Bank of Thailand’s New Rules for Digital Asset Businesses and Related Transactions for Banks and Financial Groups

website 720x480 px 2023 01 31T153019.236

1. Background and Rationale

The Thai financial market has been revolutionized by rapid changes in technology, particularly, with the advent of distributed ledger technology (“DLT”) and digital assets in recent years. This has led to a surge of interest from traditional investors and corporate entities, both small and large, eager to participate in this dynamic market. These technologies have been driving financial innovation and progress. However, the Bank of Thailand (“BOT”) has also identified potential risks such as the stability of the financial system from the use of the digital asset as means of payment (“MOP”) for goods and services, cyberattacks, fluctuations in digital asset value and price, and money laundering.

To maintain a balance between the benefits and risks associated with these technologies and to ensure the market can continue to flourish, BOT has issued Notification No. SorNorSor. 6/2565 Re: Regulated scope on the operation of digital asset businesses and related transactions of commercial banks and financial groups on October 6, 2022 and became effective on October 22, 2022 (the “Notification”). This Notification aims to provide clearer guidelines on the permitted and regulated scope of these operation and related transactions.

Under the Notification, a business entity under the Financial Business Group[1], except for a commercial bank, can gradually operate Digital Asset-Related Businesses[2] under the regulatory and supervisory scope of the BOT, with due risk management, in order to eliminate the risks that could possibly be incurred on customers’ deposits, the public’s trust, and the stability of the financial system from the operation of Digital Asset-Related Businesses and transactions.

In addition, the Notification aims:

( i ) to provide sufficient customer protection and fair service and to restrict any solicitation on Vulnerable Customer[3] who does not have sufficient knowledge and understanding to invest in Digital Assets[4]; and

( ii ) to standardize the operation of Digital Asset Related-Businesses in Thailand.

Permitted Scope for Commercial Bank and Financial Business Group

The Notification stipulates the permitted scope of Digital Asset-Related Businesses and Digital Asset business operations for each commercial bank and Financial Business Group as follows:

Operator
Permitted scope of business
Digital Asset Related-Businesses
Digital Asset
Commercial Bank
• Direct operation: Restricted• Direct operation:
o Issuing and holding Digital Assets (only for the purpose of maximization efficiency or quality of the financial service or supporting service) by obtained the permission from the BOT on a case-by-case basis

Note: In particular case, the BOT may require an operation to be tested by implementing the BOT’s rules concerning regulatory sandbox
• Indirect investment:
If the commercial bank invests in or finances to any entity in the Financial Business Group which operates Digital Asset Related-Business, whether directly or indirectly, the investment/financing amount will be capped at 3% of total commercial bank funds
• Indirect investment:
Investing in an investment unit issued by funds or a trust certificate issued by trusts, which has policy to invest minority of their funds on Digital Assets.
Financial Business Group
• Direct operation:
Allowed, provided that the parent company of the Financial Business Group has obtained the permission from the BOT on a case-by-case basis and the BOT may require an operation to be tested by implementing the BOT’s rules concerning regulatory sandbox
• Direct operation:
[Non-Regulated Entity] Issuing and holding Digital Assets (only for the purpose of maximization efficiency or quality of the financial service or supporting service) by obtained the permission from the BOT on a case-by-case basis.
Note: In particular case, the BOT may require an operation to be tested by implementing the BOT’s rules concerning regulatory sandbox
o [Regulated Entity] Issuing and holding Digital Assets as specified by specific regulators and this Notification.
• Indirect investment:
Investment amount in the Digital Asset Related-Businesses of other entities, whether inside or outside Financial Business Group, shall not be exceeded 3% of total funds of Financial Business Group.
• Indirect investment:
Investing in an investment unit issued by funds or a trust certificate issued by trusts, which has policy to invest minority of their funds on Digital Assets.

2. Compliance Requirements

The Notification also lays out compliance requirements for the operation of Digital Asset-Related Businesses and transactions for both commercial banks and other entities in the Financial Business Group, as follows:

Compliance RequirementsDetails on the compliance requirements under the Notification
Limitation on the amount of credit, investment, contingent or transactions similar to lending to the Digital Asset Related-Business• Commercial Bank shall limit the total amount of specified items under the Notification not to exceed 3% of its capital.

• Financial Business Group shall limit the total amount of investment in Digital Asset Business both inside and outside the Financial Business Group not to exceed 3% of its capital and shall prepare a quarterly data report for the financial institution inspectors from BOT to examine.

If invests more than the above ratio, the Financial Business Group must comply with the requirements specified in the Notification and consult with the BOT on a case-by-case basis regarding the composition of the Board of Directors.
Corporate Governance• An entity of the Financial Business Group of a commercial bank that operates Digital Asset Related-Business or invests in Digital Assets shall have an efficient check and balance mechanism within the corporate structure and organization.

