In its draft circular on safety, risk management, and conditions for applying artificial intelligence (AI) in the banking sector, the State Bank of Vietnam stated that this regulation applies to systems such as: virtual assistants, automated call centers, and chatbots.
Banks and e-wallets also need to notify customers before using AI for emotion recognition or biometric classification. They must disclose content: images, audio, video, generated by AI to prevent confusion.
The draft also prohibits banks from using AI to exploit customer vulnerabilities (due to age, disability, or economic status) for the purpose of soliciting high-risk, unsuitable financial products or services.
Customers have the right to complain about bank decisions made based on AI. In such cases, banks must use human personnel to review and provide a resolution.
These regulations are expected to take effect from March. For AI systems deployed before this date, the effective deadline is extended to September 2027 to allow banks and e-wallets to review and comply.
![]() |
Illustration of an AI chatbot providing banking advice, created by ChatGPT. |
The State Bank of Vietnam believes that tightening AI use in the banking system is designed to control and mitigate emerging risks. This aims to ensure fair treatment for customers and protect vulnerable groups.
In Vietnam, many banks began experimenting with chatbots (automated consultants) and virtual assistants about 10 years ago. Most institutions used scenario-based chatbots, responding based on a fixed set of rules through keyword recognition in input text. Currently, generative AI is becoming popular, aiming to replace human consultants by answering questions about: transactions, card services, interest rates, and exchange rates.
According to the State Bank of Vietnam, many banks and e-wallets are accelerating AI application in various operations, including: eKYC, credit scoring, loan appraisal, and payment fraud detection. The regulatory body notes that this also poses risks and challenges related to information system security, output data inaccuracy, and customer privacy infringement.
Phuong Dong
