In general, banking activities in Indonesia are supervised and regulated by Indonesia’s Financial Services Authority (“OJK”). The OJK is also responsible for supervising and regulating the activi-ties in the field of (i) capital markets, derivatives financial instruments, and carbon markets, (ii) insurance, guarantees and pension funds, (iii) financing institutions, venture capital, micro finance and other financial institutions, and (iv) technology innovation in the financial sector, including, digi-tal financial assets and crypto-assets.

Supervision of payment systems falls to the Indonesia’s central bank (Bank Indonesia, “BI”), a government body that is also responsible for the monetary sector and has the prime objective of achieving and maintaining stability of the Rupiah (IDR).

Banking resolution is handled by the Deposit Insurance Corporation (Lembaga Penjamin Sim-panan,“LPS”) in coordination with OJK and Bank Indonesia as well the Committee on Financial System Stability (Komite Stabilitas Sistem Keuangan,“KSSK”).

As stipulated in Law No. 7 of 1992 as amended from time to time, including, by Law No. 4 of 2023 on Financial Sector Development and Reinforcement, dubbed the Omnibus Law for the Financial Sector (the “Law 4/2023”) (the “Banking Law”), “accumulation of funds” from the public in the form of demand deposits, time deposits, deposit certificates, savings, or other forms of equivalent funds will need to be carried out by a party that has obtained a business license from OJK to oper-ate as a commercial bank.

Yes, the license granted would depend on the nature of the banks. Sharia and rural bank licenses differ from those of conventional banks. A bank engaged in forex transactions also needs to have a specific license. Furthermore, a non-Indonesian bank that is a licensed bank in a foreign country can establish a representative office in Indonesia.

By virtue of OJK Regulation no. No. 12/POJK.03/2021 on Commercial Banks (“OJK Reg. 12/2021’’), digital banks are now included. The regulation now allows commercial banks to run as banks that operate purely digitally and carry out their business electronically without physical branches except for one: the head office. Under OJK Reg. 12/2021, a digital bank may be set up through (i) the establishment of a new entity operated as a digital bank, or (ii) transformation of a conventional bank to become a digital bank

No, none of the activities described above form part of banking services under a business license, and trigger additional licensing requirements. For example, to carry out broker-dealer activities, or payment services, either as card-based payment related activities, e-money related activities, payment gateways, or e-wallets (generally, classified as payment services provider activities) banks need to apply for a license for this activity.

In general, banks can carry out the following activities under the Banking Law:

a. Gather funds from the public in the form of demand deposits, time deposits, deposit certifi-cates, savings, and/or other forms of equivalent funds.

b. Offer credit or financing activities based on sharia principles.

c. Carry out activities in payment systems.

d. Place funds in, borrow funds from, or lend funds to other banks, whether by using papers, means of telecommunication or demand drafts, cheques or other means.

e. Issue and/or undertake commercial paper transactions for its own interest or its custom-ers.

f. Provide a place to deposit valuable goods and papers.

g. Conduct foreign exchange activities.

h. Perform factoring company activities.

i. Undertaking custodial activities.

Perform other activities with OJK’s approval.

Yes, there is a regulatory sandbox specific to financial technology (fintech). In this case, fintech in Indonesia is separated by two regimes: (i) under BI, for fintech-related payment systems, and (ii) under OJK, for other fintech-related activities.

According to Bank Indonesia Regulation No. 10 of 2025 (“BI Reg. 10/2025”) and other applicable Bank Indonesia-related regulations, bank as one of the payment system services providers, are prohibited from facilitating the trading of virtual currencies as a digital financial asset, including crypto assets.

No, they do not constitute deposits per se from an Indonesian law perspective; they are not classi-fied as traditional deposits. Consequently, they do not fall under the deposit insurance scheme, such as that provided by the LPS, which is reserved for bank deposits.

However, regulatory measures under frameworks like OJK Regulation No. 27 of 2024 on OJK Regulation No. 23 of 2025 on the Organization of Trading Financial Assets Including Crypto Assets (OJK Reg. 27/2024) require crypto-asset traders to implement strict custody arrangements, in-cluding the segregation of client funds. Crypto-asset depository agencies must cooperate with a duly licensed insurance company to insure the crypto-assets stored by crypto-asset traders with them. Furthermore, crypto-assets in hot storage (or online) by Crypto-asset Traders must be in-sured by them.

At the time of writing, the current regulatory framework does not prescribe a specific risk weight exclusively for crypto assets held by licensed entities (presumably, referring to banks and other financial institutions) specifically for crypto asset holdings. Given the high-risk nature of crypto as-sets, market practice generally suggests that such exposures would attract risk weights compara-ble to other high-risk alternative assets. Licensed entities are expected to maintain robust capital buffers sufficient to absorb potential losses from adverse market movements, with their risk as-sessments reflecting the unique risk profile of crypto asset holdings.

Banking licenses are issued by OJK.

The issuance of a banking license involves two stages: issuance of (i) in-principle approval (to en-gage in preparation for the establishment of banks) and (ii) business license. Under OJK Reg. 12/2021, in-principle approval is valid for only six months from its issuance. Banks are further pro-hibited from engaging in any banking business until the business license is obtained.

It is difficult to determine average timing given that it may involve several turnarounds during the process of an application as determined by OJK. Assuming the application, along with its support-ing documents, is deemed satisfactory, a business license will be issued by OJK within 60 working days. The entire process may typically take around 6 months to complete. Despite the foregoing, in practice, OJK encourages every applicant wishing to enter the Indonesian banking market to acquire an existing business, rather than establish a new entity. In this respect, it is prudent for a potential buyer to allocate about 6 months to 1 year for the entire acquisition process.

