Crypto Exchange License Thailand – SEC Requirements, Capital & Application Process

1. Executive Overview

Thailand is not “crypto-friendly” in the casual sense, but it is regulator-built: operating a retail exchange for Thai users is legal only inside a defined licensing perimeter, with ongoing supervision and enforcement powers. The license exists, but the bar is high: you must be able to demonstrate governance, systems readiness, client-asset protection, cybersecurity, and AML controls that stand up to inspection.

A crypto exchange license is possible in Thailand because the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018), as amended creates a formal licensing regime for a digital asset business (exchange, broker, dealer) and assigns supervisory authority to the SEC framework and the Minister of Finance.

Who regulates digital asset businesses? The core institutions are:

The SEC and SEC Office: policy, rules, supervision, reviews, and ongoing monitoring powers under the Decree.
The Minister of Finance: the licensing authority that grants a license upon SEC recommendation.

Definition box — “What you are licensing”
digital asset = cryptocurrency + digital token (statutory definition).
digital asset business = exchange, broker, dealer (and other businesses prescribed).
digital asset exchange = a center/network for trading or exchanging, operating by matching orders/arranging counterparties/providing system to facilitate agreements in the normal course of business (with exclusions set by SEC notification).

This guide focuses on the exchange pathway, but it also maps broker/dealer options because many applicants should not apply for an exchange license first.

Contents

11. Executive Overview

22. Legal Framework

2.12.1 Emergency Decree foundation (2018; amended)

2.22.2 Role of the Thai SEC and SEC Office

2.32.3 Role of the Ministry of Finance

2.42.4 Extraterritorial reach (serving Thai users from abroad)

33. Types of Crypto Licenses in Thailand

3.1Table 1 — License types (high-level)

3.2Table 2 — Exchange vs broker vs dealer (decision table)

44. What Is a Digital Asset Exchange License?

4.14.1 Matching engine requirement (functional, not branding)

4.24.2 Custody structure and client asset segregation

4.34.3 Reporting and compliance obligations (conceptual scope)

4.44.4 Trading pair approval (operational reality)

55. Capital Requirements

5.15.1 Minimum paid-up capital (exchange / broker / dealer)

5.2Table 3 — Paid-up capital (planning ranges)

5.35.2 Net capital maintenance and liquidity

5.4Table 4 — Net capital (baseline examples from practitioner summaries)

5.55.3 “Capital planning” table (what regulators implicitly test)

5.6Table 5 — Capital planning (illustrative framework)

66. Corporate Structure Requirements

6.16.1 Thai company requirement (core expectation)

6.26.2 Shareholder suitability and “major shareholder” controls

6.36.3 Directors/executives: approval and prohibited characteristics

6.46.4 Compliance officer and control functions

77. AML / KYC Requirements

7.17.1 Customer due diligence (CDD) and onboarding

7.27.2 Transaction monitoring and suspicious reporting

7.37.3 FATF alignment (strategic reality)

88. Application Process (Step-by-Step)

8.1Flow diagram 1 — Licensing workstream (text)

8.28.1 Incorporation

8.38.2 Pre-consultation with SEC

8.48.3 Document preparation (what actually matters)

8.58.4 System audit and readiness demonstration

8.68.5 Formal submission and review period

8.7Table 6 — Realistic timeline (planning)

99. Costs Involved

9.19.1 Licensing and annual supervisory fees (examples)

9.2Table 7 — Fee structure (commonly cited examples)

9.39.2 Infrastructure and compliance costs (dominant cost centers)

1010. Banking Challenges in Thailand

10.110.1 Why banking is hard even with a license

10.210.2 Fiat on/off-ramp integration constraints

10.310.3 Account opening risks (what triggers rejection)

1111. Post-Licensing Obligations

11.111.1 Reporting and ongoing governance

11.211.2 Cybersecurity and electronic crime controls

11.311.3 Client asset segregation (continuous)

11.411.4 SEC inspections and enforcement dynamics

1212. Common Reasons Applications Are Rejected

1313. Taxation of Crypto Companies in Thailand

13.113.1 Corporate income tax (CIT)

13.213.2 VAT and crypto-related rules

13.313.3 Withholding tax and other taxes

1414. Strategic Considerations

14.114.1 Is Thailand competitive vs Singapore?

14.2Table 8 — Thailand vs Singapore (operational comparison)

14.314.2 Regulatory stability and scope creep

14.414.3 Market structure reality

14.5Risk matrix (practical)

1515. FAQ

15.1What license do I need to create a crypto exchange?

