Contributed By Hiswara Bunjamin & Tandjung
Indonesia has been widely perceived as an under-tapped market for fintech opportunities, largely due to its population of over 260 million people, relatively high smartphone usage and internet penetration, and affordable mobile data (priced lower than in most other Association of Southeast Asian Nations countries. However, this perception is changing, given the pace at which some of the fintech verticals have been growing recently. With approximately 40% of the adult population not possessing a bank account and, as a result, having limited access to financial services, innovative fintech businesses are being encouraged by the Indonesian government, which advocates various long-term policy goals aimed at promoting financial inclusion and the development of SMEs.
In 2019, e-money and peer-to-peer lending companies continued to dominate the fintech landscape in Indonesia in terms of maturity level. The regulations and market practices in relation to e-money are more settled and sophisticated than those relating to peer-to-peer lending, especially since the central bank of Indonesia (Bank Indonesia, or BI) revised the e-money regulations in 2018. This is not surprising, given that e-money activities have been carried out and regulated in Indonesia for more than a decade whereas the first peer-to-peer lending regulation was only introduced by Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan, or OJK) in 2016.
While Indonesia’s e-money sector used to be dominated by legacy players such as banks and telecommunication companies, recent data indicate that new entrants are catching up. In response to the proliferation of new e-money players in the market, during 2019 four major Indonesian legacy players merged their e-money platforms to form a new national e-money champion called LinkAja. We expect to see further consolidation in the e-money vertical in the coming years.
In relation to peer-to-peer lending, based on OJK data released in November 2019, there were 139 registered and 25 licensed peer-to-peer lending platforms. The aggregate amount of loans disbursed through peer-to-peer lending platforms was IDR74.54 trillion – an increase of 228.88% in one year.
Digital platform and e-commerce businesses have been well received in Indonesia by both businesses and consumers. Over the past two years there has been continuing interest from foreign investors in these businesses. There are currently five unicorn digital platform and e-commerce start-ups in Indonesia – Traveloka, Go-Jek, Bukalapak, Tokopedia, and Ovo, the latter achieving unicorn status in late 2019. Go-Jek, a ride-hailing company, has now achieved decacorn status.
Although digital platform and e-commerce businesses are growing rapidly, their growth is still constrained by low credit card ownership, making online payments difficult for some Indonesians. Technology innovations in payments and the financial sector as a whole are therefore necessary to provide solutions to these challenges and there is increasing interest in virtual credit cards. This has spurred growth in the e-money sector, with more digital and e-commerce platforms either obtaining their own e-money license or co-operating with e-money license holders to allow payment on their platforms. We have also seen increasing use of PayLater services, which allow payment by installments on digital and e-commerce platforms. These services are typically offered in collaboration with multi-finance companies and/or peer-to-peer lending platforms.
On 31 December 2018, OJK issued a regulation on equity crowdfunding that enables small to medium-scale companies to sell their shares through electronic platforms. This vertical is still in its infancy in Indonesia and did not gain much traction during 2019, although that may change in 2020.
The fintech sector in Indonesia continues to grow as legacy financial services business models are "modernised" and investor interest in the sector remains steady. Regulators are in a constant race to keep up with evolving fintech business trends. In 2020, we expect to see continued foreign investment in fintech start-ups, an interesting mix of collaboration and competition between legacy players and new entrants, and on-going discussions among fintech players, regulators, and industry associations.
E-money is the first regulated fintech activity in Indonesia and it now has a relatively strong and clear regulatory foundation. Major legacy players in the banking sector and the telecommunications sector (XL Axiata, Telkomsel and Indosat) have expanded their businesses to include e-money offerings to their broader customer base. However, since e-money is a payment-related activity, the Indonesian government is, generally speaking, more protective of this sector than other fintech sectors, as evidenced by the introduction of a 49% foreign ownership limitation under a BI regulation issued in May 2018. This has slowed foreign investor interest in a sector that was previously 100% open to foreign ownership
At a high level, the e-money business model in Indonesia is similar to e-money services in other countries. E-money exists in banking computer systems for legacy players and other online systems (such as marketplaces) for new players. The value of the e-money is backed by fiat currency and it can be exchanged in lieu of fiat for goods or services for convenient electronic uses. E-money can also be physically transferred back into fiat money through banking computer systems (via ATMs, branches, etc).
There were 39 e-money licence holders in Indonesia as of 24 October 2019 based on data published on BI’s website. In practice, Indonesians generally hold multiple e-money accounts in order to utilise the features and enjoy the promotions offered by various platforms.
To promote a “national champion” among e-money players, a co-operation was formed in mid-2019 by four major legacy players in Indonesia – TCASH (Telkomsel), E-Money (Bank Mandiri), BRIZZI (Bank BRI), and BNI TapCash (Bank BNI). These four legacy players integrated their e-money platforms and branded the integrated platform as LinkAja. The cooperation was intended to combine the customer base of these four e-money platforms, with the hope that LinkAja will become the largest e-money platform in Indonesia. Given the large number of e-money license holders and increasingly intense competition among them, consolidation is likely to continue.