Cross-border activity remains unregulated in Indonesia. Nevertheless, as mentioned in our re-sponse to point 2, the provision of banking services within Indonesian territory triggers the re-quirement of a banking license. As with foreign banks, they may perform some banking activities in Indonesia through a licensed branch. Indonesian banks can incorporate branches or offices abroad, after obtaining a license issued by OJK.

Commercial banks, as Indonesian legal entities, may be established and operate as the following entities: (i) limited liability company, (ii) cooperative, and (iii) region-owned limited liability company, with most banks operating in Indonesia as limited liability companies.

By virtue of amendments introduced by Law 4/2023, commercial banks can now only take a legal form as limited liabilities companies. This is anticipated, given most banks in Indonesia are operat-ing as limited liability companies. An exception applies to rural banks, which can be either a limited liability company or a cooperative.

The applicable bank regulations do not explicitly recognize the ring-fencing requirements on bank or banking groups. Nevertheless, Indonesian banking regulation does impose several principles that resemble ring-fencing requirements and limited forms of structural separation.

a. Limitation and separation of business activities

The banking laws and regulations implement mandatory legal separation for certain activities, which means that the licensed bank may only conduct core banking activities, while higher-risk or non-banking activities must be conducted outside the bank, typically through separately li-censed subsidiaries owned by the bank. A clear example of this separation is that Indonesian banks are permitted to conduct only retail banking activities and are prohibited from engaging in certain operations committed by the investment banks, such as underwriting and advisory on merger and acquisitions. The Banking Law further prohibits banks from carrying out insurance business activities, except for the marketing of insurance products pursuant to a cooperation arrangement with an insurance company according to the prevailing laws and regulations.

b. Limitation of equity participation conducted by banks

The Banking Law prohibits banks from injecting capital into companies that do not constitute fi-nancial services institutions, except when equity participation in the non-financial service institu-tions is conducted temporarily to address the failure of credit or sharia-based financing.

OJK Regulation No. 22 of 2022 as amended by OJK Regulation No. 26 of 2024 on Capital Par-ticipation Activities by Commercial Banks provides the permissible limit of equity participation which can be performed by commercial banks. The maximum total equity participation portfolio in all investees of a bank shall constitute 35% of the bank’s capital (which consists of core capi-tal and supplementary capital, as regulated under the OJK regulation on the minimum capital adequacy requirement for commercial banks and the OJK regulation on the minimum capital adequacy requirement for sharia commercial banks).

c. Limitation of ownership and control over banks

In principle, each party may only be a controlling shareholder in one bank. Where a party con-trols more than one bank, it must comply with the “single presence policy” by way of merger or consolidation, the establishment of a banking holding company, or the establishment of a hold-ing function, in accordance with the relevant OJK Regulation No. 39/POJK.03/2017 of 2017 on Single Presence Policy in Indonesian Banks.

In addition, the maximum shareholding structure for banks under OJK regulations on ownership limits (40% for financial institutions, 30% for non-financial legal entities, and 20% for individuals, subject to certain exceptions for the ownership of the Indonesian central government and bank rescue institutions) also operates in practice as a form of “ring-fencing” against the concentra-tion of shareholder power and serves to prevent a single party from controlling excessive risk within the banking sector.

Pursuant to OJK Regulation No. 17 of 2023 on the Application of Governance for Commercial Banks, an Indonesian bank is required to maintain a board of directors comprising at least 3 mem-bers, with one of directors appointed as the president director. The president director must be independent from the controlling shareholder. If necessary, other members of the Board of Direc-tors may be appointed as vice president director.

All directors must be domiciled in Indonesia. A majority of directors must have at least 5 years of operational experience as bank executive officers. The term of office of the members of the board of directors is determined for a maximum period of 5 years for each term, starting from the effec-tive date of appointment by the general meeting of shareholders.

Management oversight in banks is conducted by the board of commissioners. An Indonesian bank is required to maintain a board of commissioners comprising at least 3 members and no greater than or equal to the number directors in such bank, with one of the commissioners appointed as the president commissioner. If necessary, other members of the Board of Directors may be ap-pointed as vice president commissioner. At least one of the commissioners must be domiciled in Indonesia. The term of office of the members of the board of commissioners is determined for a maximum periof of 5 years for each term, starting from the effective date of appointment by the general meeting of shareholders.

The members of the board of commissioners must comprise independent and non-independent commissioners. The number of independent commissioners must constitute at least 50% of the total number of commissioners in the bank. An independent commissioner must possess adequate and relevant knowledge and experience in the banking and/or financial sector.

In addition to the board of commissioners, a Sharia bank is required to establish of Sharia supervi-sory board pursuant to OJK Regulation No. 2 of 2024 on the Application of Sharia Governance for Sharia Commercial Banks and Sharia Business Units. The Sharia supervisory board must com-prise at least 3 members and no greater than or equal to the number of the directors. One of the supervisory board members must be appointed as a chief.

Indonesian banks must establish and maintain the following committees to assist the board of di-rectors: (i) a risk management committee, (ii) a credit or financing policies committee, (iii) credit or financing committee, and (iv) information technology supervisory committee. The board of direc-tors may voluntarily form other committees based on the bank’s needs and complexity.

Indonesian banks are required to establish and maintain the following committees to assist the board of commissioners: (i) an audit committee, (ii) a risk monitoring committee, and (iii) a remu-neration and nomination committee.

In addition to the requirement to have independent commissioners, Sharia supervisory board and committees, other core features of good corporate governance for banks in Indonesia, among others, include the requirement to have compliance working unit, internal auditors and external auditors, and risk management.

