A Comparison Studies of Fintech Regulations in Asia Pacific: A Series (Thailand)

Written by Richard Wee, Muhammad Anwar, Ng Chin Yang, Lim Zhi Ying, Ashleshaa


Financial technology, or mainly known as Fintech has been a booming industry ever since the strike of Covid-19 when contactless transactions were the only means of dealing. It has become more convenient for every one of every age as everything is mostly one tap away. However, with how simple Fintech has become it can very easily get out of hand without proper supervision. Hence come into play the regulations governing financial technology. Different countries regulate on different playbooks. 

This seven part series will highlight Fintech Regulations in several countries within Asia Pacific, namely:

  1. Malaysia;
  2. Philippines;
  3. Taiwan;
  4. Vietnam;
  5. Singapore;
  6. Thailand; and
  7. Korea.

Series: Thailand


Among the Southeast Asian Countries, Thailand ranks fifth in Fintech funding. Thailand is equally expanding their market into the Fintech industry as their public sector plays a huge role in a main contributor in market developing whilst exploring more into Fintech initiatives. To foresee this dive into Fintech the Thai authorities came up with regulations to protect users. Here we will look into how the use of Fintech is regulated in different fields of industry. The main bodies regulating Fintech in Thailand are namely the Bank of Thailand (BOT), the Securities and Exchange Commission (SEC) and the Office of Insurance Commission (OIC).  Legislation governing digital transactions has been enacted since the 2000s. 

Electronic Transaction Act 2001: This act facilitates and recognizes the effectiveness of electronic transactions to ensure that its validity is the same as the traditional paper transactions. This act may soon be amended to accommodate greater protection especially for online consumers.   

Electronic Payment Services Business Act 2008: Regulates the electronic payment formats and procedures which is now replaced by the Payment Systems Act 2017.

Payment Systems Act 2017: This act is now the new legal framework that has replaced the Electronic Payment Services Business Act 2008 pertaining to the regulations on electronic payment formats and procedures. Every electronic payment infrastructure is regulated by this Act. The purpose of this enactment was to improve supervision and to bring it in par with international standards. Replacing the previous Electronic Payment Services Business Act 2008, this new regime imposes a duty on the Bank of Thailand to identify any significant private sector e-payment system that needs to be regulated – then makes a recommendation to the Ministry of Finance who will regulate those systems accordingly.

2018 Royal Decree on Digital Asset Businesses: This royal decree is a legislation that specifically regulates digital assets and cryptocurrency. This royal decree also regulates different aspects of creating a digital asset venture in Thailand specifically with regard to the definition of the types of token, fundraising, how initial coin offerings (ICOs) can be conducted, and which cryptocurrencies can be used during ICOs.

Personal Data Protection Act: PDPA is considered to be the first Thailand law that was designed to govern data protection and is also on a comparable standard with the European General Data Protection Regulation (GDPR). PDPA includes data processing, data collection, data storage and data consent protocols. This should not be confused with the GDPA. GDPA provides specific rules for the processing of personal data for research, data minimisation and anonymization. PDPA on the other hand does not include specific rules for the collection, use, nor disclosure of personal data. What they do instead is impose an obligation to all organization that collect, use or disclose information to follow the data protection obligations under PDPA.

Therefore FinTech businesses must acquire consent from data users and use infrastructures that will make certain the data stored is safe, among other requirements. FinTech businesses need to be vigilant that failure to comply with the PDPA regulation will result in them facing harsh and heavy sanctions from the relevant authorities.

This practice applies equally for other FinTech businesses operating overseas whilst providing their services to Thailand users. According to the Act, FinTech businesses that operate overseas must appoint local representatives in Thailand and should be based in a country that has adequate data protection regulations in order to be allowed to conduct international data transfers.

Published on 9 November 2023

Legal 500 Leading Firm 2022 - Richard Wee Chambers
ALB MLA Law Awards 2021 Finalist Badge - Richard Wee Chambers

visit Us @ RWC:

NINE COURTNo 9, Jalan 22/3846300 Petaling Jaya, Selangor, Malaysia

Write To Us @ RWC:


Give us a call @ RWC :

+603-7890 4118

Whatsapp Us:

+6016-275 0025
Subscribe to our Newsletter @ RWC
Always Get Our Latest News & Events Newsletter!

Some description text for this item