Weekly ASEAN Regulatory Digest
Hi,
Welcome to the first edition of the Weekly ASEAN Regulatory Digest by The Regulatory Compass.
I hope you will find in this edition and future ones the resources you need to maintain a smooth and effective regulatory watch.
The TRC team and I remain at your disposal.
This week
Singapore
Global Listing Board dual‑listing framework moves forward
The Monetary Authority of Singapore (MAS) has advanced its framework to support the Global Listing Board (GLB), a dual‑listing platform jointly developed by SGX and Nasdaq. MAS’ 30 April 2026 consultation response confirms plans to facilitate dual listings via harmonised rules and a new Part 13A in the Securities and Futures Act, allowing issuers to use a single set of offering documents and streamlined IPO processes across both exchanges.
Under the proposed framework, MAS can designate “prescribed” overseas exchanges and dual‑listing boards, and may modify or disapply certain SFA provisions (including offer and market‑misconduct rules) to align with the partner jurisdiction while preserving safeguards against fraud and dishonesty. For issuers, key benefits include reduced documentation duplication, more flexible prospectus registration timelines in Singapore, and the ability to conduct pre‑marketing with institutional and accredited investors before lodging a preliminary prospectus.
Implications:
Global or US‑listed issuers with strong Asia linkages gain a clearer pathway to concurrent SGX–Nasdaq listings.
Compliance and capital‑markets teams should begin mapping disclosure, liability and safe‑harbour requirements across both regimes in anticipation of GLB regulations coming into force.
MAS consults on prudential treatment of cryptoassets on permissionless blockchains
On 17 April 2026, MAS published its Consultation Paper on the Prudential Treatment of Cryptoassets on Permissionless Blockchains, with the consultation period running to 18 May 2026. The paper responds to industry feedback that earlier proposals were overly punitive and insufficiently technology‑neutral toward permissionless cryptoassets.
MAS now proposes allowing banks to treat some permissionless‑blockchain cryptoassets as lower‑risk “Group 1” exposures, provided they meet principle‑based safeguards around governance, finality, resilience and financial‑crime risk mitigation (e.g., robust validator decentralisation, clear transaction finality, independent smart‑contract audits, and whitelisting‑style controls). During an interim period from publication until the wider crypto prudential framework is finalised, these more favourable treatments would be capped by strict exposure and issuance limits.
Implications:
Singapore is signalling openness to well‑controlled permissionless‑chain use cases while maintaining conservative capital overlays.
Banks with digital‑asset businesses should assess which tokens or structures could realistically meet MAS’ safeguards and prepare impact analyses on capital requirements and risk‑management frameworks.
AI risk management toolkit and recovery / resolution planning
Singapore continues to tighten expectations on technology and operational resilience. Recent industry updates highlight that MAS has launched an AI Risk Management Toolkit for financial institutions, providing practical guidance across governance, risk identification, AI lifecycle controls and organisational enablers. This follows earlier MAS messaging that banks and insurers should formalise long‑term plans for adopting emerging technologies such as generative AI and distributed ledger technology.
Concurrently, MAS is consulting on new notice and guidelines for recovery and resolution planning, including enhanced resolution powers for capital‑market infrastructures, as noted in Allen & Gledhill’s April 2026 Financial Services Bulletin. These proposals aim to ensure that systemically important market infrastructures can be stabilised or resolved in crises without severe disruption to markets or public funds.
Implications:
Firms using AI in credit, trading, customer onboarding or surveillance should benchmark their internal AI governance against MAS’ toolkit and expect closer supervisory scrutiny.
Market infrastructures and participants relying on them need to factor recovery and resolution expectations into contingency planning and contractual arrangements.
Indonesia
New OJK rules on foreign workers and knowledge transfer in commercial banks
Indonesia’s Financial Services Authority (OJK) has issued Regulation No. 1 of 2026 on Foreign Employment and Knowledge Transfer Programmes in Commercial Banks, effective 23 February 2026 and recently highlighted in regional legal bulletins. The regulation replaces OJK Regulation No. 37/POJK.03/2017 and aligns banking‑sector foreign hiring rules with broader manpower and job‑creation legislation.
Banks, foreign branch offices and representative offices may employ foreign workers mainly in senior or specialist roles (directors, commissioners, executive officers, specialists, experts or consultants), typically where at least 25 percent of shares are foreign‑owned. Institutions must submit detailed manpower plans to OJK, including justification for foreign hires, roles, duration, named local counterparts and structured knowledge‑transfer programmes that combine on‑the‑job training, seminars and, in some cases, overseas assignments for Indonesian staff.