Banks are subject to a set of operational‑resilience requirements that are primarily implemented through information‑technology (“IT”) risk management, cyber‑resilience, business‑continuity and governance obligations. These requirements implicitly cover critical or important business services, impact tolerances, and the management of operational disruptions.

a. Resilience expectations relating to critical or important business services

Pursuant to OJK Regulation No. 11/POJK.03/2022 on the Implementation of Information Tech-nology by Commercial Banks (“OJK Reg 11/2022”), banks must implement effective risk man-agement for all IT operations, which is the backbone of operational resilience, because disrup-tions to IT will directly impair critical business services. A bank is required to apply risk man-agement effectively in its IT operations, integrated into every stage of IT implementation, at least through identification, measurement, monitoring and control of risk. This must be support-ed by an adequate IT risk‑management information system. Operational resilience requires that information and systems supporting critical and important business services are kept secure so that services remain available, accurate and confidential.

b. A bank must ensure information security is implemented effectively and efficiently against hu-man‑resource, processes, technology and physical/environmental aspects across the entirety of IT implementation. The bank must ensure that the utilized communication networks meet confi-dentiality, integrity and availability principles. Given that critical services depend on network availability, this creates a direct operational‑resilience expectation.Impact tolerances

Impact tolerances are concretely implemented through mandatory disaster‑recovery planning and testing, which effectively establish and test the bank’s impact tolerances for disruption to critical services. In accordance with OJK Reg. 11/2022, A bank must have a Disaster Recovery Plan (“DRP”). The bank must ensure that the DRP can be implemented so that bank operations continue when disasters and/or disruptions occur to the IT facilities used.

The bank must test the DRP on all critical applications and infrastructure, in line with its busi-ness‑impact analysis, at least once per year and involving IT users. The DRP must be reviewed at least once a year.

Outsourcing in the banking sector is, in principle, permitted provided that it is limited to supporting functions and that the bank continues to apply the principles of prudence and effective risk man-agement, as stipulated under OJK Regulation No. 9/POJK.03/2016 on Prudential Principles for Commercial Banks that Outsource Part of Implementation of Work to Other Parties (“OJK Reg. 9/2016”).

a. Scope and definition of outsourcing in banking sector

Under OJK Reg. 9/2016, outsourcing is defined as the delegation of the execution of certain banking activities to a service provider company under a job contracting agreement and/or a manpower services agreement. The outsourcing constitutes solely a delegation of the perfor-mance of work and does not entail a transfer of responsibility. Accordingly, the bank remains fully responsible for all outsourced activities.

Banking activities are classified into core business activities and business supporting activities, each of which consists of core works and supporting works. Core activities consist of (i) collec-tion of funds from the public (funding), (ii) lending or financing, as well as (iii) buying, selling or guaranteeing at their own risk as well as for the benefit of and at the request of their customers. Meanwhile supporting business supporting activities shall include those relating to (i) human re-sources, (ii) risk management, (iii) compliance, (iv) internal audit, (v) accounting and finance, (vi) information technology, (vii) logistics and (viii) security.

b. Activities eligible and ineligible for outsourcing

Banks are only permitted to outsource supporting works within both the core business activity flow and the supporting business activity flow. Supporting functions eligible for outsourcing must meet the following criteria: (i) low risk, (ii) not requiring high-level banking expertise, and (iii) not directly related to decision-making processes affecting bank operations.

The implementing regulation clarifies that core functions, being functions without which banking operations cannot be properly conducted, such as credit analysis, account officers, tellers, cus-tomer service, risk analysts, and internal audit, are strictly prohibited from being outsourced, as elaborated in Circular Letter No. 11/SEOJK.03/2017 of 2017 on Prudential Principles for Com-mercial Bank that Outsources Part of Work to Other Parties (“OJK Circular 11/2017”).

Conversely, supporting functions are functions whose absence would not materially disrupt banking operations, including call center services, telemarketing, direct sales, loan collection, secretarial work, organizer, reception, cleaning services, security services, sales assist and couriers, drivers, and data input personnel.

c. Criteria and selection of service provider companies

Banks may only engage service provider companies that satisfy minimum eligibility require-ments, namely: being an Indonesian legal entity, holding a valid business license, demonstrating sound financial performance and good reputation, possessing adequate experience and human resources, and having sufficient facilities and infrastructure, as stipulated under Article OJK Reg. No. 9/2016. To ensure compliance with these requirements, banks are required to review corporate and licensing documents and conduct analyses and assessments of the service pro-vider’s financial condition, reputation, human resources, and infrastructure. Banks are further required to monitor and periodically evaluate the continued compliance of service providers at least once a year or at any time should there be changes in performance or reputation.

d. Outsourcing agreements and mandatory provisions

Outsourcing may only be carried out through a job contracting agreement and/or a manpower services agreement. Such outsourcing arrangements must be formalized in a written agree-ment between the bank and the service provider company, which at a minimum, must contain provisions on the scope of work, duration, contract value, cost structure and payment mecha-nism, rights, obligations, and responsibilities of the parties, performance standards, early termi-nation criteria, sanctions and penalties, and dispute resolution mechanisms.

From the perspective of customer protection and oversight, the agreement must grant the bank the authority to evaluate and audit the service provider, impose confidentiality and data security obligations, require periodic reporting, ensure regulatory compliance, and safeguard customer rights and interests. The agreement must require the service provider to maintain a contingency plan and to grant inspection access to OJK and/or other competent authorities in coordination with the bank.

e. Application of prudential principles and risk management in outsourcing arrangements

Banks are required to implement effective risk management in outsourcing arrangements, pro-portionate to the scale, nature, and complexity of the outsourced activities. At a minimum, such risk management must encompass active oversight by the board of directors and board of commissioners, adequacy of policies and procedures, comprehensive risk identification, meas-urement, monitoring, and control processes supported by appropriate management information systems, and a robust internal control system.

