14 ASIAN LEGAL BUSINESS – AUGUST 2023 WWW.LEGALBUSINESSONLINE.COM F INTECH “There are also instances where fintech activities in one jurisdiction are permissible, while in others they are either prohibited, subject to regulatory limitations (e.g., nationality restrictions or capitalisation requirements) or subject to licensing moratoriums. In these instances, some fintech companies would need to shift their strategy to either acquisition, partnership, or joint venture arrangements with local partners,” says Torres. Haque adds that these different licensing and registration requirements can lead to variations in the time and cost involved in setting up and expanding operations in different markets. “Some countries may have more stringent licensing and registration requirements for fintech companies, while others may have a more streamlined process.” In addition, consumer protection regulations differ across countries, affecting the level of trust and confidence consumers have in fintech services. “Companies operating in regions with robust consumer protection standards may need to implement additional measures to comply with the requirements of other markets,” says Haque. Data privacy and security regulations also vary significantly, which impacts how fintech companies handle customer data and ensure data protection. “Companies may need to implement different data privacy measures in each market to comply with local laws. Related to this, some countries may have restrictions on cross-border data transfers, which can complicate data management for fintech companies operating across multiple markets,” says Haque. “The impact of these regulatory differences on businesses operating in multiple Southeast Asian markets can be complex and multifaceted. Fintech companies may need to navigate a complex web of regulations, leading to increased compliance costs and administrative burdens. Adapting to various regulatory environments may also require significant resources and expertise,” says Haque. COLLABORATION NEEDED Effective management of cross-border financial crimes and cybersecurity threats in Southeast Asia necessitates regulatory cooperation among the region’s regulators. Athistha suggests that the Financial Action Task Force (FATF) Global Network and the FATF recommendations can play a significant role in providing a framework of measures to help regulators navigate and combat financial crimes effectively. It conducts regular assessments of each country’s laws and guides the regulators on the sufficiency of their regulatory regime and areas for improvement. For example, Myanmar is currently flagged as high-risk jurisdiction with deficiencies in its regime concerning counter-financial crimes, while Thailand has been found to have made progress in strengthening measures to tackle financial crimes. “Regulators can collaborate and work together through this network, particularly with regards to combating cross-border financial crimes,” says Athistha. To address cross-border financial crimes and cybersecurity threats effectively, regulators actively collaborate with other central banks and foreign financial authorities to exchange information, ideas and best practices on fintech and banking-related issues. For example, there are central banks like Bangko Sentral ng Pilipinas, that have established formal memorandum of agreements with the Monetary Authority of Singapore and Central Bank of Mauritius for information sharing and capacity building that are intended to address cross-border financial crimes and money-laundering threats. “Data privacy regulators also have collaborations to address data privacy and cybersecurity threats, and have actively participated in international forums in order to harmonise their respective legal and regulatory frameworks and exchange international best practices,” says Torres. Haque encourages regulators to share information. “Establishing channels for real-time information sharing among regulatory bodies in different countries is crucial to identify emerging threats quickly. This could include sharing data on suspicious transactions, cybersecurity incidents, and emerging trends in financial crimes,” Haque says. Haque also suggests setting up joint task forces or working groups focused on specific areas, such as money laundering, terrorist financing, or cybersecurity. These task forces can devise strategies, exchange best practices, and develop common guidelines. Harmonising regulations concerning fintech and cybersecurity across the region also helps as a coordinated approach reduces regulatory arbitrage and makes it easier for companies to navigate the complex regulatory landscape. In addition, Haque believes public-private partnerships can help combat cyber threats and financial crimes effectively. “Fintech companies can provide valuable insights and technical expertise, while regulators can offer guidance and regulatory support,” Haque says. “Regional collaboration enables regulators to pool their resources, expertise, and data to tackle cross-border financial crimes and cybersecurity threats in a more comprehensive and coordinated manner,” Haque says. “As fintech continues to evolve and operate across international boundaries, fostering strong regional cooperation becomes increasingly essential to safeguard the stability and integrity of the financial ecosystem in Southeast Asia.” MODELS TO FOLLOW Athistha sees Thailand as a great example of proactive collaboration with emerging players in the fintech sector to develop a comprehensive and effective regulatory system. The Bank of Thailand (BOT) implemented a fintech regulatory sandbox that allows local financial institutions and new fintech companies to experiment with innovative products. It also will enable regulators to stay on top of emerging products and collaborate with developers. “Thailand’s now ubiquitous QR payment system is just one of many products that emerged through this sandbox,” Athistha mentions. Also, the BOT and the Securities and Exchange Commission of Thailand