Countermeasures for Cryptocurrency Outflow Risks Discussed at Financial Services Agency Meeting

Japan’s Financial Services Agency (FSA) released the agenda and handouts of the sixth meeting of the “Study Group on the Virtual Currency Exchange Services” held on October 3. At the session, the topic of countermeasures for cryptocurrency outflow risks was raised, along with the connection between financial regulations and the diversification of cryptocurrency usage methods.

In regards to the diversification of cryptocurrency usage methods, the FSA stated that cryptocurrency “can possess a variety of characteristics due to derivative transactions and the entry of initial coin offerings (ICO), including not only payment and payment methods, but also investment and fund procurement methods.” As for whether the FSA would consider regulations on usage methods, the agency took the position that it would be necessary to determine “whether individual actions that use cryptocurrency have a financial (monetary versatility) function,” and that “in the event that the actions do have a financial function, the introduction of financial regulations could be expected dependent upon the social significance of cryptocurrency, whether there could be harm in encouragement of speculation, etc.”

Furthermore, in the event that financial regulations are introduced, the FSA will consider “the extent to which user protection is necessary” and “the extent to which a guarantee of legitimate and reliable execution of operations based on the impact on the entire finance system, etc. is necessary,” and that the agency must investigate the appropriate details for regulations.

Countermeasures for cryptocurrency outflow risks were also discussed at the study session in light of the incident at the Japanese cryptocurrency exchange Zaif last month, in which about 7.0 billion yen (63million U.S. dollars) in Bitcoin and other cryptocurrencies was stolen.

A shared aspect between the Coincheck cryptocurrency exchange’s outflow of 58 billion yen (519million U.S. dollars) in NEM coins in January this year and the incident at the Zaif exchange last month is that the stolen currency in both instances was managed using “hot wallets,” online wallets used to transfer cryptocurrency that are managed with essential private keys.

In the guidelines and laws related to the Payment Services Act, the FSA recommends “split management” of assets with a clear classification between the company’s cryptocurrency and customer cryptocurrency, as well as management of assets through “cold wallets,” or wallets that are managed offline, to the greatest extent possible as part of efforts to improve cybersecurity management systems.

A list of proposals to strengthen self-imposed regulations for preventing future outflow incidents included establishing business divisions that bear responsibility for split management of assets, setting internal regulations that place a limit on the amount of cryptocurrency that can be managed in a hot wallet, disclosure of cryptocurrency safekeeping policies (adoption of multisignature technology, the retention ratio of cold wallets, etc), and explanations to customers about countermeasures if assets are lost in a cyberattack.

Taizen Okuyama, chairman of the Japan Virtual Currency Exchange Association (JVCEA), an industry organization for cryptocurrency exchange operators, was also in attendance at the FSA meeting. Initiatives for self-regulation of Japanese cryptocurrency exchanges from the standpoint of user protection are also expected to be strengthened even further in the future.