The board of directors is responsible for formulating and updating outsourcing policies, estab-lishing procedures, approving outsourcing plans, and overseeing and assuming accountability for the overall implementation of risk management and outsourcing activities. Meanwhile, the board of commissioners is required to approve and evaluate outsourcing policies, including any amendments thereto, and to assess the accountability of the board of directors in implementing outsourcing risk management.

f. Outsourcing of cloud service providers and reliance on critical third-party service providers

OJK Reg. 11/2022 permits banks to engage the third-party service providers in IT services, provided that the banks maintain the ability to supervise the implementation of the activities of the service providers. In the light of such obligations, banks are required to establish policies and procedures for the utilization of the third-party services providers. The regulation also specifies that types of services that may be outsourced to the third-party including, among oth-ers, cloud computing services.

The OJK now introduce the Regulation of the Board of Commissioners of the OJK No. 1 of 2026 (“OJK Commissioners Reg. 1/2026”) on IT Management by Commercial Banks will come intp force in March 2026. In addition to templates for various documents, appendices to this regulation feature a guideline for banks in organizing their IT, the applicable procedures for the submission of reports, and applications for securing relevant permits. OJK Commissioners Reg.1/2026, specifically relates to three main issues, namely (i) the utilization of IT services providers (Pihak Penyedia Jasa TI or “PPJTI”); (ii) the banks’ IT architecture; and (iii) data management and personal data protection requirements.

Indonesia’s ESG regime is underpinned by several principal regulatory instruments. However, these regulations are generally applicable across the financial services sector and do not yet specifically address the core operational activities of the banking industry.

As an initial framework, the OJK issued OJK Regulation No. 51/POJK.03/2017 on the Implementation of Sustainable Finance for Financial Services Institutions, Issuers, and Public Companies (“OJK Reg. 51/2017”). This regulation requires the integration of sustainability principles into busi-ness strategy, risk management, and reporting processes. Pursuant to OJK Reg. 51/2017, banks are obligated to prepare a Sustainable Finance Action Plan (Rencana Aksi Keuangan Berkelanjutan or RAKB) and to disclose their implementation progress through a sustainability report.

These obligations are further supported by OJK Regulation No. 14 of 2023 on Carbon Trading through Carbon Exchanges (“OJK Reg. 14/2023”) and OJK Regulation No. 18 of 2023 on the Issuance and Requirements of Sustainability-Based Debt Securities and Sharia Securities (“OJK Reg. 18/2023”), which establish financing mechanisms for environmentally sustainable projects applicable to financial services institutions, including banks.

In parallel, the environmental law framework under Law No. 32 of 2009 on Environmental Protection and Management, as amended by Government Regulation in Lieu of Law No. 2 of 2022 on Job Creation (“Law 32/2009”), imposes obligations on all business actors, including banks, to en-sure that financed activities comply with applicable environmental standards. In this context, banks are expected to assess the adequacy of environmental impact assessments (Analisis Mengenai Dampak Lingkungan or AMDAL) as part of their lending due diligence. A failure to conduct proper environmental due diligence may contribute to the financing of environmentally harmful activities.

Collectively, the intersection of the environmental and banking regulatory regimes establishes the legal and prudential foundation for requiring Indonesian banks to incorporate environmental risk management into their fiduciary responsibilities and regulatory compliance obligations.

Commercial banks must prepare a policy that considers effective risk management, banks’ financial stability, capital adequacy and capital strengthening, short-term needs and long-term liquidity and potential revenues in the future. The board of commissioners (with assistance of remuneration and nomination committees) monitors remuneration. The policy must include business scale, business complexity, peer group, inflation rate, condition, and financial capacity, while encouraging prudent risk-taking. The banks are required to disclose their remuneration policy in their annual report on good corporate governance, as required for commercial banks.

In accordance with OJK Regulation No. 45/POJK.03/2015 of 2015 on Implementation of Govern-ance in the Provision of Remuneration for Commercial Banks (“OJK Reg. 45/2015”), the bank may postpone the payment of deferred variable remuneration (malus) or withdraw variable remuneration that has been paid (clawback) to parties who are material risk takers (“MRT”) under certain conditions.

OJK Circular Letter No. 40/SEOJK.03/2016 of 2016 on Implementation of Governance in the Pro-vision of Remuneration for Commercial Banks (“OJK Circular 40/2016”) provides that during the implementation of malus and/or clawback arrangements, a bank should, at a minimum, take into account the following cautions:

a. The bank may apply malus, clawback, or a combination of both to deferred variable remuneration awarded to MRT. Such arrangements must be set out in the bank’s written remuneration policy.

b. The selection of the form of malus and/or clawback arrangement must be undertaken carefully, taking into consideration potential challenges in implementing the policy, including legal and tax aspects.

c. Malus or clawback arrangements may be applied by the bank under certain circumstances, including where the bank incurs losses, where risks materialize that have a negative financial impact on the bank, where fraud is committed by an MRT causing loss to the bank, or under other conditions as determined by the bank.

d. To mitigate legal and/or other risks that may arise from the implementation of malus and/or clawback arrangements, the bank must establish clear and detailed criteria governing their ap-plication.

Malus applies to variable remuneration that remains deferred and clawback applies to variable remuneration that has already been paid, in respect of members of the board of directors, members of the board of commissioners, or employees designated as MRTs, whether they are still employed by or have ceased employment with the Bank.

The portion of variable remuneration subject to malus may be paid in part or in full at a later date, or not paid at all. Accordingly, the bank must establish criteria to determine whether such variable remuneration subject to malus may or may not be paid.

In implementing clawback, the bank must determine the method for recovering variable remuneration from MRTs subject to clawback, whether such MRTs are still serving in office or have ceased to serve at the Bank. Methods for recovery may include, among others:

a. the MRT repaying the variable remuneration subject to clawback; and/or

b. deductions from entitlements to be received, such as salary and/or bonuses.

Yes, Indonesia has implemented the Basel III framework with respect to regulatory capital.

