Japan's open banking framework dates to 2017, making it one of the earliest formal regimes in Asia-Pacific. The Financial Services Agency (FSA) runs a registration-based system for third-party providers, and about 97% of Japanese banks built APIs to meet the 2020 compliance deadline. But building APIs and using them are different things. As of the FSA's September 2019 survey, 73 of 130 monitored banks had zero commercial agreements with any third party. The top five aggregators — Money Forward, Moneytree, Zaim, freee and Nest Egg — controlled 75% of all partnerships. The regime has all the architectural components of PSD2, including registration, access rights and standards guidance, without the hard data portability rights that made PSD2 commercially binding in the EU. A full profile of Japan's open banking institutions is tracked on the Open Banking Tracker.
1. Regulatory Framework
Legal basis. Open banking in Japan rests primarily on Japan's Banking Act (Act No. 59 of 1981, as amended in 2017). The 2017 amendment, which came into force on 1 June 2018, introduced a new regulated category called the Electronic Payment Intermediate Service Provider (denshi kessai to daikō gyōsha, often translated as Electronic Payment Service Provider, or EPSP). Adjacent regimes that touch open banking include the Payment Services Act (PSA), substantially amended in 2020 with further amendments effective 1 June 2023 covering "Electronic Payment Instruments" (stablecoins); the Act on Sales of Financial Instruments, renamed and amended in 2020 to introduce the FSIBO licence in 2021; the Financial Instruments and Exchange Act (FIEA); and the Act on the Protection of Personal Information (APPI), updated in 2020 to give individuals rights to request deletion of their personal data.
Regulator. The Financial Services Agency of Japan (FSA / JFSA), an affiliated agency of the Cabinet Office, is the principal regulator. Within the FSA, supervisory work is handled by a dedicated Financial Services Intermediary Business and Electronic Payment Service Providers Office, jointly with the Local Finance Bureaus (LFBs). The Bank of Japan also conducts examinations ("Nichigin Kousa") and is increasingly co-developing a unified data-collection framework with the FSA.
Requirements for banks. Under the Banking Act amendment:
- Banks have a duty to strive to prepare for API introduction (Article 11 of the amending act).
- Banks must publish their policy on cooperation with API companies (Article 10).
- Banks must publish standards and contract conclusion processes for API providers and are prohibited from unjust discrimination against EPSPs.
- Each bank must enter into a contract with the EPSP that allocates liability and stipulates that the EPSP must compensate users for any loss from electronic payment services and apply safety management measures.
- Banks must develop the technical systems for open APIs; the original deadline was two years from June 2018 (effectively May 2020), extended slightly because of COVID-19.
Requirements for third-party providers (TPPs / EPSPs). Any third party accessing customer data through bank APIs must register with the FSA. Registration requirements include: (i) a sufficient financial basis to perform the API business properly (Article 52-61-2); (ii) prepared internal systems; (iii) establishment of a representative in Japan; (iv) a clean disciplinary record; (v) duties to provide users with information (Article 52-61-8); (vi) information-security management measures (Article 52-14-17); (vii) a duty of good faith (Article 52-9); and (viii) reporting and record-keeping obligations (Articles 12-13). EPSPs must also file an annual written report with the FSA, and the FSA can conduct on-site inspections.
The regulation distinguishes between Account Information Service Providers (AISPs), analogous to EU PSD2 AISPs, and Payment Initiation Service Providers (PISPs) that transmit payment instructions; in Japan both are captured within the broader "Electronic Payment Intermediate Service" category.
2. Timeline and History
- December 2015 — Japan's Financial System Council Working Group on Payment and Transaction Banking publishes the report framing the policy direction.
- 2016 — Japan Revitalization Strategy 2016 sets out the Cabinet's policy intent on opening up banking APIs. METI releases "Japan's FinTech Vision," which calls for open APIs at banks and credit-card companies.
- May 2017 — The Banking Act amendment is passed by the Diet, alongside related amendments to the PSA.
