Regulatory Compliance Audit

Hence, Bank of Thailand (BOT) introduced additional regulations to govern business operators and providers of financial services under the laws on payment systems according to SNC. 1/2564 (สนช. 1/2564). There are two key IT risk governance requirements proposed: (1) Cyber hygiene and (2) IT risk management.

The Office of Insurance Commission (OIC) had developed an OIC announcement entitled "Governance and Management of IT Risks of Life Insurance Companies, B.E. 2563" and "Governance and Management of IT Risks of Non-life Insurance Companies, B.E. 2563"

The key objective of this announcement is to enforce 'enterprise' by SEC's definition to manage, control and resolve IT risks affecting confidentiality, integrity, and availability (CIA) in its information systems.

The Personal Data Protection Act, B.E. 2562 (2019), also known as the PDPA, establishes a comprehensive legal framework for the protection of personal data in Thailand1.