15.2Is there any licensed crypto exchange in Thailand?

15.3Can foreigners own a crypto company?

15.4Is crypto legal in Thailand?

15.5How long does approval take?

16Appendix A — Process flow diagram 2 (operating model: exchange lifecycle)

17Appendix B — Four tables checklist (delivered)

18Appendix C — Three capital tables checklist (delivered)

19Terminology compliance note (for clarity)

2. Legal Framework

2.1 Emergency Decree foundation (2018; amended)

Thailand’s licensing system for a digital asset business is established by the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018) (unofficial English translation available; Thai text governs).
The Decree defines cryptocurrency, digital token, and digital asset; defines the three core license types; and sets licensing, supervision, conduct, and client-asset segregation principles.

2.2 Role of the Thai SEC and SEC Office

The Decree gives the SEC duties and powers to establish policy and issue rules/notifications/orders relating to issuance/offering of tokens and digital asset businesses, including fees and criteria.
The SEC Office operationalizes this through manuals, guidelines, forms, and ongoing supervision resources published as part of the digital asset business operator regulatory set.

2.3 Role of the Ministry of Finance

A digital asset business operator must obtain a license from the Minister of Finance upon the SEC’s recommendation.
This two-step design matters in practice: you must satisfy SEC review depth before the Minister grants the license.

2.4 Extraterritorial reach (serving Thai users from abroad)

Thailand’s regime is not purely domestic. The Decree explicitly captures a digital asset business operator operating outside Thailand but providing services to persons in Thailand, subject to carve-outs in SEC notifications.
It also sets factors that may deem a foreign operator as “providing services to persons within Thailand” (e.g., Thai language, .th domain, allowing Thai baht payments, Thai bank/e-wallet rails, Thai-law governing terms, local office/personnel).

Practical implication: “No Thai entity, offshore exchange only” is not a safe assumption if you target Thailand.

3. Types of Crypto Licenses in Thailand

Thailand does not issue a single “one-size” crypto license. The licensing perimeter is activity-based.

Table 1 — License types (high-level)

License type	What it is (core function)	Typical operating model	What it is not
Digital Asset Exchange	Matching orders / arranging counterparties / providing trading system	Central limit order book (CLOB), RFQ with matching logic, approved market structure	Not merely “introducing” clients; not own-account dealing outside exchange
Digital Asset Broker	Intermediary/agent for trading/exchange for clients for a fee	Routes orders to exchanges or dealers; may or may not custody depending on structure	Not a matching venue
Digital Asset Dealer	Trades/exchanges for its own account outside exchange	Principal liquidity provider; OTC desk; market maker	Not an agency model
ICO Portal	Screens tokens/issuers and filing completeness for offerings	Token offering gatekeeper	Not an exchange license (separate regulatory track)

Definition box — broker vs dealer (why applicants confuse them)
A broker acts as intermediary/agent for others for remuneration.
A dealer trades for its own account outside an exchange in the normal course of business.

Table 2 — Exchange vs broker vs dealer (decision table)

Question	Exchange	Broker	Dealer
Do you operate a venue that matches users’ orders?	Yes	No	No
Do you “route” users to another venue?	Not primary	Yes	Sometimes
Do you take principal risk (own book)?	Not required	No	Yes
Typical tech core	Matching engine + market surveillance	OMS + routing + onboarding stack	Pricing engine + execution + risk limits
Typical regulatory pain points	Market integrity, custody, cyber, surveillance	AML onboarding + third-party dependencies	Conflicts, pricing fairness, own-account controls

If your business model is “aggregate liquidity + route orders,” an exchange application is usually the wrong first step.

4. What Is a Digital Asset Exchange License?

A digital asset exchange license is permission to operate a trading venue as defined in the Decree—i.e., a network/center facilitating trading/exchange by matching orders or arranging counterparties.

4.1 Matching engine requirement (functional, not branding)

Regulators care about function. If your platform matches orders or arranges counterparties systematically, it looks like an exchange even if you brand it as “broker” or “marketplace.”

