Asia Fintech and Payments Regulatory Update - October 2025

Hong Kong SAR

Fintech

SFC and HKMA update VA joint circular: The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) have issued a circular that supplements their joint circular on virtual asset-related activities. The update reflects revised regulatory expectations in key areas, including staking and the execution of trades conducted through the off-platforms of SFC-licensed virtual asset trading platforms. It is intended to update relevant licensing or registration conditions and terms and conditions for intermediaries and clarifies the application of certain investor protection requirements for virtual asset related product distribution when dealing with institutional professional investors and qualified corporate professional investors. 

HKMA prudential standards on banks’ cryptoasset exposures: The HKMA has issued two consultations as part of its efforts to implement the Basel Committee’s standard on the prudential treatment of banks’ cryptoasset exposures. The first consultation proposes draft revised completion instructions for certain return templates including capital adequacy ratio, liquidity position, and return of large exposures (the returns themselves were the subject of a consultation in June 2025). The second consultation proposes changes to the HKMA’s Supervisory Policy Module (including the creation of an entirely new module on the “Classification of Cryptoassets”) in order to provide banks with further guidance on the classification of cryptoassets for their prudential treatment.

Mainland China

Data and cyber

Strict cybersecurity incident reporting regime takes effect: The Cyberspace Administration of China (CAC) has released the Administrative Measures for National Cybersecurity Incident Reporting, effective from 1 November 2025. Issued together with a grading guide, these new measures establish a stringent reporting regime for network operators. Under the new rules, operators must report any cybersecurity incidents classified as "relatively severe" or above. Reporting timelines are particularly demanding, ranging from just one to four hours depending on the type of entity, representing a significant tightening of compliance obligations.

Singapore

Cybersecurity and AI 

Information paper on cyber risks associated with deepfakes: The Monetary Authority of Singapore (MAS) has published an information paper “Cyber Risks Associated with Deepfakes” on the key risks of deepfakes to the financial sector, recent incidents involving these threats, and possible mitigating measures which FIs could take to address the risks. The information paper highlights three principal risks: (1) compromised biometric authentication, (2) social engineering and impersonation scams and (3) misinformation and disinformation. Read more in our blog post

IMDA expands AI expertise and funding for Singapore firms: The Infocomm Media Development Authority (IMDA) will provide further funding and training to 2,000 Singapore firms identified as digitally mature enterprises under its Digital Leaders Programme (DLP). The expanded programme leverages the support of tech giants and industry partners to provide training and awareness to businesses on AI, data and business re-design. It also offers support to help companies identify business opportunities and solutions for digital transformation. The Digital Leaders supported by the programme are intended to serve as "industry champions" to drive who the adoption of AI and digital innovation throughout Singapore. Since its launch in 2021, the DLP has already supported over 600 Singapore enterprises.

Proof-of-Concept sandbox for quantum-safe communications within financial sector: MAS, in collaboration with DBS, HSBC, OCBC, UOB, SPTel and SpeQtral, has successfully completed a proof-of-concept sandbox to evaluate the use of Quantum Key Distribution (QKD) for secure communications in the financial sector. QKD is a secure communication method for exchanging cryptographic keys only known between shared parties. The MAS and participating banks have successfully used a QKD solution from SPTel and SpeQtral in a sandbox test to demonstrate secure data transfer. 

Joint press release on restricting access to facilities for scam mules: The Singapore Police Force, MAS, IMDA and Government Technology Agency of Singapore are working with industry partners to implement new measures against scam mules. Under this new facility restriction framework, scam mules may face restrictions when accessing financial, telecommunications and Singpass/ Corppass services. The framework will be implemented in phases with effect from October 2025, starting with the restrictions on access to banking services and prohibition on subscription of new mobile lines.

Financial regulation landscape

MAS and HKMA strengthen banking supervision cooperation: MAS and HKMA have entered into a Memorandum of Understanding on banking supervisory cooperation in cross-border banking matters. The MoU will strengthen existing collaboration between the regulators through information sharing and exchange of best practices in order to better supervise banks operating in both Singapore and Hong Kong.

