The Bank of Thailand (BOT) has introduced a new regulation to facilitate the know your customer (KYC) process by using an electronic means (e-KYC) for account opening for deposit acceptance or fund acceptance from the public. KYC is one of the required processes imposed on financial institutions and certain types of reporting entities under the anti-money laundering law (AML law). Financial institutions need to comply with both the KYC process under AML law and the criteria issued by the BOT as the supervising regulator.
The BOT issued notification No. 7/2559 re Criteria in Taking Deposits or Taking Money from the Public, which became effective on 3 August 2016. Key requirements are summarized below.Concept. e-KYC procedures must have the same standards as the KYC procedures usually conducted where the relationship is established face-to-face. Account opening for deposit acceptance or fund acceptance from the public via electronic means can only be available for “individual customers”. Electronic means include: (1) financial institutions’ electronic devices; and (2) customers’ electronic devices installed with the financial institution’s application.
Since account opening for deposit acceptance or fund acceptance from the public via an electronic means is considered to be a use of new technologies in the provision of banking services, financial institutions must obtain a prior approval from the BOT.
Permissible method/technology. For account opening via electronic means, financial institutions must use the method that can replace face-to-face interaction. The financial institution must ensure that its staff can interview and observe the customer’s behaviour on a real-time basis. Currently, only video-conference systems are specified as a permissible method/technology.
Electronic document and electronic signature. Financial institutions can accept KYC documents in the form of electronic data under the law on electronic transactions. Electronic signatures under the law on electronic transactions are also acceptable as customers’ signatures.
Verification of customer information and identification documents. For account opening via financial institutions’ electronic devices, the verification must be done by using either: (1) a smart-card reader (with supplemental verification through the system of relevant government authority that verifies information and ID cards, or a system that verifies fingerprints); or (2) the system of relevant government authority that verifies information and ID cards along with the system that verifies fingerprints. Where customers’ electronic devices and financial institutions’ applications are used, the verification must be done by approach (2) above.
Other methods/technologies used for verification require specific BOT approval on a case-by-case basis.
Record keeping. Financial institutions must keep information and KYC documents or their copies, as well as images, sound recordings and transaction logs, in accordance with the record keeping period under the AML law.
Reporting entities including financial institutions must also comply with KYC and customer due diligence (CDD) requirements under the AML law. Regardless of whether or not transactions are related to account opening for deposit acceptance or fund acceptance from the public, for any transactions or relationships that are initiated via electronic means, financial institutions must also comply with certain requirements applicable to non-face-to-face KYC processes and other requirements generally applicable for KYC/CDD processes under AML law.