4.2 Custody structure and client asset segregation

If you keep clients’ assets, you must keep separate accounts per client and segregate client assets from your own; client assets belong to clients and must not be used for other purposes.
This segregation principle drives technical architecture: wallets, ledgering, reconciliation, and controls.

4.3 Reporting and compliance obligations (conceptual scope)

The Decree requires operators to comply with SEC notifications and indicates core supervision concerns: sufficient financial resources, safety of client assets, security measures against electronic crime, appropriate accounting and SEC-approved auditors, and KYC/CDD plus counter-terrorism financing/AML measures.

4.4 Trading pair approval (operational reality)

In practice, exchanges operate under an “allowed assets/allowed pairs” logic shaped by SEC rules/notifications (the SEC’s digital asset regulatory set includes items such as lists of approved cryptocurrencies for trading pairs).
Design consequence: your listing committee, listing policies, disclosure procedures, and surveillance must be ready before licensing—not after.

5. Capital Requirements

Capital is not only an entry ticket; it is a continuing constraint. Thailand uses both (a) paid-up registered capital thresholds and (b) net capital / financial resource sufficiency logic.

5.1 Minimum paid-up capital (exchange / broker / dealer)

Publicly available practitioner summaries show thresholds that vary by license type and custody model; for exchanges, some sources describe exchange paid-up capital in the THB 50 million to THB 100 million range depending on structure (e.g., asset-keeping vs non-asset-keeping).

Practical reading: if you cannot comfortably capitalize at this level and maintain operating reserves, you are not ready for an exchange pathway.

Table 3 — Paid-up capital (planning ranges)

License	Paid-up registered capital (commonly cited)	Notes
Exchange	THB 50m–100m	Some guidance cites ≥ THB 50m equity for an exchange; other guidance cites ≥ THB 100m for an exchange, with lower for a non-asset-keeping exchange.
Broker	Often cited at THB 25m (equity)	Market summaries vary; confirm against SEC notifications applicable to your model.
Dealer	Often cited at THB 5m (equity)	Market summaries vary; confirm against SEC notifications applicable to your model.

5.2 Net capital maintenance and liquidity

Separate from paid-up capital, operators are typically expected to maintain net capital buffers tied to risk (including custody and operational risks). Practitioner summaries describe baseline net capital floors (e.g., higher where client assets are held/controlled).
Treat these as floor numbers; the real constraint is whether your operational risk profile forces higher buffers.

Table 4 — Net capital (baseline examples from practitioner summaries)

Business model feature	Baseline net capital example	Why it matters
Holds/stores client assets	THB 25m	Higher custody and safeguarding risk profile.
Does not hold client assets	THB 5m	Lower custody risk, still operational risk.

5.3 “Capital planning” table (what regulators implicitly test)

Regulators will not accept capital that exists on paper but is not operationally credible.

Table 5 — Capital planning (illustrative framework)

Bucket	What goes here	Evidence you should have ready
Paid-up capital	Minimum paid-up registered capital	Bank confirmation, corporate filings, shareholder funding sources
Operating runway	Staff, vendors, security tooling, audits	Budget, contracts, hiring plan
Security spend	Pen tests, SOC tooling, incident response	Security roadmap, vendor scopes
Compliance spend	AML tooling, compliance staffing, training	AML program + staffing model
Liquidity buffers	Stress events, sudden withdrawals	Policy + stress testing and trigger metrics

This is where weak applications fail: the applicant has capital, but cannot connect it to operational readiness.

6. Corporate Structure Requirements

6.1 Thai company requirement (core expectation)

Licensing materials and practitioner guidance commonly reflect that applicants are expected to be established in Thailand (and the Decree captures foreign operators serving Thai users).
This typically leads to a Thai-incorporated entity as the license applicant.

6.2 Shareholder suitability and “major shareholder” controls

The SEC regulatory set includes requirements around major shareholders (approval mechanisms and prohibited characteristics).
The Decree also defines “control” concepts and empowers the SEC to supervise governance risks.

6.3 Directors/executives: approval and prohibited characteristics

A digital asset business operator must not appoint directors/executives with prohibited characteristics specified by SEC notification, and directors/executives require SEC Office approval.
This is not a formality: governance weakness is a common rejection driver.

