A comparison of digital banking regulations: Thailand

By Troy Schooneman, Kongkoch Yongsavasdikul, and Koraphot Jirachocksubsin, Kudun and Partners
Copy link



Thailand’s digital banking system is in the midst of a major and multi-faceted transformation. The policy decisions recently implemented by the Bank of Thailand (BoT) and other official bodies, as well as those expected to be unveiled later in 2022, will define the contours of the country’s digital banking ecosystem for years to come.

A comparison of digital banking regulations Troy Schooneman
Troy Schooneman
Partner and Head of International Practice
Kudun and Partners in Bangkok
Email: troy.s@kap.co.th

In some respects, Thailand’s approach to digital banking is a cautious one. The BoT has been relatively slow to commit to a regulatory framework for virtual banks, while it also remains sceptical regarding digital assets as a means of payment for goods and services. Moreover, the country’s incoming enforcement of the Personal Data Protection Act (PDPA) is expected to be thorough and demanding, with significant penalties imposed for each violation.

Thailand’s digital banking environment either mirrors commonly accepted international standards or finds itself ahead of the curve. For example, the country was recently ranked the first in the world (together with Hong Kong) in developing its Central Bank Digital Currency, with public trials on track in the first half of 2022.

Cultural factors are also in the country’s favour, as Thai citizens spend over nine hours on the internet every day, 30% longer than the world’s average, and have the highest rate of digital engagement with financial organisations among all Southeast Asian countries.


Thailand’s approach is carefully calibrated to engineer the specific set of outcomes outlined in a newly published consultation paper from the BoT in February titled “Repositioning Thailand’s financial sector for a sustainable digital economy”.

A comparison of digital banking regulations Kongkoch Yongsavasdikul
Kongkoch Yongsavasdikul
Kudun and Partners in Bangkok
Email: kongkoch.y@kap.co.th

This paper envisions a near-future, society-wide transition to a digital economy, which is characterised by technological advancement within a balanced competitive environment. The paper also emphasises the need for stable and sustainable growth without the industry sidestepping into areas that the BoT considers dubious or of unproven value.

To that end, businesses offering digital asset services are tightly regulated by the Ministry of Finance (MoF) and the Securities and Exchange Commission (SEC). Each newly issued digital token and its affiliated portal service provider must be granted special approval by the MoF through the SEC before market activity may begin.

This approval is by no means guaranteed, particularly for foreign-based entities, as every licence holder must also be a company registered under Thai law and having a certain amount of paid-up registered capital, depending on the type of licence, which varies from THB1 million (USD30,000) to THB50 million, as well as other specific characteristics.

Regarding cryptocurrencies, only Bitcoin (BTC), Ethereum (ETH), Ripple (XRP) and Stellar (XLM) have been approved for use in transactions at the date this article was written; these transactions must likewise be mediated by entities that have obtained SEC approval. Notable regulations also apply to offshore businesses that provide fintech services. Although several cross-border payment agreements are in place to facilitate such financial activity across Asean, each foreign fintech business must satisfy Thai licensing or registration requirements. These requirements typically include the need to establish a corporation in Thailand, of which a set minimum percentage must be owned by Thai individuals or corporate entities – as well as compliance with the PDPA.

The PDPA, which comes into effect on 1 June, is in many ways significantly influenced by the EU’s General Data Protection Regulation (GDPR). It imposes clear rules that dictate the circumstances under which the personal data of people in Thailand may be collected over the internet and then stored, analysed, or shared. These rules intended to safeguard the privacy of data subjects, including internet users, and require each organisation to designate an official data controller who will be personally responsible for how all user data are handled, and personally liable for policy violations or privacy breaches, in addition to the legal exposure faced by the organisation as a whole.

