FINTECH 2024
VIETNAM
Le Thi Loc, Ha Nguyen Nhat Minh, Ho Ngoc Quynh Anh, Ta Nguyen Nhu Quynh, Ngo Thi Khanh Linh
(YKVN)
FINTECH LANDSCAPE AND INITIATIVES
General innovation climate
- What is the general state of fintech innovation in your jurisdiction?
In Vietnam, fintech is generally defined as the application of innovative, creative, and modern technologies in the banking and finance sector to provide customers with transparent, efficient, and convenient financial services at a lower cost than traditional services systems; accordingly, fintech is classified in the banking and finance sector, which is strictly regulated by the State Bank of Vietnam (SBV). Fintech in Vietnam currently remains nascent in comparison with ASEAN countries (e.g, Singapore, Malaysia, Indonesia, the Philippines and Thailand). Only a few fintech segments, such as digital transactions, e-commerce platforms and digital payments (e.g, e-wallet, point of sale or payment gateway) are regulated, while most fintech segments are not recognized in Vietnam, such as peer-to-peer (P2P) lending, crowdfunding and blockchain (including but not limited to virtual currencies on the basis of blockchain), because there is no legal framework to govern it. Regardless of the unregulated segment, in practice, some companies are operating in Vietnam by way of registering with competent authorities as investment or enterprise management consultancy firms instead of financial institutions.
In general, Vietnam was and is actively looking to grow its fintech sector, and it welcomed potential investors to help the country grow in the area, given that it only possesses mid-level logistics for the fintech sector. The Prime Minister (PM) has instructed relevant authorities to build a testing framework (regulatory sandbox) for financial and banking services based on information technology platforms. SBV has been assigned for drafting a decree on the trial mechanism for the first time in 2020. This draft decree introduced a preliminary trial mechanism that encouraged high-tech companies to participate in the fintech trial mechanism. In April 2022, the second version of the fintech draft decree has been circulated for seeking opinions, which provides certain changes on trial mechanisms for financial technology activities in the banking sector (the Fintech Draft Decree). The Fintech Draft Decree provides fintech segments that fintech companies may be permitted to participate in the trial mechanism, including credit via a technology platform, P2P lending, credit scoring, open application programming interface (Open API), innovative technology application solutions (e.g, blockchain, distributed ledger technology) related to banking activities and other technology application supporting banking activities. It is notable that fintech companies cannot engage in unregulated segments unless there is a special pilot approval of the SBV. The timeline for the fintech trial mechanism will not exceed two years.
Government and regulatory support
- Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?
Vietnam has not issued any regulations on specific support for financial innovation and has only directed agencies to build a legal framework for fintech, including:
- 2017: Decision No. 328/QD-NHNN of the SBV establishing a fintech steering committee for the purpose of:
- researching fintech activities, building, and developing a legal framework for fintech; and
- coordinating with relevant ministries to implement instructions of the PM under Decision No. 844/QD-TTg of the PM on approval for ‘Assistance policies on national innovative start-up ecosystem to 2025’ in 2016.
- 2019: Decision No. 999/QD-TTg of the PM approving a scheme for the development of a sharing economy to encourage innovation, application of digital technology, and development of digital economy, and implement a trial mechanism for new policies (sandbox) for the development and application of new technologies to the sharing economy model.
- 2020: Decision No. 283/QD-TTg of the PM approving a proposal on services sector restructuring to the year 2020, with an orientation to 2025, which promotes the application of key technologies of the fourth industrial revolution in the management, development, and supply of banking products and services; and building a trial mechanism (regulatory sandbox) for financial and banking services based on information technology such as e-wallets, electronic know your client, peer-to-peer lending and crowdfunding.
- 2023: Draft amendment of the Law on Credit Institutions assigned to the government to regulate the sandbox mechanism on the application of technology and implementation of new products, services, and business models after being approved by the National Assembly Standing Committee. On 18 May 2023, the Deputy Prime Minister again instructed the SBV to urgently submit the draft decree on the sandbox mechanism for the fintech to the government for promulgation. In June 2023, the SBV promulgated Circular 06/2023/TT-NHNN, which, among others, explicitly permits lending in an online manner and certain requirements on lending via online channels. This adoption creates a legal framework for fintech activities, specifically P2P lending.
Accordingly, the SBV prepared the Fintech Draft Decree providing for the following two types of fintech companies participating in the Six Fintech Segments:
- fintech models and solutions not directly provided by banks; and
- technology solutions applied or supported in banking activities. If the Fintech Draft Decree is adopted, fintech companies can engage in the Six Fintech Segments, which are currently for banking and finance companies only.
In 2021, the PM issued Decision No. 316/QD-TTg approving the pilot implementation of the use of telecommunication accounts for payment of low-value commodities and services (Mobile-Money); pursuant to which, customers can use telecommunication accounts for payment without registration of a bank account.
Based on the results from the trial mechanism, competent authorities will prepare and develop the legal framework for each fintech service and technology.
FINANCIAL REGULATION
Regulatory bodies
- Which bodies regulate the provision of fintech products and services?
