KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

identity cardhousehold registration booknamepassportidentity documents

KYC to onboard international persons

identity cardpassporthousehold registration bookname

corporate requirements

company registration documentstype of businessnamesources of high value transactionsbeneficial owner documentation

National ID card name

บัตรประจำตัวประชาชน (Thai national ID card)

National ID Photo

Does the country have Esignature Laws?

section 26 of electronic transactions act

E-sig law files

What year did the relevant AML laws and regulations become effective?

2013

Further details on AML regime

The AML Act was first enacted in 1999. It was subsequently amended in 2008, 2009 and more recently in 2013 to meet international standards e.g. setting requirements on conducting CDD, adding predicate offenses.

Who is the regulator for AML controls for Banking

The Anti-Money Laundering Office (“AMLO”)

Link to site

http://www.amlo.go.th/amlofarm/farm/en/index.php?lang=en

Other financial Services

N/A

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

Yes

Practical guidance PDF's

Is there a requirement to verify the identity of customers retroactively?

YES

Retroactive details

Yes. There is a requirement to conduct CDD on existing customers where a relationship was established before the CDD regulation was stipulated and the relationship still exists (refer to item 26 of the revised Ministerial Regulation on CDD dated 11 Jul 2013). The AMLO issued more detailed guidelines on how to conduct CDD for existing clients (Refer to AMLO notification dated 11 Oct 2013 and effective from 9 Nov 2013).

Has the country been the subject of FATF mutal evaluation in the last 3 years?

YES

PDF of FATF review

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes. There is a minimum threshold for temporary transactions (Refer to Section 18 of the Ministerial Regulation on CDD dated 11 Jul 2013): a) One-off transactions or many transactions with an aggregate amount below THB700,000 (approx. USD19,290); and/or b) Electronic payment transactions valued under THB50,000 (approx. USD1,380). This applies to financial institutions and designated non-financial businesses in Section 16(1) and 16(9) as mentioned in the AML Act.

What are the requirements for customer identification information for individuals

Institutions should verify the original version of all identification documents; e.g. identity card, passport, household registration book, full name.

Details to be Collected on Corporates

Institutions should obtain company registration documents as well as examining the type of business, the sources of high value transactions or unusual characteristics or those that are not related to the business of customers. Institutions shall examine and verify the following identification information and evidence of the following persons associated with such juristic person or legal arrangement: (1) the person authorised to establish a business relationship; (2) the director authorised to conduct a transaction on behalf of the juristic person or legal arrangement; and (3) the ultimate beneficial owner of the juristic person or legal arrangement (per Ministerial Regulation Prescribing Rules and Procedures for Customer Due Diligence B.E. 2555 (2012) effective from 22 Aug 2012).The institution should maintain copies of verified identification documents for a period of five years.

What are the high level requirements around beneficial ownership (identification and verification)?

Identify and verify the real ultimate beneficial owners with reliable sources/methods.

What circumstances are enhanced customer due diligence measures required?

This comes under item 14 of the revised Ministerial regulation on CDD dated 11 Jul 2013, which states that enhanced CDD must be conducted for high risk customers: http://www.amlo.go.th/amlofarm/farm/web/files/MR%20CDD%202013.pdf Article 14 Financial institutions and persons engaging in professions under section 16 (1) and (9), while conducting money laundering and terrorist financing risk management in accordance with Articles 4 and 5, shall have regard to money laundering and terrorist financing risks. Customer risk factors include the following: a) Where information or results of identification of the customer or the beneficial owner indicate that the customer or the beneficial owner has one or more of the following attributes: a. having a shareholding structure which is unusual or more complex than the normal business conduct; b. matching the information of persons the Office notifies as subject to being designated as high-risk customers who deserve a close watch; c. engaging in a high-risk profession as prescribed by the Secretary General; d. being a politically exposed person; or e. being otherwise considered as posing a high money laundering or terrorist financing risk. b) Where it is found that the business relationship or the customer’s transactions are conducted in unusual circumstances. Country or geographic risk factors exist where a customer resides either temporarily or permanently; engages in an occupation; has an income source from - or conducts transactions in - a geographical area or country which has been notified by the Secretary General as an area or country with a high risk of money laundering and terrorist financing.

