Thailand is a pioneer in Southeast Asia in the adoption 5G technology to improve and expand the country’s capacity for deep technology such as blockchain, artificial intelligence (AI), Big Data, robotics, cloud computing and machine learning. As a result of proactive development of its information communication technology (ICT) facilities and the regulatory environment, Thailand is one of the fastest growing fintech markets in ASEAN, and currently has one of the world’s largest consumer bases for fintech mobile banking.
According to the Global Digital Report 2021, conducted by social media management platform Hootsuite and global agency We Are Social, Thailand was ranked first globally for use of banking and financial services applications at 68.1% of the country’s total internet users, and second globally for digital payments with 45.3% of the country’s total internet users who use mobile payment services. Only Hong Kong is ranked higher. According to the Central Bank of Thailand (BOT), in 2020, the value of e-payment transactions through internet and mobile banking is about THB5,972.1 billion, which is an increase from 2019 by around 29.6%.
The Thai government has been promoting fintech by developing accessibility to government platforms. The BOT has co-operated with global card network service providers to create an innovation called the “Thai QR Code” which facilitates payments via debit cards, credit cards, e-wallet and e-payments through the bank accounts using the Thai QR Code as an intermediary. During the COVID-19 pandemic, the Thai government created the e-wallet application “Pao Tang” to give financial support to people who qualified for the program, as well as to stimulate the Thai economy. Granted-in-aid subsidies will be credited to the application which can be used as intermediate for payment of goods with registered vendors. Coupled with a push for contactless payments due to the COVID-19 pandemic, fintech has become more widespread and the use of electronic transactions has become more normalised in Thailand.
Apart from electronic payments the digital asset trading, cryptocurrency has increasingly captivated the Thai market. Investors and service providers in secondary digital asset markets are still active despite the fact that initial coin offerings (ICO) of digital tokens in Thailand has slowed.
Stock Exchanges and Investors
At the end of 2020, the Stock Exchange of Thailand (SET) and KASIKORN Business - Technology Group (KBTG) co-operated to develop an open digital asset platform using Distributed Ledger Technology for digital tokens. As a result, Thailand will be a centre for trading and offering digital tokens providing an alternative for investors to invest in the businesses and for operators crowdfund.
Investors have showed interest in a Security Token Offerings (STO). An STO is a type of public offering which is similar to an ICO where digital tokens are offered in a public market. However, tokens offered through an STO will be backed by the underlying investment asset of the issuer. An STO is, therefore, more stable than an ICO. As the Securities and Exchange Commission of Thailand (SEC) is expected to issue regulations outlining criteria and requirements for STOs in 2021.
In addition, the SEC also plans to convert a script bonds into scripless bonds by using blockchain technology. For this reason, blockchain technology has the bright future in Thailand.
The major players in Thai fintech industry are predominantly financial institutions and traditional non-banking financial institution. They have been adopting technology for their services to facilitate their customers needs and increase market share. Other players include venture capitals and startups.
The main fintech business models in Thailand are as follows.
E-money, E-wallets and E-payment
E-money, e-wallet and e-payment service providers are some of the most significant players in the Thai fintech industry. The recent rise in number of online payments, mobile banking payments and mobile banking users caused financial institutions and non-bank financial operators (“Financial Services Providers”) to adopt financial technology in operations of their normal banking businesses. Their business operations and services could then be conducted or provided through their online platforms instead of physical branches.
Other than the Financial Service Providers, there are a number of new players in this area; with most entering the industry as venture capital companies and startup companies. Other investors have decided to co-operate and partner with major social platform business operators. The purpose of co-operation is to use such platforms to reach customers.
For foreign Financial Service Providers that might not be able to secure a full-service licence, due to certain limitations in their own capacity or strict qualifying requirements under Thai law, partnering with legacy financial institutions or full-service licensees are alternate solutions.
Financial institutions or licensees can act as the local service providers under this business model. This type of business model can also help foreign entities in the sense that there will be fewer numbers of licences that the foreign entity has to obtain from the government.
In 2018, the SEC recognised digital tokens and cryptocurrency as digital assets. Business operators are categorised into two groups, as follows:
The business operator in the primary market can be either:
In secondary digital assets market, the service providers related to digital assets that are recognised by Thai regulations and supervised by the SEC, as follows:
Digital lending is an important platform that the Financial Services Providers use to reach new retail customers, eliminate physical limitations, and facilitate business activities with customers. Many Financial Services Providers, especially personal loan providers, are interested in expanding their online services.
Some Financial Services Providers have chosen to co-operate with social platform operators in providing the digital lending to that platform’s customers and vice versa rather than build up their own (online) platform and obtain licenses.
Peer-to-Peer Lending Platform
Currently, there are few players in peer-to-peer lending due to the lack of information and precedent cases in Thailand. Peer-to-peer lending platforms are electronic platform services that operate as a matchmaker between lenders and borrowers. Its roles also include facilitating loan contracts, and carrying out fund transfers and repayments between the parties. According to the BOT, there are three peer-to-peer lending service operators in the BOT regulatory sandbox testing their systems.
There are both equity and debenture crowdfunding of private and public limited companies through crowdfunding portals Thailand. In this respect, crowdfunding, in which shares or debentures will be issued as consideration, will be deemed as a type of public offering under SEC regulations. A crowdfunding portal operator must obtain a license from the SEC Office.
