ASEAN’s Digital Frontier: Bridging Sovereignty and Security

 

 

As Southeast Asia builds a ‘common settlement language’ to bypass global volatility, industrial-scale AI fraud threatens to undermine regional resilience.

 

 

Southeast Asia is building something without historical precedent: a shared financial architecture that connects ten sovereign economies without asking any of them to surrender control of their monetary policy. 

 

But as the architects of that system gathered in Bangkok in late April for Money20/20 Asia 2026, a counter-narrative ran through the proceedings with equal force. 

 

The same digital frontier that promises to transform regional commerce is being simultaneously colonised by criminal networks whose scale and sophistication now surpass those of the global drug trade. 

 

The choices made by policymakers, regulators, and institutions in the coming years will determine whether ASEAN’s digital frontier becomes its greatest economic asset or its most consequential liability.

 

 

 

A Common Settlement Language, Not a Common Currency

The foundational vision articulated at the conference is both pragmatic and quietly radical. 

 

William Eng, chief executive officer and co-founder of UAB DIAMONDBACK LT, proposed a “monetary bridge” for ASEAN: a neutral settlement unit sitting between national currencies to absorb cross-border complexity, without displacing the currencies themselves. 
Unlike the euro model, which required eurozone members to surrender monetary sovereignty to a supranational body, this framework keeps central bank authority entirely national. 

 

Thailand and Indonesia, under this model, would trade directly without routing transactions through an external anchor such as the US dollar.

 

 

 

 

 

 

“ASEAN may not need a common currency to build a stronger regional future — but it may eventually need a common settlement language,” Eng stated.

 

The architecture is already partially in place. Cross-border QR linkages, local currency transaction frameworks, and the forthcoming ASEAN Digital Economy Framework Agreement collectively form the scaffolding for this new era. Thailand sits at its centre. 

 

Winnie Chen, head of Global Payments Solutions for APAC at Bank of America, noted that multinationals are increasingly choosing Thailand as a Regional Treasury Centre, citing its geography, tax incentives, and financial maturity. That positioning makes the security of Thailand’s systems a matter of regional, not merely national, consequence.
 

 

 

 

 

When Fraud Revenue Surpasses the Global Drug Trade

The most arresting figure offered at the conference came from the cybersecurity panel: scam revenues now exceed those of the entire global drug trade. The lone-hacker image has been replaced by purpose-built industrial compounds, operating with corporate discipline. 

 

Niki Luhur, chief executive officer of VIDA Digital Identity, described how deepfake technology moved from experimental novelty to dominant fraud method within two years. 

 

By 2025, virtually all identity fraud attempts used AI-generated imagery — and those deepfakes now embed “adversarial noise”, a data science technique designed specifically to defeat biometric detection systems.
 

The human cost lands close to home. Luhur pointed to documented cases of people being trafficked across Southeast Asian borders into forced labour within scam compounds — a phenomenon with direct relevance to the Mekong region.

 

 

 

 

 
“They have a data science team behind them, intentionally developing techniques to evade computer vision detection models. These are full-blown industrial parks,” Luhur noted.

 

Carolyn Fox, director of Trust and Safety at TELUS Digital, added that AI has simultaneously lowered the barrier to entry: where large-scale fraud once required substantial human infrastructure, a single operator with the right tools can now replicate the output of an entire factory.

 

 

 

 

Who Is Accountable When the AI Makes the Payment?

A quieter but equally consequential problem is taking shape behind the headlines. Financial institutions are deploying AI agents to initiate payments, execute compliance decisions, and manage portfolios at a pace that has outrun any agreed governance framework. 

 

Fewer than one in three organisations have adequate controls in place, according to McKinsey’s 2026 State of AI Trust survey. 

 

Tin Pei Ling, co-president of MetaComp, identified the core flaw: when a human employee leaves an organisation, their access is revoked.

 

When an AI agent completes a transaction, its credentials do not automatically expire. It can persist in a system long after its mandate has lapsed, with no verified identity and no mechanism for intervention.

 

The proposed solution is a framework MetaComp calls KYA — Know Your Agent — a deliberate parallel to Know Your Customer protocols, governing AI agents across identity, authorisation, and behaviour monitoring throughout their full operational lifecycle. 

 

Summer Yu, group chief compliance officer of Alpha Ladder Group, reinforced the urgency: analysis of more than 7,000 real-world transactions found that relying on a single screening tool can leave up to 25 per cent of high-risk exposures undetected. In a fully agent-driven environment, those gaps multiply.
 

 

 

 

 

Predictive Defences, Human Judgment, and Thailand’s Regulatory Moment

The conference was not short of prescriptions. Luhur argued that the most immediate gains require no exotic technology — only the connection of data that already exists within institutions. KYC systems, authentication platforms, and transaction monitoring tools routinely operate in silos. 

 

Linking a customer’s biometric profile to their device, onboarding timing, and transaction behaviour would, he said, resolve most fraud vulnerabilities through integration that is, in principle, straightforward: “Not easy, but simple.”

 

“You can’t just say it has to be safe. You have to be pretty detailed about what safe means — and when you need the whole infrastructure to change, the regulator has got to have some teeth,” Luhur stated.

 

 

 

 

 

Chen reinforced the point from a corporate banking perspective: the goal for institutional clients is not “real-time” payment but “on-time” payment – predictable, transparent, and compliant. Speed without those qualities is not an advantage.

 

Fox issued a timely caution against over-reliance on automation. She described a client’s AI system that incorrectly rejected thousands of legitimate Latin American account applications because regional utility bills carry advertising copy the system misread as suspicious – an error only caught when customer support staff began receiving complaints. 

 

The lesson: AI cannot grasp intent without human oversight, and connected systems require connected people. 

 

 

 

 

Rahul Bhargava, chief operating officer of Contour Network and adviser to the World Bank, extended the argument to trade finance, where paper-dependent processes create fraud vulnerabilities estimated at five billion US dollars annually. 

 

Digitising those instruments onto blockchain infrastructure would eliminate much of that exposure while reducing operational costs for SMEs by an estimated 20 per cent.

 

For Thailand, the regulatory dimension is where opportunity and obligation converge most sharply. Luhur cited Indonesia’s experience with principles-based oversight as a cautionary tale: vague mandates give criminals the same flexibility they give institutions. 

 

 

 

The Philippines’ Anti-Financial Account Scamming Act — which mandates transaction monitoring and behavioural analytics across all financial institutions — and Singapore’s requirement for continuous penetration testing were both held up as more effective models. Singapore has gone further still, publishing the world’s first cross-sector AI agent governance framework in January 2026 and establishing a National AI Council with finance as a priority sector.

 

ASEAN’s common settlement language is within reach. But a bridge without guardrails is an invitation, not an asset. The industrial-scale fraud operations expanding across the region are already treating its connectivity as infrastructure to be exploited. 

 

Whether the region’s security architecture can keep pace with its ambitions is the question Money20/20 Asia 2026 posed most sharply — and left, emphatically, for its members to answer.