2026
10 MIN READ
Vietnam's Ministry of Finance has embedded mandatory compliance reporting obligations for licensed crypto exchanges within the framework of Resolution No. 05/2025/NQ-CP and Decision No. 96/QĐ-BTC, requiring licensed Virtual Asset Service Providers to submit periodic reports covering transaction volumes, suspicious activity, and KYC completion rates. The obligations take effect under a five-year pilot programme running from 2025 to 2030, placing Vietnam's framework alongside Singapore's Payment Services Act and the EU's MiCA regulation as one of Southeast Asia's most structurally demanding crypto compliance regimes. Exchanges, VASPs, and international firms with Vietnamese exposure must now act urgently to build reporting infrastructure, KYC pipelines, and AML governance programmes capable of satisfying the Ministry of Finance's oversight apparatus.
The End of the Grey Area: Vietnam's Regulatory Inflection Point
The significance of Vietnam's recent regulatory architecture for digital assets should not be understated. For nearly a decade, the country's crypto market operated in a legal vacuum: the State Bank of Vietnam had prohibited the use of cryptocurrency as a means of payment, yet no formal framework existed governing exchanges, custody providers, or the issuance of digital assets. That ambiguity ended decisively when the National Assembly passed the Law on Digital Technology Industry (Law No. 71/2025/QH15) on June 14, 2025, which entered into force on January 1, 2026, and legally recognised digital assets as a category of property under the Vietnamese Civil Code.
The legislative foundation was rapidly operationalised through Government Resolution No. 05/2025/NQ-CP, promulgated on September 9, 2025, which established a five-year pilot programme for the issuance, trading, and supervision of crypto assets running through 2030. The Ministry of Finance (MOF) followed with Decision No. 96/QĐ-BTC in January 2026, converting the Resolution's policy architecture into hard administrative procedures — complete with licensing procedures, capital thresholds, governance requirements, and structured compliance reporting obligations that licensed exchanges must now satisfy on a periodic basis.
Within that compliance architecture, licensed exchanges are required to submit structured periodic reports to the MOF encompassing transaction volumes, suspicious activity reports (SARs), and KYC completion metrics — obligations that mirror the supervisory reporting regimes already established in comparator jurisdictions such as Singapore and the European Union. The reporting framework is administered by the MOF as lead authority, coordinating with the State Securities Commission (SSC), the State Bank of Vietnam (SBV), and the Ministry of Public Security (MPS). Failure to report accurately and on time is categorised alongside other compliance failures that can trigger outcomes ranging from operational restrictions to full licence revocation.
What Changed and the Architecture Behind It
The compliance reporting requirements introduced under the Resolution 05 framework do not exist in isolation but form part of a comprehensive and structurally demanding supervisory regime. Under Article 5 of Resolution No. 05/2025/NQ-CP, all trading, custody, and related transactions must be conducted exclusively through service providers licensed or approved by the Ministry of Finance — a provision that effectively eliminates peer-to-peer trading outside the regulated ecosystem and channels all market activity through entities subject to ongoing supervision and reporting controls. Decision No. 96/QĐ-BTC operationalises this requirement by establishing three distinct administrative procedures governing the licensing, amendment, and revocation of crypto-asset trading market operators.
The Digital Technology Law introduced a two-tier asset classification, distinguishing between virtual assets used for exchange or investment and crypto assets authenticated by cryptographic or similar digital technologies. Critically, both categories explicitly exclude securities, digital fiat currencies, and other financial instruments regulated under civil and financial laws. Tax policy for crypto-asset transactions during the pilot period follows regulations applicable to securities until sector-specific tax rules are enacted — a pragmatic bridging measure that nonetheless introduces significant accounting complexity, as Resolution 05 does not stipulate specific accounting principles or methods applicable to crypto assets.
The periodic reporting obligations embedded within this framework are a direct response to Vietnam's documented vulnerability to crypto-related financial crime. According to data cited by the National Cybersecurity Association, total financial losses from online fraud in 2024 were estimated at VND 18.9 trillion, while blockchain analytics firm Chainalysis projected that wallets linked to fraudulent activities generated USD 9.9 billion globally in 2024, with much of Southeast Asia's fraud infrastructure traced to the region. The government's policy calculus is clear: exchanges that are licensed must be transparent, and transparency is enforced through structured data submission to the regulatory authority.