Artificial Intelligence Adviser
Many business sectors have adopted computer or artificial intelligence to enhance business efficiency. In Thailand, fintech businesses also use artificial intelligence to advise clients in wealth creation and management.
Currently in Thailand the fintech industry is not directly regulated by any specific overarching legislation. However, operators need to comply with certain business-related regulations.
The key regulations related to fintech business activities are as follows.
Payment Systems (Including E-money, E-wallet and E-payment)
In order to enhance supervision of payment systems and payment services, the Payment System Act B.E. 2560 (2017) (“Payment System Act”) was enacted and came into effect on 16 April 2018. The main purpose is to regulate the following.
The Emergency Decree on Digital Asset Decree B.E. 2561 (2018) (“Digital Asset Decree”) was enacted to regulate offerings of digital assets and businesses undertaking digital-asset-related activities. The Digital Asset Decree aims to enhance the standards of the digital asset market to be in line with international standards and to protect players in the market. Digital assets under this decree means cryptocurrencies and digital tokens that are regulated by the Digital Asset Decree under the supervision of the Ministry of Finance (MOF) and the Office of the SEC.
On 15 September 2020, the BOT issued Circular No BOT.FhorGorSor. (01) Wor. 977/2563 Re: Criteria, Procedures and Conditions on Digital Personal Loan Business Operations. The purpose of this BOT Circular is to relax the criteria for personal loans for those who do not have regular or proof of income, or those without collateral, and to grant flexibility to personal loan providers in providing personal loans in an electronic form. However, for other types of loans which are not personal loan, Financial Services Providers still have to comply with regulations that do not specifically regulate digital lending.
Peer-to-Peer Lending Platforms
On 29 April 2019, the BOT Notification No SorNorSor. 4/2562 Re: Rules, Procedures and Conditions for Undertaking Peer to Peer Lending Platform Businesses (“Peer to Peer Lending Platform Notification”) was announced in the Government Gazette and became effective on 30 April 2019. This notification prescribes the criteria for peer-to-peer lending platform operators and the other participants in the platform.
A person who wishes to operate a peer-to-peer lending platform must participate in the BOT's regulatory sandbox until completing a successful test and must be able to provide an extensive scope of services in Thailand. Once these conditions are met, the operator may apply for a license from the MOF through the BOT. A peer-to-peer lending platform operator can only act as an online marketplace or matchmaker to facilitate THB loan agreements between lenders and borrowers. Lenders can be either individuals or juristic persons. Borrowers must be individuals.
The Electronic Transactions Act B.E. 2544. (2001) (“Electronic Transactions Act”) supports the legal validity of electronic transactions performed via electronic systems. If a transaction is done in the form of electronic data in accordance with the rules and procedures under the Electronic Transactions Act, the transaction is deemed to be validly binding as if entered into in accordance with other laws governing transactions entered into by other platforms or means.
The criteria and restrictions for charging service fees depend on the type of business, business model and services provided to customers. The criteria for disclosures of services or fees depend on the regulations related the business or business activity that the operator carries out. Generally, the operator has to disclose details of fees that will be charged customers, and the threshold or criteria for setting the fees charged to customers.
For example, under the Payment System Act, payment service providers must disclose information on service fees, as follows.
There are no significant differences between regulations governing fintech operators and regulations governing legacy players. Some fintech business operations are covered by licences already held by legacy players. Both fintech operators and legacy players have to comply with the regulations set out in 2.2 Regulatory Regime. Other relevant laws and regulations applicable to general business enterprises will also apply.
Under the 2019 regulatory sandbox guidelines, the “own sandbox” was introduced in addition to the existing regulatory sandbox under the BOT’s supervision. The regulatory sandbox is a project for financial service providers to test their financial services that incorporate new technologies under controlled conditions.
Financial service operators that can apply for testing in the regulatory sandbox must be:
The participants consist of financial institutions, companies within a group of financial institutions, non-banks under the BOT’s supervision, fintech firms, and technology firms which wish to experiment with financial services or fintech innovation individually or in conjunction with the previously other participants.
The amended regulatory sandbox regulations that became effective in 2020 give more flexibility to the operator by increasing the types of businesses that can participate. According to the SEC, the types of business under the amended regulatory sandbox regulations cover all activities in capital markets. The additional types of businesses are as follows:
The Office of the Insurance Commission (OIC) issued a notification on a insurance regulatory sandbox in 2019. The notification allows both life and non-life insurance industry operators to conduct testing in their own sandbox for certain cases.
On 29 January 2021, the OIC approved a draft notification on the insurance regulatory sandbox to will replace the existing notification. It will relax the criteria and qualifications of applicants wishing to participate in the OIC’s regulatory sandbox.
The jurisdiction of each regulator depends on the type of financial service provision rather than the type of technology the operator of such business adopts. The key regulators of fintech businesses with respect to financial services, securities and insurance in Thailand are, respectively,:
The BOT has the power to supervise, examine, and analyse the financial status and performance and risk management systems of financial institutions to enhance the stability of the financial status of Thailand. Thus, fintech activities that are related to financial institutions will be predominantly supervised by the BOT, including digital lending and peer-to-peer lending payment systems, e-wallets, e-money and e-payments.
