Vietnam AML compliance has become a top priority for banks, fintechs, insurers, securities firms, and reporting entities operating in the country. Following Vietnam’s FATF grey-listing and the implementation of AML Law 2022, organizations face stricter customer due diligence, transaction monitoring, reporting, and sanctions screening obligations.
Vietnam’s anti money laundering regime has entered a new phase of intensity. If you’re a compliance officer or MLRO at a bank, fintech, insurer, or securities firm operating in Vietnam, the regulatory pressure you’re feeling is real-and it’s growing.
Vietnam AML Compliance Framework in 2025
In June 2023, the Financial Action Task Force placed Vietnam on its grey list for strategic AML / CFT deficiencies. That designation, combined with Vietnam’s AML Law of 2022 (Law No. 14/2022/QH15), which became effective in March 2023, has fundamentally reshaped compliance expectations across the financial system. Vietnam aims to align AML laws with FATF standards by 2025, and institutions that aren’t keeping pace are exposed.
The anti money laundering law and counter terrorist financing rules now touch a far wider range of entities than before. Commercial banks, credit institutions, payment intermediaries, life insurance companies, securities firms, crypto platforms, and the real estate sector all face expanded AML obligations. Designated non-financial businesses- from dealers in precious metals to legal services providers-are no longer on the sidelines. The law broadens AML obligations to non-financial sectors in ways that demand operational changes, not just policy updates.
ZIGRAM offers a Complete AML System designed specifically for regulated entities navigating these requirements. The platform combines name screening, transaction monitoring, entity risk assessment, and adverse media tools into a single RegTech environment. With Vietnam introducing reporting requirements for large cash transactions, large-value domestic transfers, and cross-border wire transfers, this article provides a practical, compliance-focused roadmap. The goal is actionable guidance-not legal theory.
Regulatory Landscape: Core Vietnam AML / CFT Framework
Vietnam’s anti money laundering law framework is now anchored in Law No. 14/2022/QH15, which replaced the 2012 AML law entirely. Complementary regulations include Decree 88/2019/ND-CP (as amended by Decree 143/2021/ND-CP), which sets out administrative penalties in the banking sector, and Decision No. 11/2023/QD-TTg, which raised the large-value transaction reporting threshold. Most recently, Circular No. 27/2025/TT-NHNN introduced tighter guidance on risk assessment criteria, electronic funds transfer reporting, and mandatory electronic submission of reports by January 1, 2026.
The State Bank of Vietnam serves as the primary regulator for AML efforts. Its anti money laundering department functions as Vietnam’s Financial Intelligence Unit, responsible for receiving suspicious transaction reports and large-value transaction reports. The SBV also compiles a “Warning List” of high-risk entities that reporting entities must reference during screening. Meanwhile, the Ministry of Finance supervises the securities sector’s AML compliance.
Vietnam’s grey list status under the Financial Action Task Force and the Asia/Pacific Group on Money Laundering creates sustained pressure. International partners, correspondent banks, and foreign organisations increasingly scrutinize Vietnamese counterparts. Beyond AML-specific laws, Vietnam’s cybersecurity legislation and data protection rules govern how customer identification information is stored, transmitted, and secured-adding another compliance layer for institutions running AML systems.
Scope of Reporting Entities and Covered Sectors
Under AML Law 2022, the term reporting entities covers a broad range of financial institutions and non-financial entities. Understanding whether your organisation falls in scope is the first step toward compliance.
Financial institutions in scope include:
Commercial banks and foreign bank branches
Credit institutions and financial leasing companies
Payment intermediaries and intermediary payment services providers
Securities companies and fund managers
Life and non-life insurance companies
E-money providers and fintech platforms
Designated non-financial businesses and professions (DNFBPs) include:
Real estate brokers and developers
Casinos and gaming operators
Dealers in precious metals and gemstones
Lawyers, notaries, and providers of legal services and consulting services
Accountants and company service providers
Online gaming platforms
Real estate firms must conduct customer due diligence under the AML law, reflecting the acute mone laundering risks in that sector: ownership opacity, large cash flows, and the use of shell companies. Dealers in precious metals must apply CDD measures and maintain records for at least five years. Life insurance companies must report suspicious transactions to the AML Department of the state bank.
By 2025, virtual asset service providers and crypto exchanges are expected to fall under explicit regulatory oversight through Vietnam’s pilot programme under Resolution No. 05/2025/NQ-CP. Even before formal licensing, these platforms should already align with AML standards.
ZIGRAM’s “The Complete AML System” is configurable for both financial institutions and DNFBPs, including its Entity Hero module for entity-level risk assessment.
Risk-Based Approach and National / Institutional Risk Assessment
Vietnam’s AML framework embeds a risk-based approach consistent with FATF Recommendations. Regulators expect documented risk assessments at both the national and institutional levels, and Circular 27 now requires institutions to use quantitative scoring methods (on a 1–5 scale) across multiple risk dimensions.
