Financial Crime World

Fintech Regulations in Vietnam: A Comprehensive Guide

Payment Services

In Vietnam, the regulatory framework for payment services is governed by relevant laws and regulations. Key aspects of this framework include:

  • License Requirements: Payment service providers must obtain licenses from the State Bank of Vietnam (SBV) to operate legally.
  • Compliance with Laws and Regulations: All licensed payment service providers are required to comply with relevant laws, rules, and regulations.

Electronic Wallets and Mobile Payments

Electronic wallets and mobile payments are becoming increasingly popular in Vietnam. To operate these services, licensees must:

  • Register with the SBV: Electronic wallet providers and mobile payment operators must register with the State Bank of Vietnam.
  • Comply with Foreign Ownership Limits: There are restrictions on foreign ownership limits for electronic wallet and mobile payment services.

Cryptocurrencies and Tokens

Cryptocurrencies and tokens are not recognized as assets under Vietnamese law. As a result, their trading is prohibited.

Play-to-Earn Games

Play-to-earn games pose regulatory risks in Vietnam due to concerns about unlawful gambling and anti-money laundering regulations.

Cross-Border Fintech Transactions

Cross-border fintech transactions are subject to restrictions due to FX regulations:

  • Denomination and Payment: All payments and transactions must be denominated and paid in Vietnamese Dong.

Personal Data Protection Regulations (PDPD)

The PDPD, which will take effect on July 1st, 2023, introduces key obligations for fintech companies:

  • Obtaining Consent from Data Subjects: Fintech companies must obtain consent from data subjects before processing their personal data.
  • Implementing Management and Protective Measures: Companies must implement management of data and technical protective measures to safeguard personal data.
  • Conducting Impact Assessments: Fintech companies must conduct impact assessments before any personal data processing activity.

Cybersecurity Administrative Sanctions Decree

A draft Cybersecurity Administrative Sanctions Decree has been prepared, which includes significant administrative sanctions and liabilities for violations concerning personal data protection obligations.