The SEC is a regulatory unit supervising capital markets. Capital markets are the main mechanisms for efficient mobilisation, allocation, and monitoring the utilisation of Thailand’s economic resources. The SEC also governs businesses that crowdfund, including the digital asset industry (cryptocurrencies and digital tokens).
The OIC is the regulatory agency with the mission to supervise and enhance Thailand’s insurance ecosystem. Even though there is no regulation relating to the insurtech in Thailand, certain Thai insurance companies have introduced technology to enhance their businesses and provide insurtech. Such insurtech operations are supervised by the OIC.
The outsourcing restrictions of each business depends on the regulations related to it. Thus, different businesses may have different restrictions on outsourcing. Business operators that conduct designated business activities under the relevant regulations are required to obtain licenses or approval, or register with the competent official. Certain functions in the operations of such designated business that are not the main activities under the respective licences, approval or registration can be outsourced to qualified persons/to the extent that such outsourcing is not circumventing the requirements of licensing, approval or registration.
For example, financial institutions can use IT outsourcing services provided by third parties. However, the guidelines on risk management implementation of third parties must be followed. The guidelines cover risk governance, third party risk management and reporting obligations to the BOT.
Regulations require that payment service providers, such as e-money or e-payment service providers, have protocols for the use of services performed by third parties as follows:
Fintech service providers may be considered gatekeepers depending on the business activities of a fintech service provider.
For example, pursuant to Notification of the SEC No GorTor. 19/2561 regarding criteria, conditions and procedures for business operations of digital assets, exchange service providers must have a system that discloses sale and purchase data. This data includes pre-trade information and post-trade information and records of sales an purchases of digital assets must be recorded for the purpose of potential audits.
The Computer Crime Act B.E.2550 (2007) requires that fintech service providers are:
However, if necessary, a relevant competent official may instruct a service provider to store data for a period of longer than 90 days but not exceeding one year on a special case by case basis, or on a temporary basis. A fintech service provider must keep the necessary information of the service user in order to be able to identify the service user from the beginning of provision of the services. Such information must be kept for an additional period not exceeding 90 days after the service agreement has been terminated.
Failure to comply with the requirements listed carries a fine of not more than THB5,000.
Details of enforcement actions by Thai authorities are generally not available to the public.
Most public cases are related to fraud. In the fintech sector, most fraud cases involve alleged Ponzi Schemes.
There are several regulations that fintech business operators must comply with to run their businesses. However, those relating to privacy, cybersecurity, social media and software development are not specific to fintech businesses and apply to all business activities, including those conducted in a more traditional manner.
The Personal Data Protection Act B.E. 2562 (2019) (PDPA) was passed to create a regulatory regime and requirements for processing and the protection of personal data in Thailand. The Thai government introduced the PDPA to enhance personal data protection and align with the EU’s General Data Protection Regulation (GDPR).
Furthermore, the Cyber Security Act B.E. 2562 (2019) (CSA) categorises cyberthreats into three levels as follows:
Such threats shall be subject to investigation and the private operator may be required to:
Auditors may monitor industry participants for accounting purposes. Industry participants may voluntarily perform internal audits for various matters, ie, IT audits. Currently, there are no other organisations that have the power to supervise, regulate or monitor participants in the fintech industry.
Recently in Thailand the Thai Fintech Association was established and registered as a non-profit organisation. The organisation has the main obligation to:
At time of writing, the Thai Fintech Association has neither been granted with authoritative power from the regulator, nor have regulations been passed to allow them to supervise the industry participants. However, as regulators appear to be encouraging self-regulation mechanisms in the fintech industry, the Thai Fintech Association may become a key organisation in establishing wider sector policies and standardisation.
Certain regulations restrict a licensee from providing business services other than those covered under the relevant license held by the business operator, or business services/activities that are related to the licensed business activity.
Under the Payment System Act, business operators licensed and engaged in e-money services may not operate other businesses, except for those for which those operators are licences to perform or business activities that support e-money business services.
Thailand has not adopted regulations that specify which business operators or activities require use of robo-adviser, although some Thai fintech operators do utilise robo-adviser technology.
Wealth advisors are encouraged to use fintech to generate financial solutions, and to serve as an aiding tool for financial planning under the SEC’s framework. According to the Notification of the Office of SEC No SorThor 31/2561 Re: Rules in Details on Wealth Advisory Service Business, operators must complete the process of client contact and services in five steps as follows:
A wealth advisor shall also have an electronic system that can support the actions in bullet points three and four.
Legacy players must comply with the regulations applicable to their traditional business activities and operations, including implementing robo-advisory services. In this regards, legacy players have been very quick to adapt and use robo-advisers in their businesses over the last few years. Private sector banks use robo-adviser-based solutions in developing tools for customer satisfaction, new products and services, and improvements.
The largest use of robo-advisers has occurred with wealth management in developing custom-made trading and wealth solutions.
Records available to the public do not cases of customer complaints related to the use of robo-advisory services.