The Scope of Affected Parties: Exchanges, VASPs, and International Entrants
The reporting obligations fall most heavily on entities seeking or holding a licence to operate a crypto-asset trading market in Vietnam — described in Resolution 05 as the 'License for Organizing a Crypto Asset Trading Market' issued by the Ministry of Finance. The eligibility criteria for that licence represent one of the most demanding capital thresholds in the Asia-Pacific region: applicants must demonstrate minimum charter capital of VND 10,000 billion (approximately USD 378–400 million), fully contributed in Vietnamese Dong, with at least 65% of that capital held by institutional investors, of which at least 35% must be held collectively by a minimum of two entities drawn from regulated sectors — commercial banks, securities companies, fund management companies, insurance companies, or technology firms. Those anchor institutions must themselves have been profitable for two consecutive years as evidenced by audited financials.
For international firms, the structural barriers are compounded by a 49% foreign ownership cap on licensed service providers, which means global exchanges cannot hold a controlling stake in any Vietnamese-licensed entity. Operators such as Binance, Coinbase, or Upbit — whose trading models Resolution 05 explicitly references as analogues for the permitted exchange structure — must therefore partner with qualifying Vietnamese-incorporated entities in order to access the regulated market. This requirement fundamentally reshapes the market-entry calculus for firms that have historically used cross-border access or offshore structures to serve Vietnamese users, and it creates a new category of compliance exposure for international institutional investors with indirect exposure to Vietnamese crypto market infrastructure.
Fintech startups and smaller VASPs face a distinct set of pressures. The capital threshold effectively excludes all but the most heavily capitalised and institutionally backed entities from obtaining an exchange licence, creating a bifurcated market in which a small number of well-resourced licensed operators face the full weight of periodic reporting obligations, while other participants must restructure, consolidate, or exit. The requirement that crypto assets may only be offered or issued to foreign investors, and traded among them through licensed organisations authorised by the Ministry of Finance, further concentrates compliance risk at the licensed operator level — but does not relieve fintech firms that facilitate onboarding, payment processing, or ancillary services from their own AML/CFT, cybersecurity, and data protection obligations under Vietnamese law.
Comparative Context: Singapore, the EU, and the Emerging Regional Standard
Vietnam's periodic reporting requirements are best understood in the context of a broader global movement toward institutionalising crypto market surveillance. Singapore's Monetary Authority of Singapore (MAS) requires Digital Payment Token (DPT) service providers licensed under the Payment Services Act 2019 to file Suspicious Transaction Reports (STRs) with the Commercial Affairs Department and MAS when money laundering or terrorism financing is suspected, comply with the FATF Travel Rule for transfers above specified thresholds, maintain detailed customer due diligence records, and submit to regular ongoing monitoring. As of June 30, 2025, MAS extended these obligations to entities incorporated in Singapore that offer digital token services to clients outside the country, requiring a DTSP licence under the Financial Services and Markets Act 2022.
In the European Union, the Markets in Crypto-Assets Regulation (MiCA), which became fully applicable to Crypto-Asset Service Providers (CASPs) on December 30, 2024, mandates that CASPs submit quarterly capital adequacy reports demonstrating compliance with minimum capital requirements, maintain standardised machine-readable order and trade records for submission to competent authorities, and implement fully integrated AML/CFT processes including customer due diligence, transaction monitoring, and the Travel Rule. The European Securities and Markets Authority (ESMA) conducted over 230 audits of crypto businesses in the first half of 2025 alone — a signal of the enforcement intensity that characterises the post-MiCA supervisory environment and that Vietnam's MOF is clearly calibrating against.
The contrast with neighbouring jurisdictions is instructive. Thailand, which introduced the Digital Asset Business Emergency Decree in 2018, requires only THB 50 million (approximately USD 1.59 million) in paid-up registered share capital for exchanges not holding client assets — a threshold nearly 250 times lower than Vietnam's requirement. That comparison reflects Vietnam's deliberate policy choice to prioritise systemic stability and AML integrity over market liberalisation, adopting what one legal analysis described as an approach that emphasises 'control and compliance over liberalization in order to safeguard retail investors.' The consequence is a licensing environment that is structurally more proximate to a securities exchange framework than to the lighter-touch VASP registration models seen elsewhere in ASEAN.