Currently, there is no single regulatory body responsible for the regulation of fintech products and services. Under the Fintech Draft Decree, the State Bank of Vietnam (SBV) is the sole regulator of fintech products and services that has the authority to issue special pilot approval (Trial Approval). The SBV may seek opinions from different regulatory bodies for approving the sandbox for a specific fintech product or service, such as the National Assembly Standing Committee, the Ministry of Finance (MOF), the Ministry of Industry and Trade and the State Securities Commission (SSC).
Regulated activities
- Which activities trigger a licensing requirement in your jurisdiction?
The following activities are regulated and require a license:
- carrying on securities brokerage;
- carrying on securities investment consultancy;
- carrying on financial advising relating to securities trading or investment;
- carrying on securities underwriting and sponsorship;
- carrying on proprietary account transactions;
- carrying on securities asset management;
- taking in deposits from the general public;
- handling domestic and foreign settlements and intermediary payment services;
- handling, accepting, and discounting certain types of negotiable instruments;
- underwriting and market-making of government bonds;
- offering and providing discretionary investment management services;
- buying and selling foreign exchange, and acting as an agent for the purchase and sale of foreign exchange;
- carrying on fund management services;
- carrying on fund custodian services;
- carrying on derivative products transactions;
- lending microloans online or offline;
- providing certain types of insurance;
- carrying on credit information services; and
- providing consumer finance services.
Consumer lending
- Is consumer lending regulated in your jurisdiction?
Consumer lending is generally regulated by:
- Law on Credit Institutions No. 47/2010/QH12, as amended from time to time (the Law on Credit Institutions);
- Circular No. 39/2016/TT-NHNN prescribing lending transactions of credit institutions or foreign bank branches, or both, with customers (Circular 39) as amended in 2023 by Circular 06/2023/TT-NHNN (Circular 06); and
- Circular No. 43/2016/TT-NHNN, as amended in 2019, prescribing consumer lending by finance companies.
The Law on Credit Institutions provides two types of credit institutions that are allowed to provide consumer lending, such as:
- Vietnam-based commercial banks, foreign bank branches and foreign-invested banks; and
- Vietnam-based finance companies.
Both banks and finance companies must obtain an operation license from the SBV and an enterprise registration certificate from the Department of Planning and Investment. Finance companies are limited to providing loans not exceeding 100 million Vietnamese dong (except for car loans with security). Non-credit institutions such as fintech companies are currently not allowed to provide consumer lending.
Secondary market loan trading
- Are there restrictions on trading loans in the secondary market in your jurisdiction?
Yes, trading loans in the secondary market in Vietnam are subject to the following restrictions:
- a credit institution (seller) can only sell its bad debts to the Vietnam Asset Management Company (VAMC) and this sale is subject to the supervision by the SBV and the following restrictions:
- the currency used for the purchase and sale of bad debts is Vietnamese dong (except in the case of special VAMC bonds);
- all rights and interests associated with the bad debt, collateral and other security measures must be preserved and transferred to the debt buyer under the debt purchase contract;
- if the VAMC and the credit institution reach an agreement on amending the security conditions of the bad debt, written approval of the borrower and guarantor must be obtained; and
- the VAMC and credit institutions must report certain information to the SBV;
- an enterprise wholly owned by the state (seller) can sell its bad debts to the Vietnam Debt and Asset Trading Corporation and this sale is subject to approvals of the government and (or) the Prime Minister.
- trading in loans between persons being non-credit institutions or individuals is considered as the assignment of rights to demand the payment of debts or assignment of obligation:
- for the assignment of the right to demand, the transferor must provide a written notice to the obligor of such assignment, unless otherwise agreed; and
- for assignment of obligation, the transferor must obtain consent from the obligée; and
- trading in loans by debt trading companies pursuant to newly issued regulations of the government in 2021 is subject to further guidelines of the government, which have not been issued yet.
Collective investment schemes
- Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.
The establishment and operation of securities investment funds are regulated under Law on Securities No. 54/2019/QH14 (the Law on Securities). Securities investment funds include public funds and member funds, and public funds include open investment funds and closed investment funds. The establishment of public funds must be registered with and approved by the SSC, and the establishment of member funds shall be notified to and approved by the SSC. Only commercial banks, finance companies, finance leasing companies, investment funds, security investment companies and fund managers can receive funding or capital to carry out investment activities based on investment entrustment agreements.
The peer-to-peer or marketplace lenders or crowdfunding platforms do not fit the definitions of securities investment funds and so are not currently recognized. Currently, there is no specific regulation of fintech companies providing alternative finance products or services under the Law on Securities.
Alternative investment funds
- Are managers of alternative investment funds regulated?
Managers of alternative investment funds are regulated under the Law on Securities and Law on Credit Institutions. Only commercial banks, finance companies, finance leasing companies, investment funds, security investment companies, and fund managers can receive funding or capital to carry out investment activities based on investment entrustment agreements. In particular, these investment activities are broadly defined as:
- securities investment consultancy conducted by securities companies or securities investment fund managers;
- securities investment fund management conducted by securities investment fund managers;
- securities investment portfolio management conducted by securities investment fund managers; and
- receipt of entrusted funds conducted by credit institutions.
Managers are subject to different regulatory regimes depending on the specific forms of these alternative investment funds; and when fintech regulations are adopted by the government, fintech companies may participate in alternative investment funds (namely, crowdfunding).
Peer-to-peer and marketplace lending
- Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.