However, securities and derivatives business operators have an obligation to carry out their business on a best execution basis as specified in the Notification of the Capital Market Supervisory Board No TorThor. 35/2556 Re: Standard Conduct of Business, Management Arrangements, Operating Systems, and Provision of Services to Clients of Securities Companies and Derivatives Intermediaries. As such, securities and derivatives business operators who use robo-advisory technology also have a duty to provide their services on the basis of best execution.
Regulations for both online and offline loan business activities are generally the same. Different regulations apply to the type of loan, not the business operations of the operator/service provider.
For example, a supervised personal loan is a loan provided to the individuals not for commercial purposes. A supervised personal loan cannot be granted which is more than five times the average income per month of a borrower. Pico finance is a personal loan granted to prevent or solve informal debt issues. A pico finance may not exceed THB50,000.
However, for personal loans, BOT regulations relaxes certain criteria for the provision of a personal loan and provides some flexibility, such as use alternative data for the Financial Service Providers to provide online lending.
There are no specific underwriting processes for online lenders prescribed by regulations in Thailand. Commercial banks may develop their own underwriting standards and compliance measures. If a loan is made for a certain industry, a specific industrial underwriting standard may apply. The BOT will monitor a commercial bank’s underwriting behaviour and may announce notifications to supervise any type of lending activities to upgrade underwriting standards if it appears that the current standard in the market is too lenient.
As mentioned in item 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities, there are no specific regulations for online lending or offline lending. Online lending is subject to the same regulations as offline lending.
Thus, the source of funds, the method of raising funds and restrictions will depend on the of business activity.
Online lending is normally for the individuals in Thailand. As such, syndication of loans is uncommon. However, there are no restrictions to syndicating online loans.
There are no specific requirements for payment processors to use existing payment rails such as credit cards or electronic payment settlement agencies. However, payment processors have to apply for a licence from the Ministry of Finance as recommended by the BOT, or have to register with BOT in accordance with the Payment Systems Act.
A payment processor who implement new technology into their business operations can apply to participate in the BOT’s regulatory sandbox if all qualifications are met.
Under Thai law, there are specific restrictions for inward remittances. However, outward remittances have to be done through an authorised agent of the BOT (any commercial bank). A remittance of funds may also require permission from the BOI if the purpose of the remittance is restricted. In such cases, the person remitting the money must obtain approval through an authorised bank by submitting supporting documents to a commercial bank prior to the fund transfer.
Nevertheless, if the amount of such remittances is equal to or more than USD200,000, supporting documents are needed to be submitted to the authorised commercial bank. The list of supporting documents is not determined by regulations from the BOT. Each authorised bank is entitled to request any documentation from a person remitting funds based on their discretion on a case by case basis, which can vary depending on the underlying transactions (eg, loan, service agreement, sub-licence agreement, purchase price, etc).
Outward e-money remittances must be done through an authorised e-money operator. The purpose of outward e-money remittances are generally listed as payment of goods and services to other domiciled in a foreign country.
The BOT issued a notice from the Competent Officer permitting non-bank operators to apply for foreign exchange e-Money (FX e-Money) licences to issue e-money in foreign currencies. These licences allow non-bank operators to make cross-border remittances for their customers’ payment of goods and services. Non-bank e-money service providers are thus able to cater to the demand of customers when travelling.
In general, a fund administrator, in the form of an outsourcing company, that provides the service of supporting the process of managing a fund are not directly regulated by any agencies in Thailand. However, the operators or fund managers must comply with the regulation which is applicable to the outsourcing of their administrative work. The SEC has the power to announce the qualifications and guidelines applicable to the outsourcing of administrative services to funds to third parties. For example, according to the Capital Market Supervisory Notification No TorThor. 60/2561 Re: Rules, Conditions and Procedures for Outsourcing Functions related to Business Operations to [a] Third Party, the operator has to determine the policies, measurements and procedures for outsourcing to a third party to conduct work relating to the operator’s business in accordance with the criteria specified in the notification.
Nevertheless, the scope of administration task of fund is also guided by SEC to ensure that investors are protected, and each fund possesses internal system and policy that are standardised and reliable.
The contractual terms depend on the commercial issues and other regulations that may apply to a specific financial service provider. However, with regard to outsourcing in connection with the securities service providers, The Notification of the Capital Market Supervisory Board No TorThor. 60/2561 Regarding Rules, Conditions and Procedures for Outsourcing Functions related to a Business Operations to a Third Party specifies required clauses that securities service providers must include in a written contract when obligations for services related to business operations to a third party. Terms required under this Notification in a written contract include the following:
Digital asset exchanges are trading platforms for both cryptocurrency and digital token. Currently, exchanges for cryptocurrency and digital tokens are subject to the same regulatory regime under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018).
Cryptocurrency and digital tokens are both governed under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018) however the regulatory regime with respect to digital assets operators is substantially similar for both cryptocurrency and digital token.
A potential change of the regulatory structure is discussed in the last paragraph of 12.3 Classification of Blockchain Assets.
Cryptocurrency exchanges are subject to a separate regime under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018). See 7.1 Permissible Trading Platforms for more information.
The SEC prescribes the listing standards for an initial coin offering (ICO) in the Notification of the Securities and Exchanges Commission No GorJor 15/2561 re: Offering of Digital Tokens to the Public.
