The process of opening corporate accounts requires documentation such as the certificate of registration from the company registry, incorporation documents, a list of shareholders, and records pertaining to individuals associated with the company.

The Bank of Thailand is currently enhancing the Know Your Customer (KYC) and Customer Due Diligence (CDD) processes for commercial banks in relation to corporate entities. For high-risk customers, Enhanced Due Diligence (EDD) will be required, involving the collection of additional reliable information. This includes details on the nature of the business or occupation, the source of income and assets, the purpose of each transaction, and evidence of utility payments for the registered address or business premises.

Under current regulations (Civil and Commercial Code), the prohibitions for registering as a company director are limited to two conditions: 1) being bankrupt, and 2) being legally incompetent. Therefore, unless there is clear evidence of these prohibitive conditions, an individual is permitted to register a corporate entity.

However, corporate entities remain subject to obligations and liabilities under other specific laws relevant to their business activities, such as the Foreign Business Act (1999), the Direct Sales and Direct Marketing Act (2017), the Securities and Exchange Act (1992), and the Tour Business and Guide Act (2008), among others. Certain laws governing specific business sectors may impose additional prohibitions, such as barring individuals with prior convictions from engaging in those businesses or serving as directors.

The Department of Business Development has issued Central Partnership and Company Registry Office Order No. 3/2567, which establishes criteria for the registration of partnerships and limited companies involving individuals linked to predicate offenses or those who own bank accounts used in such offenses, as listed in the Anti-Money Laundering Office’s HR-03 database. This order takes effect on January 1, 2025. Under these regulations, individuals listed in the HR-03 database who apply to register a corporate entity and are named as managing partners or directors must appear in person to verify their identity before the registrar prior to registration. Subsequently, the Department will forward the details of the corporate entity to the Anti-Online Crime Operations Center (AOC) for further monitoring and investigation.

The identification of high-risk corporate entities is categorized into two primary cases:

1. Corporate Entities Designated as Black Mule Accounts: The Anti-Money Laundering Office (AMLO) will designate corporate entities as black mule accounts based on information provided by the Cyber Crime Investigation Division (CCID). These lists will be shared with the banking sector for stringent action.

2. Corporate Entities with Associated High-Risk Individuals: The Department of Business Development will compile lists of high-risk corporate entities and share them with the CCID and the banking sector for further scrutiny and monitoring of account irregularities. In cases where individuals associated with dark gray mule accounts attempt to open new corporate accounts, banks will cross-reference these individuals against their internal databases of individual mule accounts. Moving forward, the Department of Business Development will consider expanding the scope to include corporate entities associated with individuals linked to other categories of mule accounts.

Consequently, the approach to identifying high-risk corporate mule accounts differs from that for individual mule accounts, as it requires evaluation from both perspectives outlined above.

Individuals whose accounts are frozen due to being identified as mule accounts are prohibited from opening new corporate accounts or applying for additional products or services. If such an individual is associated with a corporate account, the bank will review the account’s information. Should the assessment confirm a high likelihood that the corporate account is being used as a mule account with sufficient certainty, the bank will notify law enforcement, suspend electronic banking channels, refuse to open new accounts, and refrain from offering additional services to the corporate entity. The process for lifting the designation of a mule account for both individuals and corporate entities must be handled separately.

These measures strengthen proactive actions by enabling banks to address suspicious activities before victims are identified within the banking system. In the next phase, the scope will expand to include cryptocurrency accounts and promote accountability among relevant parties in accordance with clearly defined regulatory standards. Should any party fail to comply with these standards, they will be required to take responsibility and compensate for any resulting damages (Shared Responsibility). This approach aligns with the principles outlined in the new Emergency Decree.

Banks currently apply stringent measures when opening accounts for individuals identified as high-risk. These measures include enhanced identity verification and additional customer due diligence, as stipulated in the Ministerial Regulation on Customer Due Diligence (2020). Banks are required to inquire about the purpose of the account opening and request supporting documentation to verify its appropriateness. This may include documents or information regarding the source of income. If the individual fails to provide satisfactory evidence, banks will follow the guidelines of the Anti-Money Laundering Office (AMLO), which may involve refusing to establish a business relationship, declining to conduct transactions, or terminating an existing business relationship.

Banks have begun suspending electronic banking channels for corporate accounts designated by the Anti-Money Laundering Office (AMLO), in accordance with AMLO’s guidelines. Additionally, banks are preparing to implement stricter measures, such as prohibiting the opening of new accounts, with these measures expected to take effect by February 2025.

