SBV's Draft AI Circular: Six Compliance Layers Banks Must Build by September 2027
The SBV's draft AI circular imposes six compliance layers on banks under Law 134/2025/QH15, with a September 2027 deadline for existing systems.
Vietnam's State Bank has released a draft Circular that translates the national AI Law into binding operational requirements for every bank, foreign branch, and payment intermediary it supervises. The draft imposes six distinct compliance layers — from pre-deployment testing to 24-hour incident reporting — on top of the general obligations that Law No. 134/2025/QH15 already establishes. For VIFC member banks and fintech operators, the Circular is not a distant regulatory aspiration: AI systems already running have until 1 September 2027 to comply, and the compliance architecture they need to build is substantial.
How the Circular Fits the Regulatory Stack#
Law 134/2025/QH15 established Vietnam's national AI governance framework, enacted in late 2025, with effect from 1 March 2026. Article 6.4 of the Law explicitly delegates sector-specific safety requirements, risk management rules, and deployment conditions to individual ministries. That delegation is the SBV Circular's legal foundation — without it, the SBV would have no mandate to impose obligations beyond what the apex statute requires.
A note on sources: This article is based on industry-body summaries of the draft Circular — including materials circulated by AusCham Vietnam and commentary from international legal advisers — rather than the primary SBV Vietnamese-language consultation text, which was not available in primary form at time of publication. Specific provisions may differ in the finalized instrument, and compliance readers should verify against the primary source before acting on any detail described here.
The result is a two-tier architecture: Law 134 sets the national floor (risk classification, transparency, accountability), and the SBV Circular applies that floor to banking with sector-specific precision. A third instrument sits alongside: Circular 77/2025/TT-NHNN covers online banking cybersecurity. For AI systems with online-banking touchpoints — which includes most customer-facing credit, payments, and fraud applications — compliance teams will need to map obligations across both circulars simultaneously. The SBV has not yet published guidance on how the two instruments interact, and that intersection remains unresolved.
The 18-month transition window in Article 35.1(a) of Law 134 is a deliberate asymmetry. Finance, healthcare, and education receive 1 September 2027 as their deadline for existing AI systems; all other sectors received a 12-month window (1 March 2027). The legislature's reasoning is systemic risk: financial-sector AI failures can propagate losses across institutions and damage consumer confidence at scale. The longer runway reflects the complexity of retrofitting governance frameworks onto live production systems — not regulatory leniency.
The Six Compliance Layers, Unpacked#
1. Governance Framework#
Institutions must establish a structured AI governance framework covering operational safety, model management, and customer protection. The Circular aligns this requirement with Law 134's risk-based approach, meaning the governance architecture must be capable of differentiating obligations by risk tier — not a single-policy approach applied uniformly. For most VIFC-zone banks, this means appointing accountable owners for AI systems, establishing internal review committees, and documenting the governance chain from development through deployment.
2. Safety and System Controls#
Continuous monitoring of deployed AI systems is mandatory, alongside data logging and storage sufficient to support incident investigation. Institutions must build incident detection and response mechanisms — not merely document that they exist. Staff training on AI capabilities and limitations is also required: the Circular distinguishes between institutions that use AI and institutions whose people understand what AI can and cannot do.
3. Risk Classification and Lifecycle Management#
This layer is the operational core of the Circular. Institutions must classify every AI system by risk level using Law 134's three-tier structure (high, medium, or low risk) and apply human oversight commensurate with that classification. High-risk systems — credit decisioning, AML transaction monitoring, and fraud flagging are the obvious candidates — require impact assessments before deployment and ongoing proportionate oversight.
Lifecycle controls run from design through decommissioning. A model that passes initial testing does not stay classified in perpetuity: reclassification obligations apply when material changes occur. Third-party and outsourced AI systems carry the same classification and oversight obligations as internally built systems — the Circular draws no distinction between a model written by the bank's own engineers and a black-box API purchased from a vendor.
That last point deserves emphasis. Banks using internationally supplied AML platforms, credit bureau APIs, or global fraud detection engines remain fully accountable for those systems under the Circular. The bank cannot discharge its regulatory obligation by inserting a vendor indemnity clause or by pointing to the vendor's own ISO certifications. The SBV's oversight runs to the institution, not to the supply chain.
4. Pre-Deployment Conditions#
Before any AI application goes live, regulated entities must complete:
- Risk classification and security testing
- Establishment of an incident response plan specific to that system
- Performance and accuracy benchmarking against defined thresholds
- Staff training and human resource adequacy checks
Annual reviews of AI capabilities and governance systems are required post-deployment. This creates a recurring compliance cycle, not a one-time gate. For VIFC-zone fintech operators running AI-driven lending or payment systems, building annual review cadences into operational calendars is a near-term operational requirement — not a future consideration.
5. Customer Transparency and Explainability#
Institutions must disclose to customers when they are interacting with an AI system. Where AI drives a decision that affects a customer — a credit denial, a fraud flag, a product recommendation — the institution must provide an explanation and offer access to human review. The Circular explicitly prohibits AI systems that produce biased, discriminatory, or exploitative outcomes.
The explainability requirement will create practical tension with complex model architectures. A gradient-boosted ensemble or a neural network-based fraud scorer does not produce natural-language explanations as a default output. Banks will need to invest in model interpretability tooling or maintain parallel explanation mechanisms — particularly for high-risk credit decisioning applications where the explanation requirement is strongest.