According to the listing standards, among other requirements, the applicant for an ICO must be a limited company or a public limited company which is not insolvent. The applicant must also show that the ICO portal has considered that the ICO is in compliant with this Notification. There are also requirements on the underlying assets if the underlying assets of the digital tokens are real estate.
There are also requirements that the offeree must comply with and limitation on the number of digital tokens that can be offered to general investors. The applicant needs to also proves to the Office of the SEC that the business models and smart contracts are enforceable and that the applicant will not take advantage of the investors.
Early in 2021, the SEC added additional requirements for an ICO of a real estate-backed digital token with the aim of bridging the gap in regulations between the offerings of real estate-backed digital tokens and those of real estate investment trusts (REITs).
Prior to the offering, the issuer must obtain approval from the office of the SEC, submit registration statements and draft prospectuses as indicated in the SEC’s notification. The offer for sale of digital assets is permissible only after the registration statements and the draft prospectus have been approved by the SEC. The offer for sale shall be made via the system provider, ICO portal, that is approved by the SEC.
There are no specific order handling rules applicable to digital asset operators.
Currently, peer-to-peer energy trading platform initiatives in the energy sector are on the rise while adoption of peer-to-peer trading platforms in other industries (including fintech) is still rather limited.
This type of platform may not fit into the existing categories of businesses eligible for licences and, therefore, the SEC may need to revise the regulations on digital assets to capture this type of platform.
The duty of best execution is one of the duties imposed on securities and derivatives business operators under the Notification of the Capital Market Supervisory Board No TorThor. 35/2556 Re: Standard Conduct of Business, Management Arrangement, Operating Systems, and Providing Services to Clients of Securities Companies and Derivatives Intermediaries.
In relation to digital asset transactions, there are no specific order handling rules applicable to digital assets operators.
There are no specific rules of payment for order flow applicable to digital asset operators. However, there is a general prohibition on the receipt of benefits in excess of that which should be received or rewarded in normal commercial practice.
Under the Securities and Exchange Act B.E. 2535 (1992), there are various offenses which are aimed to protect market integrity and prevent market abuse. To highlight a few:
The regulations do not specifically state the criteria for using algorithmic trading for each asset.
However, under the SET Notification Re: Procedures on Trading, Clearing and Settlement of Securities in the Exchange specifying the criteria for the use of computer programs in creating and recording orders automatically (the “Program Trading”) including Algorithmic Trading, an operator who wishes to use the Program Trading has to obtain approval from the SET before using such Program Trading.
The SET also provides guidelines regarding the qualifications and criteria for the Program Trading that will be used in the market.
The Notification of the Stock Exchange of Thailand Re: Persons Involved in the Trading System B.E. 2555 (2012) having the following qualifications are required to register as market makers:
Moreover, Thailand Futures Exchanges (TFEX) has also specified that the following qualifications are required to register as market makers:
TFEX may stipulate such additional qualifications as it deems appropriate for persons wishing to be any of the following market makers:
From a regulatory perspective, there is no distinction between funds and dealers in the algorithmic trading area.
There is no regulation specifically governing programmers and programming under Thai law. However, in relation to programming, an algorithm has to be approved by the authority and the programmers have to be aware of the prohibited characteristics of trading as specified in the Securities and Exchange Act B.E. 2535 (1992) (the “SEC Act”).
There is no specific regulation governing an operator providing financial research services.
The SEC Act specifies measurement and punishment for any persons who spread rumours and information that might cause manipulations or misunderstandings in the securities market.
For example, pursuant to the SEC Act, a person who informs, disseminates, or certifies any statement or information that is false or materially misleading about the financial condition, business operation, the price of securities or any other information related to a securities issuing company in such a manner that is likely to have an effect on the price of securities or the decision making on securities investment shall be subject to the punishment.
In addition, the person spreading rumours that are false may be subject to the Computer Crime Act Criminal Law B.E. 2550 (2007) since the act states that any person involved in importing to a computer system forged computer data, either in whole or in part, or false computer data, in a manner that is likely to cause damage to that third party or the public shall be subject to the punishment.
In respect of the legislation, as mentioned in item 9.2 Regulation of Unverified Information, the SEC shall punish a person who spreads information that can mislead the public.
Underwriting processes differ according to the products and business operators. The insurance laws (ie, the Life Insurance Act B.E. 2535 (1992) and the Non-Life Insurance Act B.E. 2535 (1992)) govern various aspects of the underwriting processes of the business operators. In particular sales and offers of insurance products are heavily regulated.
Given the extent of insurance regulation, insurtechs normally face with a number of legal obstacles. Recognising this constraint and at the same time trying to promote innovation in the industry, the Office of Insurance Commission (OIC), the insurance industry regulating entity, has launched the OIC Insurance Regulatory Sandbox with an aim to promote insurtech.
There are two regulatory regimes:
Many aspects of the Acts are similar, but the licences for life insurance and non-life insurance business are separate and the same legal entity cannot engage in both types of business.
There is no overarching regulation which governs regtech generally. Whether regtech providers are subject to any regulation needs to be analysed on a case-by-case basis.
Currently, in Thailand, the area that is considered the most advanced in terms of regtech development is the electronic authentication and verification of identity (e-KYC).
