The seminar showed the reality that besides some advantages, the implementation of digital transformation in the banking industry is still facing many difficulties and legal challenges.
Ms. Nguyen Thi Phuong, Vice President of the Banking Legal Club, VNBA
According to Ms. Nguyen Thi Phuong, Vice President of the Banking Legal Club, Vietnam Banks Associations development, these challenges require the legal system to continue to adjust and improve to keep up with the speed of technology and digital banking business practices. She pointed out the legal difficulties and challenges that banks are facing in the process of digital banking transformation. Specifically:
Firstly, some legal documents were issued a long time ago and are still in effect regulating electronic transactions and electronic documents in the banking sector, but the content is outdated and lacking updates, hindering digital banking activities. For example, Decree No. 35/2007/ND-CP on electronic transactions in banking activities - a document that has not been adjusted to comply with the Law on Electronic Transactions 2023. The regulations on electronic documents in this document are no longer suitable and do not fully reflect modern forms of electronic transactions and storage. Similarly, Decision No. 1789/2005/QD-NHNN on the banking accounting voucher regime has not updated the principles and standards on electronic vouchers according to the revised Accounting Law in 2024, confusing the recognition and storage of digital vouchers at banks.
Second, there is a lack of inter-sectoral synchronization and management cooperation between state agencies for digital banking services. Successful digital transformation of banks requires the coordination of many sectors (police, justice, tax, telecommunications, etc.). However, the level of coordination is currently limited, as shown by the fact that some legal regulations of other sectors have not "adjusted in time" when banks change their operating methods.
For example, the notary and secured transaction registration sectors sometimes still require documents with handwritten signatures and traditional seals; or the tax sector has regulations on electronic invoices but is still confused about handling violations with electronic banking vouchers. The lack of interoperability and mutual recognition regulations between sectors creates barriers to the complete digitalization process of banks. For example, banks have lent and stored electronic records, but when processing mortgaged assets, the court or enforcement agency requires paper copies, causing delays and costs.
Another example, Circular No. 50/2024/TT-NHNN guiding on forms of electronic confirmation other than digital signatures is a step forward, but the scope of application is currently limited to providing online services to customers, it is not clear whether it can be applied to internal bank operations or not. This makes it difficult to establish and sign purely digital internal documents and transactions in a synchronous implementation.
Third, the legal framework for data sharing in the banking sector has been initially established through Circular No. 64/2024/TT-NHNN, Decree No. 94/2025/ND-CP, new digital financial models such as peer-to-peer lending (P2P Lending) have begun to be adjusted through Decree No. 94/2025/ND-CP, but it takes time to evaluate the effectiveness of implementation, respond to the market and continue to improve.
Fourth, the legal corridor for cybersecurity and data protection in the banking sector still has many challenges. Despite the Law on Cybersecurity and the Decree on Personal Data Protection, the implementation of customer protection in practice still faces the risk of increasing high-tech crimes. According to a report by the National Cyber Security Association, in 2024, more than 659,000 cybersecurity attacks were recorded, affecting about 46.15% of agencies and businesses. In particular, forms of attack such as ransomware and advanced persistent threat (APT) account for a high proportion, causing disruptions to operations and significant economic and reputational damage to many organizations. Meanwhile, the legal framework for handling these acts is not complete and sanctions are not strong enough to deter, especially for cross-border crimes. Banks have difficulty sharing information about cyber security incidents due to concerns about liability and reputational damage, which partly hinders effective cooperation in preventing cybercrime.
In addition, the requirements for customer information security and compliance with personal data protection regulations pose significant challenges. Decree No. 13/2023 requires banks to seek customer consent when using data for other purposes, to delete data when the purpose is no longer needed, and to ensure data security. Full compliance requires banks to invest in complex data management systems and staff training, while violations (if data leaks occur) can be severely punished. This is a cost and risk management challenge that banks must consider in the digitalization process.
Fifth, the problem of recognizing the electronic signature of an organization and the electronic seal. Currently, the law has recognized the digital signature (digital certificate) of an enterprise/organization, but in reality, a legal entity still needs to "sign" electronically through a representative or authorize a specific individual. This causes difficulties when the bank wants to fully automate the signing process (for example, the core banking system automatically approves and "signs" a credit contract). There are no clear regulations on "digital signature of a legal entity" that allows the system to automatically sign on behalf of the leader while still having legal value. Similarly, although the electronic seal of an organization has been mentioned, many agencies and partners are still unfamiliar with it, which can easily lead to doubts about the legality of the document if it lacks the traditional red seal.
Sixth, the problem of electronic evidence and recognition of the legal value of digital transactions in litigation is still problematic. Although the Law on Electronic Transactions and the Code of Civil Procedure have recognized electronic data as a legitimate source of evidence, the process of collecting, verifying and accepting electronic evidence in court and inspection agencies is not yet unified. For example, if there is a dispute over an electronically signed credit contract, the court may require the supplier to prove the authenticity of the digital signature, while the standards for verifying digital signatures or electronic transaction logs have not been specified in detail. Converting digital documents to paper copies for comparison is also complicated and at risk of error if there are no clear regulations on the subject and conversion process. This reality causes some banks to still have to store traditional paper records in parallel to prevent disputes, reducing the effectiveness of digital transformation.
Seventh, regulations on data storage and use of new technology have not kept up with actual needs. Banking is a field that requires storing transaction data and customer records for a long time (many years) to serve the purpose of checking, reconciling and complying with regulations. However, the law on electronic data storage does not have specific instructions on the format, storage time, as well as the use of cloud storage services.
For example, the Law on Accounting requires storing documents and books; if storing electronic copies, is it necessary to notify the management agency, or is it necessary to periodically back up to paper? This is currently unclear. Some banks want to put data on the cloud to take advantage of flexible infrastructure, but are concerned about cybersecurity regulations on domestic data storage, or the lack of standards for evaluating cloud service providers that are safe enough for banking data. This ambiguity leads to many banks still having to invest in expensive private data centers or print out backup paper, affecting the effectiveness of digital transformation.
View of the discussion
In short, the above legal challenges reflect the gap between the rapid development of digital banking technology and the speed of legal improvement.
"It is necessary to fully identify these challenges in order to find solutions to adjust the legal framework appropriately, helping banks confidently innovate without "going beyond the law", while at the same time better protecting the interests of customers in the digital age", Ms. Nguyen Thi Phuong affirmed.
Source: thitruongtaichinhtiente.vn
