Fintech Regulations in Indonesia: A 2024 Guide

This article was co-authored by TrustDecision and Asosiasi FinTech Indonesia.

‍

The financial technology (fintech) sector in Indonesia has seen rapid growth, driven by a young and tech-savvy population, high internet and smartphone penetration, and increasing demand for digital financial services. To support this burgeoning industry while ensuring consumer protection and financial stability, the Indonesian government and regulatory bodies have implemented a range of regulations. This article explores the key fintech regulations in Indonesia, the challenges faced, and the future outlook.

‍

Key Regulatory Bodies

1. Otoritas Jasa Keuangan (OJK): The Financial Services Authority that oversees and regulates the financial services sector, including banks, capital markets, insurance, pension funds, and other financial institutions.
2. Bank Indonesia (BI): The central bank of Indonesia responsible for monetary policy, regulation, and supervision of the banking system, including electronic money (e-money) regulations.
3. Asosiasi Fintech Pendanaan Bersama Indonesia (AFPI): AFPI serves as a self-regulatory organization (SRO) under OJK’s appointment for P2P lending platforms, ensuring compliance with OJK regulations and fostering responsible lending practices.

‍

Regulations by Otoritas Jasa Keuangan (OJK)

The Financial Services Authority (Otoritas Jasa Keuangan, or OJK) is the primary regulatory body overseeing the fintech industry in Indonesia. Established in 2011, OJK's mandate includes ensuring a stable and secure financial system and protecting consumers. Key regulations under OJK include:

‍

1. Regulation No. 3 of 2024/ POJK 03/2024 on the Implementation of Financial Sector Technology Innovations as the update amendment on the Regulation No. 13/POJK.02/2018: The regulation introduces a new framework for the regulatory sandbox and reaffirms the role and authority of the Financial Services Authority (OJK) in overseeing technological innovation in the financial sector, as stipulated in Law No. 4 of 2023 on the Development and Strengthening of the Financial Sector (P2SK). This framework allows fintech companies to test their products, services, business models, and delivery mechanisms in a controlled environment while ensuring compliance with applicable regulations. The objective is to foster technological innovation in the financial sector, protect consumers, and maintain financial system stability, with the OJK regulating and supervising these activities, including setting selection criteria, participation requirements, and evaluation mechanisms.‍
2. Regulation No. 10/POJK.05/2022 on Information Technology-Based Lending Services: This regulation sets the framework for peer-to-peer (P2P) lending platforms, requiring them to register and obtain a license from OJK. It also mandates transparency in interest rates and fees and includes provisions for consumer protection and data privacy. Companies must comply upon issuance of the regulation.‍
3. Regulation No. 13/POJK.02/2018 on Digital Financial Innovation: This regulation aims to foster innovation in the financial sector while ensuring that new technologies are safe and beneficial for consumers. It includes a sandbox approach, allowing fintech startups to test their products and services under OJK supervision before launching them to the public. Companies should initiate contact with OJK to discuss participation in the sandbox, ensuring their products align with regulatory expectations.‍
4. Circular Letter No. 18/SEOJK.02/2017 on Crowdfunding Services Based on Information Technology: This circular letter provides guidelines for equity crowdfunding platforms, ensuring that these platforms operate transparently and protect investor interests. Immediate compliance is necessary to ensure operations align with investor safeguards and regulatory transparency.

‍

Regulations by Bank Indonesia (BI)

Bank Indonesia (BI), the central bank, also plays a crucial role in regulating the fintech sector, particularly in payment systems and digital currencies. Key regulations from BI include:

‍

1. Regulation No. 20/6/PBI/2018 on Electronic Money: This regulation sets out the requirements for electronic money issuers, including capital requirements, licensing procedures, and consumer protection measures. The regulation is effective immediately upon issuance. Companies should ensure they meet capital requirements, undergo licensing procedures, and implement consumer protection measures outlined in the regulation.
2. Regulation No. 22/23/PBI/2020 on Payment System Providers: This regulation provides a comprehensive framework for payment system providers, including payment gateways, e-wallets, and other digital payment services. It aims to enhance the security and efficiency of payment systems in Indonesia. Compliance is urgent to enhance payment system security and efficiency, necessitating immediate alignment with regulatory requirements.
3. Regulation No. 19/12/PBI/2017 on Financial Technology: This regulation outlines the roles and responsibilities of fintech providers, focusing on risk management, consumer protection, and cooperation with other financial institutions. Companies must comply promptly to establish robust risk management practices and ensure consumer protection measures are effectively implemented.

