Vietnam's fintech industry is booming, and the rapid emergence of tech startups and non-bank institutions offering innovative financial services has been outpacing existing regulations. This regulatory gap not only creates uncertainty for both innovators and consumers, but also poses a number of imminent risks in areas such as consumer protection, data privacy, cybersecurity, and anti-money laundering, among others.

The State Bank of Vietnam (SBV) is stepping up to tackle these challenges by accelerating the promulgation of a long-awaited Fintech Sandbox Decree with the issuance of an updated draft ("Draft Fintech Sandbox Decree") on March 4, 2024. The Draft Fintech Sandbox Decree establishes a controlled environment where fintech companies and financial institutions can test solutions that do not fall squarely within the parameters of existing regulations. The pilot activities will be limited in scope, scale, and duration, with a number of precautionary measures in place. The SBV will supervise this "sandbox" closely, effectively mitigating risks and gathering valuable data to inform future regulations.

Who Can Participate in the Sandbox?

  • Traditional financial institutions (credit institutions): Banks and other institutions licensed to provide financial services can participate in the sandbox to test new offerings or refine existing ones.
  • Independent fintech companies: Startups and established companies specializing in fintech solutions can leverage the sandbox to pilot innovative ideas before seeking wider market adoption.
  • Other relevant organizations involved in the pilot: Depending on the specific solution being tested, other entities may also be involved in the sandbox.
  • Geographical scope: Limited to Vietnamese territory; cross-border testing is not allowed.

Focusing on Three Solution Categories

Earlier versions of the Draft Fintech Sandbox Decree included categories like blockchain technology and other innovative business models, but these were removed in the latest version. To allow the SBV to assess the associated risks and work on the solutions more effectively, this version focuses only on the following three solutions:

  • Credit scoring: Fintech companies can pilot new credit scoring models to assess the creditworthiness of individuals or organizations.
  • Data sharing via Open Application Programming Interface ("Open API"): Secured data-sharing mechanisms using Open APIs can be tested within the sandbox.
  • Peer-to-peer lending ("P2P Lending"): Platforms that connect lenders and borrowers can be piloted in the sandbox.

Participation Conditions

Fintech companies must meet specific criteria depending on the solution they are piloting. The criteria will vary depending on the complexity and potential risks associated with the solution. For example, P2P lending platforms might face strict requirements on cybersecurity and network information security.

All participants must submit a registration dossier and obtain a Certificate of Participation from the SBV.

Monitoring and Risk Control

The SBV will closely monitor activities, evaluate participation, and assess the effectiveness of the piloted solutions, with a dedicated team to oversee activities within the sandbox, ensuring that participants comply with applicable regulations and that pilots are conducted safely and effectively.

Participating organizations are required to submit regular reports and provide ad hoc information on the pilot process, operational indicators, risks encountered, and the results of the pilot implementation to the SBV.

Customer Protection

Participating organizations have a responsibility to ensure customer rights and interests. This includes informing them about potential risks associated with using the piloted solution, obtaining their informed consent, and clearly outlining data privacy practices.

Participating organizations must implement robust security measures to safeguard customer data collected during the pilot program.

For dispute settlement, organizations are required to establish a customer complaint handling department and have clear mechanisms in place to address any disputes or complaints arising from the use of their piloted solutions.

Sandbox Conclusion

The pilot period will last a maximum of two years, with the SBV having the authority to adjust the length based on the actual implementation. After the pilot period, the SBV will decide on the next steps based on participating organizations' reports, its own monitoring data, and any feedback received from relevant state authorities. Options will include terminating the pilot, certifying its completion, or extending the pilot period.

Participation in the Sandbox Mechanism does not guarantee an operating license or market approval for the piloted solutions.

Outlook

Once it is officially passed, it is hoped that the Fintech Sandbox Decree will usher in a new era of controlled experimentation in the sector, fostering a dynamic fintech ecosystem where innovation can thrive alongside robust regulations. By balancing innovation with consumer protection, cybersecurity, and data protection, it has the potential to transform Vietnam into a hub for groundbreaking fintech solutions, all while safeguarding the integrity of the financial system and consumers' interests.

Now that the sandbox program has been streamlined to include only the three most prominent fintech solutions, the SBV might be able to speed up the official issuance of the Fintech Sandbox Decree.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.