After the amendment to the Electronic Transaction Act B.E. 2544 (2001) No 4 was enacted, the authentication and verification of identity in electronic form became recognized and admitted under Thai law.
Electronic Identity Verification
The BOT has also adopted electronic authentication and verification of identity for the opening of accounts with financial institutions. Previously, financial institutions had to conduct Know Your Customer Processes (KYC) on a face to face basis (physical KYC). Non-face to face KYC has been accepted in practice since the notification of the BOT. Electronic KYC can be performed by financial institutions for the opening of accounts by customers via online platforms.
In addition to electronic KYC, there is another central platform in Thailand called National Digital ID Platform (“NDID Platform”). This system collects customer’s information for any financial institutions to use to verify customers. NDID Platform is an important system for Thai financial institutions to use to verify its customers. Many banks in Thailand have decided to use the NDID Platform to facilitate the KYC process.
For instance, pursuant to the BOT Notification No SorNorSor. 16/2563 Re: Regulations on the Use of Services from Business Partners of Financial Institutions, in order to use a service of a business partner, the financial institution must create guidelines on risk management and customer protection. However, strategic functions must be carried out directly by financial institutions themselves. In addition, financial institutions also have to submit an annual report the BOT on the use of services provided by business partners that may cause significant risks to arise or impact on the public at large to.
In respect of IT outsourcing, financial institutions have to comply with the guidelines on risk management implementation of third parties. These cover issues such as risk governance, third party risk management and reporting obligations to the BOT.
The non-regulated contractual terms largely depend on the commercial issues and other regulations that may specifically apply with that financial institution. Therefore, the contractual terms have to be negotiated and agreed on a case by case basis.
Many of Thai financial institutions, including the Bank of Thailand (BOT), have been keen on adopting blockchain technology.
In 2019, 22 Thai banks joined an electronic letter of guarantee platform which is based on blockchain technology.
Further, in 2020, the BOT launched a new blockchain based platform for government bond issuance. This project is a collaborative effort with the Public Debt Management Office, Thailand Securities Depository Co., Ltd, Thai Bond Market Association and several selling-agent banks. The BOT is planning to expand the scope of coverage of this platform to cover a wider range of government bonds.
Even though the Bank of Thailand and the Office of the Securities Commission are very cautious about the sale of blockchain-based digital assets and cryptocurrency, they and other local regulators are very positive about blockchain technology and are very keen on utilising the blockchain technology.
The Emergency Decree on Digital Asset Businesses B.E. 2561 (2018) (“Digital Asset Decree”), which governs blockchain assets under a defined term called “digital assets”, separate “digital assets” into two types: cryptocurrency and digital token.
“Cryptocurrency” is defined as an electronic data unit built on an electronic system or network which is created for the purpose of being a medium of exchange for the acquisition of goods, services, or other rights, including the exchange between digital assets.
“Digital Token” is defined as an electronic data unit built on an electronic system or network for the purpose of specifying the right of a person to participate in an investment in any project or business, or to acquire specific goods or services. Digital tokens are further separated into two types: investment token and utility token.
Regulating Digital Assets
Currently, the SEC regulates digital assets based on the activities of the operators with some differences based on the types of digital assets (eg, there are some differences in requirements with respect underlying assets which are in the form of real estate) by the Digital Asset Decree. However, the SEC is considering moving the investment tokens (both project based and assets-backed) and not-ready-use utility token to the regulatory regime under the Securities and Exchanges Act B.E. 2535 (1992) instead of the Digital Asset Decree. Implementing this change would then leave only cryptocurrencies and utility token which is available for use as the digital assets under the Digital Asset Decree. The aim of this potential change to follow the international standards which regulate securities token offerings under the securities acts.
The concept closest to “issuers of blockchain assets” are the “issuer” of digital assets under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018).
The issuer of an initial coin offering (ICO) must be a limited company or a public limited company. Prior to the offering, the issuer shall obtain approval from the office of the SEC, submit registration statements and draft prospectuses as indicated in the SEC’s notification. The offer for sale of digital assets is permissible only after the registration statements and the draft prospectus have been approved by the SEC. The offer for sale shall be made via the system provider, the so called ICO portal, which has been approved by the SEC.
A potential change of the regulatory structure is discussed in the last paragraph of 12.3 Classification of Blockchain Assets.
The concept closest to blockchain asset trading platforms under Thai law is “digital asset exchange” under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018). “Digital assets exchange” is defined as any centre or network established for purchasing, selling or exchanging digital assets, by means of the matching or finding of parties or the provision of a system or facilities whereby those intending to purchase, sell or exchange digital assets may reach agreements or may be matched.
The digital assets exchange operator must apply for permission. This would be granted by the Minister of Finance upon the SEC’s recommendation. The appointment of directors and executives of the operator must also be in accordance with the notification and such appointment will be valid upon the approval by the Office of the SEC.
The exchanges are obliged to comply with all guidelines specified by the Office of the SEC including source of funds, protection of customers’ assets, and prevention against electronic theft, measures on KYC and a reliable accounting system approved by the SEC. Among other obligations, the operator must segregate the customers’ assets retained from its own assets.
Thai law is silent on how funds could invest in blockchain assets.