Peer-to-peer (P2P) lending is not regulated under the prevailing laws, and currently, fintech companies are not allowed to engage in P2P lending. In the near future, if the Fintech Draft Decree is adopted, it will permit the fintech companies having obtained Trial Approval to carry out P2P lending. Currently, the Fintech Draft Decree provides certain restrictions for being entitled to a trial mechanism. In particular:
- only a Vietnamese-based company in normal operation that has not registered as a pawn shop service as its business lines are permitted to apply for trial mechanism;
- the legal representative, the director of such company does not have any criminal record and has not been imposed administrative sanction in finance, banking or cybersecurity sectors; and
- the P2P lending solution must be a completely new and unregulated innovative solution and feasible in Vietnam, which brings benefits and added value to service users in Vietnam, especially solutions to support and promote the goal of financial inclusion. This P2P lending solution must be well-developed to manage risks and limit negative impacts on the banking system and banking, be they currency or foreign-exchange activities. The proposed resolution has been carried out, with full review and evaluation measures in terms of operation and function, use and usefulness.
Given that Circular 06 has adopted the concept of online lending provided by credit institutions, it is expected that the fintech companies engaging in P2P lending to follow similar requirements. Generally, Circular 06 requires online lending must ensure data protection of the banks, customers, loan-related information, e-know-your-customer, having technology and risk management and solutions.
To be selected for the trial mechanism, the company needs to submit an application dossier to the SBV, which will review and examine it. If it is cleared by the SBV, the trial approval will be issued for participation in the trial mechanism.
Crowdfunding
- Describe any specific regulation of crowdfunding in your jurisdiction.
Crowdfunding is not regulated or recognized as the legal framework for crowdfunding and is still under development by the SBV. Currently, fintech companies are not allowed to engage in crowdfunding. According to the Fintech Draft Decree, a crowdfunding company can commence operations after complying with the following conditions:
- being selected for the trial mechanism on crowdfunding;
- passing this trial mechanism for a certain period of time decided by the SBV; and
- being subject to some restrictions on the locality of service provision, a number of limited customers and limitation of the services.
To be selected for the trial mechanism, the company needs to submit an application dossier to the SBV, which will review and examine it. If it is cleared by the SBV, the Trial Approval will be issued for participation in the trial mechanism.
Invoice trading
- Describe any specific regulation of invoice trading in your jurisdiction.
The Law on Negotiable Instruments and the Law on Credit Institutions provide regulations on debt instruments but are silent on invoice trading.
The Law on Negotiable Instruments applies to categories of negotiable instruments including bills of exchange, promissory notes, cheques and some other negotiable instruments.
The Law on Credit Institutions regulates banking activities that include, among others, factoring. Factoring is a form of credit extension to a goods seller or buyer through acquiring receivable or payable amounts arising from the purchase or sale of goods or provision of services under a contract on goods purchase or sale or service provision while reserving the right to claim these amounts.
Until the government adopts new regulations, invoice trading can only be implemented in the form of factoring by financial institutions, and alternative forms are not allowed.
Payment services
- Are payment services regulated in your jurisdiction?
Non-cash payment (including non-cash payment services and intermediary payment services) is strictly regulated under Decree No. 101/2012/ND-CP (Decree 101) and controlled by the SBV. In particular:
- non-cash payments that can only be provided by Vietnam-based banks:
- cheques;
- payment orders;
- authorized payment orders;
- collection orders;
- authorized collection orders;
- bank cards;
- letters of credit;
- monetary remittance via the client’s payment account; and
- receipts and disbursements on behalf of others via the client’s payment account; and
- intermediary payment services (IPS) that can be provided by non-credit institutions(IPS provider) include:
- electronic payment infrastructure provision services: financial switch services, electronic clearing services, and online payment gateway services; and
- supporting services for payment services: supporting services for authorized collection or payment, e-wallet services, and supporting services for electronic funds transfer;
IPS providers are required to obtain a license from the SBV. Only Vietnam-based IPS providers can provide the IPS in Vietnam, while offshore IPS providers cannot. There are certain technical, legal, and personnel requirements for the IPS, including a minimum charter capital of 50 billion Vietnamese dong. Further, the IPS is subject to market access restrictions for foreign investors; however, current IPS regulations are silent on the foreign investment restrictions applicable (including foreign ownership limitation). There is no commitment by Vietnam to open this sector to foreign investors under international treaties (e.g, Vietnam’s commitments to the WTO and Comprehensive and Progressive Agreement for Trans-Pacific Partnership).The competent authorities will decide on any limitations or technical barriers applicable to foreign investors who wish to engage in the IPS. The establishment of a 100 percent foreign-owned IPS provider is subject to the sole discretion of competent authorities, especially the SBV. Foreign investors hold, directly or indirectly, up to 100 percent equity interest in a few companies of the total 50 licensed IPS providers published on the SBV website (as of 29 June 2023, 50 IPSs have been licensed).
