Japan's Financial Services Agency Proposes Cybersecurity Guidelines for Crypto Exchanges

Japan's Financial Services Agency has released a draft of cybersecurity guidelines aimed at strengthening the security of cryptocurrency exchanges. According to PANews, the draft is open for public comment until March 11. The proposal highlights the increasing complexity of cyberattacks targeting crypto exchanges, including social engineering and indirect attacks through outsourced service providers. It emphasizes that relying solely on cold wallets is insufficient for security, and calls for enhanced supply chain security management.

The draft also addresses state-sponsored attacks, underscoring the importance of asset protection from a national wealth preservation perspective.

The plan is built on three pillars: self-help, mutual assistance, and public assistance. From the fiscal year 2026, the self-help pillar will require the crypto exchange industry to conduct cybersecurity self-assessments and raise security standards. The mutual assistance pillar aims to strengthen the role of industry self-regulatory associations and encourage companies to participate in information-sharing organizations. The public assistance pillar will continue international joint research, with plans to involve the entire industry in cybersecurity exercises within three years and conduct real-world penetration tests on some operators by 2026.