Decree No. 340/2025/ND-CP (“Decree 340”), effective from 9 February 2026, replaces Decree No. 88/2019/ND-CP and its amending instruments (“Decree 88”), marking a significant shift in the administrative penalties for violations in the monetary and banking sector, particularly in relation to foreign borrowing and repayment. Compared to Decree 88, Decree 340 further specifies violations in this area and refines the sanctions regime to enhance clarity and enforceability. Decree 340 reflects a broader policy direction toward strengthening financial discipline, enhancing the transparency of capital flows, and improving regulatory oversight in the context of increasing economic integration and anti-money laundering efforts.
Specification of Sanctions for Fraudulent Documentation and Misuse of Loan Proceeds
Previously, Decree 88 provided only a general sanctioning framework for non-compliance with regulations on foreign borrowing and repayment[1]. Now, Decree 340 has specified distinct categories of violations and corresponding sanctions. In particular, acts involving fraud or falsification of documents submitted for the registration or amendment of foreign loans, which are not subject to criminal liability, may be subject to administrative fines ranging from VND60 million to VND100 million for organizations[2].
Notably, the use of foreign loan proceeds for improper purposes as stipulated by law, in breach of applicable borrowing conditions for non-government guaranteed loans, may be subject to a significantly higher penalty of around VND300 million to VND400 million for organizations[3].
The penalties provided by Decree 340 indicate a clear regulatory shift from a purely procedural review toward substantive oversight, with authorities placing greater emphasis on how loan proceeds are actually utilized. This is particularly relevant in practice, where borrowers may change the purpose of funds to accommodate their business needs but ‘forget’ to register such changes with the State Bank of Vietnam (SBV).
Increase in Penalties for Violations relating to Data Security and Payment Accounts
Under Decree 340, administrative penalties have been significantly increased for violations involving data security and payment accounts. Specifically, organizations engaging in fraudulent activities such as infiltrating or attempting to infiltrate or steal data, opening or maintaining anonymous or impersonating payment accounts, or abusing payment accounts to conduct illegal acts are now subject to fines ranging from VND400 million to VND500 million[4]. This represents a substantial increase compared to the previous penalty framework under Decree 88, which imposed fines ranging from VND200 million to VND300 million for similar violations[5].
Change in Sanctioning Approach for Reporting Obligations
With respect to violations relating to inaccurate reporting, incomplete submissions, or delays in submitting reports, Decree 340 provides a sanctioning mechanism based on the frequency of violations. Under Decree 88, such violations were generally subject to fixed penalty ranges, regardless of whether the breach occurred for the first time or repeatedly. In contrast, under Decree 340, first-time violations remain subject to relatively low penalties; however, repeated violations may result in significantly increased fines. For example, violations relating to reporting deadlines or completeness requirements are subject to fines ranging from VND10 million to VND20 million for the first violation[6], and from VND40 million to VND60 million for subsequent violations (for organizations)[7]. This approach reflects a shift toward behavior-based regulation, whereby a borrower’s compliance history becomes a key factor in assessing regulatory risks.
Clarification of Sanctioning Authority
A notable development under Decree 340 is the adjustment and restructuring of sanctioning authorities for administrative violations, in a manner that is clearer and more systematic compared to the framework under Decree 88[8]. Decree 340 delineates more precisely the sanctioning powers assigned to each title and hierarchical level within the competent authorities.
The new framework reflects a stronger trend toward decentralization, thereby enhancing the proactiveness and effectiveness of authorities in detecting and handling violations—particularly in the context of increasingly sophisticated breaches involving technology and electronic payment systems.
Clarification of the Time of Completion of Administrative Violations
Under the previous framework, the determination of when an administrative violation was deemed to have ceased was fragmented and dependent on multiple cross-referenced provisions, leading to practical difficulties in calculating the statute of limitations for administrative sanctions. Decree 340 addresses this issue by reorganizing and specifying the time of completion of violations for different categories of violations.
In particular, for violations relating to reporting, information management, and disclosure obligations, the time of completion is defined as the date on which the relevant information, documents, or reports are disclosed, submitted, or amended[9]. For violations involving fraudulent documentation, misuse of loan proceeds, or other unspecified violations, the competent authority will determine the time of completion based on applicable laws and the factual circumstances of the case[10]. This clarification standardizes the calculation of limitation periods, thereby reducing potential disputes and improving consistency in enforcement.
Conclusion
Decree 340 marks a significant shift in the regulatory approach to foreign borrowing and repayment, going beyond a mere adjustment of administrative sanctions. The new framework enhances clarity in enforcement mechanisms, from sanctioning authority to the determination of limitation periods, thereby improving consistency in practice. In this context, businesses should proactively review and align their internal processes relating to foreign borrowing and repayment to mitigate legal risks and ensure sustainable compliance.
__________________
[1] Article 23.7(a), Decree 88.
[2] Article 27.4(o), Decree 340.
[3] Article 27.7(a), Decree 340.
[4] Article 30.7, Decree 340.
[5] Article 26.7, Decree 88.
[6] Article 56.2(dd), Decree 340.
[7] Article 56.4, Decree 340.
[8] Chapter III, Decree 340.
[9] Article 4.3, Decree 340.
[10] Article 4.6, Decree 340.
