-
Articles
Legal Risk Management on uses of Blockchain Technology in Financial Services
On 4 June 2021, Bank of Thailand (“BOT”) issued guidelines for using blockchain technology in financial services, with the aim to provide a reference for any financial service provider on how to use blockchain technology in practice, and to ensure that financial service providers are implementing blockchain technology in a proper, safe, reliable manner, and consistent with international standards. Moreover, these guidelines aim to gain people’s trust in the use of blockchain services and be the standard for the country's financial structural development.
Such guidelines will be applied to financial service providers that are under the BOT’s supervision - including: (1) financial institutions (i.e. commercial bank, finance company and credit foncier) and financial business groups under the law on Financial Institution Businesses; (2) business operators under the supervision of the BOT which are not financial institutions (e.g. credit card, personal loan or micro financing business); and (3) business operators under the law on payment systems - which use the Private Blockchain Network (a blockchain network controlling access to the network and data) to provide financial transactions, both in the case of an administrator and a member of the blockchain network. However, in the case where financial service providers apply in the Public Blockchain Network (an open blockchain network where everyone can freely access the network and its data without asking for permission), the providers must consult with the BOT on a case-by-case basis before proceeding.
As the guidelines cover four important key practices for using blockchain technology in financial services: (1) Blockchain Business Application; (2) Blockchain Governance; (3) IT Risk Management; and (4) Legal Risk Management, therefore this newsletter will only focus on said practices. The BOT has prepared this guideline based on international standards and regulatory guidelines related to blockchain technology, including the evaluation of projects using blockchain technology under the Regulatory Sandbox.
With regard to legal risk management on uses of blockchain technology, financial service providers must comply with relevant laws, and provide guidelines for keeping user’s data stored in a secure blockchain network by taking into account the binding laws in force, as well as protecting data subjects’ rights and privacy. Moreover, the service providers must take personal data protection into consideration in order to effectively manage any legal risks and appropriately protect the service providers and any related parties. Therefore, the legal risk management guidelines are as follows:
(1) In case of being a blockchain network administrator, a mutual agreement between the members and those involved in the blockchain network should be provided, such as stipulating the conditions regarding consensus (mechanism that controls the data accuracy in every node through various algorithms to ensure the data accuracy through mutual agreements between the members of the blockchain network); practices and frequencies of data backup, and the data verification; the transaction process and timeout of the blockchain system in order to clearly define the responsible person, create a common understanding and reduce disputes between members of the blockchain.
(2) An agreement on smart contracts (a program format that stores the terms of contracts in the blockchain network and automatically executes such when the prescribed conditions are met) in the blockchain network between the parties involved should be provided, such as the legal effect of the transaction; the validity of the transaction; rights, duties and responsibilities of the involved parties; the process for handling errors or disputes; and reviewing the content and processes of each smart contract so it complies with such agreements, laws and policies of financial service providers.
(3) If the use of blockchain technology or joining a blockchain network involves personal data, financial service providers should assess the risks that may affect the rights of personal data subjects. If assessed and found to be at high risk, financial service providers should keep such personal data ‘off-chain’ (keeping the data outside of the blockchain network, e.g. in-house database storage) or consider using other technologies or methods to ensure that the data control is in accordance with applicable laws or personal data protection measures.
In addition, financial service providers should have a process in place for assessing the impact of personal data protection (referring to the related laws and regulations of the protection of personal data). If there is a change in the collection, use or disclosure of the significant personal information in relation to the blockchain system, financial service providers should review such assessments.
(4) Provide a process for regularly reviewing the information contained in the blockchain network, showing that the information is personally identifiable, whether directly or indirectly, in order to assess whether it may be classified as “personal information”. If so, apart from complying with the BOT guidelines on data governance, financial service providers must also take the utmost care in protecting the privacy of personal data and comply with the relevant laws.
(5) Financial service providers using blockchain technology must comply with BOT laws and regulations and other relevant laws, e.g. the law on electronic transactions, anti-money laundering, cyber security, personal data protection and digital asset business.
(6) Provide a process for educating users and related parties about the use of blockchain technology applying to financial products and services, thus to enable users and related parties to understand the benefits and potential effects of using blockchain technology.
In light of the above, financial service providers under the BOT’s supervision which use a Private Blockchain Network shall observe the aforementioned guidelines in order to comply with the correct practice. For more information, please visit the BOT website: https://bit.ly/3rzV1s8
This is intended merely to provide a regulatory overview and not to be comprehensive, nor to provide legal advice. Should you have any questions on this or on other areas of law, please do not hesitate to contact:
Nuttaros Tangprasitti
Partner
Krid Pongprapaphan
Associate
Authors
Related Knowledge
-
-
Nishimura & Asahi Legal Forum Online
M&A and Corporate Practice and Trends in 2024 (Indonesia/Singapore/Thai/Vietnam)
Online
Nishimura & Asahi Seminars
- Luky WALALANGI
- HA Hoang Loc
- Jirapong SRIWAT and others
-
-
Platforms and Journalism: What Should Competition Policy Do to Address the Crisis of the News Media?
Transcripts of lectures
-
-
Tokyo High Court Judgment on Restaurant Review Portal Site
Online
External Seminars
-
-
Cryptoassets and Property Law (civil law edition)
Others
-
-
Asian Legal Update Fourth Quarter 2023 (October - December)
Asia
- Miriam ANDRETA
- Hans Adiputra KURNIAWAN
- Wan May LEONG and others
-
-
Latest Trends in Climate Change Regulations and Policies in Japan
Finance Law
Nuttaros Tangprasitti specialises in corporate and commercial law. She regularly assists both international and domestic corporate clients (limited liability companies and partnerships, stock corporation in several industries) on the relevant laws of Thailand, which includes foreign direct investment, legal due diligence, M&A and cross-border M&A, joint venture, compliance, banking and finance. In addition to supporting clients on the above and a multitude of different legal formalities, she also has expertise in advising on various investment promotion policies of the Board of Investment (BOI), as well as compliance with foreign business, other laws on salient points for shareholders and joint venture agreements, which includes laws on immigration and foreign work under Thai law. Nuttaros speaks at many seminars and takes an active role in educating the clients on issues relevant to their businesses and her practice areas. She also writes various articles and newsletters on cutting-edge topics in several legal areas, which are widely distributed to existing and potential clients. Nuttaros aims to ensure the lawyers on her team are constantly developing and upgrading their skills, to ensure they meet or exceed the high professional standards of Nishimura & Asahi. She is committed to ensuring that both she and our firm deliver top-quality services to our clients and strong internal support for our colleagues. She recently began drafting a manual on several aspects of Thai law, as part of an “Investment promotion scheme,” and also wrote several newsletters on corporate law, and banking and finance laws. She also recently authored an article on the impact of Tax Reduction for Land and Buildings, which received excellent feedback from our clients, particularly those who are land and building owners. Nuttaros is committed to building a strong and progressive corporate and commercial practice, which also incorporates tax law, by adapting to new ideas in the legal industry.