What are the sources of payments law in your jurisdiction?
In Indonesia, two main bodies supervise payment systems and the financial sector. Payment systems are supervised by Indonesia’s central bank (Bank Indonesia, ‘BI’), which plays a role as the country’s payment systems regulator and oversees all monetary and financial stability matters. The Financial Services Authority (‘OJK’) supervises and regulates banking activities, capital markets, and financial services in insurance, pension funds, financial institutions, and other financial services in Indonesia. BI mandates the regulatory landscape for payments. The payment systems regulatory framework has experienced revolutionary change across the sector, impacting all providers. It aims to simplify the industry via recent BI regulations: BI Regulation No. 22/23/PBI/2020 on Payment Systems (‘BI Reg. 22’) in conjunction with BI Regulation No. 23/6/PBI/2021 on Payment Service Providers and BI Regulation No. 23/7/PBI/2021 on Payment System Infrastructure Providers, all of which came into effect on July 1, 2021.
Can payment services be provided by non-banks, and if so on what conditions?
Yes, non-bank financial institutions (‘NBFIs’), as legal entities (limited liability companies, ‘PTs’), may offer payment-related services. BI Reg. 22 now provides a new classification that categorizes providers into one of two categories:
- Payment Services Providers (‘PSP’): banks or NBFIs that provide services to facilitate payment transactions to service users; and
- Payment System Infrastructure Providers (‘PSIP’): banks or NBFIs that operate infrastructure as a means to move funds for the benefit of their members.
PSPs may engage in activities that include:
- provision of sources of funding information, including for initiating payments, with user approval;
- initiation of payments or acquiring services, including forwarding payment transactions;
- administration of fund sources, including executing the authorization of payment transactions; and/or
- remittance services, including accepting and executing fund transfer instructions where the source of funds does not originate from accounts administered by the remittance providers
PSP licenses fall into 3 categories, which depend on the activities of the PSP: (i) Category One, that permits PSP to conduct all activities above, (ii) Category Two, that allows the activities of administration of fund sources and initiation of payments or acquiring services, and (iii) Category Three, that only allows remittance services or other activities as permitted by BI. With the new regulations, BI has shifted its traditional licensing approach from entity-based to now activities and risk-based.
PSIPs are responsible for organizing clearing or final settlements in the interest of PSIP members, which comprises PSPs, PSIPs, and other parties as determined by BI.
NBFIs need to secure a business license with BI and satisfy specific conditions, in particular for PSPs, which include adherence to institutional, capitalization and finance, risk management and information system capability ground rules.
Key requirements under the new regulations include the new reduced foreign participation and control requirements, in which PSPs are required to have a minimum of 15% Indonesian shareholding, with 51% voting rights held by Indonesian investors in non-bank PSPs.
This means that even if a foreign investor holds a majority of the shares, majority voting rights must be held by Indonesian investors; if veto rights affect the operations of the PSPs (including the right to nominate a majority of the members of the boards of directors and commissioners), such rights must be held by Indonesian investors.
Non-bank PSIPs must now have a minimum 80% Indonesian shareholding, with 80% voting rights to be held by Indonesian investors.
What are the most popular payment methods and payment instruments in your jurisdiction?
While the traditional payment method, i.e., cash, is still the prime choice, transactions using debit and credit cards, bank transfers and, especially e-moneys and e-wallets as payment instruments, have skyrocketed with the government encouraging cashless means of payment, particularly amid the Covid-19 public health emergency
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
Open banking in Indonesia has yet to be implemented, although the notion is included in BI’s new strategic framework, the 2025 Indonesia Payment Systems Blueprint (‘BI Blueprint’), which was issued in 2019. The BI Blueprint specifies five initiatives for the next five years to create a more effective and streamlined system for payments, which comprise: (i) open banking, (ii) retail payment systems (and a Quick Response Code Indonesia Standard (QRIS) code system), (iii) market infrastructure, (iv) data and (v) regulatory licensing and supervision. These initiatives are to be implemented by five different working units under BI.