The SBV has been in the process of amending existing regulations on non-cash payment (including the IPS) since 2019. The SBV’s draft decree to replace Decree 101 (the Non-cash Payment Draft Decree) introduces new concepts of e-currency, mobilized currency and pre-paid card. Initially, the SBV proposed a foreign ownership limitation of 49 percent for the IPS, but this proposal was objected to by experts and IPS providers, and the SBV is reconsidering it. The Non-cash Payment Draft Decree also provides that certain IPS are not subject to SBV’s license requirement (namely, online payment gateways, supporting services for authorized collection or payment, and supporting services for electronic funds transfer). However, IPS providers will still be required to cooperate with a Vietnam-based commercial bank or a foreign bank branch to conduct the business. Recently, in May 2023, the Deputy Prime Minister instructed the SBV to expedite the submission of the draft of the Non-cash Payment Draft Decree to the Government for official promulgation.
Open banking
- Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?
There are no laws or regulations in Vietnam on open banking. The SBV is considering allowing credit institutions and fintech companies to apply Open API with an Open Canvas solution introduced by NTT. However, the SBV has been working on a draft circular for the legal framework for this application. Under the Law on Credit Institutions, disclosure of data by credit institutions (Vietnam-based banks and finance companies) is heavily restricted. In particular:
- employees, managers and executives of a credit institution (e.g, bank and finance company) shall not be permitted to disclose the business secrets of this credit institution (e.g, customer and product data);
- credit institutions must ensure confidentiality of information on accounts, deposits, deposited assets and transactions of clients conducted at these credit institutions;
- credit institutions shall not be permitted to provide information to any other organization or individual about accounts, deposits, deposited assets or transactions of clients conducted at these credit institutions, except when requested by competent authorities or when the client consents; and
- credit institutions shall be permitted to exchange information with each other about their operation.
Robo-advice
- Describe any specific regulation of robo-advisers or other companies that provide retail customers with automated access to investment products in your jurisdiction.
There is still no regulation on robo-advisers in Vietnam, except for securities segments.
In 2019, the Prime Minister issued Decision No. 242/QD-TTg approving a plan to restructure the securities market and insurance market, which includes assigning the MOF the task of issuing guidelines for the standardization of activities for opening online accounts and establishing electronic know your client, online-trading, AI asset management and robo-advisory, and digitalizing the main assets in the securities market with fintech. In fact, before 2019, robo-advisors on securities segments were implemented by Techcom Securities (namely, TCWealth) and later on by several companies in Vietnam such as MBS Securities (Power Rank) and BIDV Securities (i-Broker and i-Invest).
Insurance products
- Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?
The sale or marketing of insurance products in Vietnam by insurers or non-insurance companies is regulated by the Law on Insurance Business and the Law on Advertising. In particular, a Vietnam-based insurer can sell insurance products via multiple channels including, among others, online or offline. The 2022 Law on Insurance Business currently allows insurers (namely, insurance companies, branches of foreign non-life insurance companies, insurance agents, and insurance brokerage companies) to sell insurance products on the internet. The insurers can, at their discretion, decide on the method of providing insurance products and services online. However, it is not clear whether the insurance products can be sold via an e-commerce platform operated by any other service provider that is not the insurer or not. Thus, the sale or marketing of insurance products through e-commerce platforms may cause the e-commerce platform service providers to fall within:
- the scope of the insurance agency or insurance broker when providing insurance services and products online; and
- the scope of the advertising service.
For (1) (insurance agency or insurance broker), these are conditional businesses that fall in the market access restriction list, with restrictions applying to foreign investors; however, there is no foreign ownership limitation for insurance agencies or insurance brokers under Vietnamese law. The licensing authority may, at its sole discretion, seek opinions from the higher-level authorities (e.g, the Ministry of Planning and Investment and the MOF) before approving incorporation.
For insurance agency services, in addition to incorporation documents, the company needs to meet the following requirements:
- insurance services and products sold on the Internet must fall within the insurance agent contract scope;
- execution of the insurance agency agreement with the insurer; and
- the staff being Vietnamese citizens, residing locally, having the full civil capacity and holding an insurance agency certificate.
For insurance broker services:
- the company must make their capital contributions in cash (which must not be financed by a loan or investment trust from other entities);
- the managers of the insurance brokerage company must satisfy requirements and qualifications on diplomas, certificates, experience and other conditions as prescribed by the government; and
- undertake that their owner’s equity less the minimum legal capital is at least equal to the planned amount of investment in an insurance broker.
In addition, the service providers must set up, maintain and operate their information technology systems for such insurance products distribution channels. Other than the application of information technology in providing insurance services and products, information technology is applied in insurance business activities for a number of purposes (namely, improving the efficiency of the insurance business and modernizing statistics and reporting).
For (2) (advertising services), the display of the insurance products on the platform (such as the introduction of products) is regarded as aimed at the public for introducing the insurers and their products and services. Hence, this display would be considered an advertising activity under the Law on Advertising and Vietnam’s Commitments to the World Trade Organization; and a foreign-invested company engaging in advertising services is required to have a local partner who has registered a business line of advertising.
Credit references
- Are there any restrictions on providing credit references or credit information services in your jurisdiction?
Currently, there are two organizations providing credit information services: the Credit Information Centre under the SBV and a company named Vietnam Credit Information Joint Stock Company, which is owned mostly by Vietnam-based banks, which have been licensed by the SBV to provide credit information services.