Indonesia has set out the obligations on minimum capital requirements for different banks’ risk profile grade, which is calculated based on bank’s risk-weighted assets. Such obligations are as follows:

• 8% of bank’s risk-weighted assets, for banks with grade 1 (risk profile),
• 9% – <10% of bank’s risk-weighted assets, for banks with grade 2,
• 10% – <11% of bank’s risk-weighted assets, for banks with grade 3, and
• 11% – 14% of bank’s risk-weighted assets, for banks with grade 4 or 5,

To determine capital adequacy according to bank’s risk profile, banks must have Internal Capital Adequacy Assessment Process (ICAAP). ICAAP is a method of a self-assessment for banks, which covers active supervision from the Board of Commissioners and Directors; capital adequacy assessment; monitoring and reporting; and internal control. After the banks carry out an ICAAP, OJK will evaluate the ICAAP result, which is called as Supervisory Review and Evaluation Process (SREP).

Indonesian commercial banks must meet the minimum threshold for first tier and second-tier capital, where the first-tier common equity (paid-up capital and disclosed reserves) being 4.5% of banks’ risk-weighted assets and first-tier capital being 6% of banks’ risk-weighted assets. The sec-ond-tier capital being a maximum of 100% of first-tier capital, either individually or consolidated with the banks’ subsidiaries.

Banks must set aside additional capital as a buffer against variations in economic and financial risk:

• a capital conservation buffer of 2.5% of the banks’ risk-weighted assets.

To align with OJK Reg. 12/2021, in 2022, OJK issued OJK Regulation No. 27 of 2022, the amendment to OJK Regulation No. 11/POJK.03/2016 of 2016 Mandatory Minimum Capital Requirements for Commercial Banks (“OJK Reg. 11/2016”), in which the term ‘BUKU’, which previously referred to banks with certain core capital according to their level business activity classification in its predecessor, has now been changed to ‘KBMI’, as referred to in OJK Reg. 12/2021 – which is the grouping of banks based on core capital capitalization.

Banks must adhere to capital conservation buffer requirements apply to any bank classified as ‘KBMI 2’, ‘KBMI 3’, or ‘KBMI 4’. KBMI 2 are banks with core capital of IDR 6 trillion to IDR 14 trillion; KBMI 3 have IDR 14 trillion to IDR 70 trillion, and KBMI 4 have core capital of more than IDR 70 trillion;

• a countercyclical buffer of 0% to 2.5% of bank’s risk-weighted assets (applies to all banks); or

• capital surcharge for systemic banks of 1% to 2.5% of the banks’ risk-weighted assets (applies to systemic banks. Systemic banks are defined as banks that may have systematic financial impact from various elements, including the amount in owned assets, capital levels and the ob-ligations that they hold, banks’ networks or relationships with other sectors, and the complexity of the bank’s transactions or services.

As to foreign banks branch offices, they must satisfy Capital Equivalency Maintained Assets (CE-MA), which is the fund that must be allocated to the bank’s financial assets. CEMA is set at a minimum of IDR 1 trillion.

Yes, banks are obliged to meet a mandatory leverage ratio, which should be calculated by comparing core capital against total exposure, as recorded in bank financial statements. The leverage ratio must not, at any time, fall below 3%. The leverage ratio must be calculated in Rupiah currency.

If commercial banks have subsidiaries, the mandatory leverage ratio applies to both banks, either as separate or consolidated entities. Commercial banks must also report their fulfillment of the leverage ratio to OJK, which should contain total leverage ratio exposure and leverage ratio calculations. The report is made quarterly in March, June, September, and December. This report must also be published on (i) a bank’s official website and 1 Indonesian newspaper, announcing the bank’s fulfillment of the quarterly reporting requirement.

Yes, Indonesia has implemented both Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio NSFR), forming part of bank liquidity risk policy.

As is the case in other jurisdictions, LCR aims to preserve a bank’s short term liquidity stability by ensuring that it has High Quality Liquid Assets (“HQLA”) by the estimated total net cash outflows over a 30-day stress scenario. Fulfillment of LCR of a minimum of 100% shows that banks have adequate liquidity.

For NSFR, commercial banks are required to maintain their liquidity adequacy using NSFR, which is set at a minimum of 100%. The value of NSFR is obtained by comparing the value of Available Stable Funding (“ASF”) with the value of Required Stable Funding (“RSF”). A bank’s ASF means the amount in stable liabilities and equity that remain in the bank within 1 year, while RSF means the total assets and off-balance sheet exposure.

In certain situations, such as financial crises, BI may provide emergency liquidity support to sys-temic banks under the KSSK decree, backed by government guarantees. See a similar discussion on this in our response to point 31 below.

Yes, banks are obliged to submit to OJK and make publicly available the following reports: (i) balance sheet and profit-and-loss accounts, (ii) risk exposure and capital, (iii) Information or Material facts, (iv) prime lending rate, and (v) other reports.

The above reports must be made periodically, as follows: balance sheet and profit-and-loss, on a monthly, quarterly and yearly basis risk exposure and capital, on a quarterly and yearly basis in-formation or material facts, on a supplementary basis prime lending rate, on a monthly basis other reports, annually

Yes, consolidated supervision of a bank exists in Indonesia. One function of the OJK is to imple-ment an integrated regulation and supervision system for all activity in the financial services sector. In this regard, OJK implements an integrated supervision model for a financial conglomerate. A financial conglomerate is a group of financial services institutions that relate to each other due to a relation in ownership and/or control. The financial conglomerate has a structure that consists of the financial holding company (parent financial services institutions of a financial conglomerate or non-financial services company appointed by the controlling shareholders of the financial conglomerate) and members of the financial conglomerate.

Members of the financial conglomerate refers to legal entities or companies owned or controlled by a financial holding company directly or indirectly, in the country or overseas; and may or may not conduct their business activities in the financial services sector.

