TOKYO -- Japan's financial watchdog on Thursday announced that seven cryptocurrency exchange operators have been penalized for failing to adequately protect customers and prevent money laundering.
Two exchange operators, FSHO and BitStation, have been ordered to suspend their operations from Thursday through April 7. Five others -- Tech Bureau, GMO Coin, Bicrements, Mr. Exchange and Coincheck, which lost roughly $550 million worth of NEM cryptocurrency in a hacking attack in late January -- have been handed business improvement orders.
At BitStation, the Financial Services Agency found that one of the operator's senior staff members had diverted customer bitcoins for personal use.
The FSA has been conducting on-site inspections of the exchange operators, prompted by the Coincheck heist.
The probes have targeted several of the country's 16 licensed exchange operators and all 16 operators not yet officially registered with authorities. Businesses in the latter group, including Coincheck, existed before a law requiring registration took effect and so have been allowed to operate while they seek official recognition. Registration comes with various requirements, including segregation of assets.
Tech Bureau and GMO Coin are registered, while the other five that were punished are not yet officially registered.
The FSA also revealed that BitStation has withdrawn its application for registration, as have two exchanges not punished on Thursday -- BitExpress and Raimu. The three operators will have to return funds or cryptocurrencies they hold on behalf of their customers and shut down.
While not yet complete, the FSA inspections have apparently found enough issues with customer protections and anti-money-laundering measures that the agency fears another Coincheck-style hack.
Coincheck had already received an improvement order just after the hacking incident, making the latest order its second.
The watchdog sees unregistered exchange operators -- five have been raided so far -- as particularly problematic. Those penalized will face the choice of whether to meet the agency's requirements and complete registration or withdraw their applications like BitStation, BitExpress and Raimu.
The FSA's first order to Coincheck demanded that the company strengthen oversight and management of systems implicated in the NEM hack. This time around, the FSA is seeking progress on a broader range of issues, including money laundering, corporate governance and management structure.