The Bank of Thailand (BOT) has published the Draft Guidelines for Digital Fraud Management, which aim to help financial service providers tackle digital fraud and ensure safety and trust in the Thai financial system. These draft guidelines, which are available for public comment until March 18, 2025, provide a comprehensive framework for financial service providers, covering prevention, detection, management, and resolution of digital fraud, as well as support for customers affected by fraud. The BOT tentatively plans to implement these draft guidelines on April 1, 2025, along with circular letters on the minimum required measures for tackling “mule accounts” (deposit or e-money accounts used as tools to receive and transfer funds obtained through the commission of any offense) and measures to strengthen Thailand’s customer due diligence and enhanced due diligence procedures. Under the draft guidelines, “financial service providers” include financial institutions and special financial institutions under the Financial Institution Business Act and payment providers under the Payment Systems Act. Commercial banks, special financial institutions, and operators of transferable e-money services must adhere to every requirement in the draft guidelines. Other financial service providers (e.g., payment providers other than operators of transferable e-money services) can implement the draft guidelines as deemed appropriate to their services, products, and service channels. Digital Fraud Management Requirements The draft guidelines establish the following key requirements: Policy and oversight. Directors and senior executives of financial service providers must set and adopt appropriate “end-to-end” fraud management policies and KPIs to manage digital fraud, covering prevention, monitoring, detection, management, resolution, and support for affected customers. Fraud management processes. Financial service providers must establish a clear framework for managing digital fraud throughout the customer lifecycle, from customer onboarding to service termination, according to industry standards at a minimum and covering at least the following processes: Know your customer

Thailand’s Securities and Exchange Commission (SEC) will officially add USD Coin (USDC) and Tether (USDT) to its list of approved cryptocurrencies for use in digital asset transactions on March 16, 2025. The addition is a significant move that expands Thailand’s digital asset market, aiming to enhance market flexibility and provide more payment options for investors and traders in Thailand’s digital asset ecosystem. Under the SEC regulations, digital asset operators, including digital token issuers, ICO portals, and digital asset exchanges, are only permitted to accept, conduct transactions with, and use “approved cryptocurrencies” as trading pairs. After the addition of USDC and USDT, the full list of approved cryptocurrencies will include: Bitcoin (BTC) Ethereum (ETH) Ripple (XRP) Stellar (XLM) Tether (USDT) USD Coin (USDC) Other cryptocurrencies used for testing programmable payments under the enhanced regulatory sandbox in accordance with the Bank of Thailand’s rules and conditions. For more information on these new additions, or on any aspect of digital assets and cryptocurrency in Thailand, please contact Kobkit Thienpreecha at [email protected], Pornpan Wichawut at [email protected], Napassorn Lertussavavivat at [email protected], or Rujaporn Paritsantik at [email protected].

On January 31, 2025, the Bank of Thailand (BOT) announced a new Notification re: Responsible Lending, replacing a similar notification from 2023. This new notification provides updated measures to assist debtors in different circumstances and clear implementation guidelines for lenders, with the aim of resolving household debt issues. Scope The service providers covered by the notification include banks and nonbanks (e.g., credit card companies, asset management companies, licensed personal loan providers, and nano finance operators) that conduct lending business. New Requirements The notification’s core focus remains loan management throughout the lifecycle of a loan—from credit product development to legal proceedings and debt transfers to other creditors—but with further clarification and detail compared to the 2023 notification. The key revisions in the new notification are summarized below. Advertising standards: The notification tightens requirements in some areas and relaxes them in others. Stricter requirements: It is now clearly stipulated that the BOT oversees taglines that may encourage excessive borrowing. More examples of noncompliant statements are also added (e.g., “Elevate your lifestyle now, pay later”; “Get approved, even with credit challenges”). In addition, advertising material that contains multiple credit products should provide clear minimum and maximum interest rates, especially when there are significant differences in the interest rates of each product. Relaxed requirements: The required information for some marketing activities is now reduced. For example, in marketing events with staff promoting loan products and offering free giveaways, service providers have the discretion to provide effective interest rate information in the manner they deem appropriate, and the advertisement material can display only the mandatory warning statements without providing interest rate details. Encouraging customer financial discipline: The notification requires service providers to implement more elaborate and extensive tools to influence customer behavior (termed “nudging” by the BOT) at every stage of the lending cycle. This

Thailand’s draft Emergency Decree on Technology Crimes Suppression, which we covered in a client alert in January 2025 primarily addressed to telecom operators and financial institutions, is expected to have significant implications for a wide range of business operators.  The draft emergency decree has already been approved by the cabinet but may undergo further developments as it continues in the legislative process. In this article, we will highlight the material impacts of the draft emergency decree on overseas and local fintech operators. Expanded Definition of “Technology Crimes” The definition of “technology crimes” now includes the following acts of forgery or alteration: Forging or altering the identity of individuals and biometric characteristics by utilizing computer or communication systems or other electronic means to commit offenses. Forging or altering symbols, trademarks, or seals of groups (e.g., foundations, community enterprises) or juristic persons, including acts by juristic persons using individuals or juristic persons as nominal directors or shareholders, regardless of whether such individuals or legal juristic persons reside in Thailand. Forging or altering digital or online platforms, regardless of the platform’s location or legal status. Individuals who conspire, utilize, assist, or support the commission of these offenses will face the same penalties as the principal offender. Business Operator Definition The scope of “business operators” is now expanded to cover various fintech and digital asset operators beyond those under the Payment Systems Act (PSA). The draft emergency decree now includes the following operators, whether they are legally authorized or not: Business operators under the PSA and business operators who operate “as if” they are payment system operators Business operators under the Royal Decree on Digital Asset Businesses or business operators who operate “as if” they are digital asset business operators. Foreign exchange business operators. Disclosure and Exchange of Information Business operators must disclose