Specifically for open banking, BI prioritises standardization and implementation of the open Application Programming Interface (API) to enable the interlinking of payment services providers and other players; this is implemented under Regulation of the Board of Governors No. 23/15/PADG/2021 on the Implementation of the National Standard for Open Application Programming Interface in Payments (“BI Reg. 23/15”). BI developed the national standard for open API (‘SNAP’) along with the industry stakeholders to cover (i) the technical and security standards, data standards and technical specifications, as published on the Developer Site, as well as the (ii) SNAP governance guidelines for interconnected and interoperable open API payments.
Under BI Reg 23/15, an open payment API services providers are PSPs that provide open API payment services based on SNAP, and the open payment API services users are other PSPs or other players who uses open API payment services based on SNAP for their own use or on behalf of its customers. Through the issuance of BI Reg. 23/15, The SNAP standards are enacted by virtue of the Board of Governors of Bank Indonesia Decree No. 23/10/KEP.GBI/2021.
BI Reg 23/15 stipulates mandatory registration for the open payment API services providers and users and developers to SNAP’s Developer Site and verify their systems and undergo a security system testing to comply with SNAP standards. Any other relevant parties will be featured on the Developer Site after the registration and verification.
Furthermore, in implementing open banking, customer data is the main concern, as BI addresses customer data protection (including customer consent and dispute resolution), risk management, and technical aspects, as issued under Regulation of the Board of Governors No. 23/17/PADG/2021 on Procedures for the Implementation of BI Consumer Protection, i.e. BI Regulation No. 22/20/PBI/2020 on the BI Consumer Protection (“BI Reg. 22”).
Along with BI, OJK issued a financial sector master plan for 2021-2025 in December 2020, which focuses on five main priorities that include the acceleration of digital transformation in the financial services sector, including open banking.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
Personal Data Protection (PDP) Law was finally passed on 20 September 2022, it is largely modelled on the European Union’s General Data Protection Regulation (GDPR). The existing data privacy legislation, i.e., the Electronic Information and Transactions (EIT) Law (Law No. 11 of 2008, as amended by Law No. 19 of 2016), and Ministry of Communications and Information Technology (MCIT) Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems, will remain in force to the extent they do not conflict with the PDP Law.
Under the EIT Law and its implementing regulation, the acquisition, collection, processing, analysis, storage, display, disclosure, transmission, dissemination, and deletion of personal data in electronic systems must be based on written and/or electronic consent from the personal data owner. In addition to the said stipulation, the PDP Law creates additional important rights for the personal data owner that include the right to withdraw consent, restrict processing, and object to decision-making based solely on automated processing, including profiling.
Data collection, use, and disclosure within the financial services sector mirrors in practice the EIT regime. For banks, under the Banking Law (Law No. 7 of 1992, as amended by Law No. 10 of 1998 and Law No. 11 of 2020 on Job Creation), banks are prohibited from disclosing information on their customers to third parties, except in specific circumstances as mandated by law, i.e., for taxation purposes, debt settlements, criminal proceeding purposes, civil lawsuits between banks and customers, interbank information exchange, and inheritance. Under BI Reg. 22, banks must obtain written customer consent before disclosing their personal data to third parties.
The above is further refined in the newly issued OJK’s consumer protection rules, OJK Regulation 6/POJK.07/2022 on Consumer Protection in the Financial Services Sector, that revokes its antecedent, OJK Regulation No. 1/POJK.07/2013 as amended several times (“OJK Reg. 6”). OJK Reg. 6 provides that financial institutions (banks, business players in capital markets, insurance, pension funds, finance companies, and other financial institutions) are prohibited from providing third parties with data and/or information on their own customers except where (i) customers provide written consent to it; and/or (ii) the provision of the data and/or information is required by law. Some new rules are included in the OJK Reg. 6, one of the key changes includes prohibition on the marketing of products to prospective consumers through personal communication facilities, unless prior consents from said customers are obtained by the financial institutions.
In addition, as part of their risk management protocol, pursuant to OJK Regulation No. 44/POJK.05/2020 on Implementation of Risk Management for NBFIs, and its implementing regulations, NBFIs must manage their risks, including to control and maintain security over their assets, business and customer data.
Further, to provide better protection to consumers and the public in general, OJK recently introduced several services that may be utilized by financial services customers (or their representatives) and the public, comprising the following: (i) Information retrieval and submission services; (ii) Dispute-based complaints services; (iii) Violation-based complaints services; and (iv) an integrated consumer service system. The new integrated consumer service system is initiated to provide a platform where consumers or the public may file financial services related to OJK. Under these new services, among others, OJK provides facilitation dispute resolution where customers may file complaints with OJK, and OJK may facilitate the settling of the dispute, provided that such complaints meet certain criteria.