A financial conglomerate comprises the following financial services companies:

1. banks;
2. insurance and re-insurance companies;
3.  securities companies;
4. financing companies;
5. infrastructure financing companies;
6. guarantee agency;
7.  pension funds;
8.  venture-capital companies;
9. pawnbrokers;
10. organizers of co-funding services based on information technology;
11. organizers of securities offerings through information technology-based crowdfunding ser-vices; and/or
12.  other financial services institutions.

Financial conglomerates should implement integrated good corporate governance and risk man-agement comprehensively and effectively. Further, the financial holding company must also regu-larly submit an assessment report and periodical reports to OJK on the implementation of such integrated good corporate governance and risk management. The purpose of this implementation of integrated supervision is generally to develop prudential principles compliance and to ensure effective supervision by OJK of any potential risk of the financial activities of the entities within the financial conglomerate.

The purchase of bank shares is considered to cause transfer of control in the event that: share ownership:

1. becomes 25% or more of the paid-up capital of the bank;
2. becomes less than 25% of the paid-up capital of the bank but determines directly and indirectly the management and/or policies of the bank;
3. become the largest in the bank, or
4. is not the largest but is able to determines directly or indirectly the management or policies of the bank

For the purpose of the acquisition or change of control of a bank, an approval from OJK is required on the change of control of the bank as well as a fit and proper test for the prospective controlling shareholder(s).

If the purchase of bank shares causes the ownership of a prospective shareholder to become 25% or more but does not result in a change of control of the bank, the prospective shareholder will still need to undergo a fit and proper test.

Yes, please refer to the elaboration below.

Maximum Shareholding in Commercial Bank

Pursuant to Regulation of Financial Services Authority No. 56/POJK.03/2016 on Share Ownership in a Commercial Bank (“Reg. 56/2016”), the maximum limitation on shareholding in a bank is de-termined by the following criteria:

1. shareholder categories:

A. 40% of the bank capital, for a bank financial institution and non- bank financial institu-tion;

B. 30% of the bank capital, for a non- financial institution;

C. 20% of the bank capital; 25%) of the bank capital (for a sharia bank) for individual shareholders.

2. relationship between the shareholders: Any shareholder having the following relationship status will be determined as 1 (one) party:

A. Ownership relation;

B. Family relationship up to second degree; and/or

C. Any cooperation or action to achieve the same purpose in controlling the bank (by act-ing in concert) or without written agreement so that such action or cooperation creates options rights to hold the shares.

The above limitation is not be applicable to:

1. Central Government; and
2. Institution functioning to handle and/or salvage the bank.

Requirements on Maximum Shareholding in a Commercial Bank

In order to obtain the maximum shareholding as described in Section II.1.1 above, prospective shareholders must obtain approval from the OJK. Specifically, several requirements are imposed on a prospective shareholder to obtain such maximum share ownership in a bank, which include:

1. Foreign controlling shareholder, to fulfill the following requirements:

A. Commitment to support economic development in Indonesia;

B. Obtain a recommendation from the relevant financial supervisory authority;

C. Have a minimum rating of:

I. 1 above the lowest rating of investment for a bank financial institution;
II. 2 above the lowest rating of investment for a non-bank financial institution;
III. 3 above the lowest rating of investment for a non-financial institution;

2. A bank financial institution may hold more than 40% of a bank’s capital provided that it:

A. Obtains Bank Soundness Level with a Composite Rate of 1 or 2 or other equivalent rate for a bank financial institution domiciled abroad;

B. Fulfills the Minimum Capital Adequacy Requirement (Kewajiban Penyediaan Modal Minimum,“KPMM”) based on the risk profile;

C. Core capital (tier-1) is at least 6%;

D. Obtains a recommendation from the relevant financial supervisory authority;

E. A financial institution that gone public;

F. Has a commitment to purchase equity notes issued by the Target Bank;

G. Has a commitment to acquire the bank within a certain period of time;

H. Has a commitment to support economic development in Indonesia.

A bank must fulfil the following criteria:

1. To go public to achieve public ownership at a minimum of 20% of the bank‘s capital within 5 years of the bank financial institution acquiring the shares upon OJK approval;
2. To obtain approval to issue equity notes.

Exemption on holding more than the Maximum Shareholding in a Commercial Bank

1. The general procedures to purchase the shares of a Bank are by way of:

A. purchasing the shares at the maximum threshold that is subject to its shareholder category;

B. increasing the shareholding threshold (subject to the approval of OJK), provided that the bank has a Bank Soundness Level of rating 1 or 2 for 3 consecutive years within the 5-year period.

However, this provision will not be applicable to any bank financial institution that held shares of the bank prior to 13 July 2012.

2. Shareholders may hold more shares than the maximum limitation, if they purchase the shares of:

A. i)a bank being handled or salvaged by the Indonesia Depository Insurance Corpora-tion; or ii) a bank with a special supervisor; in which within 20 years of the purchase, the shareholders will adjust the shareholding threshold pursuant to Reg 56/2016;

B. a bank under intensive supervision, in which within 15 years of the purchase, its share-holders will adjust the shareholding threshold pursuant to Reg 56/2016.

C. A bank that is the result of a merger or amalgamation from the origin bank with a good governance level rated 1 or 2. In the event that a bank that is a result of merger or amalgamation experiences the following:

I. decrease of Bank Soundness Level to rating 3, 4, or 5 within 3 consecutive years;

II. sells the shares at the initiative of the shareholders; the relevant controlling shareholders will then adjust its threshold pursuant to Reg 56/2016 within 10 years of the merger or amalgamation;

D. A bank that is the result of a merger or amalgamation from the origin bank with a good governance level rated at 3, 4, or 5; the shareholders will then adjust its share-holding threshold pursuant to Reg 56/2016 within 20 years of the merger or amal-gamation.

3. Based on Article 19 of Reg 56/2016, a shareholder may hold shares above the maximum limitation as provided in Reg 56/2016 subject to OJK discretion. Moreover, Reg 56/2016 stipulates certain administrative sanctions on shareholders who fail to adjust their maximum limitation on share ownership, from a warning letter to a suspension of business operations of the bank concerned.