How should FI's deal with Politically exposed persons

Client or ultimate beneficial owner is PEP.

What enhanced due diligence must be performed for correspondent banking relationships?

Request policy and guidelines on AML/CFT, as well as consider credibility of correspondent banks, prior to creating a relationship. Please see details in items 42-46 of Ministerial regulation on CDD dated 11 Jul 2013 at (http://www.amlo.go.th/amlofarm/farm/web/files/MR%20CDD%202013.pdf). Article 42: Financial institutions shall refuse to enter into a correspondent banking relationship or to conduct a transaction and shall end a business relationship with respondent financial institutions with any one of the following attributes: a) established with authorisation but without real management located within the authorising country or with real management located within the authorising country but conducting no business within that country and not in a position to be supervised; and/or b) having entered into a correspondent banking relationship with, or providing financial services for, or holding an account with a financial institution under b). Article 43: Where a financial institution enters into a business relationship with a respondent financial institution, whether such relationship is established for securities transactions or electronic fund transfers, whether for a cross-border financial institution as principal or for its customer, the financial institution shall identify and obtain information of that respondent financial institution in accordance with Article 19 (1), (2) and (3) and shall verify the trustworthiness of the respondent financial institution as well as considering the reliability of the agencies responsible for its anti-money laundering and counter financing of terrorism supervision. Article 44: When establishing a business relationship with a respondent financial institution with respect to ‘payable-through accounts’, a financial institution shall conduct risk management and CDD on the customers having direct access to accounts of the correspondent financial institution, and it shall be able to provide relevant risk management and CDD information upon request to the correspondent financial institution. Article 45: Where a respondent financial institution is located in an area or country with money laundering and terrorist financing risk, a financial institution shall obtain information regarding its anti-money laundering and countering the financing of terrorism policy and action guidelines and shall verify the trustworthiness of such respondent financial institution. A financial institution shall consider refusing to enter into a business relationship, or to conduct a transaction and ending the business relationship if a respondent financial institution does not have in place effective anti-money laundering and countering the financing of terrorism policy or measures, or if that respondent financial institution or its ultimate beneficial owner(s) are involved in money laundering or terrorist financing. Article 46: Where a financial institution has a business relationship with a respondent financial institution located in an area or country with money laundering and terrorist financing risk, the financial institution shall take caution in conducting the business relationship and shall regularly verify information on the respondent financial institution and shall consider immediately ending the business relationship if it finds that the respondent financial institution is involved with money laundering or terrorist financing.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes. Please see details in item 42 of the Ministerial regulation on CDD dated 11 Jul 2013 at (http://www.amlo.go.th/amlofarm/farm/web/files/MR%20CDD%202013.pdf). Article 42: Financial institutions shall refuse to enter into a correspondent banking relationship or to conduct a transaction and shall end a business relationship with respondent financial institutions with any one of the following attributes: a) established with authorisation but without real management located within the authorising country or with real management located within the authorising country but conducting no business within that country and not in a position to be supervised; or b) having entered into a correspondent banking relationship with, or providing financial services for, or holding an account with a financial institution under a).