Implications:
Foreign banks and joint‑venture banks in Indonesia face stricter expectations that expatriate staffing will tangibly upgrade local talent, with OJK approvals tied to concrete knowledge‑transfer plans.
HR and compliance teams should review current foreign‑staff rosters, transition plans and training programmes to ensure they match the new requirements and timelines.
Malaysia
Securities Commission launches ICM Innovation Lab (FIKRALab)
The Securities Commission Malaysia (SC) has launched the ICM Innovation Lab (FIKRALab), a structured co‑creation and applied R&D platform to develop new Islamic capital market products and instruments. Announced on 26 March 2026 and featured in late‑April ASEAN bulletins, FIKRALab sits under the Capital Market Masterplan 2026–2030 and aims to advance Maqasid al‑Shariah‑driven innovation grounded in real economic activity and broader social impact.
A key feature is the Maqasid al‑Shariah Clinics, where the SC works with industry players, Shariah advisers and experts to stress‑test and refine ICM structures through curated engagements and knowledge symposia. The initial cohort focuses on new‑generation products, Islamic social finance and sustainability/transition finance, with industry participants invited to submit proposals through 30 September 2026.
Implications:
Malaysian and regional financial institutions have a new avenue to co‑develop innovative Shariah‑aligned and sustainability‑linked instruments with close regulatory engagement.
Product, treasury and ESG teams should evaluate whether pipeline ideas (e.g., social‑finance Sukuk, transition instruments) could benefit from FIKRALab’s clinics and pilot support.
Myanmar
Chinese yuan recognised as an investment currency
Myanmar’s Investment Commission (MIC) now accepts Chinese yuan (CNY) as a foreign investment currency alongside the US dollar for foreign capital contributions. MIC Bulletin 1/2026, effective 16 March 2026 and discussed in late‑April legal updates, allows investors to submit proposals and approvals denominated in either USD or CNY and to route transfers through authorised dealer banks.
In parallel, MIC has introduced minimum eligibility criteria for tax exemptions or relief in promoted sectors, signalling a more selective approach to incentive allocation. Authorities describe the currency move as a way to simplify procedures, better match investor needs and deepen financial ties with China.
Implications:
Chinese‑linked projects and investors may find it operationally easier to structure capital injections and transactions in CNY, reducing FX friction.
Multinationals should revisit treasury and tax models for Myanmar projects to reflect currency‑choice flexibility and evolving incentive criteria.
Vietnam
AI Law: risk‑based framework now in force
Vietnam’s first standalone Law on Artificial Intelligence took effect on 1 March 2026, establishing a comprehensive, risk‑based framework for AI systems. The law, enacted in December 2025, complements the Law on Digital Technology Industry by classifying AI systems into multiple risk tiers and imposing stricter obligations (including conformity assessments and oversight) on high‑risk use cases such as healthcare, finance and public services.
Existing AI systems benefit from phased grace periods: 18 months for systems in healthcare, education and finance, and 12 months for other sectors, during which they may continue operating while transitioning to compliance. The law applies to both Vietnamese and foreign entities involved in AI development, deployment or use in Vietnam, signalling extraterritorial reach for cross‑border AI services touching Vietnamese users.
Implications:
Financial and tech firms using AI in Vietnam should immediately map their systems against the law’s risk categories and design remediation plans within the relevant grace periods.
Cross‑border AI service providers (e.g., cloud‑based analytics or decisioning engines) must treat Vietnam as a regulated AI jurisdiction alongside the EU and other early movers.
Personal Data Protection Law and Decree 356: new data‑governance baseline
Vietnam’s data‑protection regime was significantly upgraded from 1 January 2026 with the Personal Data Protection Law (PDPL) and Decree 356/2025/ND‑CP, which replace Decree 13/2023 as the primary legal framework. The PDPL consolidates scattered provisions into a unified law, expands data‑subject rights, and introduces more stringent consent, transparency and security obligations.
Notably, the implementing rules classify personal data into “basic” and “sensitive” categories and broaden “sensitive data” to cover areas such as detailed financial information (including bank account details and transaction history), with stricter controls and mandatory appointment of Data Protection Officers and departments for organisations handling such data. The law has extraterritorial reach, applying to foreign entities processing personal data of Vietnamese citizens, regardless of server location.
Implications:
Banks, fintechs, BPOs and other service providers processing Vietnamese customer data must revisit data‑mapping, DPO structures, breach‑notification procedures and cross‑border transfer mechanisms.
Regional compliance programmes should treat Vietnam as one of the more stringent data‑protection regimes in ASEAN, on par with or approaching GDPR‑style standards in some respects.