10 November, 2018
On 4 September 2018, the Bank of Thailand (“BOT”), which is the central bank of Thailand and the regulator of banks in Thailand under the The Bank of Thailand Act B.E. 2485 (1942), as amended, issued its circular letter No. Thor Por Thor. For Kor Vor. 2053/2561 re: the authorisation of commercial banks to provide digital ID services (the “Letter”). According to the Letter, commercial banks in Thailand with preparedness in systematic, personnel, and risk management are authorised to provide digital identification services (“Digital ID services”), i.e. to act as the Identity Provider (“IDP”) and/or Authoritative Source (“AS”).
The intention of the BOT is to support its project called the “National Digital ID: NDID,” which is aimed to be Thailand’s national platform providing a highly secured and reliable mechanism of self-identification. NDID will boost online transactions more smoothly as customers do not need to create separate accounts to prove who they are for separate transactions. Additionally, it can be used as an electronic know-your-customer (e-KYC) tool for business operators.
In detail, NDID will be composed of two processes including:
(i) the Enrolment and Identity Proofing; and
(ii) the Authentication and Lifecycle Management. The first process is the Enrolment and Identity Proofing process which starts when customers apply to use digital ID with IDPs. The IDPs will work on checking the identity of customers and whether the online identity of customers, matches with their real identity.
After the IDPs approve or verify customers’ identity, the customers will become verified users. Another process is the Authentication and Lifecycle Management. If verified users wish to proceed with online transactions such as opening banking accounts, investment accounts, or requesting for loans, the users will need to contact the AS, which is the entity offering online services, and verify their identity with the IDPs. Using digital ID, users can skip the process of filling their information for the opening of accounts to carry out transactions. Also, what can be used as ID verification can be divided into three categories as follows:
- What You Know (such as usernames and passwords);
- What You Have (ID cards and passports); and
- What You Are (fingerprints, facial scans, and voice scans).
In these recent years, digitalised services spread across various industries around the world. The continuity and growth of this trend seems to overwhelm traditional customer identification processes.
As online identification does not have a face-to-face inspection and instead rely on corroboration of digital evidence from reliable and trustworthy sources, banks across the world play an important role in the digital identity market.
The reason is that, even in this digital era, banks are still obligated to comply with high-standards of identity identification, e.g. when a customer applies for the opening of a new bank account, a face-to-face inspection of such customer’s identification documents will be conducted.
In Thailand, under the laws pertaining to financial institutions, commercial banks cannot engage in any business other than those authorised by the BOT. However, from now on, commercial banks can legally provide digital ID services, as one of the first players in Thailand’s early stages of development in the digital identity services market, which will contribute a key component of how the future of digital identity evolves and how it will be managed.
Thai citizens will benefit from standard and secured identity services to be provided by banks, which will enable them to access multiple online services. In addition, it is possible that digital ID will also be a new market for banks.
For more information, please contact:
Threenuch Bunruangthaworn, Partner, ZICO Law (Thailand) Limited (a member of ZICO Law)
threenuch@zicolaw.com