Specifically for payment systems, under BI Reg. 22, PSPs (players engaging in businesses that include card-based payment instruments, e-money, e-wallets, and fund transfer) are also bound to maintain the confidentiality of customer data, and are prohibited from disclosing it to other parties, unless they have obtained prior written customer approval, or if disclosure is required by the prevailing law and regulations.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
Yes, to support the country’s fintech ecosystem, BI and OJK create regulatory sandboxes to serve as a testing mechanism to assess the reliability of fintech business models, financial instruments, and governance. In Indonesia, fintech is separated by two regimes: (i) under BI, for fintech-related payment systems, and (ii) under OJK, for fintech-related lending and all other aspects of fintech (digital financial innovation).
OJK also launched an innovation hub through its OJK Infinity (Innovation Centre for Digital Financial Technology), aiming to encourage more innovation within the financial sector while facilitating engagement with the regulator. Through its platform, the Electronic Gateway for Digital Finance Information Systems (Gesit), OJK facilitates fintech industry stakeholders to make a reservation for a consultation with OJK Infinity and to access the recent developments of fintech in Indonesia.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
The regulatory framework would remain a challenge to fintech players; with a rapidly expanding fintech sector and a complex market, the regulations, and policies often have not caught up with growing fintech trends and the technological changes. Only in recent years has the fintech sector been regulated. Hence, BI and OJK have taken a more industrial and collaborative approach, and fintech players are encouraged to be more proactive in building relations with the regulators to help develop the country’s digital economy and finance ecosystem.
What tax incentives exist in your jurisdiction to encourage fintech investment?
At the time of writing, there were no specific tax incentives for fintech players.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
Overall, the recent trend would be the ‘new economy’, which comprises tech, consumer services, payments, neobanks, wealthtech and insurtech also have been showing a rising trend. The latest hot deals within the area include Flip (payments), reportedly raised US$ $48m in Series B, PayFazz (payments) that just raised US$ 100m in Series C, Dana (payments) announced that it will receive total new investment of US$ 250m from Sinarmas Group and Lazada, while Bibit and Ajaib (both investment app), reportedly secured over $80m for Bibit and $153m raise for Ajaib, which made them one of the country’s latest unicorns.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Indonesia remains an untapped market opportunity to investors; there is room to grow, with regulators still pushing regulatory sandboxes in an effort to achieve a balance between innovation and regulation. Going forward, we can expect the convergence of fintech developments, and it will continue to revolutionize the provision of banking and financial services in the country.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
There is no quota in the fintech sector for foreign individuals working in Indonesia. The general rule is that foreign individuals are welcome to work in Indonesia in fintech areas. The employment of expatriates for work in Indonesia falls under the category of employment for a fixed term. The rationale behind this is that foreign workers must obtain a valid permit to work in Indonesia and the permit is only issued with maximum validity of 12 months, extendable.
Foreign investment fintech companies are allowed to employ expatriates, subject to the prevailing laws and regulations on recruitment of foreign workers. An employer must hire at least 1 Indonesian employee for every expatriate employed, to act as the expatriate’s counterpart. Furthermore, the employer must obtain a feasibility assessment result approval of expatriate manpower utilisation plan as the master document to obtain an individual work permit (in the form of an expatriate manpower utilisation plan) for every expatriate employed. The expatriate must then obtain a limited-stay visa and permit to stay in Indonesia lawfully. Expatriate workers are entitled to the same protection under the relevant Indonesian labour laws and regulations as Indonesian employees, except in the event of termination, they will not be entitled for any severance or compensation. They will only be entitled for indemnification, if their employment contract is terminated before its due expiry, which amount should be equivalent to their remaining salary throughout their employment contract period.
With the Covid-19 situation, it is worth mentioning that as of 15 September 2022, the Directorate General of Immigration (‘DGI’) has finally allowed foreign visitor from certain countries to visit Indonesia (i) without Visa or (ii) by applying Visa on Arrival at the entry point. This Visa free or Visa on Arrival facility can be used for, among others, business or meeting.
