Key highlights of Indonesia’s new regulation relating to banks’ duty of confidentiality

19 March 2025

On 27 December 2024, Indonesia Financial Services Authority Regulation No. 44 of 2024 on Bank Secrecy (“Regulation No. 44”) came into effect. Regulation No. 44 replaces Bank Indonesia Regulation No. 2/19/PBI/2000 on Requirements and Procedures for Issuing Written Orders or Authorisations to Disclose Bank Secrecy (“Previous Regulation”).

This article provides an overview of Regulation No. 44.

Confidentiality

All banks (that is, commercial banks, small business banks, and Sharia small business banks) and their affiliated parties must maintain the confidentiality of information relating to depositors and their savings, as well as investment account holders and their investments. The inclusion of investment account holders and their investments as part of bank secrecy under Regulation No. 44 is an expansion of the scope of bank secrecy under the Previous Regulation.

Banks’ affiliated parties as referenced in Regulation No. 44 include:

  • commissioners (or their equivalent), the Sharia Supervisory Board, directors (or their equivalent), their proxies, and officers and employees of the bank;
  • those providing services to banks, such as public accountants, appraisers, consultants, including legal consultants;
  • those that directly or indirectly control the bank or are controlled by it;
  • those who directly or indirectly influence the management of the bank. This includes individuals related by marriage or descent up to the second degree members of the board of commissioners (or their equivalent), the Sharia supervisory board, the board of directors (or their equivalent), their proxies, officers, and employees of the bank.

Regulation No. 44 sets out exemptions to the obligation of confidentiality as did the Previous Regulation. However, the list in Regulation No. 44 is more comprehensive with the following new instances where the confidentiality obligation does not apply:

  • Civil cases involving banks and customers
  • Bankruptcy proceedings or asset winding-up
  • Mutual legal assistance in criminal matters
  • Tax-related financial information
  • BI’s monetary and financial stability framework
  • Deposit insurance and bank resolutions by the Deposit Insurance Corporation, and
  • Reciprocal international cooperation agreements.

Requests for disclosure

Banks are required to establish and maintain internal procedures for disclosing confidential information and must document all requests for and disclosures of confidential banking information.

Requirements and procedures relating to disclosure of information requests vary in accordance with its Indonesia Financial Services Authority (Otoritas Jasa Keuangan (“OJK”)) status as explained below. Requests can be submitted via email, in person, or via mail.

Requests for disclosure with OJK authorisation

Disclosure of specific matters involving confidential information requires written authorisation from OJK (“OJK Authorisation”), which must be requested by the competent institutions, such as the police, prosecutors, judges, other authorised investigators, or the Committee of State Receivables (“Committee”). These matters include requests for a bank to disclose information regarding monies and/or investments of suspects, defendants, convicted parties, or related parties in criminal matters, mutual legal assistance requests in criminal matters, and in the settlement of bank receivables handled by the Committee.

The relevant institution must seek OJK Authorisation via submission of its request to the Chairman of the OJK Board of Commissioners. Requests can be submitted via email, in person, or via mail. OJK will grant or deny authorisation within seven working days of receiving the complete request. In cases involving corruption, OJK will grant or deny authorisation within three working days of receipt of the complete request.

The relevant institution must submit its OJK Authorisation once granted to the bank. The bank must comply with the request by providing written statements, presenting written evidence, documents, and/or printouts of electronic data regarding the financial condition of depositors or investment account holders as specified in the OJK Authorisation. Banks are prohibited from disclosing confidential information except as specified in the OJK Authorisation.

Requests for disclosure processed by OJK

OJK can act as an intermediary for requests to disclose confidential information submitted by (a) institutions seeking information from banks, specifically for matters related to central government administration and the public interest, and (b) the counterparty of reciprocal international cooperation agreements.

In these circumstances, OJK considers the requests and if appropriate forwards it to the bank. The bank must comply with the request and provide the requested information to OJK. OJK will then provide the information to the requesting central government institution or counterparty to the reciprocal international cooperation agreement.

Direct requests for disclosure without OJK Authorisation

There are several matters that can be disclosed by the bank without OJK Authorisation. Such requests can be made by an interested party (such as customers and their legal heirs), competent institutions, such as the police, prosecutors, judges, other authorised investigators, and the Committee directly to the bank.

Examples of scenarios where a request for disclosure may be made directly to the bank are set out below.

Scenario

Request for disclosure

Required action

Civil cases
(Bank v Customer)

Bank’s Directors
(or equivalent)

Bank may provide the court with customer’s financial information and relevant details

Civil cases
(Customer or related matters)

Bank’s Directors
(or equivalent)

Bank must provide the court with customer’s financial information and relevant details if requested

Bankruptcy proceedings and asset winding-up

Receivers or liquidators (as ordered by the court)

Bank must provide information on customers’ savings and/or investments relevant to the case

Inheritance matters

Legal heirs

The bank must disclose the requested information upon request by a customer’s heirs who must submit proof of their inheritance rights.

Sanctions

Banks and affiliated parties that violate obligations of confidentiality and/or fail to maintain internal procedures will face administrative sanctions, such as a written warning. If a bank receives a written warning and continues to violate its confidentiality obligations, further sanctions may include regulators giving less weight to governance-related factors (such as the bank’s management quality, risk controls, and ethical standards) when evaluating the bank’s overall financial health or regulatory compliance.

If a bank has received these sanctions, affiliated parties who are key stakeholders of the bank may also face a ban from holding such positions. Affiliated parties who are key stakeholders are those who own, manage, supervise, and/or have significant influence over the bank, such as commissioners (or their equivalent), the Sharia supervisory board, directors (or their equivalent), and controlling shareholders.

If affiliated parties who provide services to a bank receive a written warning, they may also face a ban from providing services to banks and/or be proposed to the competent authority for the revocation or cancellation of their business license as a bank service provider.

In addition to a written warning, a reduction in the weight given to governance factors in assessing the bank’s health, and a ban from holding key stakeholder positions, banks and affiliated parties may also face fines as follows:

  • Commercial banks: IDR2 billion to IDR15 billion;
  • Small business banks or Sharia small business banks: IDR10 million to IDR100 million; and
  • Affiliated parties violating confidentiality obligations: IDR10 million to IDR15 billion.

More