Practical Compliance Implications: Building the Reporting Infrastructure
Constructing a reporting infrastructure capable of satisfying the MOF's periodic compliance obligations is not a matter of form-filling; it requires foundational investment across four domains. First, transaction monitoring systems must be capable of aggregating, categorising, and reporting volume data across all asset classes permitted under the pilot programme — which, according to PwC's December 2025 market outlook, may include approximately 50 types of digital assets listed on licensed platforms. Those systems must interface with the MOF's administrative procedures as codified under Decision No. 96/QĐ-BTC and must be maintained in a manner consistent with Vietnam's cybersecurity and data protection laws, with the Ministry of Public Security retaining oversight authority over security appraisals.
Second, KYC completion rate reporting requires exchanges to maintain dynamic, auditable records of customer onboarding status. The licensing process for exchanges involves coordination with the SBV, MPS, and the Ministry of Information and Communications to ensure AML/KYC compliance — meaning that KYC gaps surfaced through periodic reporting will be visible simultaneously to multiple regulatory bodies. Exchanges must implement customer due diligence frameworks that not only meet the AML/CFT standards mandated under Vietnamese law but that generate the data outputs required for structured regulatory submission, including completion rates segmented by customer tier, risk category, and account status.
Third, Suspicious Activity Report (SAR) pipelines must be operationalised as live systems rather than ad hoc processes. The prohibition on crypto assets being used as legal tender in Vietnam, combined with the requirement that all trading and payment activities involving virtual assets be conducted in Vietnamese Dong through licensed entities, creates specific typological risks — particularly around on/off-ramp manipulation, smurfing through VND conversion, and cross-border capital flight disguised as asset investment. Licensed exchanges must develop SAR frameworks that are calibrated to these Vietnam-specific risk typologies, not simply imported wholesale from foreign compliance programmes designed for different regulatory contexts.
Fourth, governance and documentation obligations attach to every reportable event. Licensed exchanges are required to disclose key operational processes, ownership structures, and audited financial statements to ensure investor transparency, and must commence operations within 30 days of licence issuance — a timeline that leaves no room for compliance infrastructure to be built post-licensing. Non-compliance carries consequences that include severe penalties, licence revocation, and criminal prosecution under Vietnamese law, with the Ministry of Public Security playing an active enforcement role alongside the MOF and SSC.
Strategic Implications and the Path Forward for Market Participants
The emergence of Vietnam's structured compliance reporting regime represents a definitive shift in the risk profile of any business with Vietnamese crypto exposure. Approximately 17 million Vietnamese citizens owned crypto assets as of 2024, placing Vietnam seventh globally in total crypto ownership, while total crypto holdings by Vietnamese nationals have been estimated at approximately USD 18 billion with projections of 18–35% compound annual growth. That is a market of material scale — and one that is now enclosed within a regulatory framework that demands institutional-grade compliance infrastructure as the price of participation.
For exchanges and VASPs seeking to enter or remain in Vietnam, the immediate strategic imperative is a comprehensive gap analysis against the reporting and governance requirements embedded in Resolution No. 05/2025/NQ-CP and Decision No. 96/QĐ-BTC, followed by prioritised investment in the systems, personnel, and institutional partnerships that the licensing conditions demand. The 49% foreign ownership cap and the requirement for at least two qualifying institutional anchors from regulated sectors mean that capital structure planning and partnership due diligence must precede any licensing application — a process that, given the MOF's 20 working-day review window for initial dossier completeness and the subsequent 12-month supplemental dossier period, demands an immediate start for firms targeting the 2025–2030 pilot window.
For institutional investors with indirect Vietnamese exposure — whether through offshore fund structures, OTC desks, or positions in exchanges with Vietnamese user bases — the reporting regime introduces a new layer of counterparty compliance risk that should be reflected in due diligence frameworks and ongoing monitoring protocols. The global trajectory of crypto regulation, from MiCA's December 2024 full application to Singapore's FSMA extension deadline of June 30, 2025, confirms that periodic reporting to regulatory authorities is now the structural baseline for any exchange operating in a substantive jurisdiction. Vietnam has made clear that it intends to be counted among that cohort. Krysos Trust advises exchange clients, VASPs, and institutional investors navigating Vietnam's evolving regulatory environment on licence readiness, AML/CFT programme design, reporting infrastructure build-out, and ongoing compliance monitoring — drawing on deep in-country expertise at precisely the moment the market demands it most.