For application of work permit for foreigner, it should be noted that the Ministry of Manpower has accepted the work permit application, but up to the time of writing, the application is still limited only for foreigner who will work (i) in projects qualify as National Strategic Projects or National Vital Objects, or (ii) for specific reasons and is urgent in which a recommendation from the relevant ministry is required. While for other sectors, as of the time of writing no new work permit application can be processed yet.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
Please refer to number 11.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
While Indonesian IP laws do not have specific provisions for fintech, IP rights may be protected by way of various methods, i.e., patents, trademarks, trade secrecy, industrial design and copyright (software protection).
The registration of patents, marks, industrial design and the recordation of copyright is applied for at the Directorate General of Intellectual Property (‘DGIP’) of the Ministry of Law and Human Rights.
Patents
Patent protection in Indonesia is regulated by Law No. 13 of 2016 on Patents (as amended by Law No. 11 of 2020 on Job Creation), for which Fintech players may opt for patent protection, in which a patent is an exclusive right granted to an inventor for its invention in the field of technology for a certain period to implement the invention itself or provide approval to other parties to implement it.
Here, the term ‘invention’ should refer to the inventor’s idea that is poured into a specific problem-solving activity in technology in the form of a product or process, or improvement and development of a product or process. Patent, however, will be granted solely to inventions that are notably (i) new, (ii) contain inventive steps; and (iii) can be applied to industry. Inventions do not include (a) aesthetic creations; (b) schemes; (c) rules and methods for carrying out activities that involve mental activity, games and business; (d) rules and methods that contain only computer programs; (e) presentation of information; and (f) discovery in the form of new uses for existing or known products; or a new form of an existing compound that does not result in a significant increase in efficacy and there is a known difference in the related chemical structure of the compound.
Marks
Mark protection is governed under Law No. 20 of 2016 on Mark and Geographical Indication (as amended by Law No. 11 of 2020 on Job Creation). For the purpose of obtaining an exclusive right to a Mark, a Fintech company may register its Marks with the DGIP. According to the Mark Law, a Mark is a sign that can be presented graphically in the form of picture, logo, name, word, letter, number, colour composition, in two-dimensional form, sound, holograms, or a combination of two or more of such elements to distinguish the goods or services produced by a person or legal entity in the trading of goods or services.
The exclusive right of a Mark is obtained upon the registration of the Mark applied for. However, the Mark is protected upon the submission of a Mark application. That is to say that any subsequent similar Mark application submitted by another party will be rejected by the DGIP since the Mark registration adopts a first-tofile approach. Upon obtaining the exclusive right to a Mark from the government of Indonesia for a period of time, a Mark owner will be entitled (i) to use their own Mark; (ii) to give consent to another party to use the Mark; and (iii) to forbid other parties from using the Mark.
Trade Secrets
A Trade Secret according to Law No. 30 of 2000 on Trade Secrets is information that is not known to the public in the technology and/or business sector, that has economic value because it is useful in business activities, and is kept confidential by the owner of the Trade Secret. Protection of Trade Secret covers production, processing, or selling methods, or other information in the field of technology and/or business.
A Trade Secret is the only IP regime that is offered unlimited time protection for as long as the secrecy is maintained. There is no requirement for registration or recordation to obtain a Trade Secret right. If a trade secret is revealed to the public, the Trade Secret right disappears.
In Fintech practice, many valued aspects are protected by owners since these can bring profit to the company such as business methods, ideas, lists of clients with their details, etc. Prior to giving secret information to a prospective client, contractor, or investor, a Fintech company can ask them to enter into Non-Disclosure Agreement. For employees, a Fintech company should add confidentiality and intellectual property clauses in the employee agreement.
Industrial Design
Since the appearance of goods greatly influences the sale value of a product as well as their serviceability, it is also good to know that any equipment used in the practice of Fintech can add value to the company. Some examples used that can be protected as Industrial Property are designs on electronic cards, computer or machine interfaces. Industrial Designs may also contribute to the distinctiveness of a brand.
Industrial Design in Indonesia is regulated by the Law No. 31 of 2000 on Industrial Design. Under this Law, Industrial design is a creation for the shape, configuration or composition of lines or colours, or a combination of lines or colours in three- or two-dimensional forms, which create an aesthetic impression, can be realized in three- or two-dimensional patterns and can be used when manufacturing a product, goods, an industrial commodity, or handicraft items.
