Asia Fintech & Payments Regulatory Bulletin – January 2026

The end of 2025 saw significant regulatory activity across Asian fintech regulation, with key themes including virtual asset frameworks, cybersecurity requirements, fraud prevention controls, and AI governance. 

This bulletin contains a quick-fire summary of the key regulatory developments across the region in December 2025. To receive a more detailed breakdown of these developments, please sign up to our monthly newsletter by clicking on the link below.

Key developments by jurisdiction: 

• Hong Kong SAR: 

  • The Financial Services and Treasury Bureau and the Securities and Futures Commission published conclusion papers on their proposed virtual asset regulatory regime, which includes proposals to regulate additional virtual asset-related activities. The relevant legislation will likely be introduced in 2026.

  • The Hong Kong Monetary Authority has gazetted revisions to certain Supervisory Policy Manual modules and the Banking (Exposure Limits) Code to implement the new Basel prudential standard on cryptoasset exposures, which took effect on 1 January 2026.

  • A new cybersecurity law impacting the financial services sector, the Protection of Critical Infrastructures (Computer Systems) Ordinance, came into force on 1 January 2026, along with a Code of Practice for designated operators.

• Mainland China: 

  • The People’s Bank of China has revised the Cross-Border Interbank Payment System rules, effective from 1 February 2026.

  • The Cyberspace Administration of China (CAC) has consulted on draft Interim Measures on Anthropomorphic AI Interaction Services, introducing various controls and safeguards for AI tools that stimulate human personality.

  • CAC is also consulting on draft Measures on Network Data Security Risk Assessments, which require important data processors to meet certain ongoing governance and data risk oversight requirements.

• Japan: 

  • The Working Group on the Cryptoasset System of the Financial System Council has proposed various reforms to the regulatory treatment of cryptoassets and will prepare a draft bill for amending the statutes in accordance with these proposals. 

  • The Japan Financial Services Agency has published draft amendments to relevant legislation, clarifying which cross-border payment transactions fall outside the scope of the updated Payment Services Act (as amended in June 2025).

• Thailand: The Bank of Thailand has issued notifications relating to digital fraud management and cybercrime, introducing new requirements for certain financial institutions in Thailand.

• UAE: The Dubai Financial Services Authority (DFSA) has revised the crypto token regulatory regime in the Dubai International Financial Centre, with effect from 12 January 2026.