Japan crypto audit-firm landscape — Big4 + Grant Thornton Taiyo + BDO Sanyu crypto-practice comparison

Wiki route

This entry sits under exchanges index. Read it against Domestic VASP security / audit / ISMS certification landscape for peer / contrast context and FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements for the broader system / regulatory boundary.

Overview

FSA-registered VASPs are, under the Payment Services Act + Cabinet Office Ordinance, obligated to receive each fiscal year a financial-statement audit and a segregated-management audit（assurance over the separate custody of customer assets and own assets）from a CPA or an audit firm. JICPA Industry Committee Practical Guideline No. 第 61 号（audits of crypto-asset-related operators） is applied as guidance. The Big 4 （DT Tohmatsu / EY ShinNihon / KPMG AZSA / PwC Japan）and the mid-tier firms（Grant Thornton Taiyo / BDO Sanyu）divide the market, with small and mid-sized audit firms also entering for Web3 startups. Since the Coincheck NEM outflow incident（2018-01）, audit quality and segregated-management governance have grown stricter.

Big 4 audit-firm crypto practices

Deloitte Touche Tohmatsu LLC（有限責任監査法人トーマツ）

Crypto / digital-asset specialist organization: established a “Blockchain & Crypto-Asset Advisory” group
Target clients: numerous bitFlyer-affiliated / major-VASP audit engagements（on a public basis）
Strength: a well-developed methodology for segregated-management audits; involved in drafting JICPA Practical Guideline No. 第 61 号
Additional services: Travel-Rule-compliance consulting（related to Domestic VASP Act on Prevention of Transfer of Criminal Proceeds + FATF Travel Rule Domestic Implementation (2023-)）, tax（Deloitte Tohmatsu Tax Co.）, risk consulting

EY ShinNihon LLC（EY 新日本有限責任監査法人）

Crypto practice: “Financial Services Office, Crypto-Asset Team”
Strength: transfer of audit know-how for overseas VASPs / stablecoin issuers via the global EY network
Targets: major VASPs / stablecoin issuers / token issuers
Additional: IFRS crypto-asset accounting advice, Web3 IPO-preparation support

KPMG AZSA LLC（有限責任あずさ監査法人）

Crypto practice: “KPMG Japan Digital Assets” group
Targets: major VASPs / regional-bank-affiliated crypto-asset-related companies
Strength: integrated audit of internal control（J-SOX）+ crypto-custody controls, SOC2 / ISMS preparation support
Additional: advice on CEX × Japanese bank unsecured-credit track-record map（business expertise across both financial institutions and crypto assets）

PwC Aarata LLC（PwC あらた有限責任監査法人）

Crypto practice: “FinTech & Crypto-Asset” team
Strength: PwC’s global “Time for trust” crypto-asset framework, Web3 strategy consulting
Targets: a combination of Web3 startups + major VASPs
Additional: NFT / DAO legal-tax advice, tokenomics-design support

Mid-tier firms（Tier 2）

Grant Thornton Taiyo LLC（太陽有限責任監査法人） — strength in financial-statement audits / segregated-management audits of mid-sized VASPs. Handles cross-border crypto-asset engagements via the Grant Thornton global network
BDO Sanyu & Co.（BDO 三優監査法人） — the Japan base of the BDO global network. Audits for mid-sized VASPs / Web3 startups
PwC Kyoto LLC / EY and other Kansai bases — for VASPs headquartered in the Kansai region

Issues specific to Web3 / token issuers

Audit issues differ greatly between VASP audits and Web3 token issuers:

Valuation of held crypto assets — year-end fair-value measurement under Article 61 of the Corporation Tax Act（the 2024 revision excluded self-issued + third-party-held tokens）
Segregated-management assurance — cold wallets / multisig / custodian separation（the choice of Ginco / Komainu / Fireblocks Japan directly bears on audit issues）
Completeness verification of trading volume / balances — reconciliation procedures between on-chain transactions and the books
Travel-Rule compliance — verification of the existence of KYC / customer-due-diligence evidence trails
Recognition timing of gas fees / staking rewards — differences between IFRS / Japanese standards
Accounting recognition of NFTs / tokens — classification judgment among inventory / intangible fixed assets / crypto assets

The three pillars: VASP audit + legal advice + forensics

The compliance regime of a domestic VASP is supported by the following three layers:

Accounting audit: the audit firms on this page
Legal advice: Domestic crypto law-firm landscape — Anderson Mori / Nishimura & Asahi / Mori Hamada / TMI / BCLP comparison
Forensics / transaction monitoring: Global crypto-asset forensics-vendor layer — Chainalysis / Elliptic / TRM / Crystal comparison

These 3 layers × JVCEA: Overview of the Self-Regulatory Framework + JCBA — Japan Crypto-asset Business Association + FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements constitute the full picture of domestic VASP compliance.

jp-vasp-security-audit-certification — VASP security audit / certification
japan-crypto-law-firm-landscape — law-firm landscape
global-crypto-forensics-vendor-layer — forensics vendors
jp-crypto-asset-taxation-detailed — crypto-asset taxation detail
jvcea-self-regulatory-overview — JVCEA self-regulation
jp-vasp-parent-company-map — VASP parent-company map
japan-financial-regulation — upper-level financial regulation

Sources

Deloitte Tohmatsu crypto assets: https://www.deloitte.com/jp/ja/services/audit-assurance/perspectives/digital-asset.html
Deloitte blockchain GRC: https://www2.deloitte.com/jp/ja/pages/risk/articles/grc/crypto-assets.html
PwC Japan crypto assets: https://www.pwc.com/jp/ja/issues/crypto-asset.html
KPMG AZSA crypto assets: https://kpmg.com/jp/ja/home/services/audit/financial-services/crypto-assets-blockchain.html
EY ShinNihon crypto assets: https://www.shinnihon.or.jp/services/financial-services/crypto-assets/
Grant Thornton Taiyo official: https://www.grantthornton.jp/
BDO Sanyu & Co.: https://www.bdo.or.jp/
JICPA Industry Committee Practical Guideline No. 第 61 号（public）