This is the longer read behind “Japan procurement: a field guide for the impatient.”
The ringi process is not an obstacle. Foreign vendors who frame it as an obstacle are signalling, clearly, that they do not understand the environment they are trying to operate in. The ringi process is how decisions are made. Understanding its mechanics — and the informal processes that determine whether the formal process succeeds or fails — is the prerequisite to operating effectively in Japan FSI.
What a ringi-sho actually is
The ringi-sho is a formal written proposal document. Its structure is standardised within each organisation, but the consistent elements are: the proposal itself (what is being requested), the rationale (why it is being requested), the budget impact, the risk assessment, and the approval routing.
The approval routing is the key architectural feature. A ringi-sho is initiated at a specific level of management, often the responsible department or section chief, and circulated upward through the hierarchy. Each level stamps (hanko) the document — either approving, requesting clarification, or in rare cases rejecting. The document cannot skip levels. It must reach the appropriate executive level for decisions above certain thresholds, which in Japan FSI security typically means CISO or CTO level for significant investments.
The practical implication for a foreign vendor is this: the initial contact, who is enthusiastic about your product and agrees that it solves a real problem, has very limited ability to accelerate this process. They can draft the ringi-sho. They cannot route it faster than the institutional process allows. They cannot bypass levels of review. Pushing them to “get this done faster” puts them in an impossible position and damages the relationship.
Why ringi-sho documents fail
The most common reason a ringi-sho fails is not that the organisation decided against the product. It is that the document was drafted before nemawashi was complete, and the objections that surface during the routing could have been addressed beforehand.
The ringi-sho routing process is, by design, a moment for stakeholders to raise concerns. If the legal team has an APPI question about the vendor’s data handling that has not been addressed, that question appears as an annotation on the routing document, halting progress until it is resolved. If IT security has a concern about integration complexity that has not been discussed, same result. If finance has a budget question, same.
None of these are unexpected concerns. They are the concerns any reasonable procurement process would surface. The difference between a successful ringi and a stalled one is whether these concerns were addressed before the document started routing, or whether they surface during routing as surprises.
Nemawashi: where the decision actually happens
Nemawashi is the informal process that precedes and determines the formal one. The word translates roughly as “going around the roots” — a gardening metaphor for preparing the ground before transplanting. In procurement context, it means individually approaching the key stakeholders who will influence or review the ringi before the ringi-sho is drafted.
A vendor’s internal champion — the person inside the organisation who wants to buy the product — needs to conduct nemawashi. They need to understand what each stakeholder’s specific concerns are and address them privately. The APPI question from legal needs to be answered before the ringi is drafted. The integration concern from IT security needs to be resolved. The budget framing for finance needs to be calibrated.
The foreign vendor’s role in this is to enable their champion. They need to provide the documentation that answers the predictable questions. They need to be available to provide additional information without making the champion feel like they are doing vendor sales work. They need to move at the champion’s pace, not the vendor’s preferred timeline.
The April budget cycle in practice
Japan FSI operates on an April-to-March fiscal year. This has specific implications that are different from the abstract knowledge that Japan has a different fiscal year.
Budget requests for the next fiscal year are consolidated in autumn of the current year. Different organisations have different internal deadlines, but October to November is when department-level budget proposals are assembled into the next year’s plan. Those plans go through their own approval process — often a version of ringi at the departmental level — and are submitted to finance for consolidation by December.
This means:
- A first meeting in September is a conversation for the April budget cycle. You have two to three months to get through nemawashi and get a ringi in motion if the target is current-year budget. This is tight but possible for straightforward purchases.
- A first meeting in November means you are almost certainly pitching for April of the following year. The budget for the current year is locked or locking. A vendor who pushes for commitment before the April cycle is asking their champion to find emergency budget, which is possible but painful and creates internal political cost.
- A first meeting in February or March is pitching for April of the year after. The current year is closed. The next year’s budget is allocated. You are in a conversation whose output — if successful — is a commitment that will show up in the budget planning process starting seven months from now.
Successful vendors in Japan FSI know which cycle they are in and calibrate expectations accordingly.
APPI sub-processor questions: the deal-killer nobody prepares for
The APPI sub-processor question is the most frequent unforced error in Japan FSI security vendor procurement engagements. It goes like this: during a procurement meeting, the legal or compliance representative asks which sub-processors can access customer data, where those sub-processors are located, who monitors their compliance, and how incidents involving sub-processors are handled. The vendor’s account team — often a regional account manager without deep knowledge of the vendor’s sub-processor arrangements — cannot answer the question in the room.
The meeting ends. A follow-up is promised. The follow-up takes two weeks to produce and is in English. The legal team reviews it and has further questions. Three months pass. The champion’s enthusiasm has cooled because the process has become difficult. The deal stalls.
This is preventable. Every foreign SaaS vendor entering Japan FSI should have a prepared, current, Japanese-language document describing their sub-processor arrangements in sufficient detail to answer an APPI review board’s questions. That document should be available before the first procurement meeting, not after. It should address: which third-party cloud providers process data, in which regions, under what contractual terms, and what the notification and response process is for a data incident involving a sub-processor.
Vendors who have this document ready signal something important to Japan FSI procurement teams: they understand the environment. That signal is worth as much commercially as the document itself.
PII review boards: the parallel track
Many Japan FSI organisations have established Personal Information Protection Committees or equivalent PII review boards that operate as a formal approval track for any tool or service that will process personal data. This track runs in parallel to commercial procurement, not after it.
A vendor who learns about the PII review board during contract negotiation is six months behind. The PII review requires essentially the same documentation as the APPI sub-processor question, plus a data flow mapping of how personal data moves through the proposed solution. That mapping takes time to produce and validate.
The correct approach is to establish, in the first or second meeting, whether a PII review board exists and what it requires. Then to provide the required documentation early, so the PII review track and the commercial track can run in parallel rather than sequentially.
What internal champions need from you
The champion — the person inside the organisation who has decided your product is the right answer and is working to make the purchase happen — is doing real work on your behalf. They are conducting nemawashi conversations, drafting documentation, managing stakeholder questions, and keeping the process alive across a timeline that probably extends beyond what they originally planned.
What they need from you is: fast responses to documentation requests, Japanese-language materials for the stakeholders they are managing, honest answers to the hard questions (not polished answers designed to deflect), and patience with the timeline. What they do not need is a vendor sales team applying pressure for a close date that the internal process cannot accommodate.
The champion who feels supported does the work. The champion who feels squeezed between an impatient vendor and a slow internal process often quietly deprioritises the purchase. The deal does not fail — it just never progresses.
Keeping momentum across 12-18 months
A 12-18 month sales cycle is not unusual for significant security platform investments in Japan FSI. The vendor who maintains momentum across that timeline does a few things consistently. They stay in contact at regular intervals — quarterly at minimum — with substantive content: market intelligence, product updates relevant to the customer’s specific situation, case studies from comparable institutions in other markets. They do not use these contacts to ask for an update on the procurement status. They already know the status.
They remember details across meetings. They demonstrate that they understand the customer’s specific situation, not the generic Japan market. They treat the relationship as ongoing even when there is no active commercial conversation, because in Japan FSI the relationship that exists before the procurement cycle starts is the relationship that determines who gets the opportunity when the cycle opens.