Indonesia Financial Services Authority issues new regulation on FinTech
27 March 2024
On 16 February 2024, Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan “OJK”) issued Regulation No. 3 of 2024 on the Implementation of Technological Innovation in the Financial Sector (“Regulation 3/2024”). Regulation 3/2024 came into effect on 19 February 2024 and revokes and replaces OJK Regulation No. 13/POJK.02/2018 regarding Digital Financial Innovation.
This article highlights the key points of Regulation 3/2024.
Overview and scope
Financial technology (“FinTech”) innovation is undertaken by FinTech Innovation Providers (“FIPs”). To act as an FIP, entities must be actively involved in technology-driven innovation affecting products, services, activities, and business models within the digital financial ecosystem. They must operate as financial services institutions or other entities involved in financial activities and be legally established as limited liability companies or other appropriate legal entities.
Regulation 3/2024 seeks to enhance OJK’s regulatory and supervisory roles in overseeing FinTech by implementing the prudential principle to uphold financial system stability, market integrity, and consumer protection, as stipulated in Law No. 4 of 2023 on the Development and Strengthening of the Financial Sector.
“FinTech innovation” (“FI”) includes securities transaction settlement, capital raising, investment management, risk management, fund collection and distribution, market support, activities related to digital financial assets, including crypto assets, and other digital financial services.
Regulation 3/2024 sets out the framework for the regulation and supervision of FI implementation, including provisions for creating a testing and development environment (commonly known as a sandbox), licensing, monitoring, evaluation, financial education, consumer protection, personal data protection, institutional aspects, and FI activities, including those conducted by third-party supporters.
FIPs that have been approved to participate in the sandbox and passed the sandbox process must either submit a business license application to OJK or, if determined by OJK, conduct a registration to OJK before submitting the business license application.
Requirements for FIPs
Registered FIPs or FIPs with a valid business license must:
- join the designated association of FIPs appointed by OJK;
- independently conduct evaluations;
- have human resources with expertise and background in both information technology and finance;
- utilise tools to streamline OJK’s supervisory processes and ensure compliance;
- submit monthly, annual, and incidental reports to OJK;
- develop a strategic plan for their electronic system aligning with their business plans;
- establish data centres and disaster recovery facilities within Indonesia;
- uphold the integrity and accessibility of personal, transactional, and financial data from receipt to disposal;
- maintain the confidentiality and security of consumer data and information;
- prioritise good institutional governance principles; and
- implement programs to combat money laundering, terrorist financing, and the proliferation of weapons of mass destruction within the financial services sector.