Fintech in Vietnam

Vietnam has increasingly become appealing to fintech startups around the globe. Regardless of the so-called “infant industry”, local and foreign-based fintech startups have competed head to head to grow their market dominance. Regulators must ensure the key market players will not do any harm to customers and local economy as a result of carrying out fintech startup activities in the territory of Vietnam.


Approximately 47 percent of Vietnamese fintech startups focus on payments, which is the highest concentration of fitech startups in the ASEAN region. In addition, there are currently around 77 fintech firms in Vietnam with a total investment of US$129 million in 2016.[1] According to the State Bank of Vietnam, in August 2019 there were 100 fintech firms of which 30 fintech firms were licensed to provide intermediary payment services.[2]

According to the study, 58 percent of the respondents want more support from regulators and policy makers.[3] In response to that, Vietnam governments have taken active steps to facilitate development of the sector. For example, following the passage of Decision No 844/QĐ-TTg of the Prime Minister dated 18 April 2016, approving: ‘Support Innovative Startup Ecosystem in Vietnam until 2025 National Program (ISEV)’,[4] the State Bank of Vietnam established a FinTech Steering Committee in March 2017 according to Decision No 328/QĐ-NHNN dated 16 March 2017, providing solutions for enhancing the fintech ecosystem, making it possible for fintech firms in Vietnam to grow.[5] On 21 August 2017, the Prime Minister issued Decision No 1255/QĐ-TTg on ‘National Program on Enhancing Legal Framework for Management of Crypto Currencies’.

The Vietnam government has unceasingly and effortlessly continued with scheduled national programs as it sees the benefits of doing that by increasing access to financial services, reducing transaction costs, creating transparency and efficiency for new financial products, eventually contributing to managing costs and income.[6]

Scope of Fintech Business Activities in Vietnam

The scope of fintech activities includes the following main business activities:

(1) payment;

(2) peer-to-peer lending (‘P2P’);

(3) crypto currency/bitcoin blockchain;

(4) crowdfunding;

(5) robo-investing;

(6) integrated services in payment at banks;

(7) data management; and

(8) Know Your Customer (‘KYC’).


(a)  Intermediary Payment Services

In Vietnam, non-cash payments and non-cash payment services developed quickly and variously, such as bank cards, Mobile Banking, Internet Banking, SMS Banking and digital walletss. Pursuant to the Law on Investment, an intermediary payment service is a conditioned business line belonging in the field of banking. Enterprises are only allowed to officially provide an intermediary payment service after being issued a licence to provide payment intermediary services by the State Bank.[7]

The regulations on the operating requirements for intermediary payment services include:

(1) Meeting the requirements for providing an intermediary payment service: In accordance with non-cash payment regulations, non-credit organisations that provide intermediary payment services must meet these requirements:

(a) have a licence for establishment or a certificate of business registration issued by the competent state agencies;

(b) have an approved plan for payment intermediary service provisions in accordance with the regulations of the authorities as prescribed in their charter, which at least contains: (i) a process of operations of the requested services; (ii) a regime for solvency ratio; (iii) a process of internal inspection; (iv) risk management, assurance of safety and security; (v) general rules and internal regulations on prevention and fighting against money laundering; procedures for actions against trace requests, complaints and disputes; (vi) rights and obligations of the relevant parties in the process of service provision;

(c) have at least 50 billion VND of charter capital;

(d) meet the requirements of human resources:

(i) the legal representative, the General Director (‘Director’) of the applying organisation must have proficiency or experience in business administration or in their fields; and

(ii) the employees that run the payment intermediary services must be proficient in their job.

(2) Technical requirements: There must be facilities and technical infrastructure, information technology systems and technology solutions that satisfy the requirements for the provision of payment intermediary services and the back-up of the technical system independent from the primary system that ensures the provision of  safe and continuous service when the primary system has problems and in accordance with regulations on the safety and security of information technology systems in banking operations.