Credit information services are regulated by Decree No. 58/2021. ‘Credit information’ is data and relevant data of borrowers and clients at participating institutions, including credit institutions, foreign bank branches, non-credit institutions, and foreign bank branches that provide property rental services, instalment purchase services, pawn shop services under conditions of interest, duration, rental and security interest under law.
In addition to incorporation documents, a credit information company must obtain a certificate of eligibility issued by the SBV to provide credit information services and satisfy the following conditions, among others, technical facilities, personnel, the minimum charter capital of 30 billion Vietnamese dong and agreements with at least 15 participating institutions being Vietnam-based banks and foreign bank branches that agree to provide credit information to only a credit information company. The credit information company shall only receive credit information from the participating institutions if the concerned borrowers give consent to the information collection. We are not aware of any other credit information service provider that has obtained this SBV approval.
CROSS-BORDER REGULATION
Passporting
- Can regulated activities be passported into your jurisdiction?
Regulated activities cannot be passported into Vietnam, except for the following cross-border banking and finance activities:
- insurance:
- insurance services provided to foreign-invested enterprises and foreigners working in Vietnam;
- reinsurance services;
- insurance services relating to international maritime transport and international commercial aviation, and goods in international transit;
- insurance broking and reinsurance broking services; and
- consultancy, actuarial, risk assessment and claim settlement services; and
- banking and finance:
- provision and transfer of financial information and financial data processing and related software by suppliers of other financial services; and
- advisory, intermediation and other auxiliary financial services provision.
In addition, the Non-cash Payment Draft, which would replace Decree No. 101/2012/ND-CP, introduces a new concept of a foreign payment service provider, which is a foreign company:
- entitled to provide payment services according to foreign law, including banks, international card organizations, switching organizations and payment intermediaries, et cetera; and
- cooperating with a Vietnam-based bank or licensed intermediary payment services.
Requirement for a local presence
- Can fintech companies obtain a license to provide financial services in your jurisdiction without establishing a local presence?
For the six segments of fintech services in the Fintech Draft Decree, only local legal entities can obtain licenses. For the remaining fintech services, there is no legal framework, so onshore or offshore provision of services is not permitted.
SALES AND MARKETING
Restrictions
- What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?
Restrictions on the sale and marketing of financial services and products in Vietnam are provided by various legal documents and authorities, depending on the types of services and products.
Insurance companies must be established and obtain a license from the Ministry of Finance (MOF) to sell their insurance products. In addition, the insurance companies must obtain the MOF’s approval before they can sell life and health insurance products. For non-life insurance products (except for vehicle insurance), only the rules, terms and premium scales must be registered with the MOF. The insurance agents are prohibited from:
- providing false information and advertisements about insurance services and the scope of business of insurance companies and mutuals providing microinsurance products; and
- providing insurance terms and conditions prejudicing legitimate rights and interests of policyholders (among others).
Insurance brokerage companies are prohibited from providing false information or information irrelevant to insurance requirements, terms and conditions imposed by insurance companies (among others).
Securities companies, securities investment fund management companies and branches of foreign securities companies and fund management companies are not allowed to provide statements or guarantees to clients about the level of income or profit obtainable from investments of the clients and cannot guarantee that clients will not suffer losses (except for fixed revenue securities).
Persons other than credit institutions are prohibited from conducting banking activities (including deposit-taking services, credit extension services and payment services via accounts), except the escrow, purchase and sale of securities by securities companies. intermediary payment services (IPS) providers can only provide the IPS according to their IPS license.
CRYPTOASSETS AND TOKENS
Distributed ledger technology
- Are there rules or regulations governing the use of distributed ledger technology or blockchains?
Under Decree No. 101/2012/ND-CP, any payment method that has not been approved by the State Bank of Vietnam (SBV) is prohibited. Distributed ledger technology or blockchain may fall into non-cash payment, which needs the SBV’s approval. Currently, there are no specific rules or regulations governing the use of distributed ledger technology or blockchain. Thus, the use of distributed ledger technology or blockchain in the banking and financial sector in Vietnam is not yet recognized. However, in 2021, the Prime Minister promulgated Decision No. 942/QD-TTg, by which the SBV is assigned to study, develop and test for the use of digital currency on the basis of blockchain. The SBV has included blockchain and distributed ledger technology as one of the six fintech segments in the Fintech Draft Decree.
Cryptoassets
- Are there rules or regulations governing the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs)?
Digital wallets are governed by Decree No. 101/2012/ND-CP (Decree 101), and licensed intermediary payment service providers can provide digital wallets. Cryptoassets have not been recognized in Vietnam. In particular, only non-cash payments provided in Decree 101 and other payment methods approved by the SBV are permissible under Vietnamese law; otherwise, they are prohibited. In 2017, the SBV, through its Official Letter No. 5747/NHNN-PC, firmly stated that digital currency is prohibited in Vietnam. The Non-cash Payment Draft Decree, which would replace Decree 101, introduces new concepts of e-currency, mobilized currency and pre-paid card.
Token issuance
- Are there rules or regulations governing the issuance of tokens, including security token offerings (STOs), initial coin offerings (ICOs) and other token generation events?
Virtual currency trading is generally prohibited in Vietnam, and digital currency exchanges and brokerages are also banned. In addition, credit institutions must inform the competent authorities if they are aware of any suspicious transactions relating to virtual currency.
