As the SEC has continuously integrated cooperation with public- and private-sector partner agencies to prevent and suppress cybercrime, the Subcommittee on Financial Data Connectivity for Enhancing the Monitoring of Suspicious Financial Transactions has resolved that the SEC, together with the Anti-Money Laundering Office (AMLO), will issue interim guidance for digital asset business operators while AMLO prepares to issue regulations under the Anti-Money Laundering Act.
The SEC has therefore coordinated with AMLO to establish requirements on the risk management system of digital asset business operators to ensure that information accompanies all digital asset transfer transactions to support monitoring and preventing the misuse of digital assets in cybercrime. In this connection, the SEC conducted a public hearing on the proposed principles during March–April 2026. Most relevant parties agreed with the proposed principles and provided useful comments. The SEC has taken such comments into consideration in further revising the principles for greater clarity and appropriateness and has prepared a draft notification prescribing the duties of digital asset business operators. The key principles are as follows:
(1) Digital asset business operators must establish policies and operating procedures for managing risks related to the transfer and receipt of digital assets. The operators are required to collect information on customers and their counterparties accompanying digital asset transfers; verify the qualifications of the digital asset business operators or digital asset service providers of such counterparties; verify ownership of, or control over, self-hosted wallets in the case of digital asset transfers to or receipt of digital asset transfers from self-hosted wallets; and retain transfer-related information accompanying every digital asset transaction for at least five years, with such information to be kept during the first two years in a manner that allows the supervisory authority to retrieve or examine it immediately.
(2) In the case of an ordering digital asset operator, the operator must transmit information on the originator and the beneficiary together with the digital asset transfer order to the beneficiary digital asset operator. Where an intermediary digital asset operator is involved in the digital asset transfer route, the operator must verify the qualifications of such intermediary and take additional actions as prescribed, so that the transaction route can be monitored continuously and completely in accordance with the intended objective.
(3) Digital asset business operators must implement prescribed risk management measures related to the transfer and receipt of digital assets, including the collection of information on the originator and the beneficiary for digital asset transfers received from an ordering digital asset operator or, where applicable, directly from a customer.
The establishment of the Travel Rule for Digital Assets is intended to enhance the capability to trace the origin and movement of digital assets and to effectively examine, prevent, and intercept cybercrime, as well as to prevent the risk of digital asset business operators being used as a channel for money laundering and terrorist financing, without imposing undue burdens on digital asset business operators. It also aims to enhance anti-money laundering measures in line with international standards, strengthen the credibility of the Thai digital asset market, and increase the overall competitiveness of the Thai digital asset ecosystem.
The consultation paper is available on the SEC website at https://www.sec.or.th/TH/Pages/PB_Detail.aspx?SECID=1185 and on the Legal Hub at https://law.go.th/. Stakeholders and interested parties are invited to submit comments through these websites or by email to titibhorn@sec.or.th, nattira@sec.or.th, and jiratchaya@sec.or.th. The public hearing ends on 10 July 2026.