Across Southeast Asia, outdated banking infrastructure continues to constrain financial innovation. 95 per cent of banks in Asia still operate on legacy core banking platforms, hindering their ability to launch new digital services or integrate with agile fintech solutions. This technical debt poses a significant challenge as regional financial ecosystems grow increasingly complex and digitally oriented.
Meanwhile, fintech adoption in the region is surging. 78 per cent of internet users globally interact with at least one fintech product monthly, with Southeast Asia outpacing many regions in growth. Digital payments alone now account for 55 per cent of global volume, and in markets like Indonesia and Vietnam, fintech use is growing more than 20 per cent year-over-year. These shifts reflect both rising consumer demand and the mobile-first nature of Southeast Asiaโs digital economy.
We explore why Southeast Asiaโs new tech export goes global with B2B startups targeting the US market
In response, regulators across ASEAN are ramping up compliance expectations. Measures such as mandatory biometric identity verification, two-factor authentication and AI-based fraud detection are becoming standard across financial institutions. As Biometric Update reports, this reflects a region-wide push to secure onboarding and payments ecosystems without compromising accessibility.
Simultaneously, cross-border payment integration is gaining momentum. Projects like ASEANโs QR payment system linkages and Project Nexus aim to connect real-time payment infrastructures across Southeast Asia, enabling low-cost mobile transfers and reducing settlement risks. These initiatives are helping the region move toward economic integration, while strengthening traceability in digital financial flows.
The convergence of fintech innovation, legacy constraints and regulatory pressure is now forcing financial institutions to modernise how they manage identity, compliance and transaction monitoring. In this rapidly evolving environment, the institutions best positioned to thrive will be those that adopt flexible, regulation-ready infrastructures built to support both traditional finance and next-generation digital assets.
To learn more about this, we spoke to Jason Chan, APAC Government Relations Lead, Sumsub, about the evolution in the region and what it means for the industry.
How is Sumsub helping regulators and financial institutions in Southeast Asia manage the convergence between traditional financial systems and emerging digitalโasset ecosystems, especially where legacy frameworks still prevail?ย ย
Legacy financial systems are still common across Southeast Asia. According to an IDC report, 95% of banks in Asia-Pacific (APAC) are still operating on outdated banking technology, which limits their ability to innovate and integrate new digital services.
Sumsub bridges this gap by offering flexible and modular compliance solutions that can be integrated into both legacy and modern infrastructures. Our full-cycle platform enables financial institutions to automate identity verification, monitor transactions continuously in real time, and stay compliant with evolving AML/CFT (Anti-Money Laundering/Counter-Financing of Terrorism) requirements without overhauling their existing tech stacks. Furthermore, Sumsub supports various blockchain networks and 10,000+ crypto assets, providing users the access to the largest Travel Rule ecosystems of 1,800+ virtual assets service providers (VASPs) with flexible architecture and seamless integrations, ensuring compliant transactions. An example of this would be Sumsubโs collaboration with dtcpay, a Singapore-based fintech. By integrating Sumsubโs verification solution into its wallet platform, dtcpay replaced manual Proof of Address checks with Sumsubโs Identity Document (ID) verification and ongoing AML monitoring, while improving onboarding speed and operational efficiency. Furthermore, Sumsubโs Software Development Kit (SDK) enabled dtcpay to customize the onboarding flow to meet specific user requirements, while ensuring the process remained secure, seamless, and fast.
For regulators, Sumsub is actively working to align its expertise, both in tooling and in data, with strategic regulatory initiatives and industry collaboration with the private sector. Our aim is to contribute to projects that enhance the financial sectorโs capacity for future technologies, such as AI and blockchain.
Digitalโasset regulations differ widely across countries in the region. From jurisdictions with progressive frameworks to those still adapting, how can you support companies in navigating this patchwork, from Indonesia to Vietnam to Singapore?
Navigating the fragmented regulatory landscape across Southeast Asia can be challenging for companies, especially those operating across borders. Each jurisdiction has its own pace of regulatory developmentโfrom progressive markets like Singapore with established digital asset frameworks, to countries like Indonesia and Vietnam, which are still in the process of adapting or refining theirs.
To meet these challenges, our technology is designed to be configurable and adaptable, allowing onboarding and verification processes to be adjusted to fit the specific regulatory demands of each market. Rather than relying on static compliance measures, we focus on what we call Compliance Convergence, the merging of AML, data protection, cybersecurity, and transaction monitoring into a unified platform. This approach provides compliance officers with a single source of customer due diligence data, feeding directly into real-time transaction monitoring, enabling early, automated risk detection. At the same time, with our no-code Workflow Builder, businesses can fully customise their verification flows on a country-by-country basis. This means that users can add document-based checks, AML Screening, Address Verification, and more according to their individual business needs. This allows the user to work with clients from multiple countries, staying compliant and keeping conversion high.