6.4 Compliance officer and control functions

Even if not explicitly branded as such in your org chart, your structure must cover: compliance, AML, risk, internal audit, IT security, and incident management—because these are areas the Decree explicitly emphasizes (financial resources, client asset safety, electronic crime security measures, accounting/audit, and KYC/AML).

Definition box — “Fit and proper” (practical meaning)
In Thai SEC practice, “fit and proper” is a composite: integrity, competence, financial soundness, and absence of disqualifying traits (often assessed through documentary evidence, background checks, and role suitability).

7. AML / KYC Requirements

Thailand treats a digital asset business operator and digital token portal provider as “financial institutions” for AML law purposes, which is a high-compliance baseline.
The Decree directs that SEC rules for operations must account for KYC measures, client due diligence, and measures against terrorist financing or money laundering.

7.1 Customer due diligence (CDD) and onboarding

Your onboarding must be risk-based:

Identity verification suitable for Thai ID and foreign passports
Beneficial owner capture for entities
Sanctions screening and adverse media checks (where applicable)
Enhanced due diligence for high-risk users (PEPs, high-risk jurisdictions)

7.2 Transaction monitoring and suspicious reporting

Your monitoring program must be designed for:

On-chain risk indicators (mixers, chain hops, high-risk clusters)
Fiat rail anomalies (structured deposits, mule accounts)
Cross-product risk (spot, OTC, staking, lending if offered)

7.3 FATF alignment (strategic reality)

Thailand’s implementation focus will track FATF-style expectations for virtual asset service providers. Even where local rules differ in naming, the underlying expectations are familiar: governance, policies, evidence, auditability, and demonstrable effectiveness.

8. Application Process (Step-by-Step)

The SEC website publishes manuals/guidelines and forms for applying for a license in undertaking a digital asset business and for demonstrating operating system readiness.
This means the process is documentation-heavy and systems-heavy.

Flow diagram 1 — Licensing workstream (text)

Phase 0 — Model choice → Exchange vs broker vs dealer decision → regulatory perimeter mapping
Phase 1 — Incorporation → Thai entity setup → governance structure → initial capitalization
Phase 2 — Pre-consultation → informal alignment on model and scope (typical market practice)
Phase 3 — Build readiness → policies + tech + custody design + AML program + cyber controls
Phase 4 — Independent reviews → system audit readiness package (common expectation)
Phase 5 — Formal submission → application + supplementary documents + key person approvals
Phase 6 — SEC review loop → Q&A rounds → remediation → resubmissions
Phase 7 — Recommendation → SEC recommendation to Minister of Finance
Phase 8 — License grant → licensing decision → operational go-live conditions → ongoing supervision

8.1 Incorporation

You should design the corporate structure around licensing boundaries: do not mix incompatible regulated activities in one entity if rules restrict it (practitioner guidance has noted separation expectations).

8.2 Pre-consultation with SEC

A pre-consultation is not a legal requirement stated in the Decree, but it is a practical step to reduce rework when your model is novel.

8.3 Document preparation (what actually matters)

Expect evidence, not narratives:

Governance: board oversight, committees, independent control functions
Policies: AML, cybersecurity, incident response, conflicts, complaints, market conduct
Systems: architecture diagrams, access controls, logging, key management, wallet design
Financial: capital proofs, budgets, stress tests, net capital calculations
People: approved directors/executives, role descriptions, competence mapping

8.4 System audit and readiness demonstration

SEC guidance explicitly includes “documents demonstrating readiness of the operating system.”
Treat this as a systems assurance package: control design + evidence + test results.

8.5 Formal submission and review period

Timelines are variable. In practice, licensing often takes months, not weeks, because each round of questions typically forces real remediation.

Table 6 — Realistic timeline (planning)

Step	Typical duration (planning range)
Build + readiness evidence	4–9 months
Application + review loop	3–9 months
Go-live hardening	1–3 months

Use this table to plan; your actual timeline depends on model complexity, readiness quality, and responsiveness.

9. Costs Involved

Thailand’s regime has formal fees plus operational compliance costs.

9.1 Licensing and annual supervisory fees (examples)

Practitioner summaries commonly cite fee structures such as:

Exchange: license fee + annual fee linked to trading value
Broker: license fee + annual fee linked to trading value
Dealer: license fee + annual fee linked to profit from trading
These fee examples have been published in practitioner guidance (verify against the SEC fee notification list for current amounts).

