Section Home

Home	Hidden
Home	2

Name

Global FinTech Guide

Country _ Name

Thailand

SectionTitle

KYC requirements

Body

The know-your-customer or know-your-client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The primary law regarding AML is the Anti-Money Laundering Act, B.E. 2542 (1999) (AML Act). The most recent amendment of the AML Act took effect in 2022. The AML Act mainly requires financial institutions and certain professions to, among others, do the following:

Report certain transactions to the Anti-Money Laundering Office (AMLO);
Identify customers prior to conducting any transaction as prescribed in ministerial regulation, (unless the customer has previously done so);
Implement a customer acceptance policy and manage risks relates to money laundering, and undertake customer due diligence when the first transaction is carried out and periodically review this until the account is closed or the relationship has been terminated; and
Retain information obtained from the above process for a certain period.

National regulator or relevant authority for AML controls

The main regulatory authority for AML in Thailand is AMLO, which is under the Prime Minister's Office. AMLO is responsible for regulating and enforcing the AML Act, which gives AMLO the authority to issue reporting guidelines. AMLO is also responsible for commencing enforcement against violators of the AML Act and its subordinate regulations.

Other Thai government agencies involved in supervising and enforcing the law include the Ministry of Finance, the Securities and Exchange Commission, the Bank of Thailand, and the Office of the National Counter Corruption Commission.

Customer Due Diligence

Conduct of a typical KYC identification process

The subordinate regulations of the AML Act require financial institutions and certain professions such as e-payment, e-money, and securities business operators to perform know-your-customer (KYC) procedures or transaction above a certain minimum value. In conducting KYC, business operators must collect customer information and documents, including name, ID number, address, contact details, and more. In principle, KYC must be performed face-to-face. Other approaches can be acceptable, but they must comply with the standards and requirements prescribed in the relevant ministerial regulations.

The relevant regulations also impose general requirements and obligations on financial institutions and e-payment business operators to implement customer due diligence (CDD) policies approved by the AMLO. In addition to CDD, risk assessment and risk management must be carried out for existing and future customers.

Financial institutions can now use reliable and advanced technology and new identity verification mechanisms (such as biometric comparison technology, utilization of the National Digital ID platform etc.) as part of its KYC process for the opening of deposit accounts. This is a change from the previous practice, which allowed only in-person KYC. The updates are contained in the Notification of the Bank of Thailand No. SorNorSor 19/2562 Re: Regulations on Know Your Customer (KYC) for Deposit-Account Opening by Financial Institutions.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

It is possible to comply with the CDD requirements by relying on third parties, unless specifically stated otherwise in the relevant AML regulations (such as in the case of certain strategic functions that financial institutions must perform themselves).

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes. Although the AML Act does not restrict the outsourcing of CDD obligations, the laws regulating financial institutions and certain professions could prohibit or impose certain requirements on CDD function outsourcing. On financial institutions, the Notification of the Bank of Thailand No. SorNorSor 13/2563 Re: Regulations on the Use of Services from Business Partners of Financial Institutions restricts the financial institutions from outsourcing “strategic functions” including the CDD and KYC functions for lending transactions and account opening. For designated payment systems and providers under the Payment System Act B.E. 2560 (2017), the BOT has imposed some obligations on the payment business operators, such as to have risk management measures and service agreements that authorize the BOT to audit the operation and internal control of the third party outsource.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

Yes, for digital ID service. The Royal Decree on Supervision of Service Businesses Relating to Digital Identification and Authentication and Authentication Systems that are Subject to Licensing Requirements B.E. 2565 (2022) requires the “regulated digital ID service” to obtain a license from ETDA. The regulated digital ID services are 1) identity proofing service, 2) authenticator lifecycle management service, 3) authentication service, and 4) digital ID networks/systems. The license requirements apply only to the services provided to the third party, not to the internal use of the service provider. In the event that the customer due diligence outsourcing service does not fall within the scope of “regulated digital ID service”, it is unlikely that a license or registration would be required.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

✔	credit institutions
✔	financial institutions
✔	auditors, external accountants, and tax advisors
✔	notaries and other independent legal professionals
✔	other trust or company service providers
	estate agents
	other persons trading high-value goods
	providers of gambling services
✔	Thai law, i.e. licensed digital ID service provider under The Royal Decree on the Supervision of Regulated Digital Identification Authentication and Verification Service Businesses B.E. 2565 (2022)

BackToCountry	Hidden	Hidden
Back to country	Thailand	2

Switch country

Global overview

Authors

Name	Organisation	Email	Hidden
Napassorn Lertussavavivat	Tilleke & Gibbins - Thailand	[email protected]	2154
Nopparat Lalitkomon	Tilleke & Gibbins - Thailand	[email protected]	2154
Pornpan Wichawut	Tilleke & Gibbins - Thailand	[email protected]	2154
Thammapas Chanpanich	Tilleke & Gibbins - Thailand	[email protected]	2154
Rujaporn Paritsantik	Tilleke & Gibbins - Thailand	[email protected]	2154
Rada Lamsam	Tilleke & Gibbins - Thailand	[email protected]	2154
Wilin Somya	Tilleke & Gibbins - Thailand	[email protected]	2154
Karnravee Jitvilai	Tilleke & Gibbins - Thailand	[email protected]	2154

Choose country

	Hidden	Hidden
Albania	167	2
Argentina	512	2
Australia	182	2
Austria	677	2
Bolivia	1012	2
Bosnia and Herzegovina	197	2
Bulgaria	980	2
Canada	152	2
Chile	242	2
China	257	2
Colombia	272	2
Costa Rica	287	2
Croatia	302	2
Czech Republic	812	2
Dominican Republic	824	2
Finland	921	2
France	722	2
Germany	137	2
Hong Kong	737	2
Hungary	347	2
Ireland	692	2
Italy	332	2
Japan	850	2
Kenya	998	2
Korea, Republic of	362	2
Malaysia	662	2
Mexico	632	2
Montenegro	377	2
New Zealand	392	2
Nigeria	904	2
North Macedonia	437	2
Peru	422	2
Philippines	407	2
Poland	482	2
Portugal	497	2
Romania	797	2
Russia	912	2
Saudi Arabia	881	2
Serbia	467	2
Singapore	945	2
Slovenia	527	2
Spain	542	2
Switzerland	707	2
Thailand	557	2
Turkey	752	2
United Kingdom	782	2
United Rep of Tanzania	767	2
United States	587	2
Vietnam	962	2