The national risk assessment process, conducted every five years, has identified several high-risk areas: the banking sector, import-export trade (trade-based money laundering), the real estate sector, cross-border remittances, and emerging fintech and crypto activities. Geographic risk includes countries on the FATF grey or black list. Competent authorities expect institutions to assess money laundering risks against these national findings.
An institutional AML/CFT risk assessment should cover:
Customer risk: PEPs, corporate customers with complex ownership, non-resident clients
Product/service risk: high-cash products, digital payments, raising capital instruments, charity funds
Delivery channel risk: non-face-to-face onboarding, agents, third-party channels
Geographic / jurisdiction risk: countries subject to sanctions or increased monitoring
Internal control weaknesses: gaps in policies, staff training, data quality, or audit coverage
Reporting entities must refresh their risk assessments at least annually and whenever material changes occur-such as launching new products, entering new markets, or identifying new high-risk corridors.
ZIGRAM’s Entity Hero and ESG / crypto risk modules automate entity risk assessment and ongoing risk-rating updates for both domestic and cross-border customers.
Vietnam KYC, Customer Due Diligence (CDD), and Ongoing Monitoring Requirements
Customer due diligence is mandatory for various sectors under Vietnamese AML rules. CDD is triggered at several points: when opening accounts or establishing business relationships, before certain financial transactions, when suspicion arises, or when doubts about existing customer identification information surface. Vietnam’s AML Law requires CDD for financial institutions and other financial institutions alike, as well as for DNFBPs in their covered activities.
Standard CDD requirements include:
Identifying and verifying customers and beneficial owners-businesses must identify ultimate beneficial owners as part of customer onboarding
Collecting information on the purpose and intended nature of the business relationship
Understanding source of funds for higher-risk cases
CDD measures must be applied when opening accounts or conducting transactions
Records of CDD activities must be maintained for five years
Enhanced due diligence (EDD) applies to higher-risk scenarios: politically exposed persons (both domestic and foreign), cross-border transactions involving high-risk jurisdictions, complex corporate structures, and heavy cash users. Entities must identify foreign politically exposed persons under CDD, and CDD includes checking customers against relevant watchlists/sanctions lists, domestic blacklists, PEP databases, and adverse media sources.
ZIGRAM’s PreScreening.io provide integrated name screening, PEP watchlist checks, and news-based adverse media monitoring. These tools help identify customers against multiple data sources in real time.
Ongoing monitoring duties include periodic KYC refresh, continuous transaction behaviour review, and automatic alerts for unusual patterns. Manual reviews are increasingly inadequate given transaction volumes. A Complete AML System automates these processes, reducing human error and ensuring that compliance teams can focus on genuine risk rather than data entry.
Vietnam AML Reporting Requirements: STRs, LVTRs and Cash Transactions
Reporting obligations sit at the core of Vietnam AML compliance. Failure to meet reporting requirements creates both regulatory exposure and potential criminal liability. Entities must report suspicious transactions to the State Bank of Vietnam, and all regulated entities must report transactions over VND 400 million.
Suspicious Transaction Reports (STRs): When reporting entities detect money laundering activities or terrorism financing indicators, they must file STRs with the SBV’s anti money laundering department. Timeliness matters: STRs must be filed within three working days after the transaction, or one working day after detection. If a money laundering crime is implicated, reporting to the state bank and law enforcement must happen within 24 hours. Life insurance companies must report suspicious transactions to SBV under the same framework. Reporting suspicious transactions must remain confidential-tipping off is prohibited.
Large-Value Transaction Reporting (LVTR): Under Decision No. 11/2023/QD-TTg, entities must report transactions over VND 400 million (approximately USD 16,000–20,000) in cash or foreign currency deposits and withdrawals in a single day. Transactions exceeding certain thresholds must be reported to the State Bank of Vietnam regardless of whether suspicion exists. This is separate from suspicion-based reporting.
Domestic and Cross-Border Transfer Reporting: Circular 27/2025/TT-NHNN establishes that any domestic transfer (electronic money transfer) of VND 500 million or more, and any international transfer of USD 1,000 or more, must be reported. Both the sender and receiver details must be captured. These reporting transactions must be submitted electronically within one working day, or within two working days if filed on paper.
Automated transaction monitoring tools like ZIGRAM’s Transact Comply can flag threshold breaches for high-value transactions and suspicious activity, generating ready-to-file reports that align with the SBV’s required format and reporting procedures. This significantly reduces the risk of missed deadlines or incomplete filings.
Record-Keeping, Data Management, and Cybersecurity Expectations
Robust record-keeping is a legal requirement under Vietnam’s law on anti money laundering and a practical necessity during audits, investigations, or regulatory inspections. Records of transactions must be kept for five years post-transaction-specifically, at least five years after the termination of business relationships or after the completion of the relevant transaction.