ICOs are not considered securities under Vietnamese law and thus, ICOs or token generation events are not recognized in Vietnam. In 2018, the State Securities Commission under the MOF responded to a Vietnam-based company that the current legal framework does not allow fundraising by the issuance of virtual currencies and such a company should not carry out any activities relating to this fundraising.
ARTIFICIAL INTELLIGENCE
Artificial intelligence
- Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?
In 2021, the Prime Minister (PM) issued Decision 127/QD-TTg promulgating a national strategy on research, development, and application of artificial intelligence up to 2030, which assigns various ministries’ goals and targets on artificial intelligence-related computer programs. The Ministry of Science and Technology is the key ministry coordinating with the relevant ministries and will report on them to the PM. However, there is still no regulation on artificial intelligence in Vietnam as well as draft regulations on the same.
CHANGE OF CONTROL
Notification and consent
- Describe any rules relating to notification or consent requirements if a regulated business changes control.
In 2017, the State Bank of Vietnam, through Official Letter No. 8104/NHNN-TT, requested all intermediary payment services (IPS) providers to notify of any change of their owners. The Non-cash Payment Draft Decree, which would replace Decree No. 101/2012/ND-CP, adds a time limit of notification within 30 days of any change on owners, charter capital or ownership ratios of IPS providers.
FINANCIAL CRIME
Anti-bribery and anti-money laundering procedures
- Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?
Yes. The Law on the Prevention of Money Laundering applies to non-financial institutions engaged in fintech service and payment services, among other things. The Department of Anti-Money Laundering under the State Bank of Vietnam (SBV) monitors and regulates Vietnam’s anti -money laundering regime. The Anti-Money Laundering Law (AML Law) mandates that all financial institutions involved in specific business activities (referred to as ‘reporting entities’) must implement measures against money laundering, and they must also comply with other requirements as required by the AML Law. In particular, the reporting entities are required to comply with the statutory obligations set forth in the AML Law, including, among others:
- reporting certain transactions to the competent authorities, including high-value transactions, suspicious transactions, and transactions involving companies or individuals in the countries and territories on the ‘black list’ published by the Financial Action Task Force (an inter-governmental body setting standards and promoting effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system);
- conducting know-your-client procedures (e.g, gathering, updating and verifying customer identification information);
- conducting an enhanced due diligence investigation on high-risk parties, which include foreign individuals on the list of ‘politically influenced persons’ published by the SBV to produce a list of their customers or individuals who fall into this category;
- establishing policies and procedures to identify and assess customers’ money laundering risk levels before providing new products and services; or services and products using new technologies; and
- performing an enhanced due-diligence investigation on high-risk parties, including foreign individuals on the list of ‘politically influenced persons’ and persons conducting transactions using new technologies (e.g, technology enabling remote transactions).
Guidance
- Is there regulatory or industry anti-financial crime guidance for fintech companies?
Payment transactions involving digital assets or cryptocurrency between credit institutions are prohibited under current laws.
In 2018, the Prime Minister (PM) issued Directive No. 10/CT-TTg on the management and control of virtual currency in Vietnam, pursuant to which, the PM prohibits trading or use of virtual currency. Following which, the SBV also issued Directive No. 02/CT-NNHH, which bans credit institutions and payment service providers from becoming involved with or providing any services that may transfer, trade, or exchange virtual currency. In addition, they must inform the competent authorities when aware of any suspicious transactions relating to virtual currency.
In 2021, the SBV issued Directive No. 02/CT-NHNN requiring all credit institutions (including banks, non-bank credit institutions, microfinance institution, and people’s credit funds) and intermediary payment services providers to check and apply appropriate methods to control risks of money laundering, terrorist sponsorship and tax evasion during the performance of payment services, card payment services or any payment relating to illegal acts, gambling and virtual currency transactions.
DATA PROTECTION AND CYBERSECURITY
Data protection
- What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
The Law on Cyberinformation Safety: sets out the main requirements and principles on, among other things, data protection in cyberspace for all entities, including fintech companies. Its key principles on data protection relating to data protection include:
- collecting personal information if consented to in advance by the owner on scope, for the purpose of collection and use;
- using collected information for the purposes consented to by the owner, and only use for other purposes if agreed to by the owner;
- not transferring, sharing or publishing collected information, unless agreed to by the owner or requested by competent authorities;
- any organization engaging in processing personal information is responsible for the protection of such data; and
- applying necessary measures for data protection.
Personal information must be kept confidential, and any transfer or disclosure must be consented to in advance.
The Law on Cybersecurity requires overseas and local companies that:
- are providing services on telecommunication networks, the internet, and other value-added services in cyberspace in Vietnam, (namely, cyberspace service providers); and
- are involved in the collection, exploitation, analysis, and processing of personal information, users’ relationships and data generated by users in Vietnam to store personal data within the territory of Vietnam for a period specified by the government.
Recently, the government has promulgated Decree No. 13/2023/ND-CP on personal data protection (Decree 13), which came into force on 1 July 2023, and is considered to be a unified set of regulations on personal data protection. This Decree still requires broader implementation and there is expected to be a period of uncertainty until detailed guidance is provided. Generally, any person or organization collecting or processing personal information is obligated to notify the data subjects on, among others, its purposes for processing such data, processing methods, unexpected consequences or damages that are likely to occur from the processing of their personal information, and specific timing for the data processing. Any collection, publication, processing, transfer to a third party or any other use of a data subject’s personal information requires the prior consent of such data subject. Such consent must be clearly and specifically expressed, such as in writing, by voice, by ticking of a consent box, et cetera, and must be verifiable.