Copyright
For copyright recordation, software, as IP, is protected under Law no. 28 of 2014 on Copyright. Software is a set of instructions expressed as language, code, schema, or any form intended for a computer to perform certain functions or achieve particular results. A fintech creator may opt for copyright recordation to gain exclusive rights over its creation such as mobile banking applications, application programming interface structures etc.
While copyright recordation is not mandatory to obtain a copyright, it is recommended as recordation serves as a means to facilitate verification in any dispute between the creator/the copyright holder and any party who challenges its provenance. Copyright for a computer program is valid for 50 years from its announcement. An announcement is made in writing or through a broadcast or exhibition via any device, electronic or non-electronic, or in such a way that the creation can be read, heard or seen by others.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
In Indonesia, cryptocurrencies are classified as commodities. The government allows the trading of crypto asset commodities; therefore, it is subject to oversight under the authority of BAPPEBTI (a government agency under the Ministry of Trade that regulates futures trading). BAPPEBTI has issued several regulations that concern the futures trading of crypto assets.
The key players involved in the physical crypto-asset futures market are Bappebti, Futures Exchanges, Crypto-asset Clearing Agencies, Crypto-asset Traders, and Crypto Asset Depository Agencies. BI strictly prohibits the use of virtual currencies (including cryptocurrencies) by all payment system operators in Indonesia. Cryptocurrencies are not recognized as a legitimate payment instrument in Indonesia.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Initial coin offerings in Indonesia remain unregulated under Indonesian laws and we do not foresee it will change anytime soon, especially if BI continues to maintain its stance to prohibit the use of virtual currencies as legitimate means of payment in Indonesia.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
BI is engaged in establishing the country’s own central bank digital currency (CBDC) and is working to launch a CBDC pilot program and provide legal backing for a digital version of the Rupiah. BI will regulate the use of digital Rupiah as legal tender alongside banknotes in Indonesia. At present, BI has yet to announce the blockchain platform or technology for the national digital currency, or when it will begin to test its pilot project. Reportedly, the government will soon issue the white paper of the CBDC.
Within the recent years, apart from the whooping increase in the number of domestic investors and transactions, Indonesia has shown greater interest in blockchain and crypto industry as Indonesian business undertakings have also been eagerly launching many blockchain-based projects that offer varying uses cases. One of these are: metaNesia, which is a metaverse project backed by the country’s state-owned information and communications technology company, i.e., PT Telkom, aims to promote small, and mid-sized enterprises to compete with foreign online service providers, for now, it focuses on creating digital products such as ‘meta’ concert, land and commerce. BeKind, which is the first blockchain-based donation initiative in the country, they also launched its own token (K1ND) built on the Binance Smart Chain network. Hara, a blockchain-based data exchange for the food and agriculture sector. Paras, one of the many local blockchain-enabled digital art card marketplace for NFTs.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Indonesian banks are reported to have been experimenting with artificial intelligence (AI); nonetheless, they are still in the early phases of its implementation. Banks are looking to set up AI technologies and complex data analytics to facilitate paperless and signatureless transactions for their customers. AI is also used in fintech solutions such as robo-advisory services, AI-driven credit scoring, and regtech.
One of the Indonesian largest state-owned banks, PT Bank Rakyat Indonesia Tbk (BRI), stated that they have been developing the use of AI under the name of BRIBrain, for their credit underwriting process and fraud and risk analytics that can be used to detect any anomaly in cash withdrawals made by any of their customers through the ATMs
From a regulatory perspective, the use of AI is encouraged in the adoption of biometric data (fingerprints, iris scans and passport photos), which are classified as a part of personal data collected during a resident’s registration process, and stipulated in Regulation of the Minister of Domestic Affairs No. 95 of 2019 on Information Systems for Residential Administration. Although at present, laws and regulations that recognize and embrace the use of AI are quite small, Indonesian laws, in general, adopt a technology-neutral approach and business players may reap the benefits of deploying and developing AI in the Indonesian market. In fact, we view that AI implementation in Indonesia, in the long run, would not only offer new fintech solutions, but, potentially, resolutions for automation of consumer protection, market supervision, and prudential regulation. In the financial sector alone, we have seen small steps towards AI integration, with OJK recognizing biometric technology for identification of consumer data as a means of electronic know your consumer (e-KYC) and also through the introduction of OJK Suptech Integrated Data Analytics (OSIDA) in March 2022, as the implementation for the development of supervisory technology (suptech) for automatic reporting data analysis of financial institutions.
