The State Bank of Vietnam has warned banks not to sacrifice cybersecurity, data protection and customer trust for short-term growth as the sector accelerates digital transformation and AI adoption.
HÀ NỘI — Digital transformation of banks must go hand in hand with security, avoiding the trade-off of system security, data security and customer trust for short-term growth, Governor of the State Bank of Vietnam (SBV) Phạm Đức Ấn told an event on Monday.
Speaking at the banking IT summit 2026, Ẩn said he highly appreciated the digital transformation results of the banking sector in recent years.
Currently, 63 per cent of banking operations allow customers to conduct transactions entirely in the digital environment. The rate of transactions through digital channels at many banks has reached over 98 per cent and the value of cashless payments in 2025 was 28 times GDP, showing that digital banking has become a popular transaction channel.
However, he also warned of the increasing risks from cyberattacks, online fraud, identity theft, AI and deepfakes.
Ensuring digital security is not just a technical requirement, he said, but a prerequisite for the sustainable development of digital banking, strengthening customer trust, and enhancing the governance capacity of credit institutions.
According to the Governor, the banking sector holds a large volume of sensitive data directly related to the assets and rights of citizens and businesses, and the safety of the financial system. Even a single incident involving system security, customer data breaches, or service disruptions can affect the trust of citizens and businesses, and the reputation of the entire system.
Therefore, for the banking sector, digital security is a mandatory condition for development, the foundation of trust, a governance responsibility and an operational discipline for each banks.
Ẩn said; "The SBV’s direction principle for commercial banks is that digital transformation must go hand in hand with security; data exploitation must go hand in hand with data protection; AI application must go hand in hand with risk management; and innovation must go hand in hand with compliance, control, and accountability.
"We will not sacrifice system security, data security, and customer trust for short-term growth."
The Governor requested that heads of credit institutions, branches of foreign banks, payment intermediaries and credit information institutions directly supervise and take full responsibility for ensuring network information security, data protection and the continuous operation of information systems and services in the digital environment of their organisations.
He said regarding data, the organisations must consider it a strategic asset and the foundation of digital banking. Data must be managed correctly, completely, cleanly and securely; access rights must be granted, controlled and exploited purposefully and within limits, in compliance with the law and protecting the legitimate rights of customers.
Regarding AI, the organisations need to recognise that this is a field with great potential but also harbors many new risks, requiring strict, proactive, and responsible management.
The application of AI in banking operations must be closely linked to the principle of putting people at the centre, with appropriate monitoring mechanisms, and protecting the legitimate rights and interests of customers.
Regarding cybersecurity, the organisations must shift strongly from passive defense to active defense to enable to make early detection, warning and response.
“The organisations need to consider cybersecurity, data protection, and fraud prevention as mandatory components in their overall development strategy, digital transformation strategy, data strategy, and risk management,” he said.
SBV will continue to refine mechanisms, policies, and standards to promote digital transformation, data development, AI applications, and especially to enhance information security and safety throughout the banking sector.
It will strengthen inspection, supervision, warning, corrective action, and strictly handle cases of non-compliance, particularly those that may affect the safety of banking operations, customer rights and data security. — BIZHUB/VNS