‍

Regulations by Asosiasi Fintech Pendanaan Bersama Indonesia (AFPI)

1. Minimum Equity Requirement (POJK No. 10/2022): AFPI has implemented a phased minimum equity requirement for P2P lending platforms to ensure financial stability and consumer protection. Platforms must have IDR 7.5 billion by July 2024, and IDR 12.5 billion by July 2025. This requirement aims to bolster the financial resilience of fintech companies and protect consumer interests.
2. Risk Management and Supervision: P2P lending platforms must establish robust risk management frameworks, including comprehensive Know Your Customer (KYC) procedures to verify the identities of customers and prevent fraudulent activities. Additionally, platforms must comply with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations to mitigate financial crimes. Regular audits, inspections, and detailed monthly self-assessment reports are required to ensure ongoing compliance and effective risk management.
3. Information Technology Governance (SEOJK No. 18/SEOJK.02/2017): Fintech companies must establish strategic IT plans that align with their business objectives, covering IT operations, security, disaster recovery, and user services. Strict data protection measures must be in place to safeguard consumer data, including obtaining explicit user consent for data sharing and ensuring the security and integrity of data storage and transmission. Companies are also required to maintain comprehensive disaster recovery plans and conduct regular testing to ensure business continuity during disruptions. These measures are designed to protect consumer data and ensure the reliability and security of fintech services.

‍

Challenges for Fintech in Complying to These Regulations

Compliance and Enforcement

Ensuring compliance with regulatory requirements and effective enforcement of regulations remains a significant challenge in the fintech sector. Many fintech startups may lack the necessary resources to fully adhere to complex regulatory frameworks. This gap can lead to non-compliance, which could undermine both consumer trust and financial stability.

‍

To address these challenges, OJK (Otoritas Jasa Keuangan) and Bank Indonesia (BI) have implemented a range of initiatives designed to enhance supervisory mechanisms and support fintech companies in meeting regulatory standards. One notable effort is the capacity-building programs organized by OJK. These programs include workshops, seminars, and training sessions tailored to fintech companies, focusing on various compliance-related topics such as anti-money laundering (AML) measures, counter-terrorism financing (CTF) regulations, and overall regulatory adherence.

‍

Data Privacy and Security

As fintech services become increasingly integral to the financial ecosystem, data privacy and security have emerged as critical concerns. The digitization of financial services has heightened the risks associated with data breaches and cyber-attacks, which can significantly impact both companies and their customers.

‍

For example, in 2020, Tokopedia, one of Indonesia's largest e-commerce platforms, suffered a substantial data breach where the personal information of approximately 15 million users was compromised. The leaked data included sensitive details such as full names, email addresses, phone numbers, and hashed passwords. The breach highlighted vulnerabilities in data protection practices and underscored the need for stronger security measures within the fintech industry.

‍

These incidents emphasize the ongoing need for fintech companies to implement robust data protection measures and adhere to stringent security protocols. Regulators must enforce comprehensive data privacy laws and ensure that fintech companies adopt advanced security technologies and practices to protect user data and maintain public trust.

‍

Consumer Protection

This leads to the critical need for effective consumer protection measures. Data compromise, phishing scams, unauthorized transactions, and identity theft are increasingly common threats facing both businesses and consumers in the fintech space. In the Tokopedia breach, for example, the exposure of personal data such as full names, email addresses, and hashed passwords raised concerns about the adequacy of existing consumer protection frameworks.

‍

As digital financial services become more prevalent, there is an urgent need to enhance public and business awareness about safe fintech practices. Effective consumer education campaigns are crucial for increasing awareness of potential risks and promoting safe behaviors, helping individuals recognize and avoid scams, protect their personal information, and use fintech services securely. For businesses, comprehensive training programs and awareness campaigns can prevent internal security breaches and fraud. By fostering a culture of security awareness and conducting regular security audits, businesses can significantly mitigate risks and enhance overall cybersecurity resilience in the fintech landscape.

‍

Balancing Innovation and Regulation

Regulators face the delicate task of fostering innovation while ensuring stability and security. Overly stringent regulations may stifle innovation, while lenient regulations could lead to systemic risks and consumer harm. Striking the right balance is an ongoing challenge.

‍

Future Outlook of the Financial Landscape in Indonesia

Enhanced Collaboration

Going forward, enhanced collaboration between regulators, fintech companies, and other stakeholders will be essential. This includes dialogue and cooperation to address regulatory challenges, share best practices, and promote a healthy fintech ecosystem. Collaborative efforts can also help identify emerging risks and develop proactive measures to mitigate them, fostering an environment of mutual support and continuous improvement.

‍

Regulatory Sandbox Expansion

The regulatory sandbox approach, which allows fintech startups to test their innovations under regulatory oversight, is expected to expand. This will provide a safe environment for experimentation and innovation while ensuring regulatory compliance and consumer protection. Expanding these sandboxes will help regulators stay abreast of technological advancements and better understand the implications of new fintech products and services.

‍

Focus on Financial Inclusion

Regulators are likely to place increased emphasis on financial inclusion, ensuring that fintech innovations benefit the broader population, including underserved and unbanked communities. This includes supporting initiatives that promote access to digital financial services in remote and rural areas. By leveraging technologies like alternative credit scoring and an innovative eKYC + device fingerprint suite, regulators and fintech companies can work together to bridge the gap between different socioeconomic groups, fostering economic growth and stability.