Furthermore, Bappebti under its prevailing crypto-assets regulation (Bappebti Regulation No. 8 of 2021 on Guidelines for the Operation of Physical Crypto-asset Markets in Futures Exchanges) introduces RegTech for Crypto-asset Traders (i.e., the typical crypto-asset exchange/platforms) in undertaking the principles of Know-Your-Customer (KYC) and Customer-Due-Diligence (CDD) and/or Enhanced-Due-Diligence (EDD), with qualifying criteria using face recognition with that is integrated with biometric data.
While we have yet to see any specific guidelines on the use of AI in the financial sector, OJK published a digital finance innovation ‘road map’ and action plan for 2020 and 2024. OJK is planning to issue regulations that support the use of AI and machine-learning algorithms to ensure the safe development of the system and manage the risks that arise from the use of AI, such as personal data handling. The government further has issued a national strategic framework to guide the nation in developing AI across the board between 2020 and 2045. With the national AI strategy, Indonesia is set to focus its AI projects in various sectors, including education and research, healthcare, e-commerce, smart cities plans, and public services. The new national strategy demonstrates the government’s agenda to embrace AI technology and reform the country as an innovation-based country.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
To date, insurtech is regarded as a fintech cluster and is classified as Digital Financial Innovation (DFI) under the supervision of OJK. The regulator classifies insurance technology-related innovations into four fintech clusters: insurance aggregator, insurance broker marketplace, insurtech and insurance hub. Currently, five insurtech-related businesses are recorded at OJK. Insurtech-related businesses operate as limited liability companies (PTs).
OJK recently announced the preparation of a regulatory framework for insurtech that aims to address products and services of insurtech/digital insurance brokers, IT standards, and human resources qualifications, among others. While insurtech has yet to benefit from a comprehensive regulatory regime, the market is growing.
Are there any areas of fintech that are particularly strong in your jurisdiction?
Digital payments (e-money and payment gateways, in particular) and peer-to-peer (p2p) lending still emerged as the two most significantly growing sectors, and dominate the fintech landscape in Indonesia, while fintech market aggregators have also become a popular trend in fintech clusters recently.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
While fintech continues to grow in the Indonesian market, incumbent financial institutions (conventional banks, in particular) are developing digital financial technology to catch up with fintech players and aim to improve efficiency and better customer experience. These range from digital channel products (internet banking, mobile banking, e-money, and e-wallets), AI chatbots and digital assistants, and big data analytics for fraud detection.
The rise of digital banking in response to the growing customer demand in the country is also partially due to the regulatory framework that actually promotes this transformation, in this case, OJK Regulation No. 12/POJK.03/2018 on the Organization of Digital Banking Services by Commercial Banks (‘OJK Reg 12/2018’). OJK Reg 12/2018 accommodates the needs of integrated various IT-based banking services. OJK Reg 12 sets out various provisions that address the implementation of electronic banking services and digital banking services by commercial banks, in which banks that intend to issue either electronic or digital products must secure approval from OJK. The regulation further highlights the importance of product innovation, cooperation with partners, customer protection, and risk management for banks running its IT-based banking services.
OJK Reg. 12/2018 is also playing a part in stimulating the recent rise of digital banking in Indonesia, which led OJK to issue 2 new regulations to address the technology concerned: (i) OJK Regulation No. 12/POJK.03/2021 on Commercial Banks (‘OJK Reg. 12/2021’), and (ii) OJK Regulation No. 13/POJK.03/2021 on the Organization of Commercial Banking Products (‘OJK Reg. 13/2021’).
The market further shifted to a more collaborative approach between banks and fintechs. There are numerous instances of banks opening up their APIs that allow their systems to be integrated with fintechs and facilitate financial transactions. Likewise, other financial institutions, in this case, multi-finance companies, also are encouraged – even prescribed by regulation (OJK Regulation No. 35/POJK.05/2018 on the Implementation of Multi-Finance Business, as amended) – to cooperate with registered or licensed fintech lending companies for channelling or joint-financing services.