6. Incident Reporting#
Serious AI incidents must be reported to the SBV within 24 hours, followed by a remediation report within 5 working days of resolution. This is among the tightest AI incident reporting timelines in the region. Firms whose existing operational playbooks assume 72-hour or five-business-day initial notification windows will need to revise their incident response procedures specifically for AI events.
The Circular does not yet define "serious AI incident" with precision — whether a model accuracy degradation qualifies, or whether the threshold requires a customer-facing failure, remains to be clarified in the finalized text. Institutions should design their incident classification frameworks conservatively until the SBV provides definitional guidance.
What Third-Party Accountability Means Operationally#
For VIFC member banks sourcing AI capabilities from international vendors, the third-party accountability provision is the Circular's most operationally demanding element.
Consider a common scenario: a foreign bank branch uses a global vendor's AML transaction monitoring platform, a credit bureau API for score enrichment, and an outsourced fraud detection engine. Under the draft Circular, the branch must:
- Classify each system by risk tier and document that classification
- Conduct or commission security testing of each system before deployment (or, for existing systems, before September 2027)
- Maintain an incident response plan covering vendor system failures
- Ensure it can produce customer-facing explanations for decisions made by those systems
- Report incidents involving those systems to the SBV within 24 hours
The vendor relationship must include governance controls sufficient to satisfy SBV oversight — audit rights, access to model documentation, notification obligations on the vendor's side, and contractual remediation timelines. Standard vendor agreements written for Singapore or Hong Kong compliance contexts will likely need Vietnam-specific addenda.
Banks that cannot obtain adequate transparency from a vendor — because the vendor treats its model as proprietary — face a hard choice: either negotiate better contractual access or replace the system with one they can govern. The Circular's accountability logic leaves no third option.
How Vietnam's Approach Compares Regionally#
Vietnam's SBV draft Circular is binding regulation, not voluntary guidance. That distinguishes it immediately from the frameworks its regional peers built first.
MAS (Singapore) published its Fairness, Ethics, Accountability and Transparency (FEAT) Principles in 2018 and followed with the Model AI Governance Framework (first edition 2019, updated 2020) and subsequent guidance for the financial industry. These are principles-based: they establish expectations and invite firms to demonstrate alignment, but they do not impose specific pre-deployment testing checklists or 24-hour reporting obligations. HKMA issued supervisory guidance on AI governance in 2024, taking a similar supervisory expectations approach.
Vietnam's prescriptive, binding model provides clearer compliance targets — institutions know what they must do, not merely what they should aspire to. The trade-off is technical granularity. MAS's Model AI Governance Framework runs to detailed implementation guidance with worked examples; the SBV Circular, at least in its draft form as summarized by industry bodies, establishes obligations without the same depth of technical specification. The finalized text may address this, but compliance teams should not assume equivalent implementation clarity.
The 24-hour incident reporting requirement is stricter than either Singapore or Hong Kong impose for AI-specific events. Whether this tighter cadence improves regulatory responsiveness or creates noise in the SBV's supervisory inbox will depend on how "serious AI incident" is ultimately defined.
For international financial institutions evaluating compliance equivalence — whether Vietnam's framework satisfies their global AI governance standards — the binding-but-less-granular profile means Vietnam-specific overlays are necessary, not optional.
What Comes Next#
The draft Circular has not been issued formally as of June 2026, and no consultation deadline or issuance date has been publicly confirmed. Industry legal advisers, including major international firms, flagged the draft in May 2026, suggesting active industry engagement is underway — but the finalized text may differ from the draft that industry bodies have summarized.
Three things to monitor:
Issuance timeline. The SBV's consultation process will determine whether the final Circular arrives in Q3 or Q4 2026. Every month of delay compresses the runway between issuance and the September 2027 deadline for existing systems.
Definitional clarity. The final text should define "serious AI incident," clarify the risk classification methodology for financial-sector-specific AI applications (credit scoring in particular), and address the intersection with Circular 77 cybersecurity obligations. If these gaps persist into the final version, expect the SBV to issue supplementary guidance — or leave institutions to interpret conservatively.
Third-party engagement. Global AI vendors serving Vietnamese banks will face pressure to restructure their commercial agreements to accommodate SBV audit rights and notification obligations. Institutions should begin vendor conversations now, before the finalized Circular creates a hard deadline.
Banks and fintech operators already deploying AI in Vietnam — particularly those in the VIFC zone — should treat the September 2027 deadline as the output of a compliance program, not the start of one. A credible gap assessment against the six compliance layers in the draft Circular is the right first step, taken now.
This article was last updated on 2 June 2026. It is based on industry-body summaries of the draft Circular, including materials circulated by AusCham Vietnam and commentary from international legal advisers, since the SBV's original Vietnamese-language consultation text was not available in primary form at time of publication. Specific provisions may differ in the finalized instrument. We will update this article when the Circular is formally issued.
LPBank Becomes the Eighth Bank to Approve a VIFC Subsidiary — and the First to Name Digital Assets
LPBank's 28 April AGM unanimously approved a VIFC subsidiary — the eighth in 2026 — and the first to explicitly cite digital asset management as a target service.
Vietnam Bill Opens SME Loans to Digital-Asset Collateral
Vietnam's MoF draft SME law would recognise digital assets as loan collateral — a first for mainstream banking, with a July 2027 target date.
SBV–RBI MoU Opens India Corridor for the VIFC
The SBV–RBI MoU signed 5 May 2026 targets QR code retail payment linkages — not full UPI interoperability — but opens a corridor unlike any other the VIFC has.