(3) In compliance with risk management and a guarantee of safety and confidentiality: Organisations providing intermediary payment services must comply with the law while also setting up internal regulations for risk management and a guarantee of safety and confidentiality during their service provision. Circular 39 contains an article about this risk management, safety guarantee and confidentiality as follows:

(a) build and comply with internal regulations and regulations of the State Bank on the principles of risk management in electronic banking operations and the provisions of the current law on the prevention of money laundering and other provisions of related Vietnamese law;

(b) comply with requirements for the guarantee of safety and security of information technology systems; and

(c) comply with the provisions on the establishment, use and archiving of electronic documents as prescribed in the Law on Electronic Transactions in banking operations.

(4) Regulations that ensure solvency: If credit institutions (‘CI’) must comply with the regulation on reserve requirements and solvency, organisations providing intermediary payment services also must ensure compliance with solvency during their service provision. Payment guarantee accounts must be opened to ensure the provision of these services and used to pay for the units accepting the payment and to refund to customers using the services upon their request.[8]

(5) Regulations on reporting and providing information: Article 16 of Circular 39 contains regulations on an intermediary payment service provider’s obligation of reporting and providing information as follows:

(a) to submit quarterly and annual reports to the State Bank (through the Payment Department);

(b) to be responsible for reporting to the State Bank on information relating to payment agency transactions in the following cases: (i) upon occurrence of unusual developments in the operation which may affect the operations of the providers of intermediary payment services, banks or other organisations and individuals involved; (ii) upon occurrence of problems which disrupt the payment process through intermediary payment services; (iii) at the specific request of the State Bank to serve the state management objectives; and

(c) to keep the confidentiality of information relating to the payment transactions through intermediary payment services, the personal information of customers and the payment accounts of customers—the information is only provided at the request of the customers or the law.

(b)  Other Payment Services

In Vietnam, most domestic banks have access to the development of the modern payment services in the world. That is, built upon the basic infrastructure of core banking, banks are open to new products and services such as:

(1) mobile banking, Internet banking, mPayment, SMS Banking, F@st MobiPay, Digital wallet;

(2) products and services ultilising high technology such as QR Code (Quick Response Code) or the software system POS, including more convenient phone card payment devices (mPOS), providing support in digital payments and supporting merchants in sales management, cash flow management and sales numbers; and

(3) the development of telecommunications where the popularity of digital devices, modern technologies and supporting applications have contributed to the trend to move from traditional bank services to modern banking that is, digital banking; the latest trend being the appeareance of Timo Digital bank, a new service of the Vietnam Prosperity bank (VPBank).

Peer-to-Peer Lending (P2P)

(a) Definition

The definition of peer-to-peer lending, called ‘P2P’, is to connect the lender and the borrower online without the presence of a bank or credit institution without traditional lending requirements.

(b) Legal Notes When Providing Peer-to-Peer Lending

In Vietnam, there is no specific regulation exclusively for P2P lending activities. In the scope of related matters, some general screening regulations apply to enterprises that wish to be granted this service, containing the requirements before applying for it:

(1) Under the Law on Credit Institutions, credit extension and specifically lending[9], these must be conducted by a CI which are commercial banks[10] and finance companies[11] that receive approval by the State Bank. These professional activites must comply with restrictions and regulation for safety in the CI’s operation. Therefore, if the lending is conducted by companies which are not a CI receiving approval from the State Bank, then the lending is subject to the Civil Code. Typical situations involve lending interest, in a case where the parties agree on interest, the agreed interest shall not exceed 20 percent per year of the money lent, unless otherwise prescribed by law.[12]

(2) As this type of lending is based on a technology application, through an online platform so that lender and borrower can be connected, this means that the companies providing P2P lending must be in compliance with the regulations pertaining to E-commerce, such as regulations for the setting up of E-commerce websites, on trading in E-commerce through E-documents, E-contracts and on safety and confidentiality.

(3) When inititating a digital trading contract with customers, the CI must comply with the principles set out in Article 35 of the Law on E-transactions for avoidance of dispute, namely:

(a) the participating parties shall have the right to reach agreement on the use of electronic means in the entry into and execution of contracts;

(b) the entry into and execution of an E-contract shall comply with the provisions of the Law on E-transactions and contracts;

(c) when entering into and executing digital contracts, the parties shall have the right to reach agreement on technical requirements, certification and  conditions to ensure integrity and confidentiality related to such digital contracts.

