The last decade has seen a phenomenal growth of new innovative digital apparatuses promising cost-efficient, faster, and more manageable global payments and transfers. Combined with new available financial instruments such as cryptocurrencies, digital currencies, non-fungible tokens (NFTs), or virtual assets, they represent new ideas, concepts and forms of investment that are enabled by cryptographic technology and distributed ledger technology (DLT), broadly democratizing finance and facilitating financial inclusion. However, rapidly growing interests in crypto assets and tech-enabled financial services have fueled regulatory attention on rising threats of financial crime incidents and existential money laundering/terrorism financing (ML/TF) risks.  

Vietnam, as reported by the Financial Action Task Force (FATF)1, has a low risk of terrorism financing. However the country has implemented anti-money laundering/counter-terrorism financing (AML/CTF) measures at national and policy levels, addressing legal, institutional, and capacity gaps. As FATF recommended, there are certain shortcomings and deficiencies, which require interagency coordination and additional sectoral assessments to prevent and mitigate ML/TF risks.  

The newly amended Law on Prevention of Money Laundering (Anti-Money Laundering Law – AML Law), which includes 04 Chapters and 66 Articles, passed by the National Assembly on November 15, 2022, is expected to strengthen some key areas which comprise of threat assessment, enhanced operational cooperation, and coordination on high-risk sectors. However, the new law also constitutes specific challenges to financial institutions and non-financial market participants regarding money laundering violations, service disruption, and case-by-case reporting.  

AML/CTF in Digital Payments 

The phenomenal rise of cross-border digital payment services poses infructuous money laundering threats when the ubiquity and convenience of electronic payment platforms facilitate a global churn of money laundering. Given the adoption of stringent electronic know-your-customer (e-KYC) requirements and regular transaction monitoring, cyber-criminal groups, sanction entities, and ill-intentioned actors have long favored cross-border transactions since the process is opaque and convoluted without proper standardization. On the other hand, commercial banks are anticipating payment service providers (PSPs) to implement more robust and proactive AML/CTF measures, incorporating banks’ practices while mobilizing their technological skills to design their anti-financial crime control strategies on their platforms.  

As stated in Articles 19 and 29 of the AML Law, PSPs are required to enhance their risk management strategies to heighten customer monitoring, transaction monitoring, and screening measures to detect suspicious financial activities of alleged subjects. Crucially, PSPs’ service offerings can expose themselves to fraudulent, illicit organizations that use their services to launder proceeds from illegitimate sources. Eventually, being associated with money launderers would cost the PSPs’ reputation, compliance standards, financial security, and public confidence.  

Financial Privacy and Consumers’ Rights Protection 

As regulatory bodies and intergovernmental organizations are expressing concerns about the effectiveness of anti-financial crime controls and the sophistication of tech-enabled ML/TF risks, the new AML Law and its upcoming decree and circular are expected to exert greater anti-financial crime control. Enhancements will focus more on fraudulent activities, cross-border financial crimes, tax evasion, and customer security. Banks, PSPs, financial institutions, and other financial services providers will be forming a network overseeing customer due diligence and suspicious activity monitoring.  According to Articles 2 and 15 and Clause 1 Article 44, the definition of “suspicious activity” remains unclear, and constant reporting requirements for suspicious financial behaviors force financial institutions to act as “law enforcement agencies.” This will subsequently allow unnecessary intrusion into private citizens’ financial businesses. Any inaccurate or misleading commercial and consumer transaction suspensions based on the biased assumption of ML/TF risks could cost financial institutions legal jeopardy and erosion of trust.  

As increasing digitization and connectivity take hold, it is essential to avoid regulatory overreach to protect individuals’ financial privacy and mitigate financial institutions’ compliance costs when filing too many reports. Under Clause 3 Article 10, Articles 11, 13, and 14 of the Law on Credit Institutions 2010, financial institutions are also responsible for protecting the confidentiality of accounts’ holders unless required by relevant authorities on submission of pertinent information for investigative purposes. Therefore, there should be comprehensive guidelines for risk assessment, record keeping, and reporting procedures concerning whether collected information is valuable and relevant for AML/CTF investigations, and regulatory burdens imposed on financial institutions.  