Types of records to maintain:
KYC documents and customer identification information
Beneficial ownership records
Customer risk ratings and CDD/EDD files
Transaction data, including all reportable large cash transactions and electronic transfers
STRs, LVTRs, and internal investigation notes
Decisions on account restrictions, exits, or applying temporary measures
Secure storage and transmission of AML data must comply with Vietnam’s cybersecurity legislation. This means encryption, role-based access controls, audit trails, and secure integration with the SBV’s electronic reporting systems. ZIGRAM’s Complete AML System provides centralized data management, audit logging, and secure API-based integrations that meet these expectations-ensuring that internal regulations around data handling are operationally enforced rather than just documented.
Sanctions Compliance and Counter Terrorist Financing (CTF)
Vietnam implements UN Security Council sanctions domestically and maintains its own lists relating to terrorism, proliferation of weapons of mass destruction, and national defence concerns. The Ministry of Public Security, Ministry of Defence, and other agencies maintain designations that reporting entities must screen against.
Core obligations:
Screen customers, beneficial owners, and counterparties against UN sanctions lists and Vietnam-specific lists
Monitor for unusual remittances, NGO and charity funds flows, and trade-based terrorism financing indicators
Detect links to designated individuals involved in terrorist financing or proliferation
Apply temporary measures-such as freezing assets-when matches are confirmed, pending direction from competent authorities
Counter terrorist financing controls require vigilance over small transactions that may aggregate to significant exposure, flows through foreign countries or foreign organisations with weak AML regimes, and cross-border trade channels. For internationally active financial institutions and fintechs, screening against OFAC, EU, and UK sanctions lists is best practice to combat money laundering and fight money laundering at a group level, even where not strictly required by Vietnamese domestic law.
ZIGRAM’s sanctions and PEP watchlist screening capabilities, embedded within the Complete AML System, support real-time list updates and configurable country-based rules. This is critical for Vietnam, given the evolving list of high-risk jurisdictions under APG and FATF evaluations, and the need to detect money laundering activities linked to sanctioned networks.
Vietnam AML Penalties and Enforcement Trends
Non-compliance with AML regulations can lead to severe penalties for corporate entities, including both administrative sanctions and criminal prosecutions. Vietnam’s AML Law emphasizes adherence to avoid severe penalties, and the consequences are real.
Administrative penalties under Decree 88/2019/ND-CP (as amended) include monetary fine sanctions for:
Inadequate customer due diligence or failure to identify customers properly
Failures in reporting obligations-missing STRs or LVTRs
Weak internal controls or missing internal audit functions
Breaches of record-keeping requirements
Penalties vary based on the nature and degree of violations. The largest fine for non-compliance is not specified as a fixed ceiling in the regulations, leaving discretion to regulators. Beyond a monetary fine, severe consequences include licence suspensions, business restrictions, reputational damage, and criminal liability for individuals involved in wilful or large-scale money laundering crimes. Conducting legal training and ongoing staff training are explicitly expected as part of compliance programmes; failing to invest in legal training can itself become an inspection finding.
Practical challenges facing Vietnamese and foreign institutions include:
Legacy systems that cannot handle threshold-based monitoring or electronic reporting
Manual processes prone to error and delay in reporting transactions
Limited AML staff, particularly across regional branches and in non financial entities
Data quality gaps in customer identification information and beneficial ownership records
The burden of monitoring large cash transactions in cash-intensive sectors like real estate and retail
Adopting modern RegTech solutions like the Complete AML System addresses many of these pain points by automating screening, transaction monitoring, and report generation-while providing the audit trails and regulatory oversight documentation that the SBV expects during inspections.
Future Outlook: Emerging Risks and Technology-Enabled Compliance
Vietnam’s path to exiting the FATF grey list runs through demonstrable enforcement and effective implementation-not just legislative reform. The national assembly has signalled continued reform, and the country’s international agreements and engagement with international partners will keep pressure high through 2026 and beyond.
Emerging money laundering risks include:
Rapid digitisation of payments (e-wallets, QR codes, mobile banking)
Growth of the securities sector and fintech-driven raising capital platforms
Expansion of cross-border e-commerce and remittances
Virtual asset and crypto markets under the five-year pilot programme
Complex trade-based money laundering schemes exploiting import-export corridors
Public security concerns around proliferation financing and terrorism financing channels
Regulators are expected to issue more detailed guidance for virtual asset service providers, cross-border payment rails, and online gaming. The shift toward quantitative risk scoring under Circular 27 signals a broader trend: regulators want to see technology-enabled compliance, not just policy binders. Regulatory oversight will intensify, and institutions relying on manual processes will struggle to keep pace.
Institutions in Vietnam should invest in integrated RegTech platforms-such as ZIGRAM’s Complete AML System-that combine name screening, transaction monitoring, entity risk scoring, adverse media, and case management in one environment. This is not a future aspiration; it is a present necessity for any entity serious about Vietnam AML compliance.
Ready to close your compliance gaps? Book a Demo or schedule a discovery call with ZIGRAM to benchmark your current AML/CFT programme against Vietnam’s 2025 requirements, identify weaknesses in your systems and processes, and design a scalable, technology-enabled AML programme built for what’s ahead.
