In more detail

The detailed requirements are as follows:

1. Shared responsibility

In accordance with the obligations set forth in the Emergency Decree, financial institutions, payment system operators, digital asset business operators, mobile network operators, and other relevant service providers are jointly responsible for losses resulting from technological crimes — unless they can demonstrate compliance with the standards prescribed by the relevant regulators.

In this regard, the SEC has issued a Notification stipulating that any digital asset business operator who fails to comply with the specified requirements shall be liable for such losses. The liability shall be apportioned on a pro rata basis, depending on the circumstances, among the digital asset business operators, financial institutions, payment system operators, customers, and other relevant parties.

2. Mule account definition and classification

The term "Mule Account" refers to a savings account or electronic money account that is used, or may be used, as a conduit for receiving or transferring money or digital assets derived from technological crimes.

Mule accounts are classified into three categories based on a color-coded system:

• Black mule account: A savings or electronic money account held by any person — whether an individual or a juristic entity — identified as high-risk under the Ministerial Regulation on Customer Due Diligence B.E. 2563 (2020), specifically under the mule account category codes HR-03-01 and HR-03-02 as designated by the Anti-Money Laundering Office. This classification is limited to individuals involved in wrongdoing under the Emergency Decree.
• Dark grey mule account: A savings or electronic money account held by any person listed in the dark grey mule account category within the name-sharing system (e.g., the Central Fraud Registry).
• Light grey mule account: A savings or electronic money account held by any person listed in the light grey mule account category within the name-sharing system.

3. The requirements for digital asset business operators

a. Customer Due Diligence

Digital asset business operators must implement account opening and customer assessment procedures, including Know-Your-Customer (KYC), in compliance with the Anti-Money Laundering (AML) laws and relevant SEC regulations under the digital asset framework.

b. Transaction suspension and account control measures

Digital asset business operators must take the following actions in accordance with instructions issued by the Prevention and Suppression of Technological Crimes Operation Center:

• Transaction control: Suspend or resume transactions as directed, and notify the receiving financial institution involved in any consecutive transfers. Additionally, operators must share account information through the designated name-sharing system.
• Account restrictions: Reject account openings, freeze services or transactions, or close accounts associated with individuals or account numbers flagged by the Prevention and Suppression of Technological Crimes Operation Center.

c. Risk categorization of mule account holders

Owners of accounts classified as black, dark grey, or light grey mule accounts must be treated as high-risk customers for money laundering purposes.

The business operator must maintain the aforementioned measures until the customer’s name has been removed from the relevant list.

d. EDD process

Business operators must conduct the EDD process, which includes the following measures:

• Must comply with AML laws and relevant regulations, including obtaining additional information such as the source of funds, source of wealth, and the purpose of each transaction, as well as enhancing the transaction monitoring process.
• Includes verification of the customer’s mobile service type (prepaid or postpaid).
• Requires direct contact with the customer via video conference, video call, or similar method to conduct a series of due diligence questions and confirm the intended use of digital asset services.

For more details, please contact our team at Baker McKenzie.