Evolution of fintech regulation in Indonesia

With the continued rapid growth of the financial technology sector, the government has been reforming its licensing regime to provide business opportunities while also protecting local interests

Many changes occurred in Indonesia in the past year, from the first case of covid-19 in early March, to the issuance of Law No. 11 of 2020 on Job Creation, commonly known as the Omnibus Law, in late 2020. The law will amend and revoke approximately 76 laws and regulations, including fintech regulation. This article discusses the relevant updates on fintech regulation in Indonesia.

Securities crowdfunding

On 11 December 2020, Indonesia’s financial services authority, Otoritas Jasa Keuangan (OJK) enacted OJK regulation No. 57 on securities crowdfunding (POJK 57), revoking a previous regulation in 2018 on equity crowdfunding. In general, POJK 57 expands the scope of crowdfunding to include equity securities in shares and other types of securities, such as debt securities and sukuk, or other convertible equity. Significantly, POJK 57 now allows Indonesian non-legal entities – as opposed to only Indonesian limited liability companies in the 2018 regulation – to participate as issuers. It brings an opportunity for small and medium-sized enterprises and startups to acquire a new source of income.

Peer-to-peer (P2P) lending

The country’s P2P business is covered in OJK regulation No. 77 on information technology-based lending (POJK 77). On 13 November 2020, the OJK published a draft of its regulation on P2P, which is planned to replace POJK 77, to provide more legal certainty on the P2P business model and protect the public interests. Some of the provisions in the draft are adopted from the existing OJK’s regulations in other heavily regulated business sectors such as insurance, securities, and multi-finance. According to the draft, the maximum loan granted by a lender, including a super lender and its affiliates, would be limited to 25% of the total annual outstanding loan.

Payment system

On 29 December 2020, the central bank, Bank Indonesia, issued a Bank Indonesia regulation, Peraturan Bank Indonesia (PBI) No. 22 on payment system (PBI 22), which is effective from 1 July 2021. The reform is intended to change the payment system regulatory framework from an institutional approach to an activity and risk-based approach. Under PBI 22, payment system providers are classified into:

1. 1. Payment services provider, or penyedia jasa pembayaran (PJP). These are banks or non-bank institutions that offer services in facilitating payment transactions to users such as account information services, payment initiation and/or acquiring services, account issuance services, and/or remittance services. A PJP company must obtain a licence from Bank Indonesia;
   2. Payment system infrastructure provider, or penyelenggara infrastruktur sistem pembayaran (PIP). These are parties that provide infrastructure for transferring funds and carry out clearing and/or final settlement. A PIP company must obtain a so-called appointment from the central bank.

PBI 22 also introduces foreign direct investment restrictions. PJP business is open to 85% foreign shareholding, provided that at least 51% of shares with voting rights, management control and veto rights are held by Indonesian shareholders. PIP business is only open to 20% foreign shareholding, provided that at least 80% of shares with voting rights, management control and veto rights are held by Indonesian shareholders. The calculation of the shareholding participation will be traced up to the ultimate beneficiary of the shareholders.

Crypto assets

Crypto assets have been acknowledged as a commodity in Indonesia through the issuance of Ministry of Trade regulation No. 99 of 2018 on general policy on crypto asset trading. As a follow-up, the commodity futures trading regulatory agency (badan pengawas perdagangan berjangka komoditi, or Bappebti) issued regulation No. 5 of 2019, on the trading mechanism for crypto assets, which was amended by Bappebti regulation No. 3 of 2020, on technical provisions for implementation of a crypto asset physical market in futures exchange.

Crypto assets can only be traded after fulfilling certain requirements set out by the Bappebti. The trading will be facilitated by a licensed future exchange, settled by a licensed clearing house, and conducted through the so-called crypto asset physical market, an electronic facility provided by the futures exchange, or owned by a crypto asset physical trader appointed by the futures exchange. To be appointed as a licensed futures exchange, clearing house and crypto asset physical market, the undertakings must fulfil the minimum capital requirement regulated by the Bappebti.

