BOT: Draft Regulations on Enhanced Customer Due Diligence and Risk Management for Customer Use of Financial Services, Including Cash-Related Transactions

The Bank of Thailand (BOT) has issued draft regulations aimed at strengthening the framework for customer due diligence (CDD), know-your-customer (KYC) processes, and risk management practices among financial institutions (FIs) and specialized financial institutions (SFIs). These proposals establish a comprehensive, risk-based, end-to-end approach to prevent the financial system from being exploited for financial crimes, enhance public confidence in financial services, and provide equitable protection for customers affected by such activities.

The drafts address evolving risks, particularly those associated with abnormal transaction patterns and the inherent challenges of cash-based operations, which remain vulnerable to misuse due to their anonymity and traceability limitations. Key obligations include governance oversight, robust identity verification, continuous transaction monitoring, enhanced due diligence (EDD) for suspicious cases, secure record-keeping, and mandatory reporting of abnormal activities to the BOT.

1. Draft Criteria for Practices and Risk Management Arising from Customers’ Use of Financial Services

This regulation requires FIs and SFIs to implement and continually refine processes throughout the customer relationship lifecycle, proportionate to identified risks.

•  Governance: The board of directors and senior management must establish and approve risk-based CDD/KYC policies, ensure adequate resources, and conduct periodic reviews. Significant policy amendments require board approval. Institutions must maintain clear structures for roles, responsibilities, and the three lines of defense to support effective risk controls.

•  KYC and CDD: Institutions must verify customer identity and authenticity using reliable sources, identify beneficial owners, and prevent identity fraud. For savings accounts (high-risk products), specific verification methods apply:

       •  Thai individuals: Primary use of national smart cards via readers and electronic government systems, with defined alternatives for exceptional cases.

       •  Foreign individuals: Passports and verifiable residency documents, preferably using technologies such as Near Field Communication (NFC), along with evidence of purpose of stay.

       •  Legal entities: Official registration documents to determine ownership, control, and business nature.

•  Monitoring and Enhanced Due Diligence: Continuous systems must detect abnormal transactions or behaviors. Upon identification of anomalies, EDD is required, including inquiries into source of funds, financial status, and transaction purpose. Transactions must be rejected if EDD cannot be satisfied or if criminal indicators are evident.

•  Customer Support: Fair and prompt procedures must assist customers impacted by risk management actions who are not involved in suspicious conduct.

•  Record-Keeping and Reporting: Customer and transaction data must be securely retained for prescribed periods to support regulatory oversight. Suspicious transactions and abnormal patterns must be reported to the BOT in specified formats.

2. Draft Criteria for Practices and Risk Management of Cash-Related Transactions

This regulation imposes heightened controls on cash activities—including deposits, withdrawals, cashier’s cheques, and currency exchanges—conducted through branches or electronic channels, recognizing cash’s role in facilitating illicit flows.

•  Strengthened Identity Verification: Customers must present themselves or complete verified authentication before engaging in any cash-related transaction to eliminate anonymous or proxy movements.

•  Monitoring Abnormal Cash Movements: Institutions must monitor for patterns inconsistent with customer profiles or lacking economic rationale, including excessive high-value or frequent transactions.

•  Enhanced Due Diligence for High-Value Cash Transactions: Abnormal patterns trigger EDD. If purpose or legitimacy cannot be verified, transactions must be refused, with mandatory reporting to the BOT.

•  Support for Affected Customers: Processes must ensure timely and equitable assistance for victims of financial crimes, particularly in cash-related contexts.

These draft regulations represent the BOT’s ongoing commitment to bolstering anti-money laundering measures, improving transparency, and safeguarding the integrity of Thailand’s financial system through stricter oversight of customer onboarding, verification, and high-risk transactions.

Key Takeaways:

•  Financial institutions and specialized financial institutions will be required to adopt comprehensive risk-based CDD/KYC frameworks across the full customer lifecycle.

•  Governance responsibilities rest with boards and senior management to ensure effective policies, resources, and controls.

•  Cash transactions face particular scrutiny, mandating identity verification, monitoring of unusual patterns, and refusal of unverified high-risk activities.

•  Enhanced monitoring, EDD, secure record retention, and regulatory reporting aim to detect and mitigate financial crime risks promptly.

•  Institutions must balance risk management with fair treatment of legitimate customers impacted by these measures.

Author: Panisa Suwanmatajarn, Managing Partner.

Other Articles

• Notification of the Competent Officer on Exchange Control (No. 38) — Draft Amendment
• Thailand’s Proposed Updates to the Non-Preferential Certificate of Origin Framework for Exports to the United States and the European Union
• Thailand’s Expanding Trade Network: Key Updates on FTAs with Partner Countries
• Thailand FDA — Proposed Food Labelling Rules for Prepackaged Foods
• U.S. Tariff Developments Post Supreme Court Ruling
• FDA: Food and Drug Administration Proposes Revised Food Advertising Notification