Name
Global FinTech Guide
Country _ Name
Vietnam
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

Vietnam’s current AML framework is primarily governed by Law on Anti-Money Laundering No. 14/2022/QH15, which was passed by the National Assembly on 15 November 2022 and came into effect on 1 March 2023 (“AML Law”); and Decree No. 19/2023/ND-CP of the Government dated 28 April 2023, which provides detailed guidance on several articles of the Law on Anti-Money Laundering (“Decree 19/2023”).



National regulator or relevant authority for AML controls

Although the responsibility for overseeing AML in Vietnam is shared among various government agencies, such as the Ministry of Public Security, the Ministry of National Defense, the Ministry of Finance, and others, the primary authority responsible for state management of AML is the SBV. More specifically, the Anti-Money Laundering Department under the SBV is the designated agency tasked with performing the functions and duties related to AML in accordance with the provisions of AML legislation.



Customer Due Diligence

Conduct of a typical KYC identification process

Under the AML Law, a typical KYC identification process may involve:

  • Determining cases where customer identification is required in accordance with the AML Law and Decree No. 19/2023;
  • Collecting customer identification information (e.g., full name; date of birth; nationality; business registration number, enterprise code or tax code; etc.);
  • Updating customer identification information to ensure consistency with the information contained in existing customer records;
  • Verifying customer identification information using specific documents or data, or by retrieving information from national databases, competent state authorities, or other organizations;
  • Classifying customers based on their level of money laundering risk.
For eKYC (electronic KYC), banks may use biometric verification, and cross-checks with the national ID database for the KYC identification process.



Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Under the AML Law, reporting entities (i.e., licensed financial institutions conducting one or more specific activities, and organizations or individuals engaged in designated non-financial business sectors as prescribed by law) are allowed to identify customers through third parties. However, reporting entities must ensure that the third party meets certain conditions, such as performing customer identification in accordance with the provisions of the AML Law, or following the recommendations of the Financial Action Task Force (FATF) if the third party is a foreign organization; and being subject to supervision and oversight by a competent authority.
Although reporting entities may rely on third parties for customer due diligence, they remain fully responsible for the outcomes of the customer due diligence conducted by those third parties.



Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

The AML Law does not permit the outsourcing of the entire customer due diligence process to third parties who are not obliged by law to meet AML regulations and rely on these.

However, the customer due diligence process consists of multiple steps. Among these, the AML Law only allows reporting entities to engage third parties (who may simply be organizations established and operating under Vietnamese law and are not necessarily subject to AML obligations) for the verification of customer identification information. This means that while the verification of customer identification information may be delegated to third parties who are not obliged by law to meet AML regulations, the overall responsibility and execution of customer due diligence cannot outsource to third parties who are not obliged by law to meet AML regulations.



Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

For the verification of customer identification information, the service providers are normally recognized as IT/tech companies with no special licensing or registration requirement except for the general enterprise establishment procedures.

In addition, the service provider is generally required to ensure the confidentiality of customer identification information in accordance with legal regulations.

As for outsourcing the entire customer due diligence process, the outsourcing third party must be a supervised financial or designated non-financial entity with an established customer relationship that conducts customer identification in line with legal or FATF standards, ensures confidentiality, and promptly provides customer information upon request. Additional conditions are applied if the third party is a financial institution and its parent company is a financial institution.





Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)
Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
  other trust or company service providers
Yes estate agents
Yes other persons trading high-value goods
Yes providers of gambling services


Authors

Close

Choose country