Banks have implemented measures to prevent fund transfers from black, dark gray, and light gray mule accounts. Additional measures targeting dark brown mule accounts, including transfers to cryptocurrency accounts, are scheduled to be implemented by March 2025.

The core principle is that all relevant parties, including service users, telecommunications providers (Telcos), banks, and other related entities, have clearly defined responsibilities within their respective domains. Failure to comply with the standards set by regulatory authorities will require accountability in accordance with the framework outlined in the draft Emergency Decree on the Prevention and Suppression of Technology-Related Crimes. The Council of Ministers has recently approved the principles of this draft legislation, which is currently under review by the Council of State. The Bank of Thailand will issue related guidelines once the legislation takes effect.

Individuals who are not involved in any illicit activities can contact their bank to provide evidence of their good faith. This information will be used to evaluate and facilitate the lifting of restrictions, allowing the account to resume normal operations.

The Bank of Thailand is currently preparing to strengthen mule account management through the issuance of legally binding regulations. Consequently, banks that fail to comply with these regulations will face penalties as stipulated by applicable laws.

Starting in March 2025, banks will notify customers when transfers to high-risk accounts are blocked. The primary objective of these notifications is to inform customers that the bank has taken preventive action to mitigate potential financial losses at the source.

Individuals should verify the identity of the recipient to ensure the transfer is intended for the correct party before confirming the transaction. This is particularly important for transfers to government agencies, as no legitimate government entity will request individuals to transfer funds for verification purposes.

Upon a victim's report through AOC 1441 or a bank, financial transaction data is entered into the Central Fraud Registry (CFR). Effective August 1, 2024, all banks utilize CFR data to manage risky accounts across institutions (previously, banks could only monitor their own accounts flagged in financial trails). This enables broader and faster suppression of mule accounts. All banks will immediately suspend the electronic channels of the implicated accounts upon receiving the data and maintain the suspension until the account holder undergoes rigorous in-person verification at a bank branch.

On March 9, 2023, the Bank of Thailand introduced a comprehensive set of measures to address financial fraud, covering the entire financial transaction process. These measures established minimum standards for all financial institutions to follow uniformly. They balance risk management with the promotion of digital financial services, encompassing prevention, detection, response, and mitigation strategies. Further details here.

• Review the list of authorized online loan applications.
• Confirm the names of financial service providers regulated by the Bank of Thailand.
• After verifying the list, prior to transferring any funds, directly contact the financial institution in question to confirm its legitimacy. This is critical, as fraudsters frequently misuse the names of legitimate financial institutions to deceive the public. Always ensure thorough verification beforehand.

1. To restrict individuals exhibiting suspicious behavior, potentially indicative of fraudulent activity, from transferring large sums of money in a single transaction. Previously, fraudsters could transfer significant amounts, enabling rapid movement of illicit funds, which complicates timely interception.

2. To mitigate potential financial losses for customers who may become victims, particularly vulnerable groups such as children and the elderly, who are frequent targets of fraudsters.

Financial institutions employ systems and processes to analyze customers’ transaction behavior, ensuring that assigned limits are appropriate and minimally disruptive to daily transactions. This assessment considers factors such as indicators of potential fraudulent activity, typical transfer amounts, and the customer’s history of using the institution’s products and services, to avoid impacting their routine transactions.

This measure applies exclusively to individual customers and transactions involving transfers or payments conducted through digital channels. It excludes transfers or payments to the customer’s own accounts within the same financial institution, such as credit card payments, loan repayments to oneself, or transfers to investment accounts within the same institution.
 

For example, if a customer in Group S transfers 40,000 THB to another of their own accounts within the same bank, this amount will not count toward their allocated transfer or payment limit. The customer may still transfer up to 50,000 THB to accounts at other banks within their limit.

The implementation will occur in two phases:

• For new customers activating mobile banking or internet banking services, by the end of August 2025.
• For existing customers, by the end of 2025.

This measure is implemented by all financial institutions (commercial banks and specialized financial institutions) that provide digital money transfer and payment services to individual customers.

Financial institutions will provide advance notification to affected customers through their standard communication channels, such as in-app notifications, SMS messages, or emails.

Daily transfer limits through mobile banking/internet banking are categorized into three levels:

1. S: Transfers not exceeding 50,000 baht per day.

2. M: Transfers not exceeding 200,000 baht per day.

3. L: Transfers exceeding 200,000 baht per day.
However, each financial institution may establish more detailed limit levels to align with their customer segments.