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Institutions should establish risk mitigating procedures and measures for account openings for non face-to-face customers and should have effective monitoring procedures as stringent as those for customers who are physically present. Please see details in item 47 of the Ministerial regulation on CDD dated 11 Jul 2013: http://www.amlo.go.th/amlofarm/farm/web/files/MR%20CDD%202013.pdf Article 47 Financial institutions and persons engaging in professions under section 16 (1) and (9) may rely on third parties in verifying the customer identification in accordance with Article 19 (1), (2), (3) and (4), Article 20 and Article 22 or to introduce business provided that the following criteria are met: a) it obtains the necessary information relating to the requirements under Article 19 (1), (2), (3) and (4), Article 20 and Article 22 from the third party; b) copies of documents or identification information and other relevant documentation and information of customers relating to the requirements under Article 19 (1), (2), (3) and (4), Article 20 and Article 22 shall be made available from the third party upon request without delay; c) the third party is under proper supervision and monitoring, and has measures in place for compliance with CDD and record keeping requirements in accordance with the rules and procedures set out in this Ministerial Regulation; and d) in the case of a third party being subject to rules of many countries, consideration is given to the reliability of those countries based on their level of money laundering and terrorist financing risk. In the case where a third party is a financial institution, and persons are engaging in professions under section 16 (1) and (9) that is part of the same financial group and financial institution and persons engaging in professions under section 16 (1) and (9) apply CDD measures and record-keeping requirements, and act in line with Article 49, Article 50 and Article 51, and where the effective implementation of those requirements is supervised by a competent authority, it shall be deemed that the financial institution and persons engaging in professions under section 16 (1) and (9) apply measures under (3) and (4) above through its group programme. The above provisions do not apply to an outsourcing or agency relationship. Reliance on third parties means reliance (on the third party) for performing the requirements under paragraph one and record-keeping requirements under the supervision and monitoring of the competent authority within the Ministerial Regulation. The third party may have an existing business relationship with the customer, which is independent from the relationship to be formed by the customer with the relying institution, and would apply its own procedures to perform the CDD measures. This reliance on a third party is contrasted with an outsourcing/agency relationship, in which the outsourced entity applies the CDD measures on behalf of the delegating financial institution, in accordance with its procedures, and is subject to the delegating financial institution’s control. Financial institutions and persons engaging in professions under section 16 (1) and (9) shall be held responsible where a third party fails to apply CDD procedures or recordkeeping requirements, or fails to fully comply with these procedures. A third party shall be a financial institution or person engaging in professions under section 16 (1) and (9) under the supervision of the competent authority

To whom are SAR's made? (suspicious activity reports)

AMLO

Link to website of SAR reporting

http://www.amlo.go.th/amlofarm/farm/en/index.php?lang=en

Other Suspicious or unusual transactions obligations.

Yes. The financial institution has a duty to report the transaction to the Office when it appears that such a transaction is: a) a transaction funded by an amount of cash equal or more than THB2 m (approx. USD55,120). Except in the case of an electronic fund transfer transaction, the financial institution shall have the duty to report if the transaction is equal or more than THB100,000 (approx. USD2,760); b) a transaction connected with the property worth equal or more than THB5 m (approx. USD137,860). Except in the case of movable property involving electronic fund transfer or payments, the financial institution shall have the duty to report if the transaction is equal or more than THB700,000 (approx. USD19,290); or c) a suspicious transaction; whether or not it is a transaction under a) or b). The following designated non-financial businesses and professions shall have the duty to report the transaction to the Office when it appears that such transaction is funded by an amount of cash equal to or more than THB2 m (approx. USD55,120): a) trader that is not a financial institution, engaging in the business involving the operation of or the consultancy or the provision of advisory services in a transaction relating to the investment or mobilisation of capital under the law on securities and stock exchange; b) trader dealing in the business of gems, diamonds, coloured stones, gold, or ornaments decorated with gems, diamonds, coloured stones, gold; c) trader dealing in the business of selling or leasing of cars; d) trader dealing in the business of immovable property broker or agent; e) trader dealing in the business of antiques traded under the law on Control of Sale by Auction and Antique Trade; or f) trader dealing in the business of credit cards that is not a financial institution under the Notification of the Ministry of Finance determining on credit cards or the law on financial institution business. The following designated non-financial businesses shall have a duty to report a transaction to the Office when it appears that such transaction is funded by an amount of cash equal or more than THB500,000 (approx. USD13,790): a) trader dealing in the business of personal loan under supervision for businesses that is not a financial institution under the Notification of the Ministry of Finance determining on Personal Loan Businesses under Supervision or under the law on financial institution business. The following designated non-financial businesses shall have the duty to report a transaction to the Office when it appears that such transaction is funded by an amount of cash equal or more than THB100,000 (approx. USD2,750): a) trader dealing in the business of electronic money cards that is not a financial institution under the Notification of the Ministry of Finance determining on electronic money cards or the law on financial institution business; or b) trader dealing in the business of electronic payment service under the law on the supervision of electronic payment service business.