The maximum foreign share ownership of an Indonesian commercial bank is 99%, and at least 1% of the Bank’s unlisted shares must be owned by Indonesian citizen(s) or entity(s).

No, there is no differentiation on the special regime for domestic and/or globally systemically im-portant banks. Generally, there only exist (i) failing banks with systemic impact; and (ii) a failing banks with non-systemic effect; this is applicable to all Indonesian banks.

Generally, depending on the type of violation, the following sanctions may be imposed on banks in the case of a violation of banking regulations:

a. Monetary fine;

b. Written warning;

c. Downgrading of bank’s soundness level;

d. Suspension of business activities of a bank’s branch office;

e. Freezing of the bank’s business license.

Recent financial reporting and governance regulations demonstrate a broad and increasingly har-monized administrative sanction framework, combining written warnings, business restrictions, governance‑related measures and substantial fines.

Under OJK Regulation No. 15 of 2024 on Integrity of Bank Financial Reporting (“OJK Reg. 15/2024”), a bank that breaches core obligations on financial reporting processes and controls is first subject to a written warning. If a commercial bank fails to cure the breach, the authority may escalate to business‑limiting sanctions such as prohibition to issue new products, freezing of cer-tain business activities, prohibition to expand existing business activities, prohibition to conduct new business activities, and reduction in the governance factor score within the bank’s soundness as-sessment. For rural banks, similar escalation applies but tailored to their profile, including tempo-rary suspension of part of operational activities, prohibition on business expansion, and reduction in governance factor assessment.

Beyond these non‑pecuniary sanctions, the authority can now impose significant monetary penal-ties for violations of core financial reporting integrity obligations. For commercial banks, a fine be-tween IDR 2 billion and IDR 50 billion may be imposed for each violation in addition to other admin-istrative sanctions. For rural banks, the fine ranges from IDR 10 million to IDR 100 million per viola-tion, also cumulative with other sanctions.

Senior management and board‑level individuals are also directly exposed. Directors, commission-ers, sharia supervisory board members and executive officers of commercial banks that breach their specific duties in the financial reporting process can be sanctioned with a ban on acting as a key party in financial institutions and/or individual fines between IDR 2 billion and IDR 50 billion per person. For their counterparts in rural banks, the individual fine range is IDR 10 million to IDR 100 million per person, also combined with possible bans as key persons. This personal exposure as a key development intended to strengthen accountability and deter governance failures in financial reporting.

A parallel pattern appears in OJK Regulation No. 17 of 2023 on Governance for Commercial Banks (“OJK Reg. 17/2023”). Banks must ensure adequate internal reporting supported by proper man-agement information systems to enhance decision‑making by the board of directors and oversight by the board of commissioners. Banks are expressly prohibited from exploiting or abusing financial engineering or legal engineering for the benefit of the bank or any party in a way that conflicts with sound bank management principles. Breaches of these obligations trigger the same structured escalation: an initial written warning, followed by, if non‑compliance persists, prohibitions on issuing new products, freezing of certain business lines, prohibition on business expansion, prohibition on new business activities, and adverse adjustment of the governance factor in the bank’s soundness rating. Where such governance failures occur, the authority may also impose fines between IDR 2 billion and IDR 50 billion for each violation on the bank and/or its controlling shareholders, in addi-tion to other sanctions under the same regulation. This confirms that high‑value fines are now an integral part of governance enforcement, not limited to late reporting.

Enforcement also targets influential parties outside management. The same governance frame-work obliges directors, commissioners, committee members, sharia supervisory board members, executive officers and employees to refuse and are prohibited from complying with instructions from shareholders, affiliated parties or other parties that would result in actions contrary to good governance, involve criminal conduct or potential criminality, or cause actual or potential loss to the bank. Conversely, shareholders, affiliated parties and others are expressly prohibited from request-ing or instructing these bank officers to engage in such misconduct. If these provisions are breached, the bank faces the same stepwise sanctions (written warning, then product and busi-ness restrictions and governance factor downgrade) and the possibility that key persons be banned from serving as key parties, while the bank and/or controlling shareholders may be sub-jected to fines between IDR 2 billion and IDR 50 billion per violation. Internal policies must also provide for sanctions against executive officers and other parties beyond key persons for such misconduct. This shows a holistic approach that anchors enforcement not only at entity level but also at the level of governance‑influencing stakeholders.

These newer regulations replaced earlier governance sanction schemes by broadening the span of applicable sanctions, adding new forms such as prohibitions on issuing new products, prohibitions on business expansion and new business lines, and more explicit governance factor downgrades, while maintaining and systematizing monetary fines within a markedly higher range. This differs from the previous regulatory framework where fines were mainly used for reporting delays or inac-curacies, with the new approach where fines up to IDR 50 billion can be imposed across the full spectrum of governance mandates. This evidences a conscious tightening of enforcement levers to promote better discipline and risk mitigation across the sector.

Recently, OJK has enacted OJK Regulation No. 38 of 2025 on Lawsuits by the Financial Services Authority for Consumer Protection Financial Service Sector which grants the authority of OJK to provide legal defense by filing a lawsuit for consumer protection. The lawsuit may be filed against a financial services institution that holds a license or has ever held a license from the OJK and/or another party acting in bad faith and causing harm.

The lawsuit shall be a lawsuit based on legal standing granted by law and is not a class action law-suit. Instead, the lawsuit shall be filed based on an unlawful act and on an assessment by the OJK. The lawsuit shall be filed in court without requiring a special power of attorney from the consumer.

The clients’ deposits will be protected by the LPS. It will insure bank deposits in the form of current accounts, term deposits, certificates of deposit, saving accounts, or other forms of deposit that are the equivalent of the aforementioned forms. Currently, the amount of deposits insured by LPS for each customer in a bank is set at Rp2billion.

