on Jul. 15, 2025 by Makoto Shibata)
As the fintech industry continues to evolve, a new question is gaining prominence in Japan: when does an advance payment service cross the line and become a regulated money lending activity under the Money Lending Business Act? In this article, this complex issue is broken down using recent discussions, regulatory updates, and illustrative case studies.
What Are “Advance Payment Services”?
Advance payment services involve a third-party provider making a payment on behalf of a user, with the expectation of reimbursement later. Examples include:
Salary advance services
Bill payment proxy services (e.g. for phone or utility bills)
Buy Now Pay Later (BNPL) models
Business payment platforms
The key regulatory question: Do such services legally count as “lending”?
Why Is This Now a Regulatory Focus?
The surge in new fintech models—particularly in e-commerce and digital payment ecosystems—has blurred the lines between payment facilitation and lending. This has led to:
Ambiguity in legal interpretation: It’s often unclear if such services fall under lending regulations.
Increased regulatory inquiries: The Financial Services Agency (FSA) of Japan has received more queries, prompting clarification through working groups and public guidance.
Innovation outpacing legal framework: New business models often don’t fit existing definitions, creating gray areas that need clarification.
Regulatory Clarification from the FSA
In April 2025, the FSA released a Q&A on Advance Payment Services and Their Applicability to Lending Regulations, following discussions within the Financial System Council.
Key criteria introduced:
Economic Substance Over Form If the transaction has the same economic impact as a loan, it may be considered lending, regardless of contract terms.
Professional Intent If the service is offered continuously and intentionally, it may be considered a “business” under the law.
Profit Motive and Scope Services aren’t automatically exempt just because they don’t target the general public or charge fees.
Exemptions Certain activities by banks or specific business operators under other laws may be excluded.
Two Key Evaluation Axes
When judging whether a service constitutes lending, two key factors are considered:
Creditworthiness Assessment: Does the provider assess the user’s ability to repay or base conditions (fees, limits) on credit scores?
Financial Risk Transfer: Is there substantial risk transferred to the provider, or is the reimbursement nearly guaranteed?
Case Studies: Lending or Not?
The FSA provided real-world examples:
Salary Advance Services → Not Lending
Based on actual work performed
Employer, not employee, bears service fee
No repayment obligation for employees
Short-term and limited in scope
Medical Expense Advance During School Trips → Not Lending
Small, limited scope
No credit scoring
Repayment only of actual cost, not profit-based
Freelancer Bill Payment Proxy with Monthly Repayment → Considered Lending
Users repay with fees
Risk assessed based on income
Operates on a recurring basis
Requires registration under lending laws
Employer Payroll Payment Agency → Not Lending
Implications for Fintech Innovators
Acts as part of payroll processing
No interest, no credit judgment
No repayment by employees
As interest rates rise and new services proliferate, clarity around whether a business model constitutes lending is more important than ever. The FSA’s recent actions show that regulators are becoming more proactive, offering frameworks and case-based interpretations to support innovation while maintaining consumer protection.
For entrepreneurs and developers, understanding these boundaries is crucial to designing compliant services from the start.
Final Thoughts
Advance payment services are now a hot topic in fintech compliance. The FSA has laid the groundwork for clearer interpretation, focusing on credit evaluation and economic substance. Going forward, these frameworks will help innovators navigate legal risk while contributing to a more sophisticated financial ecosystem.
(Original Video in Japanese was published on the FINOLAB CHANNEL on Jun. 24, 2025 by Makoto Shibata)
Since March 2025, Japan’s online securities industry has seen a rapid increase in unauthorized access incidents. Large-scale and automated attacks have targeted multiple securities companies, pushing the entire industry to respond.
The Reality of the Attacks: Over 17 Companies Targeted, Stock Manipulation Tactics Involved
While initially limited, incidents expanded rapidly by the end of May, affecting over 17 companies. Attackers have been selling customer-owned stocks and using the proceeds to purchase low-liquidity, small-cap stocks—primarily in China and Japan—in large volumes. These tactics are believed to be a form of market manipulation: perpetrators pre-purchase small-cap stocks, artificially inflate their prices, and then sell them for a profit.
Attack Methods: From Phishing to Sophisticated AI-Powered Malware
The attackers have employed several methods:
Highly convincing phishing sites and emails mimicking real securities firms
Info-stealer malware that extracts login credentials from infected devices
Adversary-in-the-middle (AiTM) attacks that intercept session data and bypass multi-factor authentication (MFA)
These threats are compounded by poor password practices and low security awareness among users, such as reusing passwords or clicking on suspicious links.
Industry Issues: Lagging Security Measures and Balancing User Convenience
The securities industry has been criticized for delayed implementation of MFA and maintaining multiple vulnerable login pathways (e.g., PC, mobile apps, third-party integrations). A strong focus on user convenience has often taken priority over security measures, making the systems more exploitable.
What’s Being Done: Industry-Wide Compensation and Strengthened Security
In May 2025, the Japan Securities Dealers Association announced that major online brokerages would offer compensation for losses due to phishing scams, regardless of existing terms and conditions.
Key initiatives include:
Mandatory MFA (via One Time Password(OTP), SMS, smartphone app, or phone callback)
Real-time transaction monitoring and alerting
Swift freezing of compromised accounts
Shared industry blacklists and incident intelligence
Conclusion: A Dual Response from Users and the Industry is Critical
These incidents show that relying solely on ID and password-based logins is no longer viable. Enhancing users’ security awareness and upgrading system-wide defenses are both essential.
CONTACT