Major financial regulatory authorities in Thailand include:
● The Bank of Thailand (BoT): BoT was first set up as the Thai National Banking Bureau. It issues and manages currency and is responsible for providing a stable currency, financial, and payment system.
● The Securities and Exchange Commission (SEC): SEC is responsible for overseeing, developing, and managing capital markets in Thailand to ensure market efficiency, fairness, transparency, and integrity.
● The Office of the Securities and Exchange Commission (OSEC): OSEC is responsible for enacting requirements regarding establishing information technology systems for institutions engaged in securities services.
To regulate technological risk control in financial institutions, BoT and OSEC have enacted a series of regulatory requirements, guidelines, and notifications.
● Notification of the Bank of Thailand No. FPG 8/2557, Re: Regulations on Outsourcing of Financial Institutions : For financial institutions that use outsourcing services, the BoT proposes relevant requirements for outsourcing management that financial institutions are required to comply with, and also provides risk management guidelines related to those outsourcing activities.
● Notification of the Bank of Thailand No. FPG 21/2562, Re: Information Technology Risk Regulations of Financial Institutions : The regulations describe IT risk management principles and implementation guidelines to assist financial institutions in establishing a sound and robust technology risk management framework.
● Cloud Computing Practice Guide: This Guide provides guidance for financial institutions using cloud computing. It outlines how to manage the risks involved and implement security controls when using cloud computing services.
● Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 37/2559, Re: Rules in Detail on Establishment of Information Technology System : The Rules set out IT governance and information security management requirements regarding establishing information technology systems for intermediaries engaged in securities services.
● Notification of the Office of the Securities and Exchange Commission No. Nor Por. 3/2559, Re: Guidelines for Establishment of Information Technology System: It is an interpretation of Rules in Detail on Establishment of Information Technology System, and it provides guidelines and best practices to meet the requirements related to the IT governance and information security management.
● SEC Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 38/2565 Re: Rules in Detail on Establishment of Information Technology Systems (2023): The Rules states specific rules released by the Securities and Exchange Commission Office for the construction of IT systems. It specifies how to analyze the confidentiality, integrity, and availability of information systems, and provides guidance for operators on how to assess the risks of, govern, and audit IT systems. Specific control requirements are described in its Appendix 1 to Appendix 4.
● SEC Notification of the Office of the Securities and Exchange Commission No. Nor Por. 7/2565 Re: Guidelines on Establishment of Information Technology Systems (2023): Issued by the Securities and Exchange Commission Office, this Notice describes SEC notices that securities market operators need to comply with and stipulates obligations of securities market operators to prove that they have complied with the requirements of each notice and comply with SEC Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 38/2565 Re: Rules in Detail on Establishment of Information Technology Systems (2023). . .
● OIC Guidelines for Governance and Management for information Technology Risk for Life Insurance Companies B.E.2563 (2020): The Guidelines provides a standard of IT risk supervision and management for life insurance companies in Thailand.
● OIC Guidelines for Governance and Management for information Technology Risk for Non-Life Insurance Companies B.E.2563 (2020): The Guidelines provides a standard of IT risk supervision and management for non-life insurance companies in Thailand.
As a cloud service provider, Huawei Cloud is committed to helping you meet these regulatory requirements and continuously providing you with cloud services and environments that meet financial industry requirements.