Virtual currencies are not a defined term under Thai law. However, under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018)Cur, “cryptocurrency” is defined as "an electronic data unit built on an electronic system or network which is created for the purpose of being a medium of exchange for the acquisition of goods, services, or other rights, including the exchange between digital assets". Cryptocurrency is different from digital tokens in the sense that it is a medium of exchange while digital tokens, which are another type of blockchain asset defined under the Emergency Decree, has the main purpose of determining the right to participate in an investment or to acquire goods or services.
A potential change of the regulatory structure is discussed in the last paragraph of 12.3 Classification of Blockchain Assets.
“DeFi” is not defined under Thai law. The approach of the Thai regulators remains to be seen.
As of now, there is no specific regulation which specifically supports an open banking system
Even though the BOT has a facilitative approach to encourage all financial institutions to co-operate with one another to create the Application Programming Interface (API), to date, the government has not issued any regulation that provides solid criteria, procedures and conditions for open banking.
As there is no specific regulation for API co-creation, all financial institutions need to comply with the Personal Data Protection Act B.E. 2562 (2019). In doing so this may result in inconvenience and delay.
According to the Personal Data Protection Act, in order to collect, use, disclose and/or transfer personal data, financial institutions must obtain prior written or electronic consent from the individual customer whose personal data would be disclosed. In addition, it is important to note that the consent from the individual has to be the explicit consent.
Thailand has been progressive in embracing new technologies to increase competitiveness. Thai financial institutes have been particularly proactive in enhancing existing systems, implementing more robust protections for consumers, and developing new systems. Regulators have been swift to address gaps in legal and regulatory regimes that have arisen with changes to local and global fintech business activities.
A key growth strategy for Thailand is to improve and expand the country’s capacity for high value-added industries through attracting investment in industries that include technologies such as blockchain, artificial intelligence (AI), big data, robotics, cloud computing and machine learning.
Megabanks as Leaders in the Thai Fintech Industry
Major banks in Thailand have been key players in the fintech industry by innovating to avoid any disruptions.
Kasikorn Bank (KBank) has pioneered fintech innovation in Thailand. In 2017, KBank set up Kasikorn Business-Technology Group (KBTG) to operate as the tech development and IT infrastructure wing of the KBank group. KBTG have been trail blazers in initiating collaborative relationships with startups and tech giants, such as Line Corp., and Grab. Projects, including those focused on mobile banking applications, chatbots, and AI. One of KBTG’s latest projects is assisting the Stock Exchange of Thailand (SET) the launch of a digital assets trading platforms, which is expected to go live in the second half of 2021. KBTG, in collaboration with the SET, will be responsible for screening digital tokens as an ICO portal, prior to listing.
Siam Commercial Bank (SCB) has also been active in fintech development through its new tech arm, SCB 10X. SCB 10X also acts as a holding company of the SCB group in investments in tech together with other venture capital opportunities. In February 2021, SCB 10X announced plans to establish a USD50 million fund for investment in global early and growth-stage startups with a focus on blockchain, DeFi and digital assets.
SCB 10X has also developed and launched various applications like food delivery platforms and will collaborate with the SET in its digital assets trading platform by setting up an ICO portal. In addition, SCB 10X has announced a collaboration with Alpha Finance Lab in researching and development of DeFi.
Thai regulators generally have a positive view towards sandbox initiatives and utilisation of technology to innovate industries.
The Bank of Thailand (BOT) launched the “own sandbox” under regulatory guidelines introduced in 2019 that established Thailand’s regulatory sandbox. The regulatory sandbox allows financial service providers to test their financial services that incorporate new technologies and fintech innovations. The regulatory sandbox aims to encourage financial service providers to continue to innovate and adopt new technologies and services that can be introduced more broadly as part of Thailand’s financial infrastructure and standard practices for the financial sector. In addition, the regulatory sandbox encourages financial service providers to cooperate with one another in development of fintech innovations and new technologies.
Participants under the BOT’s regulatory sandbox consist of financial institutions, companies within a group of financial institutions, non-banks under the BOT’s supervision, and fintech and technology firms that wish to experiment with financial services or fintech innovation independently or in conjunction with other participants. Examples of projects under the regulatory sandbox programme include those related to standardising QR codes, KYC based on facial or iris recognition, cross-border money transfers, and alternative credit scoring.
The Office of Securities and Exchange Commission (SEC) has also launched sandbox programmes that allows certain types of businesses to participate. The types of business permitted to participate in the SEC’s sandbox are as follows:
In addition to the BOT and SEC sandboxes, the Office of Insurance Commission (OIC) has set up the Center of Insurtech, Thailand as a unit under the OIC, and created both the OIC Insurance Regulatory Sandbox and OIC Own Sandbox regulations in 2019. The OIC lists some projects under their regulatory insurance sandbox, which include projects related to telematics and dynamic pricing. In 2021, the OIC relaxed the criteria and qualification of applicants for their regulatory sandbox to further encourage utilisation of the sandbox.
Other Government Initiatives
The BOT launched Project Inthanon (named after the tallest mountain in Thailand) in 2018 to develop a proof-of-concept for wholesale fund transfers using a wholesale central bank digital currency by using distributed ledger technology. Project Inthanon consists of three phases. Phases 1 and 2 have been completed, which demonstrated that distributed ledger technology is capable of performing basic payment functionalities required, and improve the efficiency of bond trading and repurchases.
