Thailand: SEC sets new standards to combat mule accounts in digital asset businesses

22 Aug 2025    3 minute read

In brief

The Securities and Exchange Commission (SEC) has issued SEC Notification No. SorTor. 22/2568 Re: Technological Crime Prevention Standards and Measures for Digital Asset Business Operators ("Notification") in order to prescribe the detailed requirements under the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes B.E. 2566 (2023) as amended ("Emergency Decree").

Contents

In more detail

The detailed requirements are as follows:

1. Shared responsibility

In accordance with the obligations set forth in the Emergency Decree, financial institutions, payment system operators, digital asset business operators, mobile network operators, and other relevant service providers are jointly responsible for losses resulting from technological crimes — unless they can demonstrate compliance with the standards prescribed by the relevant regulators.

In this regard, the SEC has issued a Notification stipulating that any digital asset business operator who fails to comply with the specified requirements shall be liable for such losses. The liability shall be apportioned on a pro rata basis, depending on the circumstances, among the digital asset business operators, financial institutions, payment system operators, customers, and other relevant parties.

2. Mule account definition and classification

The term "Mule Account" refers to a savings account or electronic money account that is used, or may be used, as a conduit for receiving or transferring money or digital assets derived from technological crimes.

Mule accounts are classified into three categories based on a color-coded system:

  • Black mule account: A savings or electronic money account held by any person — whether an individual or a juristic entity — identified as high-risk under the Ministerial Regulation on Customer Due Diligence B.E. 2563 (2020), specifically under the mule account category codes HR-03-01 and HR-03-02 as designated by the Anti-Money Laundering Office. This classification is limited to individuals involved in wrongdoing under the Emergency Decree.
  • Dark grey mule account: A savings or electronic money account held by any person listed in the dark grey mule account category within the name-sharing system (e.g., the Central Fraud Registry).
  • Light grey mule account: A savings or electronic money account held by any person listed in the light grey mule account category within the name-sharing system.

3. The requirements for digital asset business operators

a. Customer Due Diligence

Digital asset business operators must implement account opening and customer assessment procedures, including Know-Your-Customer (KYC), in compliance with the Anti-Money Laundering (AML) laws and relevant SEC regulations under the digital asset framework.

b. Transaction suspension and account control measures

Digital asset business operators must take the following actions in accordance with instructions issued by the Prevention and Suppression of Technological Crimes Operation Center:

  • Transaction control: Suspend or resume transactions as directed, and notify the receiving financial institution involved in any consecutive transfers. Additionally, operators must share account information through the designated name-sharing system.
  • Account restrictions: Reject account openings, freeze services or transactions, or close accounts associated with individuals or account numbers flagged by the Prevention and Suppression of Technological Crimes Operation Center.

c. Risk categorization of mule account holders

Owners of accounts classified as black, dark grey, or light grey mule accounts must be treated as high-risk customers for money laundering purposes.

Type of customer Action required
Before account opening (i.e., new customers):
An applicant’s name appeared in the black, dark grey, or light grey mule account. The business operator must reject the account opening.
During service provision (i.e., existing customers):  
A customer’s name is listed under black or dark grey mule accounts. The business operator must suspend deposit and withdrawal services for digital assets and Thai Baht.
A customer’s name is listed under light grey mule accounts. The business operator must suspend deposit and withdrawal services for digital assets and Thai Baht, unless the customer has successfully completed the Enhanced Due Diligence (EDD) process.

 

The business operator must maintain the aforementioned measures until the customer’s name has been removed from the relevant list.

d. EDD process

Business operators must conduct the EDD process, which includes the following measures:

  • Must comply with AML laws and relevant regulations, including obtaining additional information such as the source of funds, source of wealth, and the purpose of each transaction, as well as enhancing the transaction monitoring process.
  • Includes verification of the customer’s mobile service type (prepaid or postpaid).
  • Requires direct contact with the customer via video conference, video call, or similar method to conduct a series of due diligence questions and confirm the intended use of digital asset services.

For more details, please contact our team at Baker McKenzie.

 

Contact Information
Komkrit Kietduriyakul
Partner
Bangkok
Read my Bio
komkrit.kietduriyakul@bakermckenzie.com
Benja Supannakul
Partner
Bangkok
Read my Bio
benja.supannakul@bakermckenzie.com
Suthawadee Riumkidgarn
Associate
Bangkok
suthawadee.riumkidgarn@bakermckenzie.com

Copyright © 2025 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.