(4) E-documentation. The traditional commercial way to record agreements between the parties is through contracts, verbally or in written form, whether certified or not. In the world of E-commerce, E-documentation is considered as contracts recording the will of the parties. Therefore, the law recognises the legal validity of E-documentation as the original if it meets both requirements in Article 9.1 of Decree 52, which includes:

(a) there is a reliable assurance of the integrity of information contained in the E-document from the time the information is first generated in the form of an E-document; and

(b) the information contained in the E-document is accessible and usable in complete form when necessary.

Guaranteeing the authenticity (original) of the documents in E-commerce is necessary and a compulsory factor for an E-transaction to proceed smoothly. Therefore, it is worth noting that the data should not be changed in content or, in other words, the authenticity of the data must remain.

Crypto Currency/Bitcoin Blockchain

  • Online Currency in Vietnam

Around the world, bitcoin was first mentioned in 2008 and then expanded and became active after that. As for Vietnam market, in 2014, officially on 9 July 2014, Bitcoin Vietnam Company Limited cooperated with Bit2C Company Limited to introduce the first Bitcoin Exchange and then launched the website in accordance with the E-trade website notification procedure to the Vietnam E-commerce Economy and Information Technology Agency. However, the Vietnam E-commerce and Information Technology Agency declined the notification on the ground that Website notification is only applied to online shopping website, on which sellers is obliged to provide information for customers in order to accurately assess features of goods, services when customers decide to enter into contracts. Currently, Bitcoin has not been considered as goods or services in current legislative documents, not fallen within the scope of regulation of Decree 52 on e-commerce.

On 27 February 2014, the State Bank made an announcement ‘Press release of bitcoin and other virtual currencies’, which stated ‘As to current law on currencies and bank, bitcoin (and other virtual currencies) is neither currency nor legal payment instrument …’. Moreover, the current system of laws in Vietnam, such as the Law on the State Bank of Vietnam, the Ordinance on foreign exchange control and Decree 101 prohibit the issuance, provision or usage of Bitcoin and other virtual currencies in the form of payment instruments due to the fact that Bitcoin and other virtual currencies are neither money nor legal payment instruments which are recognised under the laws of Vietnam.

  • Risks and Challenges During the Execution of Bitcoin Contracts

On 21 August 2017, the Prime Minister approved Decision No 1255/QĐ – TTg on approving the scheme of completion of the legal framework on management of virtual assets, digital currencies and virtual currencies, including Bitcoin. This is an official sign from the Government indicating that Bitcoin transactions would be legalised in future. However, presently, no regulations and legal frameworks for the management of Bitcoin transactions have been promulgated by the Government.

On 1 January 2018, the act of ‘issuing, providing, using of illegal payment facilities; forging payment documents or payment facilities; using fake payment documents or payment facilities’ (including bitcoin and other virtual currencies) was criminalised. The level of punishment may range from a monetary fine, which is from VND50,000,000 to VND300,000,000, to a penalty of 6 to 36 months’ imprisonment.

Robo Investing

Robo investing, which is provided by Fintech companies, is a service which uses an algorithm for investment management. This service attracts attention from many companies, risky investors and customers by replacing either brokerage companies or asset management companies to manage and diversify investment categories as well as supervise tax bills a on 24/7-hour basis.

At present, there are some banks and financial consulting companies using technology to provide a robo investing service. Smart personal financial Service (‘B2C’) is also a financial package that many units have been implementing. However, there are currently no regulations on this service provided by companies specilising in robo investing. Although this is not stipulated, when conducting the act of providing a smart financial service, companies must comply with regulations on technological information security as well as the safety of online contracts and other forms of Fintech, specifically:[13]

(1) the online collection, processing and the usage of the personal information of a person must be granted with the consent of that person;

(2) the correct use of collected personal information must be adhered toand it must be ensured that the information is only be stored within a specific duration and in accordance with the law or agreement between the parties; and

(3) the requisite managerial and technical methods must be followed to ensure that personal information is not stolen, leaked or destroyed.

