ASEAN Plus Group (APG), a group of law firms in Asia, has released a comprehensive guide to payment services regulations in Asia Pacific (APAC).
The document, maps the latest state-of-play in the payments space in some of ASEAN’s biggest markets and jurisdictions, including Cambodia, Indonesia, Malaysia, Philippines, Singapore, Thailand and Vietnam.
It also features countries with significant economies and key relationships with ASEAN countries, including Australia, Bangladesh, China, India, South Korea and Taiwan.
For each country, the guide gives an overview of the current state of the domestic payment industry, the regulators in charge of overseeing the sector, the different types of licenses available, the licensing requirements, the state of cryptocurrencies/cryptoassets regulations, intellectual property (IP) laws in place, as well as anti-money laundering and counter-terrorism financing (AML/CTF), tech risk, and data privacy requirements, among other key topics.
Below, we detail some of the rules and guidelines currently in place in relevant jurisdictions, including Cambodia, Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.
In Cambodia, National Bank of Cambodia (NBC) and Ministry of Economy and Finance (MEF) are the agencies responsible for regulating the payments sector.
Under current legislations, there are two types of payment services allowed to operate in the country: payment service providers (i.e. existing banking and financial institutions that intend to provide such services); and third-party processors, (i.e. legal entities that intend to act on behalf of banking and financial institutions).
In Cambodia, all financial institutions, payments companies included, are required to report to the Financial Intelligence Unit for any suspected transaction. They must also follow compliance requirements set by NBC’s Technology Risk Management Guidelines.
When it comes to cryptocurrencies and cryptoassets, there is currently no specific legal framework that regulates these activities, and it is still unclear whether crypto trading is legal or not. That, however, has not stopped the circulation, trading and acceptance of cryptocurrencies in Cambodia.
In Indonesia, Bank Indonesia is the main regulator when it comes to payments systems and activities.
Payment system services providers in Indonesia must obtain a Payment System Service Provider license from the regulator, and licensed entities have to comply with a set of AML/CTF requirements, and implement risk management and prudential processes.
Bank Indonesia prohibits the use of cryptocurrencies for payment, but cryptoassets can be traded. That being said, only an approved list of cryptoassets are permitted to be traded in Indonesia.
In Malaysia, the regulation of payments systems falls under the purview of Bank Negara Malaysia (BNM).
In addition to the local banks being licensed via conventional requirements, issuers of e-money are required to obtain approval from BNM and comply with the regulator’s Guideline on E-Money, as well as AML/CFT and tech risk requirements.
Malaysia has a regulatory framework in place for cryptocurrency trading, which outlines requirements for digital asset exchanges to be set up. Malaysia also has regulations for initial coin offerings (ICO), or Digital Token Offering. These activities must be conducted by a registered Initial Exchange Offering (IEO) platform operator.
In the Philippines, the Bangko Sentral ng Pilipinas (BSP) oversees payment systems and exercise supervisory and regulatory powers.
Payments entities must register as an Operator of Payment Systems (OPS) if they: maintain a platform that enables payments or fund transfers; operate a system or network that enables payments or fund transfers; or provide a system that processes payments on behalf of any person or the government. Regulated entities must comply with AML, tech risks and data privacy requirements.
The BSP also oversees and regulates cryptocurrency activities and exchanges. However, there is currently no existing rules regulating the issuance of virtual currencies in the Philippines.
Under the existing regime, any person or entity may be able to convert fiat currency into virtual currency and vice versa through a BSP-licensed virtual currency exchange.
In parallel with the BSP’s virtual currency exchange license, the Cagayan Economic Zone Authority introduced its Financial Technology Solutions and Offshore Virtual Currency License in 2019.
In Singapore, the Monetary Authority of Singapore (MAS), which has multiple roles as central bank, financial services regulator and industry promoter, oversees payments activities and the Payment Services Act 2019.
Under the act, MAS regulates seven payment services: account issuance service, domestic money transfer service, cross-border money transfer service, merchant acquisition service, e-money issuance service, digital payment token service and money-changing service.
Payment services providers can apply for a money changing license (MC), a standard payment institution (SPI) license, or a major payment institution license (MPI).
Licensed and regulated entities must comply with AML/CTF requirements, as well as tech risks requirements. There are also regulations on the collection, use and transmission of personal data.
When it comes to cryptocurrencies and cryptoassets, regulations that apply depend on the type of crypto in question, whether they have the attributes of a commodity, a digital payment token, or a capital market product.
In Thailand, the key responsible agency is the Bank of Thailand (BOT) in collaboration with the Digital Government Development Agency (DGA), as well as private organizations such as Thai Fintech Association.
Payment systems in Thailand are divided into 3 main groups: Highly Important Payment Systems (e.g. BAHTNET system); Designated Payment Systems (e.g. payment card networks); and Designated Payment Services (e.g. credit card, e-money services, e-money transfer services).
Entities can either be licensed as a Designated Payment System, or a Designated Payment Service. Those licensed and regulated by the BOT must comply with AML, know-your-customer (KYC) and customer due diligence (CDD) requirements. There are also policies and measures related to tech risk and IT security.
In Thailand, cryptocurrencies are not considered “legal tenders.” However, the BOT does not prohibit people from using cryptocurrencies as the medium of exchange. Digital asset businesses must comply with the same AML obligations and requirements as financial institutions.
In Vietnam, the State Bank of Vietnam (SBV) is the regulatory authority responsible for managing all monetary, banking and payment activities. In addition to the SBV, the Ministry of Information and Telecommunication also has certain authority on electronic payment services.
In Vietnam, payment services can be classified either as: payment services via payment accounts, which are carried out by licensed banks; or payment services not via payment accounts, which consist of money transfer, receipts and disbursements on behalf of others.
Payment services providers in Vietnam are required to obtain either a Banking License, or an Intermediary Payment Services (IPS) License, to offer services including e-wallet and e-payment infrastructure services.
When it comes to cryptocurrencies, the issuance, distribution and use of cryptocurrencies are illegal in Vietnam, though regulators are currently working on a new regulatory framework for cryptocurrencies.
Featured image credit: Business card photo created by jannoon028 – www.freepik.com