Contributed By Hiswara Bunjamin & Tandjung
Indonesia is widely perceived as an under-tapped market for FinTech opportunities, largely due to its population of over 260 million people, relatively high smartphone usage and internet penetration, and affordable mobile data (priced lower than in most other Association of Southeast Asian Nations countries). With approximately 50% of the adult population not possessing a bank account and accordingly having limited access to financial services, innovative FinTech businesses are generally encouraged by the Indonesian government, which presently advocates various long-term policy goals aimed at promoting financial inclusion and the development of SMEs.
In Indonesia, e-money and peer-to-peer lending companies dominate the landscape in terms of maturity level, although the regulations and market practices in relation to the former are more settled and sophisticated than those relating to the latter. E-money activity has existed in Indonesia for around ten years and major players such as banks and telecommunication companies have expanded their business into this sector to offer this service to their customer base.
In relation to peer-to-peer lending, based on the statistics of Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan, or OJK) issued on 27 December 2018, the aggregate amount of loans disbursed through peer-to-peer lending platforms had reached approximately IDR15.9 trillion by October 2018.
Digital platform and e-commerce businesses have also been well received in Indonesia by businesses and consumers. Over the last twelve months there has been continuing interest from foreign investors in these businesses. There are currently four unicorn digital platform and e-commerce start-up companies in Indonesia, namely Traveloka, Go-Jek, Bukalapak and Tokopedia. Go-Jek, a ride-hailing start-up company, will potentially be the first decacorn start-up company in Indonesia, with a valuation of near USD10 billion. Although digital platform and e-commerce businesses are growing rapidly, their growth is still constrained by the low credit card ownership rate, making online payments more difficult for some Indonesians. Technology innovations in payments and the financial sector as a whole are therefore necessary to provide solutions to these challenges and there is an increasing amount of interest in the 'virtual credit card' space.
On 31 December 2018, OJK issued a regulation on equity crowdfunding that enables small to medium-scale companies to sell their shares through electronic platforms. This vertical is still in its early stages in Indonesia and it is possible that this model will see increased traction from users and interest from investors during 2019.
The FinTech sector in Indonesia continues to grow as legacy financial services business models are ‘modernised’ and investor interest in the sector remains steady. Regulators find themselves in a constant race to keep up with these evolving FinTech business trends. In the next twelve months, more of the same can be expected; that is, continued foreign investment in FinTech start-ups and more established FinTech players and regulators continuing to work together with the FinTech business players (eg, through the FinTech associations) to introduce new regulations covering recent innovations in the FinTech sector.
E-money is the first regulated FinTech activity in Indonesia and it now has a relatively strong and clear regulatory foundation. Many major legacy players in the banking sector (Bank Mandiri, Bank BCA and Bank BRI) and in the telecommunications sector (XL Axiata, Telkomsel and Indosat) have expanded their businesses to include e-money offerings to their broader customer base. However, since e-money is a payment-related activity, the Indonesian government is, generally speaking, more protective of this sector than other FinTech sectors, as evidenced by the introduction of a 49% foreign ownership limitation under a central bank of Indonesia (Bank Indonesia, or BI) regulation issued in May 2018. This has slowed down foreign investor interest in this sector, which was previously open up to 100%.
At a high level, the e-money business model in Indonesia is similar to e-money services in other countries. E-money exists in banking computer systems for legacy players and other online systems (such as marketplaces) for new players. The value of the e-money is backed by fiat currency and it can be exchanged in lieu of fiat for goods or services for convenient electronic uses. E-money can also be physically transferred back into fiat money through banking computer systems (via ATMs, branches, etc).
In light of the ongoing needs of Indonesians (particularly the ‘unbanked’) for credit and the strict regulatory framework associated with traditional lending services, many new FinTech players in the last 12 to 24 months have sought to offer peer-to-peer lending services to Indonesian consumers. As of December 2018, there were 88 companies registered with OJK as peer-to-peer lending platform-providers.
To be a traditional lender providing on-balance sheet loans, companies generally require a multifinance or banking licence and their loan application and approval processes tend to be more rigid. On peer-to-peer lending platforms in Indonesia, the peer-to-peer platform-provider itself is prohibited from providing on-balance sheet loans (ie, it cannot be a lender on its own platform) and should merely function as an intermediary party between the lender and the borrower. Given the nature of the peer-to-peer lending business in Indonesia and given that the lenders in this space do not have to be licensed lending entities (eg, they can be individuals), the requirements for obtaining credit from a peer-to-peer lending platform are less onerous, but the interest rate is generally higher than traditional lending schemes. Peer-to-peer lending platforms are limited to a maximum of 85% foreign ownership (see below for more detail).
BI regulates matters relating to payment in Indonesia, focusing on monetary policy and payment system stability as a whole. Payment-related FinTech activities such as e-money, electronic wallets, payment gateways and other payment system-providers are under the purview of BI. E-money has been regulated since April 2009 and, following a 2018 amendment to the relevant regulation, has a stricter foreign ownership limitation compared to other regulated FinTech activities, being a maximum of 49% for foreign investment (the remaining 51% must be owned by local shareholders).
E-wallet (the functionality of which is often paired with e-money business activities in Indonesia) and payment gateway activities were first regulated in November 2016 and are presently 100% open for foreign investment. The e-wallet functionality is viewed as different to e-money by Indonesian regulators as an e-wallet is not a payment instrument itself. Rather, an e-wallet is a feature to store customers’ payment instruments (which can be in the form of debit card, credit card, or e-money information).
Another regulatory body, OJK, has the authority to regulate matters relating to non-payment financial services; for example, in the banking, capital markets, insurance, pension fund and financing sectors. Accordingly, FinTech innovations in these sectors, including digital banking and peer-to-peer lending services, fall under OJK’s purview. Peer-to-peer lending was the first FinTech activity regulated by OJK. The relevant regulation was issued in December 2016. As mentioned above, a peer-to-peer lending-platform is subject to a foreign ownership limit of 85%. OJK also issued a regulation on equity crowdfunding in December 2018. To date, no foreign ownership limitation has been applied for equity crowdfunding.
See 2.5 Jurisdiction of Regulators on the possibility of overlapping jurisdiction.
In general, the regulatory framework applicable to legacy players engaging in traditional financial services activities (whether payment or non-payment) tends to be stricter than those that are applicable to new FinTech players; ie, more onerous licensing, 'know your customer' (KYC), minimum capital injection and reporting requirements, etc. This is largely due to the different nature of the business and monetary limitations applicable to these players, as well as the Indonesian government’s desire to promote financial inclusion by relying on (among others) the FinTech industry. To clarify, legacy players in traditional payment or non-payment activities can generally disburse or manage higher amounts of money than those in the FinTech sector that are subject to stricter financial limits and this might have been yet another reason for the different stringency of the regulations.
By way of example, peer-to-peer lending players in Indonesia are prohibited from carrying out any on-balance sheet lending. They may only manage off-balance sheet lending. On-balance sheet lending may only be performed by traditional financial institutions such as banks and multi-finance companies. Another example is that e-money accounts may only store a value of money not exceeding IDR2 million (for unregistered users) or IDR10 million (for registered users) and their aggregate monthly transaction value is limited to IDR20 million. Such limitations do not apply to traditional payment instruments such as debit or credit cards.
Aside from monetary limitations such as the above, regulation of the FinTech sector is more ‘relaxed’ than traditional financial services, which is in line with the Indonesian government’s policy aimed at developing the FinTech industry to promote longer-term financial inclusion and the establishment of SMEs.
The rapid growth of innovations in the FinTech sector has resulted in certain FinTech activities not being regulated. Regulators have responded by issuing regulations introducing a ‘sandbox’ as a ‘catch-all’ regulation for all (previously unregulated) innovative FinTech activities.
On 30 November 2017, BI introduced a regulatory sandbox through Regulation No 19/12/PBII/2017. This sandbox is broad enough to capture all activities utilising technology in the financial services sector that leads to the use of new products, services, technology or business models that might affect monetary stability, financial system stability or payment system efficiency, security or dependability.
OJK followed in the footsteps of BI by issuing OJK Regulation No 13/POJK02/2018 on 16 August 2018, which introduced a separate regulatory sandbox for digital finance innovations. Digital finance innovations are defined as any 'digital' activity aimed at innovation in business processes, business models or financial instruments that brings added value to the financial services sector.
As the first regulatory sandbox introduced in Indonesia, the BI sandbox appears to capture a wide range of activities and innovations, including those relating to sectors that are regulated by OJK. However, now that OJK has introduced its own sandbox, digital finance innovations, particularly those in respect of non-payment activities (ie, transaction settlement, fund-raising, investment management, crowdfunding and distribution, insurance, market support and other digital finance support), are all now subject to OJK’s sandbox. There is no hard-and-fast rule to determine which unregulated activity falls under which regulator (and therefore which sandbox it will be subject to).
In general, BI and OJK require all business players conducting unregulated FinTech activities to register with BI or OJK, as the case may be. Following registration, their activity will be included in the regulatory sandbox for assessment by the relevant regulator (ie, BI or OJK). The relevant regulator will assess and supervise the activities, then decide whether they (i) should be approved (by BI, OJK, or any other applicable authority) for use in Indonesia, (ii) need to be modified, or (iii) are not recommended for use in Indonesia. This process is also intended to help the regulators to develop the FinTech regulatory framework in Indonesia.
Based on BI's website, one company has successfully passed the regulatory sandbox.
However, for OJK’s regulatory sandboxes, various news sources indicate that 67 companies have entered or, at the time of writing, were due to enter OJK’s regulatory sandbox by February 2019. However, unlike BI, no official announcement has been made by OJK on its website.
With respect to FinTech activities that have been specifically regulated by BI or OJK, such activities will fall under the jurisdiction of BI or OJK. As mentioned above, BI has jurisdiction over FinTech activities relating to payment systems (eg, e-money, e-wallet, payment gateway) and OJK has jurisdiction over non-payment FinTech activities (ie, peer-to-peer lending and equity crowdfunding).
Overlapping of jurisdiction between regulators can occur in relation to FinTech activities that have not been specifically regulated. As mentioned above, OJK and BI generally require companies engaging in unregulated FinTech activities to register with BI or OJK so that the unregulated FinTech activities can be included in their regulatory sandbox assessment. However, since there is no specific regulation pertaining to such FinTech activities, then until OJK or BI issues the relevant regulatory sandbox assessment result, companies will still need to rely on the existing regulations and jurisdictions that are of closest relevance to the unregulated activity. The determination of the appropriate regulators would largely depend on the precise nature of the unregulated activity in question.
To take one example, platforms where people can obtain information about and buy various financial products are not yet specifically regulated, although these platforms are already on OJK’s radar. A company engaging in these activities would typically obtain a business licence as a digital platform-provider through the online single submission (OSS) system administered by Indonesia's Investment Co-ordinating Board (Badan Koordinasi Penanaman Modal, or BKPM). In addition, the company would also likely be required to register its platform with the Ministry of Communication and Informatics (MOCIT) to obtain an Electronic System Provider Registration Certificate (Tanda Daftar Penyelenggara Sistem Elektronik, or TDPSE).
Companies engaging in regulated FinTech activities are allowed to co-operate with third parties in conducting their business activities subject to certain requirements under applicable laws.
For example, an e-money issuer will require prior approval from BI to engage in co-operation with third parties in relation to:
Co-operation between e-money issuers and merchants is also required to be notified to BI. The relevant regulations on e-money provide minimum requirements for these types of agreements, such as the use of Indonesian language, minimum rights and obligations of parties, dispute resolution mechanism, transaction settlement, etc. These agreements must be submitted to BI.
E-wallet and payment-gateway licence-holders must also obtain approval from BI for their co-operation with third parties. However, regulations applicable to these activities do not specifically define which type of co-operation will require approval or notification to BI. Therefore, this requirement currently applies broadly and case-by-case consultations with BI will be required in this case.
OJK regulations applicable to peer-to-peer lending platforms, on the other hand, only state that these companies may co-operate with third parties for the purpose of data exchange to increase their service quality; however, no further requirement or other type of co-operation is provided under such regulation. Again, this results in the necessity for case-by-case consultations with OJK. It should be noted that a draft OJK circular letter sets out other types of co-operation that peer-to-peer lending platforms can enter into, such as e-KYC service providers, but it had not been issued at the time of writing.
In general, co-operation must be conducted by FinTech licence-holders with properly licensed third parties enabling them lawfully to conduct their rights and obligations under the relevant co-operation. A case-by-case analysis has to be made as to whether the particular activities can be outsourced and, if yes, which third-party service-provider (whether regulated by the same regulator or not) is best qualified to perform such activities.
In August 2018, OJK revoked the registration status of five peer-to-peer lending companies that did not comply with the peer-to-peer lending regulation. There has been no official publication on the specific breach committed by these companies and only general statements were issued by OJK, stating that the companies did not satisfy the requirements prescribed under OJK regulations on peer-to-peer lending.
In addition to the above, according to news sources 231 unlicensed peer-to-peer lending platforms were blocked by OJK in January 2019. A total of 635 peer-to-peer lending platforms were blocked by OJK in the period from January 2018 to January 2019. OJK uses software such as Google-Play Store and social media platforms such as Instagram to screen for unlicensed FinTech activities. These blocked platforms will be included in OJK’s blacklist, which may cause them to be unable to apply for a peer-to-peer lending registration certificate or licence.
Previously, FinTech companies operated in grey areas as they were not subject to any specific KYC regulation, although some might argue that FinTech companies should still perform KYC checks to comply with the general anti-money laundering law that applied to legacy players and FinTech companies. It is now clear that BI and OJK also expect FinTech companies to conduct KYC checks, although in practice the implementation may still be uneven (especially in contrast to the stringent KYC checks performed by legacy players). To keep up with technological developments, the regulations have also been amended to give more flexibility for e-KYC to be performed. The same OJK regulation for KYC applies to (among others) banks and peer-to-peer lending platforms, but the latter have until early 2021 to comply with the regulation. In the meantime, peer-to-peer lending platforms still have to comply with the KYC requirements set out in the peer-to-peer lending regulations.
Regulations issued by MOCIT on digital signature also provide a strong regulatory framework for FinTech business schemes, as well as the requirements for FinTech players to certify their electronic systems. This has boosted the confidence of Indonesians to use the products of FinTech business players.
Other regulations related to FinTech activities, such as data privacy and cybersecurity, will also be ‘modernised’ by regulators to accommodate the needs of FinTech business schemes.
There is currently no specific regulation on the use of social media or other similar tools in FinTech business schemes. General regulations on IT laws and advertising apply in this case.
Besides regulators, business associations – such as the Indonesia FinTech Association (Asosiasi Fintech Indonesia) and the Indonesia FinTech Crowdfunding Association (Asosiasi Fintech Pendanaan Bersama Indonesia) – play an important role as an intermediary between regulators and FinTech players by accommodating the needs of FinTech players and recommending regulatory developments in the FinTech area. These associations have also issued codes of conduct applicable to their members as an attempt to self-regulate the industry and this has been well received by OJK.
Traditional financial products and services are highly regulated. Traditional financial institutions are generally not able to issue any new products and services without prior regulatory approval or notification. As such, traditional financial institutions do not generally offer unregulated products and services. However, traditional financial institutions (eg, banks, insurance companies and multi-finance companies) have recently developed the practice of entering into co-operation arrangements with FinTech players, such as peer-to-peer lending providers (eg, banks and multi-finance companies co-operate with a peer-to-peer platform to provide small loans) and marketplace/digital platform providers (eg, insurance companies sell their insurance products through the marketplace’s online platform).
Given the fast pace at which FinTech companies move, it is possible for some of them to offer products and services that are already regulated, and those that have yet to be regulated. It may not be possible to conduct more than one business activity through the same entity (eg, peer-to-peer lending platforms are not allowed to carry out other business activities). This is one reason why OJK and BI decided to form their regulatory sandboxes, so that they have visibility of new initiatives by FinTech companies.
There is currently no specific regulation on robo-advisers in Indonesia, although it is believed that this topic is already on OJK’s radar. As there are no regulations regarding this activity as yet, there is currently no differentiation between asset classes involving robo-adviser business models.