Data Management

When E-commerce develops, business entities start to seek new solutions which use websites and the Internet to store and share information, data between employees, customers, providers and clients. Under the Law on Information Technology, companies are entitled to provide storage, data processing and database exploitation services in order to support businesses in managing large volumes of information, documents, images, multimedia files etc related to business. In reality, there are some types of technological services provided by technological companies like an E-signature certification service (governed by the E-transactions Law), data centrer services and the distribution of information technology products.

Currently, there are increasing demands to assess creditbility not only for each credit institution but also for individuals and organisations acting as lenders. Therefore, Decree 88 stipulates establishment conditions, principles and scope of business which must be followed during the operation.

Accordingly, limited liability companies, joint-stock companies and partnerships are three types of businesses that are eligible for credit rating services after being granted a certificate of business registration. The scope of business of a credit rating enterprise includes: (1) credit rating services; (2) services related to credit rating activities, including the provision of information on credit rating; and (3) training in and the update of knowledge related to credit rating activities.

In addition, to become an enterprise that carries out this service, it is required that enterprises meet the following legal requirements:

  • Requirements for an enterprise to be rated as a credit rating service business:

(i)  being qualified for a business eligibility certificate for a credit rating service business;

(ii) having the minimum legal capital requirement: 15 billion dong; and

(iii) an enterprise that does not register for credit rating services is not allowed to use the phrase ‘credit rating’ or other phrases that have the same meaning as ‘credit rating’ in the name,[14]

  • Paying attention to prohibited acts:

(i) a credit rating enterprise granted a certificate of eligibility shall not contribute capital to establish another credit rating enterprise; and

(ii) a credit rating enterprise granted a certificate of eligibility shall not concurrently operate in the fields of accounting and auditing and securities including: brokerage; advisory; underwriting; securities distribution agent; investment fund management; portfolio management and securities investment; bank.

  • Compliance with regulations on information security. The credit rating enterprise, analysts and members of the credit rating council of the enterprise must not disclose information on the credit rating organisation according to the information security provisions stipulated in the contract of credit rating, except for the following information:[15]

(i)  the name of the General Director or Director of the business rated credit;

(ii) the code of ethical standards;

(iii) the credit rating method;

(iv) the rank of credit rating;

(v)  the list and ratio of capital contribution of shareholders or capital contributors owning more than 5 percent of the charter capital of the credit rating enterprise;

(vi) a change in the ownership ratio of shareholders or capital-contributing members with the ownership ratio of the actually contributed charter capital of the credit rating enterprise of more than 5 percent; and

(vii) a report of the credit rating results in accordance with Article 35 of Decree 88 for each credit rating contract.

  • Reporting mechanism. The credit rating enterprises shall make annual or irregular reports on the enterprise’s operation results, specifically:

(i)  annual reports, specifically:

(A) report period: annual report on the performance of credit rating enterprises from 1 January to 31 December;

(B) time-frame for report submission: before 30 April of the year preceding the reporting periodand

(C) place of report receipt: Ministry of Finance;

(ii) unexpected report, that is, within 10 working days from the date of changes in the following content, credit rating enterprises shall report unexpectedly at the request of the Ministry of Finance and the business registration agency, particularly:

(A) a failure to meet one of the credit rating service business conditions specified in Article 14 of Decree 88;

(B) the name, head office address, website address of the credit rating business;

(C) the legal representative of the enterprise;

(D) the dissolution, bankruptcy or self-termination of a credit rating service businessand

(E)  the revocation of certificate of business registration.


Know Your Customer (‘KYC’)

The development of KYC helps to filter and prevent identity theft, financial fraud, money laundering and terrorism financing, which often depend on anonymous accounts. It also allows banks to detect potential customers or potential fraud before it reaches the bank, allowing the bank to prevent fraud before it happens.

Currently, Vietnam still does not have a solid legal framework for providing digital banking services in Vietnam to ensure confidentiality and protection of personal information and for prevention of business fraud, including paying attention to the issue of customer authentication on a digital platform (eKYC/digital KYC); the legality of digital and digital signatures in the digital banking era; and monitoring banking activities and preventing money laundering.