- July 2017 — The Japanese Bankers Association (JBA) publishes the "Report of the Review Committee on Open APIs: Promoting Open Innovation," covering API specifications and security baselines.
- 1 June 2018 — Banking Act amendment takes effect, creating the EPSP registration regime.
- April 2018 — MUFG Bank launches external APIs for account information reference and transfer.
- September 2018 — FSA publishes its "Finance Digitalization Strategy" with eleven measures to promote digitalisation.
- November 2018 — Amendments to the Criminal Proceeds Act enable several methods of e-KYC.
- January 2019 — 21 EPSPs are registered; the count nearly doubles to around 40 by end-March 2019.
- September 2019 — FSA survey shows progress lagging: of 130 monitored banks, 73 had zero commercial API agreements with TPPs; only 5 EPSPs controlled 75% of partnerships, and the original 26 EPSPs had on average about 2 contracts each.
- May 2020 (extended deadline) — Approximately 97% of Japanese banks meet the API system-readiness deadline.
- June 2020 — The Act on Sales of Financial Instruments is amended to create the cross-sectoral Financial Services Intermediary Business Operator (FSIBO) licence.
- November 2021 — FSIBO regime takes effect, allowing one-stop intermediation across banking, insurance, securities and money-lending.
- 2022 — NTT Docomo and MUFG Bank launch a deposit-account collaboration using the FSIBO framework.
- June 2023 — Amended Payment Services Act takes effect, defining "Electronic Payment Instruments" (stablecoins) and introducing a registration system for stablecoin intermediaries.
- 2024 — The new FSIBO framework continues to mature; the FSA's dedicated supervisory office takes operational charge; Bank of Japan exits negative interest rates (March 2024); FSA publishes updated Guidelines for Cybersecurity in the Financial Sector (October 2024).
- March 2025 — METI mandate requires all e-commerce credit-card transactions to use EMV 3-D Secure, raising authentication and tokenisation baselines across the API ecosystem.
- August 2025 — FSA publishes "Strategic Priorities: July 2025 – June 2026," with pillars on digitalisation of financial services, refinement of the crypto-asset regulatory framework, payment-system improvement (including yen-denominated stablecoins) and AI use by financial institutions.
- October 2025 — MUFG, SMFG (Sumitomo Mitsui) and Mizuho Financial Group publicly announce a joint proof-of-concept for yen-backed stablecoins built on MUFG's Progmat blockchain infrastructure.
- November–December 2025 — NTT Data announces collaborations with domestic banks to enhance API-driven open banking infrastructure; Rakuten Bank upgrades open APIs to improve third-party fintech integrations.
3. Market Adoption
Bank participation. Of the roughly 130 banks monitored by the FSA, the IMF's 2024 Financial Sector Assessment Program technical note records that "open banking is permitted in Japan, and most banks have currently developed systems for the introduction of open APIs." JETRO/Accenture readiness scoring found the following ordering by API readiness:
| Bank category | Avg. readiness | Dispersion |
|---|---|---|
| Credit Federation of Agricultural Cooperatives | 32 | 0 |
| JA (Japan Agriculture) | 32 | 0 |
| City banks (incl. megabanks) | 31.6 | 2.9 |
| Local (regional) banks | 20.8 | 6.6 |
| Norinchukin | 18 | 0 |
| Second-tier regional banks | 16.9 | 7.1 |
| Shinkin (community) banks | 14 | 2.2 |
| Trust banks | 4.7 | 7.9 |
| Shinkumi (credit cooperatives) | 3 | 5.4 |
| Foreign banks in Japan | 0 | 0 |
Megabanks. The three largest — MUFG Bank, SMBC (Sumitomo Mitsui Banking Corporation) and Mizuho Bank — are the lead implementers and serve approximately 19.3% of Japanese companies as their main bank (MUFG 7.93%, SMBC 6.34%, Mizuho 5.04% according to Tokyo Shōkō Research). All three operate developer portals and active fintech partnerships. MUFG launched APIs for account information and funds transfer in April 2018, including cloud-accounting integration with freee for SMEs and a deposit-account collaboration with NTT Docomo in 2022 under the FSIBO framework. SMBC maintains a comprehensive API portal with partnerships covering Moneytree and Stripe. Mizuho operates its own developer portal with active fintech engagement.