Table 7 — Fee structure (commonly cited examples)

License	One-time license fee (example)	Annual fee (example)
Exchange	THB 2.5m	0.002% of total trading value
Broker	THB 1.25m	0.001% of total trading value
Dealer	THB 1.0m	1% of profit from trading (capital gain)

9.2 Infrastructure and compliance costs (dominant cost centers)

Typical major cost lines:

Cybersecurity program (SOC tooling, pen tests, red team, monitoring)
AML stack (screening, transaction monitoring, case management)
Custody stack (HSMs, MPC wallets, key ceremonies, reconciliation tooling)
Independent audits (financial + systems assurance)
Staffing (compliance, security, operations, customer support)

A regulator will not accept “outsourcing everything” without robust vendor governance.

10. Banking Challenges in Thailand

10.1 Why banking is hard even with a license

Even licensed operators can face conservative bank risk models because crypto-related business presents fraud, AML, and reputational risk. The practical result is enhanced due diligence, slow onboarding, and constraints on product features.

10.2 Fiat on/off-ramp integration constraints

Key constraints you must design for:

Transaction monitoring expectations from banks (data fields, beneficiary logic, risk flags)
Payment rail restrictions and chargeback/fraud exposure
Limits on third-party payments and account funding patterns

10.3 Account opening risks (what triggers rejection)

Common high-risk patterns:

Unclear ultimate beneficial owners or complex offshore ownership chains
Weak source-of-funds documentation for capital injection
Product scope creep (derivatives, high leverage, anonymous transfers)
Insufficient internal controls evidenced in policies vs actual systems

11. Post-Licensing Obligations

Licensing is the start of supervision. The Decree gives regulators tools to order rectification, temporary suspension, and recommend revocation for non-compliance.

11.1 Reporting and ongoing governance

Expect obligations around:

Periodic reporting (financial, operational, compliance)
Material incident reporting (security, outages, suspicious activity spikes)
Board-level oversight evidence

11.2 Cybersecurity and electronic crime controls

The Decree explicitly emphasizes “security measures against electronic crime” capable of protecting computer systems and data and managing risks associated with crime.
Practically, you should be able to demonstrate: secure SDLC, vulnerability management, incident response drills, access controls, and logging.

11.3 Client asset segregation (continuous)

If you custody, segregation is not a one-time control. You need continuous reconciliation, proof-of-control over keys, and operational prevention of mis-use of client assets.

11.4 SEC inspections and enforcement dynamics

The SEC can require rectification within a period and order temporary suspension if failures persist; repeated issues can lead to license revocation by the Minister upon SEC recommendation.
This makes “compliance as paperwork” a non-starter. Controls must be operating.

12. Common Reasons Applications Are Rejected

Most rejections trace to one of four failures:

Weak compliance framework: AML policies are generic, monitoring is not operational, or staffing is insufficient for the risk.
Insufficient capital credibility: Minimum capital exists, but runway and risk buffers do not match the operating model.
Governance defects: directors/executives not approvable; unclear control structure; conflicts not addressed.
Unclear business model: licensing type mismatch (applying as exchange while operating as broker/dealer, or vice versa).

A frequent root cause is “model ambiguity”: the applicant’s actual flow is a different license class than claimed.

13. Taxation of Crypto Companies in Thailand

This section is not a substitute for tailored tax advice; it is a structural overview for a regulated operator.

13.1 Corporate income tax (CIT)

Thailand generally applies corporate income tax, and common references describe a 20% standard rate for companies above SME thresholds.
A crypto company should assume normal corporate taxation unless a specific incentive applies.

Thailand’s VAT standard rate is 7% and has been extended through at least September 30, 2026 (policy extension reported by professional tax sources).
For digital asset transactions, Thailand has implemented time-bound tax measures aimed at supporting the regulated market; some professional commentary notes VAT and personal tax treatments can depend on whether trades occur through licensed operators.

13.3 Withholding tax and other taxes

Withholding tax can apply to certain payments (services, certain fees, cross-border payments) depending on characterization and DTA position. Your finance function must be designed to classify revenues correctly (fees vs spreads vs principal gains) because that changes downstream tax and accounting treatment.