Under Decree 13, the scope of the cross-border transfer of personal data includes:
- the use of cyberspace, electronic means or equipment, or other forms to transfer personal data of Vietnamese citizens to a location outside Vietnam’s territory; or
- the use of a location outside Vietnam’s territory for processing of personal data of Vietnamese citizens.
The cross-border transfer of personal data must satisfy some specific requirements, including:
- obtaining the data subject’s consent for the cross-border transfer of personal data;
- preparing, maintaining, and submitting the cross-border transfer impact assessment dossier for inspection and appraisal by the Ministry of Public Security; and
- submitting written notification to the Department of Cyber Security and Hi-Tech Crime Prevention of the Ministry of Public Security upon the completion of the transfer of personal data.
Cybersecurity
- What cybersecurity regulations or standards apply to fintech businesses?
There is no specific regulation on cybersecurity related to fintech business. The Law on Cybersecurity applies to all sectors involved in cyberspace, including the fintech sector. In particular, personal information collected, analyzed or processed by either domestic or foreign enterprises providing services in the telecommunications network, the internet, and value-added services in cyberspace in Vietnam must be stored in Vietnam. In addition, the personal information of users must be protected.
In addition, the Law on Cybersecurity prohibits the use of cyberspace (by anyone) to conduct the following acts:
- using cyberspace, IT and electronic media to breach laws on national security, social order and safety;
- organizing, activating, colluding, instigating, bribing or cheating or tricking, manipulating, training or drilling people to oppose Vietnam;
- distorting history, denying revolutionary achievements, destroying the national solidarity block or conducting offenses against religion, gender discrimination or racist acts;
- providing false information, causing confusion among citizens, causing harm to socio-economic activities, causing difficulties for the operation of state agencies or of people performing public duties or infringing the lawful rights and interests of other agencies, organizations and individuals;
- providing or introducing activities being prostitution, social evils or human trafficking;
- publishing information that is lewd, depraved or criminal;
- destroying the fine traditions and customs of the people, social ethics or the health of the community; and
- inciting, enticing or activating other people to commit crime.
Other than the Law on Cybersecurity, Decree 13 also provides a number of principles for protecting data, including:
- the personal data is processed in accordance with the law;
- the personal data subject must be aware of their activities relating to the process of their personal data;
- the personal data must be processed for the purpose limitation;
- the collected personal data must be suitable and limited within the scope of the processing purposes;
- the updated and supplemented personal data must be complied with the processing purposes;
- personal data is subject to protection and security measures during processing;
- personal data is only stored for a period suitable for the purposes of data processing; and
- the fintech companies are responsible for complying with the data handling principles.
OUTSOURCING AND CLOUD COMPUTING
Outsourcing
- Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?
Credit institutions (including foreign bank branches) must ensure safety and confidentiality in e-banking operations under the State Bank of Vietnam’s guidance and the provisions of the law on e-transactions. Credit institutions can lease technical infrastructure from third parties and must be responsible for performing e-transactions through these facilities, including preserving the confidentiality of personal information and information of enterprises and organizations, ensuring the security of information systems, participating in response to incidents and taking remedial actions in accordance with the law.
Cloud computing
- Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?
Cloud computing service in banking operations means the delivery of computer system resources (including computing, networks, storage and software applications and other computer system resources) through a network environment that enables ubiquitous users to access, adjust and pay according to user demand.
Institutions using cloud computing services must:
- carry out an assessment of information technology risks and operating risks;
- classify activities and professional operations expected to be performed on cloud computing based on the assessment of impacts;
- develop backup plans for components of information systems of level 3 or higher;
- establish criteria for the selection of third parties providing cloud computing services; and
- review, amend and apply information security methods, and limit access through cloud computing to its information systems.
Third parties providing cloud computing services must:
- be enterprises; and
- own information technology infrastructure corresponding to the service requested by the institution, which must:
- comply with the laws of Vietnam; and
- have been granted a valid international certificate of information security.
INTELLECTUAL PROPERTY RIGHTS
IP protection for software
- Which intellectual property rights are available to protect software, and how do you obtain those rights?
Software can be deemed as a computer program, which means a set of instructions expressed in the form of commands, codes, diagrams and other forms that, when incorporated in a device or equipment operating by a computer programming language, are capable of enabling the computer or the equipment to perform a job or achieve a specific result in accordance with Law on Intellectual Property No. 50/2005/QH11 as amended in 2009, 2019 and 2022 (the IP Law). Accordingly, the software can be protected under copyright, irrespective of whether the software is expressed in the form of source codes or machine codes.
Copyright of software includes moral rights (namely, the right to give titles, the right to attach real names or pseudonyms, the right to publish or authorize to the public, and the right to protect the integrity) and economic rights (namely, the right to make derivative, display, reproduce, distribute, communicate and lease works). The rights holder can make registration to the Office of Intellectual Property to protect their intellectual property right. Copyrights of works arise from the time the specific work is created and expressed in a certain material form, regardless of the content, quality, form, medium or language, whether it is published or unpublished, or whether it is registered or unregistered.