Regulation of Crypto Assets 

According to Chainalysis, Vietnam is in the top ten countries with the highest number of cryptocurrency holders.2. But the State Bank of Vietnam (SBV) has decided to carve crypto assets out of the context of the AML Law since the existing legal framework is inadequate in supporting effective regulation of crypto assets. Though SBV explicitly bans the use of cryptocurrencies or digital currencies as mediums of a non-cash transaction, following Article 1.1 of Decree 80/2016/ND-CP, Article 26.6d of Decree 88/2019/ND-CP, and Article 206.1h of the Criminal Code 2017, cryptocurrencies are still being traded regularly on foreign exchange platforms. It is far-reaching to consider criminalization of possession and trading of crypto assets, but regulators and supervisors prioritize consumer protection, operational safety and soundness, and financial integrity. As the Ministry of Justice and SBV currently study the plausibility of regulating crypto assets, it is crucial to develop a framework that can handle both crypto-related entities and activities. The Government should also take a position on reviewing the legitimacy of crypto assets, technology-related risks, taxation, and all crypto-related economic activities.  

Before the Vietnamese Government can incorporate crypto assets into mainstream regulation, there shall be an excruciatingly long period of assessing regulatory impact and economic feasibility that will require an extensive review of the overall framework from the Civil Code 2015, Criminal Code 2017, Law on Enterprise 2014, Law on Investment 2020, Commercial Law 2005 and other related documents. Judging the lack of state support for entrepreneurial cryptocurrency, the growing concerns about crypto-related crimes and virtual currencies volatility prompt relevant authorities to restrict individuals and domestic and foreign companies from conducting any crypto trade. For those reasons, state agencies and law enforcement forces are gradually strengthening their cyber and legal capabilities, combined with technologies of private contractors, to conduct an effective investigation of online crimes, and trace and recover cryptocurrencies.

Information Sharing 

ML/TF risks and other forms of financial crimes are becoming more sophisticated and prevalent across borders at breakneck speed. There is a need for industry and state agencies to sharpen the surveillance of financial activities and improve screening effectiveness in the digital era. Article 12 of the AML Law stipulates the responsibility of businesses to use documents and data to verify customer identity-related information. However, the new law needs to specify the responsibility of relevant agencies to allow information sharing to facilitate effective AML/CTF measures.  

Since state agencies possess reliable information sources, it is essential that an information-sharingframework can allow reporting entities, supervisors, and regulators to make better use of available resources and technologies to develop innovative strategies combating ML/TF. Forging closer links between the public and private sectors will improve the quality of information shared and its usefulness to relevant agencies in the investigation of financial crimes.  

AML internal rules and regulations 

In Article 24, reporting entities must draft internal regulations on the prevention of money laundering, but the spectrum of reporting entities in the AML Law is diverse, comprising SMEs and individuals in the non-financial services sector. Contrary to what SBV expects financial services providers to strengthen AML/CTF compliance, the nature of sector-based ML/TF varies drastically. To support a broad understanding of emerging ML/TF risks across high-risk sectors, SBV should compose comprehensive guidelines for internal regulations for effective oversight and compliance with AML rules so businesses can structure their sector-based compliance framework to fit with their business models. 

Aligned with the Law on Cybersecurity 2018 and the Draft Law on Electronic Transaction, there is a strong need to fill regulatory gaps that arise from e-KYC verification and authentication, and empower digital trust by implementing wide-scale digital identity provision, for instance, Circular 01/2021/TT-NHNN, Circular 35/2016/TT-NHNN, or Decision 630/2017/QD-NHNN. As opposed to traditional AML/CTF measures, emerging technologies and new forms of services challenge the traditional control environment. Financial institutions and PSPs must decide which risks are manageable and segment client portfolios to allow more targeted and differentiated risk management measures.  

To streamline AML/CTF measures, regulators and supervisors can back efforts in deploying cross-cutting technologies such as machine learning across the financial service value chain to perform transaction monitoring and link analysis, which would depend on the quality and availability of client data. Rather than focusing on cost constraints and less effective report filing, the regulatory framework should be aligned with mainstream regulatory approaches across financial activities and risk spectrum while limiting compliance costs and disproportionate burdens on would-be financial services customers.