Computer Crime and Telephone Scams: Strengthening Legal Frameworks to Combat Cyber Fraud

Introduction:

In response to the escalating threat of cybercrime and telephone scams, the Thai government has taken decisive steps to enhance its legal framework. The Cabinet has approved amendments to the Royal Decree on the Prevention and Suppression of Technological Crimes. This move comes amid growing concerns over the daily financial losses suffered by citizens, which currently average between 60 to 70 million baht. Prior to the implementation of recent measures, these losses were even higher, ranging from 100 to 120 million baht per day. The urgency of the situation has necessitated immediate action to address the vulnerabilities in the existing legal framework.

Bank of Thailand (BOT) also supports the principles of this draft Royal Decree and has collaborated with relevant agencies to provide input to refine the draft, ensuring it effectively enhances measures to prevent and suppress technological crimes.

The BOT has been actively working with both public and private sector stakeholders to establish mechanisms where service providers must share responsibility and compensate for damages if they fail to comply with regulatory standards. This policy direction is a priority for the BOT, which is in the process of clearly defining the responsibilities of financial institutions in addressing technological crimes. These responsibilities will be used to assess liability for damages caused by such crimes, in conjunction with other relevant service providers under this Royal Decree and related regulations.

The original Royal Decree, enacted in 2023, was found to lack sufficient authority and penalties in several critical areas. These gaps include the inability to take action against “mule accounts” on peer-to-peer (P2P) platforms, the absence of mechanisms to refund victims, and the lack of shared liability among parties involved in criminal activities. The proposed amendments aim to address these shortcomings by introducing several key provisions:

1. Enhanced Authority Over P2P Platforms: The amendments grant authorities greater power to take action against peer-to-peer (P2P) platforms involved in illegal activities. This includes the ability to investigate, suspend, or shut down platforms facilitating fraudulent transactions.

2. Mandatory SIM Card Suspension: Telecommunications providers are now required to suspend SIM cards associated with fraudulent activities. This measure aims to disrupt the operations of scam networks that rely on mobile communication.

3. Faster Refunds for Victims: Banks are mandated to share information about “mule accounts” (accounts used to launder money) with the Anti-Money Laundering Office (AMLO). This will expedite the process of identifying and refunding victims of cyber fraud.

4. Stricter Penalties for Non-Compliance: P2P platforms and banks that fail to prevent the opening of accounts by criminals will face increased penalties. This provision ensures that financial institutions take proactive measures to verify the legitimacy of account holders.

5. Penalties for Data Breaches: Individuals or entities that disclose personal . information without authorization will be subject to harsher punishments. This aims to deter data breaches and protect citizens’ privacy.

6. Shared Liability for Financial Institutions: Financial institutions, mobile networks, and social media platforms will now bear partial responsibility for damages resulting from cybercrimes. This shared liability framework encourages all stakeholders to implement robust security measures.

7. Extraterritorial Jurisdiction: The amendments include provisions to hold offenders and their supporters accountable, even if they are located overseas. This ensures that international perpetrators involved in cybercrimes affecting Thailand can be pursued and penalized. This provision is crucial for addressing cross-border cybercrime and ensuring that offenders cannot evade justice by operating from outside the country.

Impact on Stakeholders:

The amendments will have significant implications for various stakeholders, including financial institutions, telecommunications providers, social media platforms, and the general public. Financial institutions and telecom companies will need to invest in robust compliance mechanisms to avoid penalties and ensure adherence to the new regulations. Social media platforms will be required to enhance their monitoring systems to detect and prevent fraudulent activities. For the public, these changes promise greater protection against cyber fraud and telephone scams, but they will also need to remain vigilant and informed about the risks associated with online transactions.

Effective Date:

The amended Royal Decree is expected to take effect immediately after its publication in the Royal Gazette. The Secretary-General of the Council of State has indicated that the process of finalizing the draft and publishing it will take no more than 30 days. As a result, the new regulations are anticipated to be enforceable by February 2024. This swift implementation underscores the government’s commitment to addressing the growing threat of cybercrime and protecting citizens from financial losses.

Conclusion:

The amendments to the Royal Decree represent a significant step forward in Thailand’s efforts to combat cybercrime and telephone scams. By addressing the gaps in the existing legal framework and introducing stricter penalties, the government aims to create a safer digital environment for its citizens. The inclusion of extraterritorial jurisdiction ensures that offenders and their supporters, even those located overseas, can be held accountable. However, the success of these measures will depend on the collective efforts of all stakeholders, from financial institutions to individual users, to remain vigilant and proactive in the face of evolving cyber threats. The BOT’s proactive involvement in defining responsibilities and ensuring compliance further strengthens the framework, paving the way for a more secure financial and technological ecosystem in Thailand.

Key Takeaways:

Urgency of Action: The Thai government has recognized the urgent need to combat cybercrime and telephone scams, given the substantial daily financial losses incurred by citizens.

Strengthened Legal Framework: Amendments to the Royal Decree introduce stricter penalties and broader authority for law enforcement agencies to tackle cyber fraud and telephone scams effectively.

Shared Responsibility: The new regulations emphasize the shared responsibility of financial institutions, telecom providers, and social media platforms in preventing cybercrime.

Enhanced Victim Protection: Faster refund mechanisms and increased penalties for data breaches aim to provide better protection for victims of cyber fraud and scams.

Global Collaboration: The Thai government is working with international partners to address cross-border cybercrime, highlighting the importance of global cooperation in combating this growing threat.

Extraterritorial Jurisdiction: The amendments include provisions to hold offenders and their supporters accountable, even if they are located overseas. This ensures that international perpetrators involved in cybercrimes affecting Thailand can be pursued and penalized.

Effective Date: The amended Royal Decree is expected to take effect immediately after its publication in the Royal Gazette, with enforcement anticipated by February 2024.

Author: Panisa Suwanmatajarn, Managing Partner.

Other Articles

• Notification of the Competent Officer on Exchange Control (No. 38) — Draft Amendment
• Thailand’s Proposed Updates to the Non-Preferential Certificate of Origin Framework for Exports to the United States and the European Union
• Thailand’s Expanding Trade Network: Key Updates on FTAs with Partner Countries
• Thailand FDA — Proposed Food Labelling Rules for Prepackaged Foods
• U.S. Tariff Developments Post Supreme Court Ruling
• FDA: Food and Drug Administration Proposes Revised Food Advertising Notification