THAILAND Law and Practice Contributed by: Wongsakrit Khajangson, Panupan Udomsuvannakul, Koraphot Jirachocksubsin and Pitchaya Roongroajsataporn, Chandler Mori Hamada
• the MOF and the BOT; • the MOF and the SEC; and
lations. Thus, different businesses may have different restrictions on outsourcing. Business operators that conduct designated business activities under the relevant regulations must obtain licenses, approvals, or register with the appropriate authorities. Certain functions in the operations of such designated business that are not the main activities under the respective licences, approval or registration can be out - sourced to qualified persons/to the extent that such outsourcing is not done to circumvent the relevant requirements. For example, financial institutions can use IT outsourcing services provided by third parties. However, the guidelines on risk management implementation of third parties must be fol - lowed. The guidelines cover risk governance, third-party risk management and reporting obli - gations to the BOT. Regulations require that payment service pro - viders, such as e-money or e-payment service providers, have protocols for third-party services as follows: • risk management measures and regular assessments for outsourced services; • outsourcing agreements allowing internal, external and BOT auditors to audit out - sourced payment services; • a business continuity or disaster recovery plan covering outsourced service activities; and • risk assessments for cross-border services. In December 2024, the SEC held a public hearing on outsourcing guidelines for ICO portals. Under the guidelines, ICO portals can outsource certain functions, such as customer service and token sales support, but not digital token screening. The SEC’s guidelines also require ICO portals to:
• the Anti-Money Laundering Office (AMLO). The BOT has the power to supervise, examine, and analyse the financial status, performance, and risk management systems of financial insti - tutions to enhance the stability of Thailand’s financial status as a whole. Thus, the BOT will predominantly supervise fintech activities relat - ing to financial institutions, including digital lend - ing and peer-to-peer lending payment systems, e-wallets, e-money and e-payments. The SEC is the regulatory unit supervising capital markets. Capital markets are the main mecha - nisms for efficient mobilisation, allocation and monitoring of the utilisation of Thailand’s eco - nomic resources. The SEC also governs busi - nesses that crowdfund, including those in the digital asset industry (cryptocurrencies and digi - tal tokens). The AMLO is Thailand’s regulatory body over - seeing financial transparency and compliance with AML and counter-terrorism financing (CTF) regulations. It monitors both traditional and dig - ital transactions to prevent money laundering and financial crimes. 2.7 No-Action Letters In Thailand, the SEC currently does not officially adopt the concept of no-action letters used in the United States. However, the SEC can pro - vide legal advice and guidance to companies and individuals to help them comply with SEC regulations and conduct activities involving SEC regulations with confidence. 2.8 Outsourcing of Regulated Functions The outsourcing restrictions applicable to each type of business depend on the relevant regu -
877 CHAMBERS.COM
Powered by FlippingBook