IP developed by employees and contractors
- Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?
The owner of IP rights over a particular work and the author of this work is not necessarily the same. Under the IP Law, unless otherwise agreed:
- for copyright (including computer programs), any entity that assigns the task to an employee, contractor or consultant for the creation of a work shall be considered as the owner of copyright with respect to this work; and
- for other industrial property rights (namely, patent, industrial design, and layout design), any entity that provides funding and facilities to the author through the task assignment or employment shall be considered the owner of the industrial property rights.
If the copyright owner over a particular product is not also the author of this work, the owner is entitled to:
- all the economic rights pertaining to this work; and
- only the moral right to publish his or her works or to authorize other persons to publish his or her works.
The authors and the owner of IP rights for computer programs can agree in writing on repairing and upgrading computer programs.
Joint ownership
- Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?
The author retains moral rights. Joint owners are not restricted from using, licensing, charging, or assigning if both agree to do so.
Trade secrets
- How are trade secrets protected? Are trade secrets kept confidential during court proceedings?
Trade secrets are protected under industrial property rights. Industrial property rights to a trade secret are established on the basis of lawfully obtaining a trade secret and keeping it confidential. Thus, industrial property rights to trade secrets are established without the need for registration with the competent authority. However, protection requires the following conditions:
- it is neither common knowledge nor easily obtainable;
- when used in business activities, it will create for its holder advantages over those who do not hold or use it; and
- the owner of the trade secret maintains its secrecy by necessary means so that it will neither be disclosed nor be easily accessible litigation authorities and officers must keep professional secrets, trade secrets and personal secrets of the involved parties pursuant to their legitimate petitions.
Branding
- What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?
Branding may not be protected if it stands independently, but it is protected as trademarks or trade names.
Industrial property rights to trademarks shall be granted based on decisions issued by competent authorities in accordance with registration procedures specified in the IP Law or on the basis of international registration granted in accordance with the international agreement to which Vietnam is a signatory. Industrial property rights to well-known trademarks shall be granted based on their use instead of registration. The trademark search is an important step in the process of industrial property protection registration to avoid the situation that the trademark application is returned due to duplicate or misleading issues.
Industrial property rights to a trade name shall be established on the basis of lawful use thereof.
Remedies for infringement of IP
- What remedies are available to individuals or companies whose intellectual property rights have been infringed?
Any intellectual property rights holder shall have the right to apply the following measures for protection:
- to apply technological measures to prevent acts of infringement including:
- giving instructional information that the product is the subject of intellectual property rights and to warn others not to infringe; and
- using means or technical measures to mark, identify, distinguish and protect the protected product; and
- to request any infringing party to terminate such act, to remove and delete infringing content on the telecommunications network and the Internet, to make a public apology or rectification, and pay damages;
- to request the competent state body to deal with acts of infringement in accordance with the law; and
- to initiate a lawsuit at a court or a claim at an arbitration center.
COMPETITION
Sector-specific issues
- Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?
The competition laws apply generally to all forms of businesses.
TAX
Incentives
- Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?
The Investment Law provides investment incentives such as lower corporate income tax rate for certain periods (e.g, 10 percent corporate income tax for 15 years), exemption from import tax, exemption from land fees and land rent, and accelerated depreciation applicable to:
- start-up projects, national innovation centers, and research and development centers; and
- high-tech enterprises and projects involving high technology that are prioritized for investment (e.g, blockchain, cloud computing, big data technology and analytics, and artificial intelligence).
Fintech can fall into either of the two categories, depending on the conditions of the actual project.
Increased tax burden
- Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?
There is no new or proposed tax law or guidance that could significantly increase tax or administrative costs for fintech companies in Vietnam. There is no new specific tax law relating to fintech.
IMMIGRATION
Sector-specific schemes
- What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?
There are no immigration regimes specifically for fintech talent. Enterprises, organizations, individuals and contractors must only employ foreigners to hold positions of managers, executive directors, specialists and technical workers when the professional requirements for which cannot be met by Vietnamese workers.
UPDATE AND TRENDS IN FINTECH IN VIETNAM
Current developments
- Are there any other current developments or emerging trends to note?
Vietnam is still a country where fintech regulations are relatively new and vague. The prospect of a regulatory sandbox has attracted many new players; however, given the difficulties in obtaining licenses, many have opted to acquire existing licensed intermediary payment service providers to build out their services.
* The information in this chapter was accurate as of September 2023.
If you need more consulting, please Contact Us at TNHH NT International Law Firm (ntpartnerlawfirm.com)
You can also download the .docx version here.
“The article’s content refers to the regulations that were applicable at the time of its creation and is intended solely for reference purposes. To obtain accurate information, it is advisable to seek the guidance of a consulting lawyer.”
LEGAL CONSULTING SERVICES
090.252.4567NT INTERNATIONAL LAW FIRM
- Email: info@ntpartnerlawfirm.com – luatsu.toannguyen@gmail.com
- Phone: 090 252 4567
- Address: B23 Nam Long Residential Area, Phu Thuan Ward, District 7, Ho Chi Minh City, Vietnam