Name
Global FinTech Guide
Country _ Name
Thailand
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The primary law regarding AML is the Anti-Money Laundering Act, B.E. 2542 (1999) (AML Act). The most recent amendment of the AML Act took effect on 9 October 2015. The AML Act mainly requires financial institutions and certain professions to, among others, do the following:

  1. Report certain transactions to the Anti-Money Laundering Office (AMLO);
  2. Identify customers prior to conducting any transaction as prescribed in ministerial regulation, (unless the customer has previously done so);
  3. Implement a customer acceptance policy and manage risks relates to money laundering, and undertake customer due diligence when the first transaction is carried out and periodically review this until the account is closed or the relationship has been terminated; and
  4. Retain information obtained from the above process for a certain period.

National regulator or relevant authority for AML controls

The main regulatory authority for AML in Thailand is AMLO, which is under the Prime Minister’s Office. AMLO is responsible for regulating and enforcing the AML Act, which gives AMLO the authority to issue reporting guidelines. AMLO is also responsible for commencing enforcement against violators of the AML Act and its subordinate regulations.

Other Thai government agencies involved in supervising and enforcing the law include the Ministry of Finance, the Securities and Exchange Commission, the Bank of Thailand, and the Office of the National Counter Corruption Commission.

Customer Due Diligence

Conduct of a typical KYC identification process

The subordinate regulations of the AML Act require financial institutions and certain professions such as e-payment, e-money, and securities business operators to perform know-your-customer (KYC) procedures or transaction above a certain minimum value. In conducting KYC, business operators must collect customer information and documents, including name, ID number, address, contact details, and more. In principle, KYC must be performed face-to-face. Other approaches can be acceptable, but they must comply with the standards and requirements prescribed in the relevant ministerial regulations.

The relevant regulations also impose general requirements and obligations on financial institutions and e-payment business operators to implement customer due diligence (CDD) policies approved by the AMLO. In addition to CDD, risk assessment and risk management must be carried out for existing and future customers.

Financial institutions can now use reliable and advanced technology and new identity verification mechanisms (such as biometric comparison technology, utilization of the National Digital ID platform etc.) as part of its KYC process for the opening of deposit accounts. This is a change from the previous practice, which allowed only in-person KYC. The updates are contained in the Notification of the Bank of Thailand No. SorNorSor 19/2562 Re: Regulations on Know Your Customer (KYC) for Deposit-Account Opening by Financial Institutions.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

It is possible to comply with the CDD requirements by relying on third parties, unless specifically stated otherwise in the relevant AML regulations (such as in the case of certain strategic functions that financial institutions mu
st perform themselves).

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

Generally, no. However, the law provides that a royal decree may be enacted to govern a digital ID service businesses if it is necessary for maintaining financial or commercial stability or enhancing the credibility of the identification process. As such the digital ID service business may be required to apply for a license or registration, in which case the Ministry of Digital Economy and Society is the regulator.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)


No credit institutions
No financial institutions
No auditors, external accountants, and tax advisors
No notaries and other independent legal professionals
No other trust or company service providers
No estate agents
No other persons trading high-value goods
No providers of gambling services
Yes Thai law, i.e. the Electronic Transaction Act, has just been amended in May 2019 to allow entities to rely on a third party for conduct customer identification, and the entities which can be relied on will later be prescribed by the authority.


Authors

Close

Choose country