IT outsourcing is accepted and welcomed for financial businesses, subject to certain standards and guidance prescribed by the relevant government authorities. Therefore, this might be a good opportunity for FinTech to enter and penetrate the market.
There is no specific law that governs the business provisions for data and risk management or analytic and research services.
However, licensed financial institutions and e-payment service providers that outsource services to a service provider will have to comply with the criteria and rules on IT Outsourcing, as prescribed by the BOT.
Financial Institutions with IT capacity are allowed to provide services to other financial institutions or government agencies (insourcing) in accordance with the BOT’s rules.
There is no information that is publicly available.
Currently a draft Personal Information Protection Act (the “Draft’), which has been reviewed by the Council of State, was given to the Committee for House of Representative Coordination to review and will be submitted to the Cabinet for approval later. The Draft provides protection of personal data by restricting the gathering, using, disclosing and altering of any personal data without the consent of the data owner. The Draft also restricts cross-border transfer of personal data. Data controllers are also obligated to arrange for secured system in storing and handling personal data. There are criminal penalties and civil liability for any violation.
Athistha (Nop) Chitranukroh
Piyanuj (Lui) Ratprasatporn