TOKYO -- Japan's financial watchdog plans to penalize a number of cryptocurrency exchange operators for not taking adequate steps to protect customers and prevent money laundering, Nikkei learned Wednesday.
The Financial Services Agency is expected to order some exchanges to suspend operations and tell others to shape up or risk further punishment. An official announcement is expected as early as this week.
The FSA is carrying out on-site inspections at exchange operators, prompted by the Jan. 26 incident where roughly 58 billion yen ($550 million) in the NEM cryptocurrency was stolen from Tokyo-based Coincheck.
The inspections target several of the country's 16 licensed exchange operators and all 16 operators not yet officially registered with authorities. Businesses in the latter group, including Coincheck, existed before a law requiring registration took effect and so have been allowed to operate while they seek official recognition, which carries asset segregation and other requirements.
Coincheck has already received an improvement order just after the heist and will likely be hit with a second order.
While not yet complete, the FSA inspections have apparently found enough issues with customer protections and anti-money-laundering measures that the agency fears another Coincheck-style hack.
The FSA sees unregistered exchange operators -- five have been raided so far -- as particularly problematic. Those penalized will face the choice of whether to meet the agency's requirements and complete registration or withdraw their applications. Those not up to snuff might have to shut down.
The FSA's first order to Coincheck demanded that the company strengthen oversight and management of systems implicated in the NEM hack. This time around, the FSA is expected to seek progress on a broader range of issues, including money laundering and corporate governance.
The agency is also expected to urge Coincheck to compensate customers whose NEM was stolen. The exchange operator has said it has enough funds to repay customers affected by the hack.