The Financial Services Agency may also order Coincheck Inc - the exchange targeted by hackers in a $530 million theft of digital money - to raise its standards, the sources said.
The move would be the second such order given by regulators to Coincheck since the hack in late January, which was one of the largest thefts of digital money ever.
The FSA will mete out the punishments after uncovering flaws in customer protection and anti-money laundering measures during on-site checks at the exchanges. It was unclear exactly which exchanges would be targeted, or what form the punishments would take.
The FSA was not available for comment outside business hours. Coincheck did not immediately respond to an emailed request for comment. The Coincheck heist underscored the risks of trading an asset with which policymakers across the globe are grappling, and drew attention to Japan's system of regulating the exchanges.
Last year, Japan became the world's first country to regulate cryptocurrency exchanges at the national level. So far 16 exchanges are registered with the authorities, while a further 16 - including Coincheck - were allowed to continue operating while regulators assessed their applications.
After the Coincheck heist, the FSA said it would investigate all cryptocurrency exchanges for security gaps, and ordered them to file reports on system risk management and cryptocurrency storage.
As a result of those checks the FSA will order some of the unregistered exchanges to halt their operations, the sources said.
The FSA told Coincheck after the cyber heist to bolster its security systems. The second improvement order will focus on customer protection, the sources said, with the FSA monitoring progress of compensating investors affected by the hack.
The exchange has promised to repay about 46.3 billion yen ($425 million) of the cryptocurrency it lost in the theft. Last month it said it has sufficient funds to make the repayments, but declined to specify when it would repay investors affected.
The regulator may also order two of the government-registered exchanges, Tokyo-based GMO Coin and Zaif, run by Osaka-based Tech Bureau Corp, to improve their business, the sources said.
Representatives of the exchanges could not be reached for comment late on Wednesday.
Zaif said last month that a system glitch had let seven customers buy bitcoins for free. Though none was able to profit from the mistake, the blunder drew further attention to security and systems at Japanese cryptocurrency exchanges.
(Reporting by Thomas Wilson and Takahiko Wada; editing by David Stamp)
By Takahiko Wada and Thomas Wilson