Our recently introduced AI-powered assistant โSummyโ in our Case Management solution is also able to assist in reducing false positives and prioritize high-risk cases, analysing patterns in data and learning from past decisions, enabling compliance teams to focus on genuine threats instead of spending hours on alerts.ย
An example of how Sumsub has supported companies to navigate the differing regulations would be through PingPong Payments, a global payment solutions provider, which offers secure and compliant cross-border transaction services for businesses of all sizes. As the company expanded internationally, it needed a solution that could streamline compliance processes while supporting rapid growth. By partnering with Sumsub, PingPong was able to meet global compliance requirements at scale, without compromising user experience. Committed to maintaining a secure ecosystem for buyers and sellers worldwide, PingPong saw Sumsub as a strategic partner to strengthen its compliance-first product approach.
Sumsub also prioritises working closely with the different government bodies to better understand local regulatory priorities and dialogues. For example, we recently hosted a Vietnamese delegation for roundtable discussions on digital asset regulation and are currently in talks to organise a follow-up seminar in Hanoi with ecosystem partners. These efforts aim to strengthen public-private dialogue and support regulatory clarity and innovation in Vietnamโs digital asset landscape.
What do you see as priorities in engaging policymakers across Southeast Asia? Which areas: data privacy, crossโborder payments, and digital wallet control, are receiving the most regulatory attention now?
In Southeast Asia, three areas are drawing significant regulatory attention.
Cross-border payments are becoming a major priority, with central banks across ASEAN linking real-time payment systems to enable instant, low-cost transfers between economic corridors. Notably, Thailandโs PromptPay and Singaporeโs PayNow, for example, are now interoperable for instant mobile remittances, while the BIS Innovation Hubโs Project Nexus aims to extend such connectivity to more countries. This regulatory focus on payment connectivity addresses economic integration as ASEANโs digital economy grows, but also strengthens anti-money laundering measures by bringing more transactions onto traceable, regulated channels.
Digital wallet control is another key area of focus. The rapid adoption of e-wallets and mobile payments has drawn regulatory scrutiny for consumer protection and financial integrity. Authorities across ASEAN have tightened oversight of digital asset issuers, wallet providers and custodians to prevent fraud, unauthorised transactions and misuse of funds. In Singapore, MAS has raised wallet transaction caps but paired this with anti-scam requirements such as cooling-off periods for new devices and default transfer limits to ensure user safety. Elsewhere in the Philippines, the Bangko Sentral ng Pilipinas (BSP) mandates two-factor authentication and strict KYC for all digital wallets. Across the region, ensuring that wallets are secure and transparently managed remains a core regulatory objective.
Finally, data privacy is receiving increasing legislative attention. While Sumsub does not actively engage regulators on this issue, we recognise that authorities across the region are strengthening personal data protection laws amid innovations in fintech. Indonesiaโs first Personal Data Protection Law came into effect in 2024, Malaysia passed major PDPA amendments in the same year, and Vietnam implemented a new Personal Data Protection Law in June. Sumsub applauds this regional push to safeguard consumer data and build further trust in digital services with privacy-enhancing technologies.
How can regulators design frameworks that enable safe crossโborder adoption of stablecoins or tokenised instruments while mitigating risks such as money laundering or regulatory arbitrage?
There are several strategies we have seen regional regulators deploy to manage cross-border digital asset flows while mitigating risks such as money laundering and regulatory arbitrage.
One approach is to implement strong AML/CFT controls and ensure Travel Rule compliance. In ASEAN, financial regulators in Singapore, Indonesia and the Philippines have extended strict AML/CFT obligations to all crypto-asset service providers. This includes the FATF Travel Rule for cross-border crypto transfers in addition to rigorous customer due diligence, transaction monitoring, sanctions screening and so forth. The Travel Rule requires identifying information to accompany all digital asset transactions between institutions, similar to bank wire transfers, so that illicit actors are not able to exploit anonymity.
Another strategy is to use pilots and sandboxes. Regulators have assessed digital asset technology and governance models by trialling pilot projects in contained environments, especially in the realm of Central Bank Digital Currency (CBDC) projects such as Project Dunbar and Project mBridge, which have enabled regulators to observe transaction and settlement outcomes under agreed rules and technical implementations on novel blockchains. The emphasis during these pilot projects and sandboxes has been on establishing strict guardrails, such as stringent disclosure, cybersecurity standards, and legal enforceability of smart contracts. These conditions not only guide the pilot phase but also inform subsequent experiments by private-sector fintechs and supervised banks in regulatory sandboxes, before any broader rollout.