Active regional and digital banks. Ogaki Kyoritsu Bank was an early mover, partnering with Rakuten Bank to enable cross-bank account services. SBI Sumishin Net Bank provides BaaS to Yamada Denki and East Japan Railway (via Rakuten Bank). Japan Post Bank and Resona Bank are also active participants. The IMF reports 11 digital banks registered with the FSA (the first licensed in 2000; the first smartphone-only bank in 2020, which reached almost 600,000 accounts in two years). All active Japanese digital banks are tracked on the Open Banking Tracker Japan directory.
API categories. The Japanese framework and JBA Technical Guideline cover read APIs for account information and transaction history (the most mature category) and write APIs for payment initiation and funds transfer. The latter remain less universally standardised and are typically deployed through bilateral arrangements rather than a common technical specification.
Market size. According to Markets and Data (methodology not independently published), the Japan API banking market reached an estimated USD 2.61 billion in FY2025, with a projected CAGR of 13.24% through FY2033. "Account and Transaction Management" is cited as the largest application segment.
4. Key Players
Megabank API providers. MUFG, SMBC, Mizuho and Resona are the primary megabank API providers. Among digital and regional banks, SBI Sumishin Net Bank and Rakuten Bank are the most API-active, with Japan Post Bank also a participant.
Account aggregators and PFM. Money Forward, Inc. (co-founded by Toshio Taki, also a director of the Japan Association for Financial APIs; listed in 2017) held the largest share of commercial bank-API contracts at end-September 2019 with approximately 35 agreements. Moneytree KK, founded by Paul Chapman, aggregates data from over 99% of Japanese banks and holds the distinction of being the only fintech company backed simultaneously by all three Japanese megabanks. Zaim and freee (cloud accounting for SMEs) hold positions three and four by contract count; Nest Egg (operator of Finbee) rounds out the top five. Together these five controlled 75% of all EPSP agreements at the time of the September 2019 FSA survey.
Payments and e-money registrants. LINE Pay and Rakuten Pay are among the notable EPSPs in the payments segment; SBI Ripple Asia focuses primarily on cross-border payments. Major Japanese telecom carriers have also registered as EPSPs and participate in the broader payments ecosystem.
Infrastructure and tech vendors. NTT Data is the dominant core-banking systems vendor and announced expanded open banking API collaborations with Japanese banks in December 2025. Nomura Research Institute handles consulting and market measurement. Stripe, after partnering with JCB in November 2023 to expand JCB API access for global e-commerce, has become a material player in the Japan API infrastructure layer.
Industry associations and self-regulation.
Japanese Bankers Association (JBA / Zenginkyo): 118 full bank members (April 2019), 3 bank holding companies, 73 associate members, 58 special regional bankers' associations. Author of the JBA Technical Guideline and the 2017 "Report of Review Committee on Open APIs."
Japan Association for Financial APIs: self-regulatory body whose members are FSA-registered TPPs, focused on cybersecurity self-regulation and continuous improvement of API standards.
Fintech Association of Japan: broader fintech industry body; Moneytree's Mark Makdad was a founding member.
5. Standards and Technical Details
Unlike the UK's mandatory Open Banking Implementation Entity (OBIE) Standard, Japan does not have a single legally enforced technical specification. The JBA Technical Guideline ("openapi_sp_1.pdf") published by Zenginkyo is the de facto industry standard. Key technical attributes:
- Data format: JSON over REST.
- Security model: OAuth 2.0 authorisation framework. Banks assess TPP eligibility for security maturity, reviewing certifications such as ISO 27001 and TRUSTe.
- Authentication: Token-based (intended to replace screen-scraping, though the transition to fully token-based access has been uneven).
- Future considerations: The framework explicitly contemplates future alignment with the OpenID Foundation's Financial-grade API (FAPI) specifications.
