On April 29, 2025, the Government of Vietnam issued Decree 94/2025/ND-CP, providing for a regulatory sandbox in the banking sector. This Decree, effective as of July 1, 2025, establishes a legal framework that enables the controlled testing of financial technology (fintech) solutions in a strictly supervised environment. The primary objectives are to promote innovation, modernize the banking sector, enhance financial inclusion in a transparent, safe, and efficient manner, and support the development of an appropriate legal framework based on test results. This report analyzes the key highlights of the Decree, including its scope, applicable entities, conditions for participation, and customer protection measures.
- Regulatory Sandbox Mechanism
The Decree introduces a regulatory sandbox mechanism, allowing entities to deploy new products, services, and business models through fintech solutions. These trials are conducted within a safe environment under close supervision by the State Bank of Vietnam (SBV). The fintech solutions eligible for sandbox testing include:
- Credit Scoring: The use of technology to automatically assess a customer’s creditworthiness, improving efficiency and reducing evaluation costs.
- Data Sharing via Open API: Enable secure and standardized data exchange between financial institutions and third parties, promoting service integration and innovation.
- Peer-to-peer lending (Peer-to-Peer Lending - P2P Lending): Directly connecting borrowers and lenders through digital platforms, bypassing traditional financial intermediaries.
These solutions must meet specific criteria, such as innovativeness, limited prior implementation, customer protection, market stability, and feasibility for post-trial deployment.
- Objectives of the Sandbox Mechanism
The Decree sets out strategic goals to modernize the banking sector and enhance access to financial services:
- To encourage the development of innovative fintech solutions that improve the efficiency and competitiveness of the banking sector.
- To modernize banking operations by applying technology to improve financial processes and services.
- To enhance access to financial services for underserved populations, particularly through platforms such as P2P lending.
- To identify potential risks, costs, and benefits of fintech solutions to ensure financial system safety.
- To use the test results as a basis for government agencies to research and improve relevant legal regulations.
- Eligible Participants
The Decree applies to the following entities:
- Credit institutions: Banks and other credit service providers as defined under the Law on Credit Institutions.
- Foreign bank branches: Permitted to participate in the sandbox, except in the field of P2P lending.
- Fintech companies: Subject to strict eligibility conditions, including:
- Being a legally established entity in Vietnam with no foreign investment capital;
- Legal representatives and executive officers must hold a university degree in economics, business administration, law, or information technology and have at least two years of managerial experience in finance or banking;
- Not undergoing merger, dissolution, or bankruptcy proceedings.
- State authorities, customers, and other related organizations and individuals involved in the sandbox mechanism.
All participants must obtain a Certificate of Participation issued by the State Bank of Vietnam.
- Testing conditions
The Decree outlines specific conditions to ensure safe and effective testing:
- Testing duration: Up to two years, with the possibility of two extensions, each not exceeding one year.
- Geographic scope: Limited to the territory of Vietnam; cross-border or inter-regional testing is not permitted.
- Special provisions for P2P lending:
- Transactions must be conducted in Vietnamese đồng (VND);
- P2P lending companies may only operate within the scope of their license and are prohibited from engaging in other business activities;
- They must not provide credit guarantees, act as borrowers, or offer loans to pawnshops.
- Criteria for fintech solutions: Solutions must be innovative, not widely implemented, ensure customer protection and market stability, and be feasible for broader application after the testing phase.
- Reporting and Supervision
Participating entities must comply with strict reporting requirements to ensure transparency and effective oversight by the SBV:
- Quarterly reports: Due by the 15th of the following month, including transaction data and risk assessments.
- Mid-term reports: Submitted within 15 days of reaching the halfway point of the testing period, providing progress updates and preliminary results.
- Final reports: Submitted at least 90 days before the end of the testing period, presenting a comprehensive evaluation of effectiveness, risks, and lessons learned.
- Incident reports: Must be reported within 24 hours of occurrence, followed by a detailed report within three days.
The SBV will monitor compliance through these reports, onsite inspections, risk evaluations, and cooperation with relevant ministries and agencies.
- Customer Protection
The Decree places a strong emphasis on safeguarding customer interests during testing:
- Entities must clearly disclose the risks associated with fintech solutions.
- All information provided to customers must be transparent and accurate.
- Entities must implement data security measures to protect personal information.
- Customer complaints must be resolved within five days.
- Entities are liable for compensating customers for damages in accordance with applicable laws.
- Handling of violations
In cases of regulatory breaches, failure to initiate testing within 90 days, or serious risk to the financial system, the SBV may terminate the testing and revoke the Certificate of Participation.
- Risk Mitigation in P2P Lending
The Decree recognizes the inherent risks of P2P lending, particularly the potential for transformation into illegal high-interest lending (“black credit”) with non-transparent fees. To address these concerns, the Decree imposes the following measures:
- Restricting the operational scope of P2P lending companies;
- Prohibiting such companies from engaging in other business activities or providing credit guarantees;
- Mandating strict supervision and periodic reporting to detect and address risks in a timely manner.
- SUMMARY OF THE MAIN POINTS OF DECREE 94/2025/ND-CP
| Criteria | Details |
| Date of Issuance | April 29, 2025 |
| Effective Date | July 1, 2025 |
| Scope | Establishes a regulatory sandbox in the banking sector for fintech solutions: credit scoring, data sharing via Open API, and peer-to-peer (P2P) lending. |
| Eligible Participants | Credit institutions, foreign bank branches (excluding P2P lending), fintech companies, state agencies, customers, and other relevant organizations/individuals. |
| Eligibility Requirements (Fintech Companies) | Must be a domestic legal entity with no foreign investment; executive personnel must hold a university degree and have managerial experience in finance or banking. |
| Testing Duration | Maximum of 2 years, extendable up to 2 times, each for no more than 1 year. |
| Geographical Scope | Limited to the territory of Vietnam; cross-border testing is not permitted. |
| Reporting Requirements | Quarterly, mid-term, and final reports, and incident reporting within 24 hours. |
| Customer Protection | Risk disclosures, transparent information, data privacy safeguards, complaint resolution within 5 days, and compensation for damages. |
| Supervision | Conducted by the State Bank of Vietnam through reporting, onsite inspections, and risk assessments. |
| Violation Handling | Testing may be terminated and the participation certificate revoked if violations occur or serious risks arise. |
Contact for legal service at: https://sblaw.vn/contact/