‍

Integration of Advanced Technologies

The integration of advanced technologies such as artificial intelligence (AI), blockchain, and big data analytics will continue to shape the fintech regulatory landscape. Regulators will need to adapt and develop new frameworks to address the unique challenges and opportunities presented by these technologies. This will involve creating guidelines that ensure these technologies are used responsibly, enhancing transparency, security, and efficiency in financial services. As these technologies evolve, ongoing collaboration between regulators and fintech innovators will be crucial to harness their full potential while safeguarding consumer interests.

‍

In a nutshell, the regulatory landscape for fintech in Indonesia is evolving, with significant efforts from OJK, BI, and other stakeholders to create a secure and innovative environment for financial technology. While challenges remain, ongoing collaboration, adaptive regulation, and a focus on consumer protection and financial inclusion will be key to ensuring the sustainable growth of the fintech sector in Indonesia.

‍

Role of Indonesia Fintech Association (AFTECH)

As the updated regulation introduces a new framework for the regulatory sandbox and reaffirms the role and authority of the Financial Services Authority (OJK) in overseeing technological innovation in the financial sector, as stipulated in Law No. 4 of 2023 on the Development and Strengthening of the Financial Sector (P2SK), AFTECH, the Indonesian Fintech Association, has been officially appointed by the OJK as the Association for Digital Financial Innovation Providers based on POJK No. 13/2018 or Self-Regulatory Organization (SRO) consistently throughout the document. AFTECH’s role as SRO is to assist fintech companies in complying with these regulations.

‍

In response to POJK 3/2024, AFTECH welcomed the update and expressed that the regulation could strengthen Indonesia's fintech ecosystem. AFTECH positively views the changes from POJK No. 13 of 2018 to POJK 3/2024, which include improvements to the sandbox environment. POJK 3/2024 outlines various provisions such as the scope and eligibility criteria for regulatory sandbox participants, more structured facilitation for innovation testing and development, and clearer definitions of exit policies and post-testing business licensing processes.

‍

The Role of AFPI in Indonesia's P2P Lending Ecosystem

Besides AFTECH, regulatory bodies such as AFPI (Asosiasi Fintech Pendanaan Bersama Indonesia) also play a crucial role in the Indonesian financial landscape, particularly as the self-regulatory organization (SRO) appointed by the Financial Services Authority (OJK) for the peer-to-peer (P2P) lending sector. AFPI is instrumental in overseeing and regulating the rapidly growing fintech industry to ensure a fair, transparent, and secure financial environment. By setting standards and guidelines for P2P lending platforms, AFPI ensures compliance with regulatory requirements and ethical business practices. Additionally, it acts as a mediator between P2P lending companies and consumers, addressing disputes and fostering trust in the fintech ecosystem. Through promoting best practices and facilitating collaboration among stakeholders, AFPI enhances the credibility and sustainability of the P2P lending market, contributing significantly to financial inclusion and economic growth in Indonesia.

‍

In conclusion

The regulatory landscape for fintech in Indonesia is evolving, with significant efforts from OJK, BI, and other stakeholders to create a secure and innovative environment for financial technology. The main challenges fintech companies face include compliance with complex regulatory frameworks, ensuring data privacy and security, protecting consumers from fraud, and balancing innovation with regulation. Addressing these challenges requires ongoing collaboration, adaptive regulation, and a focus on consumer protection and financial inclusion.

‍

Looking ahead, the future outlook for the financial landscape in Indonesia is promising, with an emphasis on enhanced collaboration between regulators and fintech companies, the expansion of regulatory sandboxes for safe innovation, a strong focus on financial inclusion, and the integration of advanced technologies like AI, blockchain, and big data analytics. These efforts aim to create a resilient and inclusive financial ecosystem that supports sustainable growth.

The Role of TrustDecision

To help navigate these challenges and capitalize on future opportunities, TrustDecision offers a range of solutions that are particularly relevant and valuable:

‍

• KYC++ enhances identity verification processes, ensuring compliance with AML and CTF regulations by leveraging multiple data points to accurately verify user identities. This reduces the risk of fraud and strengthens regulatory adherence.
• Device Fingerprint technology provides advanced device recognition capabilities, detecting suspicious activities and preventing unauthorized access. This robust security measure helps mitigate the risks associated with cyber-attacks and data breaches.
• Anti-Fraud Solutions monitor and analyze transactions in real-time to detect and prevent fraudulent activities. Utilizing sophisticated data analysis and machine learning algorithms, these solutions help fintech companies protect their customers and maintain a secure financial environment.

‍

TrustDecision has collocated with regulatory bodies and credit bureaus in Indonesia to enhance transaction security and financial inclusion. By integrating these advanced technologies, fintech firms can effectively meet complex regulatory requirements, enhance data security, and provide robust consumer protection.

‍