THAILAND LAW AND PRACTICE Contributed by: Wongsakrit Khajangson, Panupan Udomsuvannakul, Koraphot Jirachocksubsin and Pitchaya Roongroajsataporn, Chandler Mori Hamad a
• outsourcing agreements allowing internal, external and BOT auditors to audit outsourced payment services; • a business continuity or disaster recovery plan covering outsourced service activities; and • risk assessments for cross-border services. In addition, the SEC has proposed outsourcing guard - rails for certain digital asset functions (eg, due dili - gence and smart contract review) for ICO portals. 2.9 Gatekeeper Liability Depending on business activities, a fintech service provider may be considered a gatekeeper. For example, pursuant to SEC Notification No GorThor 19/2561 regarding the criteria, conditions and pro - cedures for business operations of digital assets, exchange service providers must have a system in place that discloses sale and purchase data. This data includes pre-trade and post-trade information, and records of sales and purchases of digital assets must be recorded for potential audits. The Computer Crime Act B.E. 2550 (2007) requires that a fintech service provider is: • a person who provides services to the public with respect to access to the internet or other mutual communications via computer systems, whether on their own behalf or in the name of, or for the benefit of, another person; or • a person who provides services with respect to the storage of computer data for the benefit of other persons. Computer traffic data must be stored for at least 90 days from the date on which the data is entered into the computer system. However, if necessary, a relevant competent official may instruct a service provider to store data for a peri - od of longer than 90 days but not exceeding one year on a special case-by-case or on a temporary basis. A fintech service provider must keep the necessary information of the service user to be able to identify the service user from the beginning of the provision of the services. Such information must be retained for an additional period of no more than 90 days after the service agreement has been terminated.
Failure to meet the specified requirements may result in a fine of up to THB5,000. 2.10 Significant Enforcement Actions In 2025, the SEC remained active in supervising digital asset markets and businesses, and a stricter approach from the SEC was seen in enforcement actions (including licence revocations and post-rev - ocation charges). In January 2026, the SEC also filed criminal com - plaints in connection with unlicensed Worldcoin- related trading activity, signalling ongoing scrutiny of offshore projects targeting Thai users. Despite the revocation of its digital asset licences, the business operator remains a limited company and may still face legal action. Following the revocation, the SEC filed charges against the business operators of digital asset exchange platforms for operating a digital asset exchange business without a licence under the Digital Assets Decree. As a result, the SEC filed a criminal complaint against such business oper - ators with the Economic Crime Suppression Division for further investigation and legal proceedings. In addition, the SEC has consistently enforced laws against the operation of digital asset businesses with - out a licence. In mid-2024, the SEC co-operated with the Ministry of Digital Economy and Society (MDES) to block access to the website of a digital asset trad - er operating and soliciting services in Thailand. This trader is accused of conducting a digital asset trading business without a licence, which is in violation of the Digital Assets Decree. Authorities also intensified anti- scam operations through late 2025, seizing substan - tial assets linked to online fraud and mule-account networks. 2.11 Implications of Additional, Non- Financial Services Regulations There are several regulations that fintech business operators must comply with to operate their busi - nesses. However, those relating to privacy, cyberse - curity, social media and software development are not specific to fintech businesses and apply to all busi - ness activities, including those conducted in a more traditional manner.
862 CHAMBERS.COM
Powered by FlippingBook