Regulations on identifying customers, verifying customer identification information in Vietnam

On June 28, 2023, the Governor of the State Bank of Vietnam issued Circular 06/2023/TT-NHNN amending Circular 39/2016/TT-NHNN prescribing lending transactions of credit institutions and foreign bank branches with customers (effective as of September 1, 2023).

Digital lending rules in Vietnam

- Credit institutions shall adopt the digital lending method in a manner that is appropriate to their business conditions and loan features, and ensures security, safety and protection of data messages as well as confidentiality of information in accordance with regulations of laws on anti-money laundering and electronic transactions, SBV’s risk management guidelines and other relevant law provisions.

- The information system used for carrying out digital lending activities must satisfy level-3 or higher-level information system security requirements laid down in the Government’s regulations on security of information systems by classification and SBV’s regulations on security of information systems in banking operations.

- Credit institutions shall store and manage information and data in accordance with regulations of law; information and data must be stored safely, kept confidential, duly backed up and have their adequacy and integrity ensured to facilitate access or use, where necessary, or to serve the inspection, verification and resolution of trace requests, complaints or disputes, or to be provided at the request of competent authorities.

- Each credit institution shall itself decide to adopt measures, forms and technologies for carry outing digital lending activities, accept all risks that may arise from digital lending, and must meet the following minimum requirements:

+ It has adopted solutions and technologies for ensuring the accuracy, confidentiality and safety during the collection, use and verification of information and data;

+ It has adopted measures for examining, checking, updating and verifying information and data; measures for preventing acts of forging, intervening and falsifying information and data;

+ It has developed measures for monitoring, identifying, measuring and controlling risks; risk treatment methods;

+ It has assigned responsibilities to each individual or department for performance of digital lending activities and risk management and control.

- Credit institutions shall consider deciding to carry out digital lending activities as prescribed in Section 3 of Circular 39/2016/TT-NHNN. Relevant provisions of Circular 39/2016/TT-NHNN shall apply to other digital lending-related contents which are not mentioned in Section 3 of Circular 39/2016/TT-NHNN.

Regulations on identifying customers, verifying customer identification information in Vietnam (Internet image)

Identifying customers, verifying customer identification information in Vietnam

- Each credit institution must adopt solutions and technologies for identifying its customers and verifying customer identification data during its provision of digital lending services; shall assume responsibility for all risks that may arise, and meet the following minimum requirements:

+ A customer’s identification information and biometric data (including biological factor/characteristics that are specifically used to identify a person, cannot be forged, and are rarely matched with those of another person such as fingerprints, face, iris, voice and other biometric factors) must match corresponding information and biometric data included in documents/data necessary to identify that customer in accordance with regulations of the law on anti-money laundering and as requested by the credit institution, or that customer’s personal identity data certified by competent authorities, or included in citizen identity card database/national population database, or provided by electronic certification service providers in accordance with regulations of the law on electronic certification and identification, or provided by other credit institutions;

+ It has developed procedures for managing, controlling and assessing risks, including measures for preventing acts of forging, intervening, altering or falsifying customer identification information during the lending process; measures for checking and verifying customer identification information to ensure that the borrower is the one conducting the electronic transaction; technical measures for certifying the identified customer’s consent to the loan agreement. Risk management and control procedures must be regularly reviewed and revised according to updated information and data;

+ It must store and manage customer identification information and biometric data of its customers; sounds, images, videos and recordings; telephone numbers used for conducting transactions; and transaction logs used during lending process in an adequate and detailed manner.

- Provisions on customer identification and verification of customer identification information above shall apply to individual customers who apply for loans for living purposes and start a relationship with the credit institution.

If an individual customer that applies for a loan for living purposes has established a relationship with the credit institution and completed procedures for customer identification and verification of customer identification information, the credit institution shall be entitled to decide measures, forms and/or technologies employed for verifying that customer’s identification information during the digital lending process which should match the known information about that customer.

Mai Thanh Loi

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE