The Indonesian government recently introduced a new omnibus law to regulate the financial sector. Law No. 4 of 2023 on Financial Sector Development and Strengthening (“P2SK Law”) was passed on 12 January 2023. It amends 17 laws in the financial sector, including the Banking Act, the Capital Markets Act, the Act on Trading in Futures Contracts, Government Debt Instruments Act, the Insurance Act and the Foreign Exchange Act, as well as the Bank Indonesia and Financial Services Authority laws. The P2SK Act also regulates some “new” financial products such as bullion, trust schemes, digital assets and a digital Rupiah.
This advice focuses on the P2SK Act’s chapter on technological innovation in the financial sector.
one. Products and activities
Financial sector technological innovation (Innovation Technology Sector Finance – “ITSK”) is regulated under Chapter XVI, from article 213 to 221 inclusive. ITSK is broadly defined as any technology-based innovation with an impact on products, activities, services and business models in the digital financial ecosystem.
ITSK has a large scope and covers:
- payment systems (eg, technological innovation in all payment processing stages, including pre-transaction, initiation, authorization, settlement, settlement and post-transaction activities);
- settlement of securities transactions (eg technological innovation in settlement processes, settlement processes and registration of ownership and custody services for money market and capital market products);
- shareholding (e.g. crowdfunding of securities through an electronic system operator);
- investment management (eg robo-advisors using advanced algorithms, as well as automated advice and management, algorithmic retailing);
- risk management (eg technological innovation in underwriting, claims management);
- raising and/or distributing funds (eg digital banking, peer-to-peer landing, funding agents, funding agents, project funding);
- marketing support (eg credit scoring, aggregators and e-Know-Your-Customer involving the use of artificial intelligence, machine learning, big data);
- activities related to financial assets that are stored or represented digitally (e.g. crypto-assets); and
- other digital financial services.
ITSK can be used to support economic and financial activities, including those based on Sharia principles.
b. Requirements for ITSK units
Entities that perform ITSK must either be financial institutions (lembaga jasa finangan – LJK) and/or other parties who conduct legitimate business in the financial sector. ITSK entities must be incorporated in the form of either a limited liability company or other legal entities. ITSK units must meet the following requirements:
- uphold the principles of good governance (including transparency, accountability, responsibility, independence and fairness);
- perform risk management (including active oversight by management, availability of policies, procedures and compliance with organizational structure, risk management processes and internal controls);
- ensure the security and reliability of information systems (including written policies and procedures for information systems, protection of data, fraud management, implementation of cyber security standards, regular audits of information systems);
- maintain consumer and personal data protection (including through education and financial literacy); and
- comply with applicable laws and regulations.
c. ITSK Supervision
ITSK is regulated and supervised by the central bank, Bank Indonesia (“BI”), and the Financial Services Authority (“OJK”) in accordance with their respective authorities.
The regulation and supervision is carried out according to the following principles: (a) balancing innovation and risk reduction, (b) digital economy and digital financial integration, (c) efficiency and best business practice, (d) consumer protection and (e) coordination of regulation and supervision between authorities.
BI and OJK have the authority to evaluate and seek clarification on the results of innovations developed by ITSK units. They are also allowed to evaluate fintech innovations through “sandbox” trials. For this, BI and OJK can regulate procedures and mechanisms for sandbox testing, in line with their respective authorities. As a reference, to date for the regulation of sandbox experiments, BI has issued regulation no. 23/6/PBI/2021 implemented by a member of the board member regulation no. 24/7/PADG/2022, while OJK has issued regulation no. 13/POJK .02/2018 implemented by circular no. 21/SEOJK.02/2019.
If a product, activity, service or business model generated by an ITSK unit passes the test and receives the necessary licenses or permits from the relevant authorities, the applicable regulatory, supervisory and sanctioning mechanisms will be moved to the relevant industry in which the ITSK operates. Conversely, if the result of a sandbox test is considered unsatisfactory, BI and OJK have the authority to implement follow-up measures. Furthermore, ITSK units are required to submit data, information and periodic or non-periodic reports to BI and OJK, which can then process, exchange and disseminate these through appropriate digital information systems.
d. association
ITSK units must comply with requirements to join a relevant association, as approved and regulated by BI and OJK, according to their respective authorities.
The rules laid down by each association for its members must be in line with regulations laid down by BI and OJK. The association shall conduct development and supervision of its registered members in accordance with their functions and roles, as determined by the competent authority.
e. Conclusion
The P2SK Act was issued with the aim, among other things, of supporting technological innovation within financial services, while at the same time protecting consumers and strengthening the financial sector in the midst of rapid digital development.
By regulating ITSK under the P2SK Act, the government provided a stronger legal basis for financial technology entities to make more innovations. Furthermore, the P2SK Act provides a clear relationship between fintech authorities and associations, delineating their respective rights and duties to promote an innovative financial sector. At the same time, it has established robust supervisory mechanisms to ensure the protection of consumers and personal data. This includes by providing a framework to eradicate illegal fintech activities.
The financial sector should now become more accommodating and adaptable to support innovation, including digital banking, peer-to-peer lending, online startups and cryptocurrency asset transactions. Companies in these sectors will have to adapt to the new rules, which will ultimately lead to greater stability, growth and public trust.