• Requirements on the director and executive of entities in the Financial Business Group, which are separable into (1) a Financial Business Group in which the parent company is not a commercial bank; and (2) a Financial Business Group in which the parent company is a commercial bank.

• The line of Defense mechanism shall be set up within the corporate structure.
Maintenance of Fund and Reserve Requirements• In any case, commercial bank and entity in the Financial Business Group shall ensure that funds are being maintained safely and in sufficient amounts by means and methods as specified under the Notification.
Reserve Requirements• In case a commercial bank or parent company holds or invests in a company, excluding investment in an affiliate, associated company, or consortium, that operates Digital Asset Related-Business, the capital reserve shall be arranged in accordance with the BOT's Notification Re: Arrangement of Capital Reserve of Financial Institution.
Intragroup Contagion Risk• A commercial bank and parent company of the Financial Business Group shall ensure that the relationship between companies within the same group shall be well-managed. The following measures shall be also implemented at the commencement of the operation.

1) Intragroup Contagion Risk Assessment

2) Work systems between the commercial bank's operation and the digital asset related-system (e.g. database system, network system, etc.) shall be separated.

3) Information and Technology (IT) security shall be standardized and comply with the BOT's notification re: IT security.

4) In case that entity in the Financial Business Group operates a digital asset exchange business, IT risk and cyber threat assessment shall be at the same level as a commercial bank and comply with the BOT's notifications.
Supervisory Review Process (Pillar 2)• Commercial bank and the Financial Business Group shall ensure that it has efficient risk management and internal capital adequacy assessment process as specified under the BOT’s Notification Re: Supervisory Guideline on Capital Fund under Pillar 2. – ICAAP, which covered all possible risks.
Information Disclosure (Pillar 3)• Commercial bank and the Financial Business Group shall be complied with the BOT's notifications Re: Disclosure of funds for Commercial Bank and Financial Business Group.
Know Your Customer (KYC)• Parent company shall ensure that its entity which operate Digital Asset Related-Business shall have Know-Your-Customer (KYC) measure by implementing the identification and verification measures as specified by the BOT's notification re: KYC measure for saving bank account opening of financial institution. Including shall procure its entity that operates Digital Asset Related-Business to keep all the transaction data, including all information received from the customers in KYC process, in safe system and a period as specified by the laws concerning anti-money laundering.
Consumer Protection• Commercial bank and entity in the Financial Business Group shall take care of the customer with appropriate measure per risk level of the product/service, type of customer, and the level of risk acceptable of customer.

The financial landscape is constantly evolving, and the rise of digital assets and distributed ledger technology is no exception. As central banks around the world, including the Bank of Thailand (BOT), adapt to these changes, it’s crucial to maintain a balance between innovation and risk management. At Kudun and Partner’s Digital Law Practice team, we’re dedicated to helping our clients navigate this exciting and rapidly-changing field. Whether you’re looking to form a multi-party platform, tokenize assets, or list tokens on a digital exchange, our team of experts is here to guide you every step of the way. From conducting due diligence and drafting white/lite papers, to advising on initial decentralization exchange offerings and real-estate tokenization, we’ve got you covered. Join us in embracing the future of finance and stay ahead of the curve!

For more information, please get in touch with our digital law practice, or alternatively, please contact the authors.

Download AlertDownload Alert

[1]   “Financial Business Group” means Financial business group of a commercial bank as specified under the BOT’s Notification Re: Regulations on Structure and Scope of Business of Financial Business Groups.

[2]   “Digital Asset Related-Business(es)” means:

    1. digital asset related-business means to the digital asset businesses defined under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018), initial coin offering portal (“ICO Portal”) whether in Thailand or abroad;
    2. operation of the business that has its core business or main activity relating to digital assets; and
    3. other unregulated digital asset business.

[3]   “Vulnerable Customer(s)” means Vulnerable Customers according to the BOT Notification Re: Regulations on Market Conduct.

[4]   “Digital Assets” consists of into three (3) types:

    1. Digital asset as defined under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018), which has been categorized into two types: (1) Cryptocurrency and (2) Digital Token;
    2. Agreement to obtain the digital asset; and
    3. Non-fungible tokens (“NFT”).

However, this does not include the central bank digital currency (“CBDC”) which is developed and regulated under the supervision of BOT as well as the ready-to-use utility token, which has no complex nature and is issued for the purpose of consumption of goods and services and use for customer relation support and marketing purpose only (simple ready-to-use utility token).

[5] Specified Items are (i) investment in Digital Asset Business both inside and outside the Financial Business Group either directly or indirectly and (ii) lending, incurring contingent liabilities, or entering into transactions similar to credit granting to companies within the Financial Business Group that operate digital asset businesses directly or through the Financial Business Group.