In Phase 3, the BOT intends to jointly develop a payment system with commercial banks. In regard to cross-border transfers, the BOT has completed a co-developed prototype in collaboration with the Hong Kong Monetary Authority.
In September 2020, the BOT issued a circular that allows for the issuance of digital personal loans. The BOT circular defines a digital personal as a supervised personal loan under which an operator applies technology and alternative data to credit provision processes for evaluation of:
Digital personal loans described above include only supervised personal loans other than credit collateralised by car registration certificates. Digital personal loans are applicable to both financial and non-financial institutions, with specified licensing requirements included in the BOT circular.
Implementation of the Personal Data Protection Act
Until recently Thailand’s data protection regulations and requirements were scant, scattered across various laws and sub-regulations under the authority of various ministries. As such, personal data that was commercially useful could be collected and processed without consent from the personal data owner and without justification. The Personal Data Protection Act B.E. 2562 (2019) (PDPA) was enacted on 27 May 2019.
The PDPA provides a transition period for the purpose of developing compliance polices for companies and companies and government agencies that handle personal data. The enactment of the PDPA was a significant step in providing clearer guidelines to what had been a grey area of regulation in Thailand. However, subordinate regulations are still pending that will provide further guidance and procedures for compliance under the PDPA.
The PDPA expected to come into the full force and effect by June 2021. Business operators, including those in fintech industry, have started to implement compliance measures and are more cautious about collection and use of personal data. As mentioned, with several sub-regulations still pending, business operators continue to lack clarity as to how data may be utilised. This lack of clarity and pending subordinate, supporting regulations to the PDPA are of particular importance to businesses that engage in fintech and other tech activities, as data can play a key role in business operations.
Implementation and Enforcement of the New Trade Competition Act
The Trade Competition Act, B.E. 2542 (1999) (the "Old Act") was overhauled in October 2017. The contents of the Old Act were similar to what one may find in progressive pro-consumer trade competition regulations from around the world. Under the Old Act, there was virtually no enforcement, and supplementary regulations that would have provided enforcement guidelines were never enacted. As a result, the Old Act was very rarely applied and was generally perceived as a “paper tiger”.
The new Trade Competition Act, B.E. 2550 (2017) (the "Trade Competition Act") has been in force since 2 July 2017 and since its enactment, the enforcement of alleged violations has increased. The Office of the Trade Competition Commission (OTCC) has become much more active in regulating business conduct in various industries including the tech industry. The OTCC has recently moved to regulate online food delivery services.
Generally, business operators in Thailand have become more conscience of conduct that could be identified as potentially anti-competitive. It remains to be seen if and how the OTCC will regulate the fintech industry as fintech business operations and activities are already subject to oversight by the BOT, the OIC and the SEC.
Regulatory Regime for Digital Assets
As of February 2021, SEC was considering regulating investment tokens (both project based and assets-backed) and not-ready-use utility tokens under the framework of the Securities and Exchanges Act B.E. 2535 (1992). A separate regime, as of February 2021, exists that regulates investment tokens as part of digital assets under the Emergency Decree on Digital Assets Business Operation, B.E.2561(2018) (the "Digital Assets Decree").
This change would mean that digital assets under the Emergency Decree will include only cryptocurrencies and utility tokens which are available for use. The aim of this change is to follow the international standards that regulate securities token offerings under securities acts. The scope of business activities that can be undertaken by holders of licences issued under the Emergency Decree would also then be narrowed down accordingly.
In March 2021, the SEC added additional requirements for the issuance of real estate-backed digital tokens with the aim of bridging a gap in regulations between real estate-backed digital tokens and real estate investment trusts (REITs). With the first ICO waiting in the pipeline regulators have had to respond.
Fintech Trends Driven by the Global Pandemic
The global pandemic has forced a change in both consumer behavior and business operations. Thailand has gone through partial and total lockdowns and has implemented social distancing requirements. As a result of measures designed to minimise the spread of COVID-19, consumers and businesses have become increasingly reliant on online transactions. KBank reported that the total value of transactions on its K Plus application, the most popular mobile banking app in Thailand, grew 71% amid the COVID-19 pandemic.
Many industries and government authorities outside of the fintech industry have been progressive in embracing blockchain. To highlight a few developments in the adoption of blockchain technology, the Customs Department of Thailand has partnered with IBM and logistics provider Maersk to deploy a digital trade platform, a blockchain-based platform, and many players in the energy sector are very active in trying to apply a blockchain-based technology to create platforms for the players in that industry.
Use of cryptocurrency as a means for payment is still limited (or almost unheard of) in Thailand. However, cryptocurrency has become very popular for investment purposes recently. According to reports issued by the SEC, the transactional value per month on Thai cryptocurrency exchanges reached close to THB90 billion in January 2021 due to the price of bitcoin hitting new highs that attracted the public’s attention. With the aim of reducing the impact from a possible market crash, the SEC is considering proposals for the qualifications (eg, minimum annual income, knowledge tests) of investors who can invest in cryptocurrency.
The ongoing popularity of cryptocurrency as a means for investment remains to be seen.