Digital gold

Trading of digital gold in Indonesia was first legalised through Minister of Trade regulation No. 119 of 2019. The Bappebti further regulated the trading process through Bappebti regulation No. 4 of 2019 (Reg 4), on technical provisions on implementation of digital gold physical market in futures exchange, as amended by Bappebti regulation No. 13 of 2019. Reg 4 requires a digital gold trader to fulfil certain requirements, including being a licensed futures exchange and clearing house member, and placing the physical gold in a designated gold storage manager.

The digital gold transactions that are allowed to be conducted are: (1) selling and/or purchase; (2) buying up to a specified amount of the gold that can be printed for collection; (3) fixed instalment with later delivery; (4) deposit; (5) printing; and (6) other transactions based on the needs and developments in digital gold trading.

Mutual funds

In Indonesia, a mutual fund in the form of a collective investment fund can only be offered and sold to investors by an investment manager. This is regulated under POJK No. 23 of 2016, as amended by POJK No. 2 of 2020, on mutual fund in the form of collective investment contract. Nevertheless, POJK 23 opens an opportunity for the investment manager to co-operate with other parties who have: (1) wide networks in their business activities to provide a point of sales or sales outlets; and/or (2) a credible electronic system.

POJK 23 also provides that the transaction of a mutual fund participation unit can be conducted digitally, either through an electronic system built by the investment managers themselves, or by co-operation with the third party.

Digital banking

Amid the fierce competition against fast-paced fintech companies and the customers’ lifestyles, banks are required to adapt and provide better facilities, especially related to IT services. Banks need to develop their business models to include digital banking, to enable their customers to carry out their banking activities online.

For this purpose, the OJK has issued a guideline for conducting digital banking by conventional banks. The guideline allows the banks to open digital branches where the customers can perform self-service banking activities. To open the digital branches, the banks will first need to add the digital branches in their business plan submitted to the OJK, fulfil the capital requirements, obtain approval of the OJK, and ensure that the security of their electronic systems support the digital branches.

In addition, the OJK has prepared a draft amendment of commercial banks’ business activities. The draft differentiates banking activities into: (1) basic products including fund collection, distribution, transfer and deposit; and (2) advance products including IT-based activities (e.g. electronic and digital banking services) and laku pandai (officeless financial services for financial inclusion). The draft requires banks to conduct a pilot review and obtain a licence from the OJK before launching a new advanced product, unless it fulfils the exemption criteria.

Personal Data Protection (PDP) Bill

The Indonesian government has prepared a PDP Bill to be an underlying agreement for personal data protection. The bill is expected to shed light on personal data protection requirements that apply to all sectors. As a general observation, the bill seems to adopt several of the EU’s General Data Protection Regulation (GDPR) principles.

The bill states that personal data processing may be carried out without obtaining consent from the data owner for purposes that are considered a “legitimate basis”. This concept mirrors the GDPR’s approach on the legal basis for data processing. This exemption for consent requirement will supersede the currently prevailing provisions that require electronic system operators to obtain consent from data owners.

The bill also introduces the classification of personal data, as follows:

1. 1. General personal data comprises full name, gender, nationality, religion, and/or personal data that could be used to identify an individual; and
   2. Specific personal data comprises health data, biometric data, genetic data, sexual orientation, political views, criminal record, and/or other data in accordance with the laws and regulations.

Freddy Karyadi is a partner, Anastasia Irawati is a senior associate, and Nina Cornelia Santoso is an associate at ABNR in Jakarta.

Ali Budiardjo Nugroho Reksodiputro Counsellors at Law (ABNR)
24/F Graha CIMB Niaga
Jl. Jend. Sudirman Kav. 58
Jakarta – 12190, Indonesia
Email: info@abnrlaw.com
Tel: +852 3628 9000

www.abnrlaw.com