Legacy players must comply with the regulations applicable to their traditional business scheme, including in implementing robo-advisory services. However, due to the absence of any specific regulation in relation to robo-advisory activities, the implementation of this business by legacy players is currently restrictive and this firm is not aware of any legacy players implementing this in practice.
Online lenders under Indonesian law are accommodated through peer-to-peer lending platforms. In this case, loans may be disbursed to individuals and business entities. Different requirements only apply in relation to the specific documents they need to submit for the purpose of e-KYC.
The underwriting process by peer-to-peer lending platform-providers is not specifically regulated under OJK regulations; however, there is a general requirement for the providers of peer-to-peer platforms to conduct risk mitigation steps. Accordingly, practice may vary from provider to provider. Typically, providers will conduct a limited due diligence (in addition to minimum KYC requirements) on potential borrowers, including in relation to their legal standing and the viability of the project to be funded. The providers will then apply a credit rating mechanism and will rate each of the funding opportunities available in their platform.
In Indonesia, the term 'online lender' is typically associated with peer-to-peer lending platforms. Online lenders under Indonesian law are accommodated through peer-to-peer lending platforms and, as stated above, these platforms are prohibited from providing on-balance sheet loans. Therefore the funds for loans in this case may only be sourced from third-party lenders. Increasingly, traditional legacy financial services institutions like banks and multi-finance companies are providing loans online, where the sources of funds are on-balance sheet.
Syndication of loans through peer-to-peer lending platforms is common in Indonesia. Peer-to-peer lending platform-providers would typically act as the facility agent to administer the loans on behalf of the various lenders. Legal principles and regulations that are typically applicable to syndication loans would also apply in this context.
Payment processors are not restricted from using existing payment rails. They may create or implement new payment rails such as the use of blockchain technology in their business schemes. However, since these new payment rails are unregulated, this is where the regulatory sandbox becomes potentially relevant, as, in general, every FinTech player is required to be registered and to report or obtain approval from their relevant regulatory authority (BI or OJK) for any development of their business scheme, including any plans to implement new payment mechanisms.
Fund administrators or companies providing administrative support on the process of running a collective investment scheme are not specifically regulated. However, under the relevant OJK regulations, an Indonesian fund adviser (or, as they are more commonly known in Indonesia, an 'investment manager') is only permitted to outsource to third parties the following functions:
In the event that an investment manager outsources any of the above functions to third-party service-providers, the responsibility in respect of the above functions (although they are performed by third parties) will remain with the investment manager. The investment manager is also required to have and implement a standard operation procedure to monitor the activities of the third-party service-providers.
Under the relevant OJK regulations, an investment manager is required to ensure the third-party service-provider (ie, the fund administrator) is a professional with the capacity and capability to perform the outsourced functions and able to fulfil its obligations under the contract. Such a contract between an investment manager and the third-party service-provider must contain the minimum provisions as required under the regulation, such as confidentiality and security of information, prohibition on subcontracting and obligation of the service-provider to provide, on demand, all necessary information and/or assistance to the investment manager, auditor of the investment manager and/or the OJK in relation to the outsourced functions.
The OJK regulations are silent on this, but this can be regulated further under the service agreement between the fund adviser (investment manager) and fund administrator. As noted above, as a minimum the service agreement must include an obligation for the service-provider to provide, on demand, all necessary information and/or assistance to the investment manager, auditor of the investment manager and/or the OJK in relation to the outsourced functions.
Capital Market (Trading of Stocks and Bonds)
Certain securities companies in Indonesia (which engage in broker-dealer activities) have been providing online trading services to their customers. Where the relevant customer opens a securities account with the broker-dealer and deposits certain minimum funds into the account, they can directly trade the scrip-less shares by way of accessing the online trading platform provided by the relevant broker-dealer companies (ie, direct market access). It is understood that OJK (Capital Market division, previously known as Bapepam) and Indonesian Stock Exchange (IDX) regulators may inspect the customer and the securities company if any breach of the trading regulations occurs through online trading.
Under Decree of Head of Bapepam-LK No Kep-548/BL/2010 dated 28 December 2010 on Rule No VD3 on Internal Control of Securities Companies Conducting Broker-Dealer Business Activities (Rule No VD3), 'online trading system' is defined as a trading system provided by broker-dealers through an electronic communication platform (including via the internet, short-messages service, wireless application protocols, or other electronic media) to conduct securities transactions.
Futures Commodities Trading
Trades of futures commodities in Indonesia including derivative products are regulated under Government Regulation No 49 of 2014 on Futures Commodity Exchanges. There are no detailed guidelines in relation to trading platforms and the conduct of trading within such platforms; however, the Jakarta Futures Exchange maintains an electronic trading platform known as JAFeTS. In order to trade on JAFeTS, a trader should register as a member of the platform by submitting an application form and supporting documents to the Jakarta Futures Exchange. Futures commodities trading in Indonesia is supervised by the Supervisory Agency for Commodity Futures Trading (Badan Pengawas Perdagangan Berjangka Komoditi, or BAPPEBTI), being the government institution responsible for the supervision of futures trading.
Commercial paper transactions, money market transactions, or commercial paper transactions on the secondary market in Indonesia are conducted through a government-run centralised system, namely the Bank Indonesia-Electronic Trading Platform (BI-ETP system) pursuant to BI Regulation No 17/18/PBI/2015 (as amended from time to time, together with its implementing regulation). The BI-ETP system has limited users and is not open to the public. Users of BI-ETP include securities companies, banks, the Indonesian Ministry of Finance, BI, money market broker companies, security deposit agencies and other institutions that have obtained the requisite approvals from BI.
As mentioned above, each asset class has its own regulatory regime and regulatory supervisory body. Capital market products are subject to OJK regulations and IDX rules. Futures commodities are subject to BAPPEBTI regulations and Ministry of Trade regulations (as applicable), and financial market products are subject to BI regulations and several OJK regulations (as applicable).
Through BI Regulation No 18/40/PBI/2016 on Payment Transaction Processing Operations, BI prohibits the use of virtual currencies (note that the prohibition is targeted at crypto-currencies despite the terminology used) as currencies for transactions within the Republic of Indonesia. Furthermore, to date, there are no specific laws regulating crypto-currency or digital asset exchanges.
Under Ministry of Trade Regulation No 99 of 2018 on General Policy on Crypto Asset Trading, crypto-currency assets are deemed as commodities that can be traded on Indonesian futures exchanges.
BAPPEBTI recently issued an implementing regulation that sets out technical provisions regulating crypto asset trading on futures and digital exchanges. Under the newly issued regulation, crypto assets can now be traded on a futures exchange oran electronic platformowned byfutures traders. The platform itself should connect with the futures exchange platform. The relevant crypto assets that can be traded will be determined by BAPPEBTI. All existing crypto trading providers are required to register at BAPPEBTI first and meet certain registration requirements such as a minimum paid-up capital of IDR100 billion and a final capital balance of IDR80 billion. See 12 Blockchain for related information.
Listing standards are currently only relevant to stock or bond assets in Indonesia. If a public company wishes to be listed on the IDX, the listing requirements set out in the Decision of the Board of Directors of IDX No Kep-00183/BEI/12-2018 on Regulation No I-A, regarding the listing of shares and equity-type securities issued by listed companies (IDX Listing Rule), are applicable. The IDX Listing Rule prescribes the listing requirements to be satisfied by a listing applicant, which include holding the status of an Indonesian limited liability company (PT), provision of an 'effective statement' from OJK and having a minimum share price of IDR100 per share.
There are two listing boards on the IDX: the 'main board' and the 'developing board'. Listings on the developing board (a more junior listing board introduced to facilitate listings by smaller companies) involve less demanding listing requirements. The overwhelming majority of internationally marketed Indonesian IPOs are listed on the IDX main board, which imposes more onerous requirements such as having at least 1,000 shareholders of record and net tangible assets of at least IDR100 billion.
In relation to stock trading on the IDX, this firm is not aware of any specific guideline from OJK regarding order handling rules in Indonesia. However, under Rule No VD3, a securities broker who provides an online trading system is obliged to provide certain publicly accessible information on its website, including a description of order handling and/or any delayed instruction when there is any technical issue with the online trading system.
Although the number of peer-to-peer trading platforms in Indonesia is not significant yet, OJK recently issued OJK regulation No 37/POJK04/2018 on Equity Crowdfunding to accommodate the development of equity crowdfunding platforms in the future.
The trading mechanism for the equity crowdfunding platform will be determined by the equity crowdfunding platform provider itself. The mechanism should be more straightforward compared to a conventional trading system in the stock market, where there are certain requirements for trading via intermediaries (ie, a broker/securities company) and settlement and depository processes with the Indonesian Central Depository Institution (Kustodian Sentral Efek Indonesia, or KSEI) and Indonesian Clearing House (Kustodian Penjamin Efek Indonesia, or KPEI). The purpose of simplifying the process is to enable potentially less sophisticated investors in equity crowdfunding platforms to buy and sell shares directly with each other rather than working through an intermediary or third-party service, as in conventional stock trading.
Due to the rapid growth of peer-to-peer trading platforms in Indonesia, IDX recently issued a new Listing Regulation that introduces certain changes to simplify listing procedures and broaden the financial criteria for listing, the aim of which is to increase interest from unicorn start-ups in listing their shares on the IDX.
In relation to stock trading on the IDX, there are no specific best execution obligations or guidelines imposed by OJK or the IDX. IDX Market Trading Rule No II-A Kep-00168/BEI/11-2018 is very high-level in nature and simply states that securities companies should apply best-execution practices for customer trades in order to execute orders on behalf of its customers to seek to obtain the best price possible for customers.
In practice, several securities companies have adopted their own internal policies for the implementation of best execution of customers’ trades, which appear to be based on international best practices.
This firm is not aware of any best-execution obligation or policy in different asset classes.
There is no strict regulation on payment for order flow in Indonesia.
However, Bapepam Rule No VE1 on Ethical Business of Broker Dealers (Rule No VE1) broadly stipulates that in the event that a securities company has an interest in a stock that it is recommending, the securities company must then notify its clients of that interest before the clients buy or sell the recommended securities. Based on this general requirement, payment for order flow should, strictly speaking, be notified to the customers of the relevant securities company.
The regulations in Indonesia do not provide definitions of high-frequency and algorithmic trading. In practice, trading in Indonesia is conducted through the electronic trading system of the IDX, namely JATS. This scripless securities trading system covers the trading of securities, which includes shares, bonds, pre-emptive rights, warrants and other derivative instruments.