14. Strategic Considerations

14.1 Is Thailand competitive vs Singapore?

Thailand offers a clearer “licensed retail exchange” lane than many jurisdictions, but the regulatory perimeter is strict and operationally expensive. Singapore is often perceived as stable but has historically been selective and conservative on retail-facing crypto permissions. The correct decision depends on your product, target users, and capital.

Table 8 — Thailand vs Singapore (operational comparison)

Dimension	Thailand	Singapore
Retail exchange pathway	Formal licensing categories (exchange/broker/dealer) with ongoing supervision	Regulated framework; historically selective on retail
Key constraint	Demonstrable systems readiness + governance + AML	Risk appetite and licensing selectivity
Banking	Possible but conservative; heavy EDD	Often conservative; strong compliance demands
Market	Domestic retail demand exists; local competition	Regional hub positioning; higher cost base

14.2 Regulatory stability and scope creep

Thailand’s Decree has already been amended and includes extraterritorial “providing services in Thailand” criteria, which signals a tightening perimeter over time.
Plan for change management: policy updates, new reporting templates, new asset listing constraints.

14.3 Market structure reality

A common mistake is underestimating market surveillance, abuse prevention, and operational controls. If you cannot operate like a financial market infrastructure provider, an exchange application is premature.

Risk matrix (practical)

Risk	Probability	Impact	What mitigates it
License type mismatch (exchange vs broker vs dealer)	Medium	High	Formal activity mapping to Decree definitions; documented flows
Banking de-risking (loss of fiat rails)	Medium	High	Multiple banking relationships; strong AML evidence; transparent flows
Custody incident (key compromise)	Low–Medium	Very high	HSM/MPC, key ceremonies, segregation, IR drills; continuous reconciliation
AML failure / suspicious flow exposure	Medium	Very high	Risk-based CDD, monitoring, escalation governance; audit evidence
Capital stress (run on withdrawals)	Medium	High	Liquidity policy, stress testing, capital buffers
Regulatory change	Medium	Medium–High	Compliance change function; policy monitoring

15. FAQ

What license do I need to create a crypto exchange?

If you operate a venue that matches orders/arranges counterparties/provides a trading system for users, you are in the digital asset exchange definition.
If you route users as an intermediary, you may be a broker; if you trade as principal outside an exchange, you may be a dealer.

Is there any licensed crypto exchange in Thailand?

Yes. The Thai SEC maintains a public list of licensed entities, and industry sources cite multiple licensed operators.
Treat any third-party “top exchanges list” as non-authoritative; always verify directly against the SEC list.

Can foreigners own a crypto company?

Foreign participation is possible, but ownership/control, major shareholder suitability, and governance approvals are central review topics, and the licensing applicant is typically structured as a Thai-incorporated entity.
Design the ownership chain for transparency and bankability; complex offshore layers often increase friction.

Is crypto legal in Thailand?

Trading and operating are legal within the licensing framework created by the Emergency Decree, and operating a digital asset business without proper licensing can trigger enforcement.

How long does approval take?

There is no single statutory “days to approval” number in the Decree text; in practice, it is a multi-month build-and-review cycle because readiness evidence and remediation drive the timeline.

Appendix A — Process flow diagram 2 (operating model: exchange lifecycle)

User onboarding → identity verification → risk scoring → CDD/EDD → account approval
Funding → fiat deposit controls + wallet assignment → sanctions/adverse screening gates
Trading → order entry → matching engine → market surveillance → execution + settlement
Custody → segregation ledger → hot/cold wallet policy → reconciliation → withdrawals
Monitoring → transaction monitoring + on-chain analytics → case management → SAR/STR decisions
Reporting → periodic regulatory reporting → financial audit → system control reviews

Appendix B — Four tables checklist (delivered)

License types table (Table 1)
Exchange vs broker vs dealer decision table (Table 2)
Fee structure table (Table 7)
Thailand vs Singapore comparison table (Table 8)

Appendix C — Three capital tables checklist (delivered)

Paid-up capital planning ranges (Table 3)
Net capital baseline examples (Table 4)
Capital planning framework (Table 5)

Terminology compliance note (for clarity)

This guide intentionally uses statutory and regulator-facing language (e.g., digital asset, exchange/broker/dealer) and treats “crypto license” as a shorthand for the relevant Thai license class under the Decree.