Not all customers will be assigned to the S group; customers will be allocated a transfer limit appropriate to their typical transaction amounts, such as receiving a limit higher than 50,000 THB if they regularly transfer more than 50,000 THB.

However, customers with the following characteristics will be assigned a daily transfer limit not exceeding 50,000 THB:

1. Those identified as potential fraud risks, as banks have systems in place to detect suspicious behavior (e.g., activities associated with money mules).

2. Customers with limited familiarity to the financial institution, such as new customers.

3. Customers who typically transfer no more than 50,000 THB per day.

Not necessarily, as financial institutions will adjust the transfer limit to align with the customer’s typical transaction amounts (e.g., customers who regularly transfer more than 50,000 THB will receive a higher limit).

However, elderly customers who typically transfer no more than 50,000 THB will be assigned to the S group, though they may request to retain their original limit upon verification.

Customers may contact their financial institution through designated channels, such as the call center or a branch, to express their intent to adjust the limit. The financial institution will consider various factors to determine an appropriate limit for the customer’s usage, including the risk of the customer becoming a victim of fraud, age, income, occupation, or transaction behavior. Some institutions may request additional documentation to better understand the customer, such as a work permit, payslip, or income tax records.
Additionally, financial institutions have procedures to support customers in emergencies. Customers may call the call center to request a temporary increase in their transfer limit, providing the reason for the request, and the institution will review and adjust the limit within 2-3 hours.

Yes, customers can still do so.
For example, if Mr. A is assigned to the M group (with a daily transfer limit not exceeding 200,000 THB), he can independently set his transfer limit within the application to 100,000 THB or any amount up to a maximum of 200,000 THB per day. However, if Mr. A wishes to exceed this limit, he may contact the bank to request an increase, and the bank will follow its evaluation process to consider the request.

Customer actions vary by group as follows:

1. New Customers
• Complete the standard identity verification process with the financial institution to activate mobile banking or internet banking.
• The financial institution will inform customers of their daily transfer limit and the procedures for requesting a higher limit, particularly for temporary increases in emergency situations.

2. Existing Customers
• The financial institution will assess customer data, including customer information, potential indicators of fraudulent behavior, transaction patterns, and history of using the institution’s products and services.
• Affected customers will be notified in advance of their daily transfer limit through the institution’s standard communication channels, along with the procedures for requesting a higher limit, particularly for temporary increases in emergency situations.

3. Vulnerable Customers (e.g., minors and elderly customers with a daily usage limit not exceeding 50,000 THB)
• Customers will be notified in advance of any adjustments to their transfer limit through the institution’s standard communication channels.
• The financial institution will provide instructions for customers to confirm with the institution to request retention of their original limit.

Not necessarily, as each financial institution has varying levels of customer information.
 

For example, Mr. A, an existing customer of Financial Institution A, may be assigned to the M group, while his account at Financial Institution B may be assigned to the S group because he has not transferred more than 50,000 THB per day, is in the early stages of using the service, or the institution has limited information and requires additional data.  

Customers may contact their financial institution through the designated channels to express their intent to adjust their transfer limit. The evaluation process and the required information or documentation will depend on the risk management policies of each financial institution.

The decision depends on the risk management policies of each financial institution, which may consider the following:

The customer may lack sufficient financial information for the institution to assess the necessity of the requested limit increase, allowing the institution to deny the request. Alternatively, the customer may be identified as a potential fraud risk, as financial institutions have systems in place to detect suspicious behavior (e.g., activities associated with money mules).

Customers may request a higher transfer limit from their financial institution by following these steps:

1. Contact the financial institution through the designated channels.

2. Inform the institution of the purpose of the request.

3. The financial institution will notify the customer of the decision within 2-3 hours.

Since the factors considered depend on the information available to or received by each financial institution, a request to adjust a transfer limit will only be evaluated by the specific institution where the request is made.

In such cases, the financial institution may consider granting a permanent limit increase. The institution will notify the customer to confirm the request for a permanent increase and will review the customer’s financial information and supporting documentation to determine an appropriate limit adjustment, subject to the institution’s risk management policies.

The frequency of reviewing and adjusting customer transfer limits varies across financial institutions. Typically, institutions notify customers prior to automatically increasing their transfer limits or inform them that they can adjust their daily limit independently via the mobile banking application. However, when reducing a limit to align with a customer’s usage, the financial institution will notify the customer in advance of any automatic reduction.

Financial institutions continuously evaluate the effectiveness and impact of setting customer transfer limits to ensure minimal disruption to customers’ regular transactions.