Finally, cross-jurisdiction cooperation is key to preventing regulatory arbitrage. For some time now, the Financial Stability Board has urged โsame activity, same risk, same regulationโ for digital assets and recommended strong cross-border cooperation to stamp out regulatory loopholes. At a high level, this means harmonised rules and information-sharing among countries; in practice, it involves mutual recognition of licenses, joint supervision of stablecoin issuers and custodians, and shared databases of suspicious transactions and bad actors. BIS Innovation Hubโs Project Aurora is one such project that aims to tackle money laundering risks by using data sharing, machine learning, and network analysis, all coupled with privacy-enhancing technologies. Recently, Singaporeโs MAS closed a loophole under the FSMA 2022 that allowed crypto-related firms to avoid oversight by operating cross-border and only serving overseas users. These approaches underscore that regulators are looking to avoid gaps between jurisdictions, avoid โforum-shoppingโ, and maintain high standards globally.
Regulation in the region is evolving fast; new rules on digital-asset licensing, cross-border payments, and transaction surveillance. How can you stay ahead of regulatory shifts, and what role does technology play in agile adaptation?
Staying ahead of regulatory change is a strategic priority for Sumsub, especially in a region as dynamic and diverse as Southeast Asia. We take a multi-pronged approach to ensure our clients can navigate new rules with confidence and agility.
First, we invest in on-ground expertise. We opened our APAC headquarters in Singapore in July 2023 with the goal of building a stronger presence in the region and providing tailored support to businesses navigating complex compliance landscapes. Today, we have dedicated teams working across key markets such as Thailand, Indonesia, Malaysia, Vietnam, and the Philippines, allowing us to respond to local regulatory developments quickly and effectively.
Second, we build strong regional partnerships. In Southeast Asia, we work with trusted local distributors and resellers, including Nexus Technologies, PT Secure Pasifik Teknologi, and Spectrum Edge, to ensure our solutions are both locally compliant and operationally seamless. These collaborations also give us deep, real-time insight into regulatory shifts at the ground level, which we use to support our clients’ decision-making.
Third, we support ongoing education through initiatives like Sumsub Academy. We regularly conduct workshops, training sessions, and summits that bring together regulators, compliance professionals, and fintech leaders to discuss key challenges and emerging risks. For example, in November this year, weโre hosting our inaugural What The Fraud (WTF) Summit in Singapore, an event designed to tackle the growing threat of fraud and highlight the role of collaboration between the public and private sectors in building more secure digital ecosystems.
Lastly, we engage directly with regulators and policymakers. Just recently, we hosted a closed-door roundtable in London with a Vietnamese government delegation to share global best practices on digital-asset regulation ahead of Vietnamโs upcoming legislative changes.
When it comes to adapting to change, itโs not just about having the right technology. Itโs about having the right people, partnerships, and processes in place. Thatโs what helps us and our clients stay one step ahead in this fast-moving environment.
Looking ahead to 2026 and beyond, do you foresee more harmonisation in Southeast Asiaโs regulatory regimes on digital assets?
In 2026, we can generally expect to trend towards greater harmonisation of digital assets across ASEAN.ย
One major driver will be regional frameworks. ASEAN is working on region-wide agreements to align various aspects of digital adoption, with the Digital Economy Framework Agreement, expected by 2026, being the most comprehensive, as it will unify digital trade rules, data standards and payment frameworks across all member states. We expect common baselines to be established for areas such as e-commerce, digital payments, cross-border data flows, and potentially digital identity and cybersecurity. For digital assets specifically, more coherent rules for electronic transactions will make it easier for fintechs to navigate ASEAN interoperably as a region.
That said, progress will be gradual.ย Despite trends towards harmonisation, we donโt expect full uniformity in the near term. ASEAN countries have diverse financial systems and legal frameworks, which means each member state will operate at a different pace. For example, Singapore and the Philippines have been advocating for freer cross-border data flows, whereas Indonesia and Vietnam have been tightening data sovereignty laws. Furthermore, smaller states might need to build regulatory capacity on complex issues like crypto derivatives and tokenisation of real-world assets. As a result, harmonisation will likely take the form of agreed frameworks and best-practice guidelines rather than binding, EU-style regulations.
We also see global standards increasingly shaping local rules. Weโve observed that many ASEAN jurisdictions are aligning themselves with recommendations from international bodies such as the Financial Stability Board (FSB) and the Financial Action Task Force (FATF). As these norms spread, we expect regulators to converge on similar requirements, such as the supervision of crypto exchanges, stablecoin issuers and custodians, disclosure obligations, and robust customer identity verification rules. By the end of 2026, we expect key aspects of digital asset oversight across ASEAN to be in line with international best practices.
Finally, cross-border collaboration is set to deepen. We anticipate more joint central bank initiatives, similar to Project Nexus, Project Dunbar, and Project mBridge, alongside greater cross-licensing and passporting arrangements for digital asset institutions within ASEAN.