On the other hand, p2p lending players in Indonesia, as required by OJK Regulation No. 10/POJK.05/2022 of 2022 on Information Technology Based Collective Financing Services, must activate a virtual account at Indonesian banks or cooperate with licensed payment gateways to support their business. The virtual account or a payment gateway is used by the borrower to pay off the loan or the lender to receive its repayment, which will be linked to the escrow account of the operator.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Incumbent financial institutions in Indonesia actively operate their own fintech development or in-house team. Lately, many traditional banks have started to acquire smaller scale commercial banks and convert them to digital banks; for example: PT Bank Central Asia Tbk with its subsidiary PT Bank Digital BCA that operate as a digital bank, BRI with PT Bank Raya Indonesia Tbk, and PT Bank Mega Tbk with PT Allo Bank Indonesia Tbk. PT Bank Negara Indonesia Tbk (BNI) also recently completed the acquisition of PT Bank Mayora with the intention to convert it into a digital bank.
While the previous trend for banks to launch their own digital banking services also still continues where almost all commercial banks now have their own digital platform channel, such as Mandiri Livin’ under PT Bank Mandiri Tbk that operates as a super app that provides not just banking services but also commercial services such as purchasing train and flight tickets, BRI with its BRIMO and Bank CIMB Niaga with its Octo Mobile.
Are there any strong examples of disruption through fintech in your jurisdiction?
There are many examples of fintech disruption in Indonesia, but the most potent example is the rise in digital payments and p2p lending, especially for digital payments, where the incumbent players also took part in transforming the country from traditional payment systems towards a less-cash and more-digital economy. The online lending market (currently, solely p2p lending) has also risen as the new financing alternative for retail customers over the incumbent financial services and is challenging traditional funding models, in particular, impacting the micro-lending sector. The digital banks boom in recent years in the country also demonstrates that disruptive technologies have emerged as an opportunity for incumbent banks.
The rise of digital banks in Indonesia (which are operated by traditional/conventional banks) shows that the incumbent banks support digital adaptation of the current business model. Although the number of digital banks is relatively small today, it is expected to grow in the near future, especially under OJK Regs. 12/2021 and 13/2021, which serve as the regulatory framework of digital banks.
OJK Reg. 12/2021 clarifies the term ‘digital banks’, meaning banks that purely operate digitally and carry out their business through electronic channels without physical branches except for one, the head office. Under this definition, in Indonesia, digital banks are not like typical ‘neobanks’ or ‘virtual banks’ that have emerged in other jurisdictions where the operation is 100% online without the need for traditional bricks-and-mortar branches; since digital banks must have one (1) physical branch as its head office.
OJK Reg. 12/2021 further stipulates that a digital bank may be set up through (i) the establishment of a new entity operated as a digital bank, or (ii) transformation of a conventional bank to become a digital bank. Currently, the digital banking market in the country has shown considerably more interest in the latter: the conventional-to-digital conversion of traditional banks.
Notable examples include Bank Jago (previously PT Bank Artos Indonesia Tbk, now owned by Indonesia’s first large unicorn, Gojek), SeaBank (formerly PT Bank Kesejahteraan Ekonomi) acquired by Singapore’s SEA Group, and Neobank Commerce (formerly PT Bank Yudha Bhakti Tbk), with Akulaku, an Indonesian financial institution (backed by Alibaba affiliate, China’s Ant Group), as controlling shareholder.
Through the new regulatory landscape of digital banks, the Indonesian banking market may expect the continued rise of digital banks to lead to more disruption to a once comparatively staid industry.
Indonesia: Fintech
This country-specific Q&A provides an overview of Fintech laws and regulations applicable in Indonesia.
What are the sources of payments law in your jurisdiction?
Can payment services be provided by non-banks, and if so on what conditions?
What are the most popular payment methods and payment instruments in your jurisdiction?
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
What tax incentives exist in your jurisdiction to encourage fintech investment?
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
What protections can a fintech use in your jurisdiction to protect its intellectual property?
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
Are there any areas of fintech that are particularly strong in your jurisdiction?
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Are there any strong examples of disruption through fintech in your jurisdiction?