Despite there being no specific regulation on high-frequency trading, the Indonesian Capital Market Law contains a general prohibition on market manipulation. Under this provision, relevant parties (eg, individuals, companies, partnerships, associations or organised groups, as applicable) are prohibited from (i) deceiving or misleading other parties by using any means and/or methods whatsoever, (ii) participating in a fraud or deception against any other parties and (iii) giving false statements of material facts, or failing to disclose material facts that are necessary in order to avoid a statement being misleading.
If the implementation of high-frequency trading tactics (front running, spoofing, arbitrage, etc) creates manipulation in the market, the perpetrator may be subject to administrative sanctions and the market manipulation may also constitute a criminal offence.
Other than the above, there are no specific regulations on the creation or usage of high-speed or algorithmic trading. Further, there is no delineation between different asset classes as regards use of this trading technology.
The current regulatory landscape does not clarify this point. Please see above and refer to 7.1 Permissible Trading Platforms.
A market marker is only recognised in the Indonesian futures commodities trading sector and is defined as a party who continuously bids and/or sells within the trading period. To become a market-maker in Indonesian futures commodities trading, a party will require a determination by the futures exchanges and the clearing house, and such determination is made with the approval from the head of BAPPEBTI.
There are no specific obligations or requirements regarding registration of market-maker status in the context of high-speed or algorithmic trading platforms or processes.
See 7.7 Issues Relating to Best Execution of Customer Trades.
The regulations do not make a distinction between funds and dealers engaged in these activities.
As far as this firm is aware, no licensed Indonesian securities company engages in high-frequency and/or algorithmic trading, therefore payment for order flow in relation to high-frequency and algorithmic trading is not relevant in Indonesia.
All businesses in Indonesia are required to obtain a business licence, depending on their business activities. This firm's preliminary view, broadly speaking, is that a financial research platform that provides financial news and information – including trading news, financial data and related analysis – may be categorised as a 'digital platform-provider' pursuant to Indonesian Standard Industrial Classification (KBLI) No 631211, which is subject to a 49% foreign ownership restriction or can be 100% open for foreign investment if the total investment is more than IDR100 billion. Ultimately the specific activities of each financial research platform would need to be assessed on a case-by-case basis to understand what specific regulatory requirements may be applicable.
In addition to the above, a financial research platform-provider would also likely be required to register its platform with MOCIT to obtain an Electronic System Provider Registration Certificate.
Under Law No 11 of 2008 on Electronic Information and Transactions (as amended), any person who knowingly and without authority disseminates false and misleading information resulting in consumer loss in electronic transactions can be sentenced to imprisonment not exceeding six years and/or a fine not exceeding IDR1 billion.
In the capital markets context, the spreading of rumours and other unverified information may relate to market-manipulation provisions under the Indonesian Capital Markets Law, which prohibit the giving of false statements of material facts, making statements or providing information that is materially false or misleading. If a player is found guilty of market-manipulation activities, they may be subject to administrative sanctions (ranging from a written warning to revocation of business licence and cancellation of registration) and in the more severe cases, these activities may also constitute a criminal offence and a maximum fine of IDR15 billion may be imposed.
At present, there is no clear regulation in Indonesia regarding how market-manipulation concepts would be applied to financial research platforms, peer-to-peer exchanges or exchanges trading digital assets. As noted above, the space remains largely unregulated.
At present, conversation curation is unregulated in Indonesia and would likely be a matter of internal policy for the financial research platform to implement. As noted, there are no regulations or guidelines regarding the operation of such platforms in Indonesia, including whether a platform is supposed to be actively censoring all pump-and-dump schemes, spreading of insider information, or other types of unacceptable behaviour on its platform.
However, in the context of an e-commerce platform, a regulation was issued by MOCIT, namely Circular Letter No 5 of 2016 on Limitation of Responsibility of Platform Providers and Trade Merchants through Electronic Systems in the form of User Generated Content. Under this regulation, a platform-provider is responsible for the performance of the electronic system and management of the content on the platform. However, if a mistake, negligence or other unacceptable action on the part of a trade merchant or a user of the platform can be proven, that platform-provider may be exonerated from the consequences of such actions (to be determined on a case-by-case basis). Considering that financial research platforms are currently unregulated in Indonesia, it is possible that regulators may also apply this concept to financial research platforms (eg, where a user promotes pump-and-dump schemes, divulges insider information or engages in other potential damaging behaviours).
Again, platform-providers are currently unregulated in Indonesia. Accordingly, whether a platform-provider is supposed to be actively acting as a 'gatekeeper' when it sees suspicious or unlawful behaviour by its users is largely up to the internal protocols of the platform in question. However, the principle mentioned above limiting the responsibility of the platform-provider may also be relevant here.
Insurance companies in Indonesia use underwriting processes to evaluate an insurance application. For example, in the case of life insurance, the process involves determining the applicant's risk by reviewing medical information, lifestyle and financial information of its prospective client as well as considering the client's age and gender. Based on this information, the underwriter determines if the client qualifies for life insurance coverage and, if so, how much they will pay for it.
OJK, under POJK69/POJK05/2016, only sets out general principles in relation to underwriting procedures. For example, it is stated that all insurance companies should have in place internal underwriting guidelines, which contain and cover (i) the possibility of risk in the future, (ii) mitigation of risk and (iii) types of risk that will be insured. InsureTech is still in its early stages in Indonesia and as a result remains largely unregulated. It is understood that OJK is still in discussion internally regarding InsureTech and intends to prepare a draft regulation on InsureTech business that may be released in 2019.
The insurance business in Indonesia is regulated by OJK under Law No 40 of 2014 on Insurance Business (Insurance Law). Under the Insurance Law, insurance is divided into two categories, namely life insurance and general insurance.
Life insurance business activities involve providing insurance to the policy-holder, the insured, or other entitled parties in the event of death or life of the insured. General insurance business activities cover a broader range of activities and involve providing compensation to the insured or policy-holder due to loss, damage, incurred cost, lost profit, or legal liability towards third parties that may be suffered by the insured or policy-holder due to an uncertain event.
Other types of insurance may also be differentiated based on whether they incorporate Shari'a principles.
There is potential for a RegTech industry to develop in Indonesia. However, to date, there has been very little by way of a private sector RegTech industry in Indonesia other than providers of online tax filing services. In 2017 Indonesia’s first RegTech Association was established. It is unclear whether this association is still in operation. There only appear to be around six companies registered as members.
In the context of RegTech for tax-filing activities, the Directorate General of Taxes of Indonesia has issued a regulation setting out the requirements to apply as a tax-filing digital service-provider. The licence for digital tax-filing service-providers is valid for five years and can be extended for a further five years. Currently, there are a handful of tax-filing service-providers in Indonesia, including spt.co.id, pajakku.com, eform.bri.co.id and online-pajak.com.¬¬Further, in the context of peer-to-peer lending activities, OJK requires the underlying peer-to-peer agreement to use digital signatures. MOCIT has recently issued a regulation that sets out guidelines for a company to become a digital signature-provider and currently this firm is aware of only one digital signature-provider in Indonesia, namely PrivyId.
Other than the above, this firm is not aware of any specific regulation for RegTech providers in Indonesia to date.
There appear to be very few RegTech business-providers in Indonesia and even fewer that have entered into co-operation arrangements with financial services firms, such as banks. This may soon change given how the regulations in the financial services sector have evolved to allow more technology-driven solutions to be implemented (eg, e-KYC, data analytics, credit scoring). In this firm's view, important contractual terms in contracts between banks and a third-party identity verification provider largely centre around protection of customer data. The regulations applicable to the relevant financial services firms may also set out certain contractual terms that have to be included in the firms’ agreements with service-providers. For example, under OJK Regulation No 9/POJK03/2016 on Prudential Principles for Banks that Outsource Services to Other Parties, OJK sets out the types of activity that can be outsourced by banks, including IT activities. Under the OJK regulation, co-operation agreements between banks and service-providers must be set out in writing and should cover the following areas:
The RegTech sector in Indonesia has not reached this level of maturity as yet and regulations pertaining to online tax-filing service-providers and digital signature-providers are silent on this point. As mentioned above, the RegTech market in Indonesia is still in its early stages.
The 'building blocks' for an Indonesian blockchain industry have started to emerge in recent years. Although still in the early stages compared with neighbouring Singapore, Indonesia is home to several blockchain start-ups, including Indodax (previously Bitcoin Indonesia), the country’s largest crypto-currency exchange, and Pundi X, a point-of-sale device manufacturer supporting payments in crypto-currency. The blockchain association of Indonesia was also launched in early 2018 at the blockchain hub, a centre dedicated to developing, promoting and offering education around blockchain technology in Jakarta.
Although awareness of blockchain became more prevalent in 2017 and 2018, actual adoption and implementation of the technology in the Indonesian financial services industry appears to be some time away.
That being said, there are reports that OJK has a dedicated team to study how blockchain may impact the sector. BI has also publicly stated that it is studying blockchain technology, including investigating the introduction of a central bank digital currency (CBDC) for domestic payments. It is understood that the CBDC would be pegged to the Indonesian rupiah.
In general, BI has adopted a relatively welcoming approach to blockchain technology, in contrast to its statements against crypto-currencies in Indonesia. In 2017, BI banned the use of crypto-currencies for transactions, which does not prohibit trading of the digital tokens themselves. The ban stands, to date.
BI's interest in blockchain has, according to several reports, meant that five major Indonesian banks (Bank Negara Indonesia, Bank Rakyat Indonesia, Bank Mandiri, Bank Danamon and Bank Permata) are exploring the idea of implementing blockchain in their systems. This firm is not aware of concrete initiatives having been implemented to date.
One area of interest in relation to the application of blockchain technology is migrant remittance payments. Indonesia is ranked 14th in the world for receipts of migrant remittances according to the World Bank. Remittance is the transfer of money by a migrant worker to an individual in his or her home country. Traditionally, these transfers are carried out through banks or financial intermediaries at significant cost and with well-known inefficiencies. Senders and recipients of these remittances are often unbanked. There have been media reports of financial services-providers (including legacy players and start-ups) looking to blockchain technology as a potential means to reduce fees and transfer times for these types of remittances.
In general, the 'blockchain buzz' in Indonesia to date appears chiefly focused on the potential the technology has to enable increased efficiency and greater transparency, with applications being rolled out in areas and industries such as logistics, e-voting, record-keeping and agriculture. Most of these applications are start-ups, both local and foreign.
Policy makers in particular see the potential for blockchain technology and the benefits of immutable records as a way of reducing corruption and money-laundering issues that continue to be an issue for Indonesia. Like other emerging markets, Indonesia has faced challenges in maintaining accurate records due to a lack of technical capacity and resources. It is understood that the public and private sectors are now looking at blockchain technology to overcome some of these challenges.
Under Ministry of Trade Regulation No 99 of 2018 on General Policy on Crypto Asset Trading, cryptocurrency/crypto assets are deemed as commodities that can be traded on the Indonesian futures exchange. As noted above, BAPPEBTI recently issued BAPPEBTI Regulation No 5 of 2019 on Technical Provision of Physical Market of Crypto in the Futures Exchange (BAPPEBTI Regulation), which provides further detail to the 2018 Ministry of Trade regulation. Pursuant to the BAPPEBTI Regulation, it is now clear that crypto assets can be traded in Indonesia on futures exchanges or electronic platforms established by trading platforms, connected to the futures exchange platform. The crypto assets that can be traded in the market will be determined by the head of BAPPEBTI and must fulfil criteria such as:
The BAPPEBTI Regulation also provides that existing crypto trading providers are required to register with BAPPEBTI and have a minimum paid-up capital of IDR100 billion, as well as a final capital balance no lower than IDR80 billion. Further, by 8 February 2020, all registered traders must obtain status as a licensed trader through BAPPEBTI and meet certain requirements such as having a minimum paid-up capital of at least IDR1 trillion and operating an online platform to facilitate the trading of crypto assets that are connected and compatible with the futures exchange and related clearing-house system.
Notwithstanding BI's past announcements that crypto-currencies are banned in Indonesia and its reluctance to accept them as a legitimate means of payment within the country, as noted above, crypto-currencies have recently received recognition as tradable commodities from BAPPEBTI.
To date, there are no regulations in Indonesia confirming how 'issuers' of blockchain assets shall be treated, nor how initial sales – eg, initial coin offerings (ICOs) or security token offerings (STOs) – are to be carried out or whether they are prohibited or regulated. The newly issued regulation on crypto asset trading, the BAPPEBTI Regulation, also clearly states that it does not address ICOs. Due to the lack of certainty, blockchain start-ups in Indonesia often look offshore when seeking to carry out on initial sale of blockchain assets (eg, Singapore, Jersey, Malta and the Caribbean). It is unclear whether legacy securities regulations would apply to digital assets in Indonesia.
It is worth mentioning that, under BI Regulation No 19/12/PBI/2017 on Financial Technology and Governor of BI Regulation No 19/14/PADG/2017, BI has outlined that blockchain is a payment system technology, and states that companies providing blockchain solutions may apply to be part of the BI regulatory sandbox. Meanwhile, under OJK Regulation No 13/POJK02/2018 on Financial Technology Innovations in the Financial Institution Sector, OJK also states that companies providing blockchain solutions (as part of digital innovation more generally) may apply to be part of the OJK regulatory sandbox.
Crypto asset trading platforms have only very recently been regulated in Indonesia under the BAPPEBTI Regulation. Crypto-currency trading platforms are now subject to certain minimum requirements. For example, exchange platforms:
There are no blockchain asset-specific regulations for investment funds to date. Accordingly, such funds will be subject to traditional fund regulations such as OJK Regulation No 43/POJK04/2015 on Investment Manager Behaviour Guidelines and OJK Regulation No 10/POJK04/2018 on Implementation of Governance of Investment Managers. These regulations impose general obligations such as restrictions to purchase and/or sell securities for customers if not in line with investment policy stipulated by the capital market regulations on the management of investment and/or the investment policy stated in the investment management agreement, unless customers agree to this.
There is no clear delineation between crypto-currencies and blockchain assets in Indonesia. As noted above, virtual currencies (note that the prohibition is targeted at crypto-currencies despite the terminology used) are not recognised as legal tender within Indonesia pursuant to BI Regulation No 18/40/PBI/2016 on Payment Transaction Processing Operations. As for blockchain assets, as mentioned above, it is clear that blockchain assets and crypto assets can be traded as commodities in the futures exchanges.
It remains a grey area whether payment through a point-of-sale device in a crypto-currency that immediately converts the crypto-currency amount into the Indonesian rupiah fiat equivalent would technically be subject to the BI prohibition. This firm suspects that the prohibition would be interpreted broadly to capture such payments. It can be noted that BI's stance on payments utilising crypto-currency resulted in inspections of retailers in Jakarta and Bali (where payment in crypto-currency saw a dramatic rise in 2017) during 2017 and 2018.
Privacy concerns versus the transparency and immutability of data recorded on a blockchain are an issue that affects the global blockchain industry as a whole. This issue will certainly be a concern in Indonesia in the future. Indonesian data protection regulations provide that personal data must be protected. The data protection regulatory space continues to develop, with new regulations being introduced quite regularly. In this regard, there may be a need for balance, noting that certain blockchain technology incorporates privacy features (including the option for transactions to be private or not).
As noted above, under the new BAPPEBTI Regulation, crypto trading platforms are required to have in place IT security protocols and policies to ensure that access to financial data and transaction data of customers is protected.
Last year, OJK issued Regulation No 12/POJK03/2018 on the Implementation of Digital Banking Services by Banks (Digital Banking Regulation). Under the Digital Banking Regulation, OJK supports open banking by allowing banks to co-operate with other financial institutions and/or non-financial institutions, in particular in providing transactional services, by utilising an open application programming interface (API), which may connect a bank’s electronic system to another institution’s electronic system.
In practice, several local banks in Indonesia have introduced their own API, including PT Bank Danamon Indonesia and PT Bank Negara Indonesia Tbk.
Under the Digital Banking Regulation, OJK requires banks to comply with the prescribed customer data protection principles, including confidentiality, integrity, availability and authenticity. In order for banks and technology-providers to use or share customer data, they have to obtain the relevant customer's informed consent. Data privacy and data security concerns appear to be high on banks’ agendas, and they regularly inform their customers of issues relating to those areas.