Under the Law on Prevention of Money Laundering and related regulations, as for banking services such as opening bank accounts or opening E-wallet accounts, non-physical identification cards or establishing first-time relationships with financial organisations or a new technology financial service provider, these organisations must meet customers directly or face-to-face to verify the information and should note the following issues:

(1)  Identification information:[16]

(a) in relation to information that identifies customers as Vietnamese or foreign organisations, individuals must include the following information:

(i) for individual customers who are Vietnamese: full name; date of birth; nationality; occupations and positions; phone number, identity card number or passport number, date of issue and place of issue; address of permanent residence and current residence;

(ii) for foreign individual customers: full name; date of birth; nationality; occupations and positions; passport number, date of issue, place of issue, entry visa; the address of the place of residence registration abroad and the address of the place of residence registration in Vietnam;

(iii) for institutional customers: full transaction names and abbreviations; address of the head office; phone number, fax number; operation and business fields; information about the founder, representing the organisation including the above information;

(b) for individual customers who are stateless, identity information includes: full name; date of birth; occupations and positions; visa book; visa-granting agency; address of the place of residence abroad and in Vietnam;

(c) for individual customers who have two or more nationalities, in addition to the information specified in point (a) above, the reporting subject must collect additional information about the nationality and registered addresses of residence in the nationality;

(d) the subject of reporting verifies customer identification information in accordance with Article 11 of the Law on Prevention of Money Laundering.

(2)  How to classify customers according to risk level:[17]

(a) the reporting subject must develop regulations on customer classification based on the risks belonging to each type of customer, type of product, service used by the customer, place of residence or the client’s head office;

(b) for customers with low risk levels, the reporting subject may apply customer identification measures at lower level and must ensure that sufficient information about specified customers is collected in accordance with Article 9 of Under the Law on Prevention of Money Laundering;

(c) for customers, transactions that have a high level of risk, in addition to implementing identification measures specified in Article 9 of the Law on Prevention of Money Laundering, the reporting subjects must apply enhanced evaluation measures;

(d) for other customers, transactions with a high level of risk who do not fall into the cases specified in point (c) above, in addition to implementing identification measures, the reporting subject must apply enhanced evaluation measures as prescribed by the State Bank of Vietnam.



This article purports to provide an overview of the regulatory framework for fintech in Vietnam. It is worth noting that the Vietnam government has undoubtedly done a lot more to attract and make it possible for fintech firms to grow in Vietnam by inventing and enhancing existing competitive advantages. According to the State Bank of Vietnam, it has focused time and efforts on building up and intensifying the legal framework for fintech activities in the banking industry in a way that keeps pace with the world’s digitised economy and fintech developments. In response to unregulated fintech practices, the State Bank of Vietnam would consider studying and experimenting with a regulatory sandbox in alignment with internationally recognised customs and practices, eventually promulgating laws governing fintech activites.[18]

[1] See ‘ASEAN FinTech Census 2018’ by Ernst & Young (EY), available at$FILE/EY-asean-fintech-census-2018.pdf.

[2] See ‘Cooperation between Bank and Fintech Contributing to Access to Financial Services’, available at:

[3] See  n 1 above.

[4] See National Plan 844, available at

[5] See  n 2 above.

[6] See ibid.

[7] See Article 2.2 of Circular No 39/2014/ TT-NHNN of the State Bank dated 11 December 2014 guiding the intermediary payment services (‘Circular 39’).

[8] See Article 8 of Circular 39.

[9] See Article of 4.16 of the Law on Credit Institutions.

[10] See ibid, Article 98.3(a)

[11] See ibid, Article 108.1(d).

[12] See Artice 468 of the Civil Code.

[13] See Articles 70.1, 71.2 and 72.2 of Decree No 52/2013/NĐ-CP dated 16 May 2013 on E-commerce (‘Decree 52’).

[14] See Article 9.3 of Decree No 88/2014/ND-CP dated 26 September 2014 on credit rating services (‘Decree 88’).

[15] See ibid, Article 39.

[16] See Article 4 of Decree 116 Decree No 116/2013/ND-CP detailing implementation of a number of articles of the Law on Prevention and Combating of Money Laundering, dated 4 October 2013 (‘Decree 116’).

[17] See Article 12 of the Law on Prevention of Money Laundering and related regulations.

[18] See n 2 above.

Bui Tien Long (Rudy)