Are there any de-minimis thresholds below which transactions do not need to be reported?

Yes

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

"Yes" , any person who violates or does not comply with the AMLO regarding reporting and client identification shall be liable to a fine up to the amount of THB500,000 (approx. USD14,000); additionally, persons could incur a daily fine not exceeding THB5,000 (approx. USD140) through the period of violation, or until acting in accordance. Any person who reports or makes a notification by presenting false statements of fact or concealing the facts required to be revealed to the competent official shall be liable to imprisonment for a term not exceeding two years or to a fine of THB50,000 to THB500,000 (approx. USD1,380 to USD13,780) or to both

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Yes, subject to approval from the Bank of Thailand as lead regulator under outsourcing notifications (for commercial banks under BOT supervision).

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

No specific Data Protection Law. For banks under supervision of the Bank of Thailand, Section 154 of the Financial Institutions Business Act prohibits the disclosure of customer information from financial institutions except under some specific circumstances.

Data Protection for Corporate Data

Data protection for "sensitive Data" and additional protections.

Do any restrictions on the transfer of credit reports exist?

For credit information that is obtained from the National Credit Bureau (“NCB”), database, financial institutions that are a member of the NCB can only use such credit information for the purpose of credit analysis and reviewing of credit, according to the Credit Information Protection Act. Hence, the transfer of such credit information is prohibited for other impermissible purposes.

Regulator Acronym

BOT

Year of last FATF mutual evaluation

2013

Field 67

fingerprintvideocall

National ID card details

National ID card is compulsory for all citizens at the age of 7.

Compulsory?

National ID source

www.website.com

Passport Photo

common XML schema

http://www.igi-global.com/chapter/efficient-implementation-government-interoperability-labour/46266

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Regulator allows for monitoring transactions outside jurisdiction

Requirement to proceed

requirement to use automated suspicious transaction tools

Who are SARS made to?

AMLO

shell banks

Yes

EDD for correspondent banking

Yes

PDF of case law

Minimum transactions

THB 700,000

Min transaction USD

19290

key restrictions

There are no critical exceptions to the law.

Summary

Section 9 states that electronic signatures may replace handwritten signatures. Sections 7 and 8 provide that if a law or regulation requires information to be provided in writing, the requirement may be satisfied with an electronic record. Summary of law ETA Section 13 provides that an offer or acceptance in entering into an agreement may be expressed by means of a data message. An agreement shall not be denied legal effect solely on the grounds that such offer or acceptance is made in the form of a data message. Electronic signatures are presumed valid unless proof to the contrary is produced.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Yes. It’s a principle that the bank shall take into account risk factors from the client and the area/country, in order to assess the ML risk.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Financial institutions and designated non-financial businesses and professions shall verify customer identification during the first transaction and periodically perform reviews until the account is closed or the relationship is terminated. The verification shall be completed with professional care, good faith and without gross negligence. Using an alias is not permitted. In general, where copies of identification documents are provided, such copies shall normally be verified as true and correct by the owner of the document and/or by verification against the original. Where foreign documents are provided, certification by a public notary and authentication by the embassy of the country that the document is originally issued may be required.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Yes.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

Other than normal clauses in the AML Act, please see obligations as mentioned in A29 and A30.