Notably, Thailand’s PDPA has no regard for borders and applies with equal force to domestic and foreign businesses, as long as they are in a position to collect or interact with the personal data of internet users in Thailand. Other laws helping to shape the development of Thailand’s digital banking ecosystem include:

  • The Electronic Transactions Act, 2001 (as amended), which aligns with international standards to help businesses synchronise transactions both regionally and globally.
  • The Payment Systems Act, 2017 (PSA), lets fintech and e-payment service providers work within a single licensing framework to minimise risks for all concerned parties, while also providing some flexibility towards the adoption of future e-payment systems. Currently, regulated businesses under the PSA include: key payment systems, e.g. the Bank of Thailand automated high-value transfer network, and the imaged cheque clearing system and archive system operated by the BoT; supervised payment systems (subject to an MoF licence), i.e. inter-institution fund transfer systems, payment card networks and settlement systems; and supervised payment services including the provision of debit cards, credit cards and ATM card services, extensive-scope e-money services, acceptance of electronic payment services, and fund transfer or money remittance services, which are to be included in the BoT’s regulatory sandbox.
  • The Emergency Decree on Digital Asset Businesses, 2018, which made Thailand one of the 29 countries that recognise digital assets and tokens as legitimate investments, while simultaneously regulating their use to support and protect investors as well as other stakeholders.
  • The Cybersecurity Act, 2019, which aims to protect from and prevent cyber attacks against, among others, digital banking operations and critical information infrastructure.


The BoT and other official bodies are actively using their influence to optimise and guide the industry towards healthy and sustainable development. This public-private alignment has already led to impressive results in several areas:

  • Ten years ago, Thailand had just 500,000 mobile bank accounts, compared to 75 million today.
  • In 2011, Thais conducted 95 million online money transactions, compared to 9.6 billion today.
  • By the end of 2020, Thailand had 116 million mobile phone numbers in use, while the country’s population is just under 70 million.
  • 85% of Thai consumers currently use contactless payments.
  • PromptPay, Thailand’s real-time digital payment system, grew by 9 million users from 2020 to 2021, with total transactions increasing fourfold.

Thailand’s emerging digital banking norms also have the effect of forcing traditional banks to embrace a more tech-based service model. To facilitate this move, the BoT is pursuing a “3 O’s” approach to bring about an “open environment for various players, open infrastructure for greater access by stakeholders, and open data for further utilisation”.

A comparison of digital banking regulations Koraphot Jirachocksubsin
Koraphot Jirachocksubsin
Senior Associate
Kudun and Partners in Bangkok
Email: koraphot.j@kap.co.th

The open environment has given rise to hundreds of fintech startups, many of which have taken advantage of special tax and non-tax incentives introduced by the Board of Investment (BoI) as a means of encouraging foreign investment and private sector development. Recently, the BoI amended its promoted business activities under the Investment Promotion Act, 1979, by repealing the promotion of software, e-commerce and digital services, and adding a new category involving the development of software, a platform for digital services and digital content activities.

The privileges under these new BoI-promoted businesses include, among others, eight-year corporate income tax and machinery import duty exemptions. To qualify for these BoI privileges, business owners must fulfil requirements and conditions prescribed by the act and its related regulations. The country also plans to begin issuing virtual banking licences and remove limits on investment for subsidiaries and other affiliates of banking groups.

Open infrastructure initiatives include RegTech for electronic know your customer, digital and mobile banking with biometrics, alternative credit, and peer-to-peer lending. The BoT continues to build market-ready retail and sustainability disclosure standards consistent with international norms to help financial institutions demonstrate their commitment to the environment – and potentially qualify them for additional tax benefits.

Regarding open data, the BoT intends to establish interoperability standards that allow for the seamless transfer of data when switching between service providers. Such efforts, together with the ongoing development of a viable Digital ID infrastructure, are aimed at facilitating progress towards a frictionless open banking environment.

The BoT has also established a regulatory sandbox to encourage private sector innovation across the financial services landscape. Participation in the sandbox is also mandatory under some limited circumstances, such as when setting up a peer-to-peer lending platform. In such a case, the successful completion of a sandbox test is a prerequisite for obtaining an operating licence.


23/F, Units C&F, Gaysorn Tower

127 Ratchadamri Rd, Lumphini

Pathum Wan District

Bangkok – 10330



Contact details
Tel: +662 838 1750
Email: contact@kap.co.th


Copy link