- Governance forum: The FSA, the JBA and the Japan Association for Financial APIs hold ongoing governance discussions.
- Privacy/consent: Anchored in the Act on the Protection of Personal Information (APPI), updated 2020 to grant deletion rights.
- No central directory or certification body equivalent to the UK's OBIE or Australia's ACCC accreditation register; banks individually conduct TPP eligibility reviews.
Money Forward's Toshio Taki has described the design as similar in spirit to PSD2 but without a clear data-portability right, meaning much of the architecture remains voluntary and bilaterally negotiated.
6. Comparison to Other Markets
| Dimension | Japan | UK | EU (PSD2/PSD3) | Australia (CDR) | Singapore | Hong Kong |
|---|---|---|---|---|---|---|
| Approach | Soft regulatory / hybrid | Strict regulatory | Regulatory | Regulatory (cross-sector) | Market-driven | Regulatory (phased) |
| Lead regulator | FSA | FCA / OBIE | EBA / national CAs | ACCC / OAIC / Treasury | MAS | HKMA |
| Mandatory technical standard | No (JBA guideline is de facto) | Yes (OBIE) | No (Berlin Group emerged) | Yes (Data Standards Body) | No (API Playbook) | No (4-phase OAPI Framework) |
| Coverage | Banks register EPSPs | CMA9 + voluntary banks | All payment account banks | Big 4 first, expanded | Voluntary | Major banks |
| Data portability law | No general right | Yes via PSRs | Yes (PSD2) | Yes (CDR is a horizontal data right) | No | Limited |
| Banks may charge for data | Yes | No | No | No | Mixed | Mixed |
| Payment initiation | Available bilaterally | Mandatory | Mandatory | In development | In development | Phase 4 |
| Reciprocity | No | No | No | Yes (world-first) | No | No |
Japan was the earliest Asia-Pacific formal mover (2017-2018), ahead of Hong Kong's 2018 OAPI Framework and Australia's 2020 CDR rollout. The Open Finance Map on the Open Banking Tracker visualises this regional timeline across all 30+ tracked jurisdictions. Despite the head start, Japan's regulatory teeth are weaker than the UK, EU or Australian frameworks. As Toshio Taki of Money Forward has summarised, Japan's Banking Act amendment is similar to PSD2 in intent but lacks a data portability regulation. Deloitte and Brankas global comparisons consistently classify Japan alongside Singapore and South Korea as market-driven or non-compulsory jurisdictions, while the UK, EU, Australia and Brazil are classified as regulatory-driven. Hong Kong sits between the two camps.
7. Challenges and Gaps
Slow commercial uptake despite high system readiness. Although about 97% of Japanese banks built APIs by the 2020 deadline, the FSA's own September 2019 survey found that 73 of 130 monitored banks had zero commercial agreements with TPPs, and 34 of 59 registered EPSPs had no agreements at all. Moneytree's CPO Mark Makdad publicly called the pace of progress "far from optimal" and the FSA itself expressed concern that open banking was not progressing as expected.
Fee disputes. Unlike the UK and EU, Japanese banks may charge fees to disclose customer data, creating commercial friction. Money Forward's Junichi Kanda told reporters: "It's difficult for some banks to fork out additional costs, even if they're investments for the future, when it's not clear how much they can profit by doing this." Moneytree sales chief Taizo Miyagami argued that putting financial burdens on startups undermines the initiative.
No data portability right. The Japanese regime obliges banks to publish API policies and to negotiate fairly, but customers do not have a hard portability right comparable to PSD2 Article 67 or Australia's Consumer Data Right.
Cultural and structural barriers. The Japan Times and Toppan Digital have both documented the "fortress mentality" at Japanese banks and the cultural conservatism that has left Japan near the bottom of regional fintech-adoption rankings. The Federal Reserve Bank of San Francisco's Pacific Exchanges podcast specifically described the rollout as the "slow introduction" of open banking. Nomura Research Institute's Hideki Osawa has cited data-leak concerns and the absence of a dominant fintech at the scale of Alipay or WeChat as additional reasons banks hesitate. SMEs and households in Japan are generally satisfied with traditional banking, which reduces consumer pull.
