Fintech 2025

THAILAND Law and Practice Contributed by: Wongsakrit Khajangson, Panupan Udomsuvannakul, Koraphot Jirachocksubsin and Pitchaya Roongroajsataporn, Chandler Mori Hamada

pany and may still face legal action. Following the revocation, the SEC filed charges against the business operator, its former directors, and the CEO for disseminating or endorsing misleading information about digital asset prices, which could impact market prices or investment deci - sions. These charges have been submitted to the Economic Crime Suppression Division for further action. In addition, the SEC has consistently enforced laws against the operation of digital asset busi - nesses without a license. In mid-2024, the SEC co-operated with the Ministry of Digital Economy and Society ( “DE” ) to block access to the web - site of a digital asset trader operating and solicit - ing services in Thailand. This trader is accused of conducting a digital asset trading business without a license, which is in violation of the Digi - tal Assets Decree. 2.11 Implications of Additional, Non- Financial Services Regulations There are several regulations that fintech busi - ness operators must comply with to operate their businesses. However, those relating to privacy, cybersecurity, social media and software devel - opment are not specific to fintech businesses and apply to all business activities, including those conducted in a more traditional manner. The Personal Data Protection Act B.E. 2562 (2019) (the “PDPA” ), which came into full effect on 1 June 2022, was introduced in order to establish a regulatory regime and specify the requirements for processing and protecting personal data in Thailand. The Thai government introduced the PDPA to enhance personal data protection and align with the EU’s General Data Protection Regulation (GDPR).

Furthermore, the Cyber Security Act B.E. 2562 (2019) (the “CSA” ) categorises cyberthreats into three levels, as follows:

• non-serious cyberthreats; • serious cyberthreats; or • critical cyberthreats.

Such threats shall be subject to investigation, and the private operator may be required to: • provide access to relevant computer data or computer systems, or other information relat - ing to the computer system; • monitor computers or computer systems; and • allow officials to test the operations of com - puters or computer systems or seize comput - ers or computer systems. 2.12 Review of Industry Participants by Parties Other than Regulators Auditors may monitor industry participants for accounting purposes. Industry participants may voluntarily perform internal audits for various matters – ie, IT audits. Currently, no other organi - sations have the power to supervise, regulate or monitor participants in the fintech industry. The Thai Fintech Association was recently estab - lished in Thailand and registered as a non-profit organisation. The organisation has the main obli - gation to: • be a centre of knowledge of fintech; • support the public’s use and accessibility to fintech services; and • support standardisation of the fintech indus - try. At the time of writing, the Thai Fintech Associa - tion has not been granted authoritative power by the regulator, nor have regulations been passed

879 CHAMBERS.COM

Powered by