The obligation for LPS to pay claims to depositors arises once the bank’s business license has been revoked. LPS is authorized to obtain data on the depositors and other information deemed necessary once the bank’s business license is revoked by OJK or the bank in order to proceed with the calculation and payment of insurance claims. Eligible deposits will thereafter be deter-mined by LPS after such reconciliation and verification of data obtained, within 90 working days from the day the bank’s license is revoked. LPS will then be obliged to start paying the eligible de-posits determined within 5 days of the date the reconciliation and verification began. In the event depositors also have loans from the bank, the insurance payment is made after the loans are sub-tracted from the deposits, as governed by the applicable laws and regulations.

LPS may suspend payments to depositors if they are suspected by LPS, OJK or any other law enforcer to have perpetrated a violation of the law which resulted in the loss or endangerment of the bank’s business, causing the bank to fail. Once this suspicion has been legally proven by the issuance of a legally binding decision, the claim is not eligible to be met. Nonetheless, this suspen-sion must be set aside and payment must be made, if it was proven otherwise. Furthermore, if based on the reconciliation or verification of data, (i) the deposit(s) are not recorded in the bank, (ii) the depositors are the parties that benefited from non-prudent banking practices, or (iii) the depositors are considered to be the parties responsible for the bank’s insolvency, the insurance claim shall be deemed as ineligible by LPS. Payment of insurance claims may be met in cash or with any other equivalent payment instrument in Rupiah currency.

As indicated in our response to point 1 above, resolution for a failing bank in Indonesia is handled by the Deposit Insurance Corporation (Lembaga Penjamin Simpanan, “LPS”) in coordination with OJK and BI, as well as KSSK.

Indonesia’s bank resolution framework is governed primarily by Law No. 9 of 2016 on the Preven-tion and Resolution of Financial System Crises, as amended by Law No. 4 of 2023, along with its implementing regulations, including OJK Regulation No. 5 of 2024 on the Determination of the Status of Supervision and Problem Handling of Commercial Banks (“OJK Reg. 5/2024”). Indonesia is a member of the Financial Stability Board (FSB) and implements FSB Key Attributes of Effective Resolution Regimes under these laws.

As stipulated in Law of the Republic of Indonesia No. 9 of 2016 on Prevention and Handling of Monetary System Crisis, as amended by Law 4/2023 (“Law 9/2016”), the systemic bank should develop a recovery plan which comprises the obligation of the ultimate shareholders to conduct bail-in (e.g. convert the debt to equity). OJK Reg. 5/2024 mainly governs recovery actions taken by banks while facing crisis related to capital, liquidity, profitability, and asset quality.

Failure in profitability aspects can be addressed through cost efficiency programs, sale of fixed assets, and/or other recovery options, such as increasing collection activity. Meanwhile, issues caused by low asset quality can be resolved through credit restructuring, productive asset write-offs, and/or other recovery options, such as transfer of credit collection rights (cessie).

If those measures are implemented and the bank continues to face challenges that threaten its business continuity and cannot be restored to a stable condition by OJK within its authority, OJK will designate the bank as a bank under resolution. Written notification of this designation will be provided by OJK to the bank, LPS, and BI accordingly.

As discussed in point 31 above, Law 9/2016 provides a bail-in tool in bank resolution in Indonesia which also applicable to banks that deal with mere liquidity crisis. According to this law, during the banking restructuring program, LPS is authorized, among other things, to: (a) require the share-holders of the bank to inject additional capital in accordance with a calcula-tion determined by LPS, (b) convert the bank’s liability to certain creditors into the bank’s capital, or (c) sell, auction or as-sign the bank’s receivables or hand over the management of such receivables to another party without any approval from the debtors.

The bail‐in tool is intended for use when a bank is fundamentally failing and cannot be stabilised through conventional recovery measures. It is not applied in situations of a temporary liquidity cri-sis, such as a breach of LCR, where liquidity support from Bank Indonesia or other short-term recovery options would be more appropriate.

A bank classified as one with systemic impact will be required to maintain a capital surcharge, which is additional capital to reduce the negative impact of financial and economic system stability in the event of failure of a bank with systemic impact by increasing the bank’s capability to absorb the loss.

The amount of capital surcharge will be within the range of 1% to 3.5% of Risk Weighted As-sets of the bank and will be determined based on a classification of the bank as having a systemic im-pact. This capital surcharge must be fulfilled using common equity tier I.

The above requirement shall be applicable for all types of banks.

In Indonesia, there is no specific “senior managers regime” like in some other jurisdictions. Howev-er, the OJK’s fit and proper test requirements, as discussed in point 24 above, will also apply to members of board of directors and board of commissoners.

With the enactment of the Law 4/2023, the Government confirms their commitment to support the digitalization in the banking industry by reconfirming the implementation of open banking where banks are allowed to open access to data and information of its customers to other financial ser-vices providers including operator of technology innovation in the financial sector based on the approval or for the interest of the customers through certain system or platform.

Additionally, to promote a healthy banking system, particularly within the sharia banking sector, the OJK will impose the obligation for sharia commercial banks and sharia business units to meet the minimum LCR and NSFR; these will be set out under a new regulation. While these obligations have long been applied to conventional banks, the OJK finally will impose this obligation on sharia banking as well. On a similar note, following the introduction of leverage ratio obligation for com-mercial banks in 2019, the OJK is currently preparing a similar regulation, targeting sharia com-mercial banks to have the same obligations of maintaining leverage ratio. Reflecting on the previ-ous cyclical financial and economic crises, excessive leverage in the banking system poses risks for exposures recorded in the financial position report and for exposure to administrative transac-tions in the bank’s commitments and contingencies report. Therefore, imposing banks with lever-age ratio obligation may prevent banks from having excessive leverage conditions.