Persistence of screen-scraping. Until 2020, account aggregators continued to rely on stored ID/password credentials and screen-scraping. The transition to fully token-based access has been uneven, particularly outside the megabanks.
Uneven readiness among smaller banks. Trust banks, shinkumi (credit cooperatives) and foreign banks in Japan score near zero on API readiness, leaving meaningful pockets of the market outside the open banking ecosystem.
Concentration risk among aggregators. With 75% of TPP partnerships flowing to five aggregators, the system is concentrated rather than producing the diverse fintech ecosystem PSD2 envisaged in Europe.
8. Recent Developments (2024-2026)
FSIBO operational maturity (2024). The Financial Services Intermediary Business Operator framework, which entered force in late 2021, became more widely used in 2024. FSIBOs can act as cross-sectoral intermediaries under one registration. If they offer a digital solution and meet additional requirements, they may also engage in Electronic Banking Settlement Agency Services, covering AISP/PISP functions. The FSA's dedicated supervisory office handles this jointly with the Local Finance Bureaus.
FSA Cybersecurity Guidelines (October 2024). Updated guidelines tightened risk-management expectations for outsourcing and cloud computing, incident reporting and information sharing, aligning with the EU's Digital Operational Resilience Act (DORA). These directly affect open banking participants because they reshape TPP eligibility reviews and bank assessment frameworks.
EMV 3-D Secure mandate (March 2025). METI required all e-commerce credit-card transactions to use EMV 3-D Secure by 31 March 2025, lifting authentication and tokenisation baselines across the payments ecosystem.
Stablecoin and tokenised-deposit initiatives (2023-2025). The June 2023 PSA amendments created a registration framework for stablecoin intermediaries. In April 2024 the ruling LDP's Web3 Project Team published the Web3 White Paper 2024, recommending that Trust Beneficiary Interest Stablecoin issuers be allowed to hold government bonds in trust assets. On 17 October 2025, MUFG, SMFG and Mizuho announced a collaborative initiative to issue yen-backed stablecoins for corporate settlements using MUFG's Progmat blockchain infrastructure, primarily targeting institutional cross-border payments and tokenised deposits.
FSA Strategic Priorities: July 2025 - June 2026 (published August 2025). Three pillars: enhancing financial functions to support sustainable growth (including digital-finance innovation); strengthening financial stability and confidence; and reorganising the FSA into two supervisory divisions (asset management/insurance; banking/securities). The Priorities focus on digital finance innovation and payment modernisation, covering crypto asset regulation, yen stablecoin infrastructure and AI governance by financial institutions.
Infrastructure partnerships. December 2025 saw NTT Data expand its open banking infrastructure collaborations with Japanese banks. Rakuten Bank upgraded its open APIs in October 2025 to enable faster digital lending and payment integrations. Stripe and JCB expanded their partnership in November 2023 to broaden JCB API access for global e-commerce, and Wise has deepened API connectivity into Japan.
What to Watch
Japan's open banking is an early-mover framework that delivered system readiness without commercial depth. The legal architecture predates most comparable Asian markets, but the absence of a data portability right, permissible bank fees on data, fragmented technical standards and concentrated aggregator economics have kept uptake thin. The 2024-2026 period is moving Japan toward a more open-finance posture that integrates traditional banking with tokenised settlement and cross-sectoral data intermediation through the FSIBO framework and the Progmat/megabank stablecoin initiative.
Whether Japan converges on a UK- or Australia-style mandate depends on one decision the FSA has not yet made: introducing either a horizontal data-portability right or a binding API standard. Until that happens, the architecture will remain voluntary where it matters most.
The Open Banking Tracker monitors the open banking and open finance regulatory status of Japan and 30+ other jurisdictions, including full institution-level data. Explore the full Japan open banking directory and the Open Finance Map for a global view.