MAS digital advertisement guidelines for financial institutions: The MAS has issued Guidelines on Standards of Conduct for Digital Advertising Activities, effective from 25 March 2026, in response to increasing complaints about “finfluencers”. These guidelines seeks to protect consumers from misleading financial content by mitigating conduct risks, especially on social media. They require, institutions to employ five key safeguards: (1) choose appropriate digital platforms, (2) recognise the limitation of digital formats (such as word or character limits) and ensure that these do not result in misleading advertisements, (3) vet and train influencers, (4) monitor all digital campaigns, and (5) take disciplinary action when necessary. . The MAS and the Advertising Standards Authority of Singapore (ASAS) have also developed a guide for content creators on responsible financial content creation, and will issue advisory letters to five content creators who may have provided financial advice without a licence. Read more in our blog post

Thailand

Digital Assets

Pilot programme allowing licensed digital asset operators to enable foreign tourists to exchange digital assets for Thai baht: Thailand’s Securities and Exchange Commission (SEC) has launched a pilot programme allowing licensed digital asset operators to enable foreign tourists to exchange digital assets for Thai baht, which may be used to pay for goods and services. Digital assets operators must obtain SEC approval, partner with e-money service providers, and adhere to strict requirements on transaction limits, due diligence, and anti-money laundering procedures. The pilot will run for up to 18 months and requires regular progress reports. The initiative aims to boost tourism and local business income, while maintaining high regulatory standards and consumer protection without imposing investment suitability tests on tourists.

Indonesia

Financial regulation landscape

Draft OJK Regulation on Offering of Digital Assets: The Financial Services Authority (OJK) has recently issued a draft OJK Regulation concerning the offering of digital assets. Under this regulation, an issuer would be permitted to issue its digital assets (including crypto assets) within Indonesia subject to various requirements applicable to the issuer and the digital assets themselves. These cover the roles and obligations of supporting operators (such as asset depository), applicable licensing requirements, and detailed procedures for conducting the offering. To date, OJK has not set a specific date for the enactment of this draft regulation.

UAE

Financial regulation landscape

UAE consults on implementation of the Crypto-Asset Reporting Framework: The UAE Ministry of Finance is consulting on the proposed implementation of the Crypto-Asset Reporting Framework (CARF) in the UAE(the OECD tax transparency framework that enables the automatic exchange of tax information on crypto-asset transactions between jurisdictions). The UAE aims to commence exchanges of relevant information by 2028, covering the calendar year 2027. This would require “Reporting Crypto-Asset Service Providers” (such as crypto-asset exchange platforms and wallet providers used for storing crypto-assets) with a relevant nexus to the UAE to identify and report their customers who qualify as “Reportable Users” to the relevant UAE regulatory authority (e.g., the UAE Securities and Commodities Authority or the UAE Central Bank onshore in the UAE, the Dubai Financial Services Authority in the DIFC or the Financial Services Regulatory Authority in the ADGM). The relevant authority would then make this information available to overseas tax authorities. Information on retail payment transactions reported under the CARF would be subject to de minimis thresholds.

ADGM FSRA proposes regulatory framework for the staking of Virtual Assets: The Financial Services Regulatory Authority (FSRA) in the Abu Dhabi Global Market (ADGM) is consulting on a proposed a regulatory framework for the staking of Virtual Assets (VAs). The proposals outline the categories of Authorised Persons permitted to carry on staking activities using their Clients’ Vas, along with the requirements governing these activities. In particular, the proposals detail the proposed approach to the regulating arrangements involving participation in a blockchain validation process based on a Proof-of-Stake (PoS) consensus mechanism. 

ADGM FSRA publishes proposed regulatory framework for regulated activities involving Fiat-Referenced Tokens: The FSRA in the ADGM is consulting on a proposed regulatory framework to govern regulated activities involving Fiat-Referenced Tokens (FRTs). The proposals set out the FSRA’s approach to “accepting” FRTs for use in ADGM. The FSRA proposes to automatically accept FRTs issued by issuers based in ADGM (Domestic FRTs) for use within ADGM, while Foreign FRTs would be eligible for consideration as Accepted FRTs subject to compliance with certain assessment criteria. The proposals would also expand the scope of regulated activities that may be carried on in relation to FRTs and propose Rules applicable to Authorised Persons that hold or control FRTs belonging to their Clients.