Peer-to-peer Lending Platforms
In light of the ongoing need for credit among Indonesians (particularly the "unbanked") and the strict regulatory framework associated with traditional lending services, in the last couple of years many new fintech players have sought to offer peer-to-peer lending services to Indonesian consumers. OJK adopts a two-stage licensing process for peer-to-peer platforms, with registration followed by licensing. As at 20 December 2019, there were 139 peer-to-peer platforms registered with OJK and 25 peer-to-peer platforms licensed by OJK.
To be a traditional lender providing on-balance sheet loans, companies generally require a multifinance or banking licence, and their loan application and approval processes tend to be more rigid. Peer-to-peer lending platforms in Indonesia are prohibited to provide on-balance sheet loans (ie, they cannot be a lender on their own platform) and can only act as intermediaries between lenders and borrowers. Given the nature of the peer-to-peer lending business in Indonesia and given that the lenders in this space do not have to be licensed lending entities (ie, they can be individuals), the requirements for obtaining credit from a peer-to-peer lending platform are less onerous, but the interest rate is generally higher than traditional lending schemes. Peer-to-peer lending platforms are limited to a maximum of 85% foreign ownership (see below for more details).
With OJK’s issuance of more licences for peer-to-peer platforms, we have seen increasing interest in this segment. One strategy adopted by some groups is to have one entity with a lending licence (a bank or multifinance company) and another with a peer-to-peer platform licence.
BI regulates matters relating to payment in Indonesia, focusing on monetary policy and payment system stability as a whole. Payment-related fintech activities such as e-money, electronic wallets, payment gateways and other payment system-providers are under the purview of BI. E-money has been regulated since April 2009 and, following a 2018 amendment to the relevant regulation, has a stricter foreign ownership limitation compared to other regulated fintech activities, being a maximum of 49% for foreign investment (the remaining 51% must be owned by local shareholders).
E-wallet (the functionality of which is often paired with e-money business activities in Indonesia) and payment gateway activities were first regulated in November 2016 and are presently 100% open for foreign investment. The e-wallet functionality is viewed as different to e-money by Indonesian regulators as an e-wallet is not a payment instrument itself. Rather, an e-wallet is a feature to store customers’ payment instruments (which can be in the form of debit card, credit card, or e-money information).
Another regulatory body, OJK, has the authority to regulate matters relating to non-payment financial services in the banking, capital markets, insurance, pension fund and financing sectors. Accordingly, fintech innovations in these sectors, including digital banking and peer-to-peer lending services, fall under OJK’s purview. Peer-to-peer lending was the first fintech activity regulated by OJK. The relevant regulation was issued in December 2016. As mentioned above, a peer-to-peer lending-platform is subject to a foreign ownership limit of 85%. OJK also issued a regulation on equity crowdfunding in December 2018. To date, no foreign ownership limitation has been applied for equity crowdfunding.
See 2.6 Jurisdiction of Regulators on the possibility of overlapping jurisdiction.
E-Money players are allowed to charge customers fees for the purchase of e-money media (such as cards or NFC stickers), top-ups, cash withdrawals through third parties, and fund transfers across e-money platforms.
E-wallet players and payment gateway operators are in general allowed to charge fees for the services they provide to users. The same goes for peer-to-peer lending operators which can charge users a fee for their services, except when handling customer complaints.
In general, the fees they impose must be disclosed upfront to their customers. The fee structures offered to customers are assessed by the relevant regulatory authority during the licence application stage.
In general, the regulatory framework applicable to legacy players engaging in traditional financial services activities (whether payment or non-payment) tends to be stricter than those that are applicable to new fintech players; ie, more onerous licensing, "know your customer" (KYC), minimum capital injection and reporting requirements, etc. This is largely due to the different nature of the business and monetary limitations applicable to these players, as well as the Indonesian government’s desire to promote financial inclusion by relying on (among others) the fintech industry. To clarify, legacy players in traditional payment or non-payment activities can generally disburse or manage higher amounts of money than those in the fintech sector that are subject to stricter financial limits and this might have been yet another reason for the different stringency of the regulations.
By way of example, peer-to-peer lending players in Indonesia are prohibited from carrying out any on-balance sheet lending. They may only manage off-balance sheet lending. On-balance sheet lending may only be performed by traditional financial institutions such as banks and multi-finance companies. Another example is that e-money accounts may only store a value of money not exceeding IDR2 million (for unregistered users) or IDR10 million (for registered users) and their aggregate monthly transaction value is limited to IDR20 million. These limitations do not apply to traditional payment instruments such as debit or credit cards.
Aside from monetary limitations such as the above, regulation of the fintech sector is more "relaxed" than traditional financial services, which is in line with the Indonesian government’s policy aimed at developing the fintech industry to promote longer-term financial inclusion and the establishment of SMEs.
The rapid growth of innovations in the fintech sector has resulted in certain fintech activities not being regulated. Regulators have responded by issuing regulations introducing a ‘sandbox’ as a "catch-all" regulation for all (previously unregulated) innovative fintech activities.
On 30 November 2017, BI introduced a regulatory sandbox through Regulation No 19/12/PBII/2017. This sandbox is broad enough to capture all activities utilising technology in the financial services sector that leads to the use of new products, services, technology or business models that might affect monetary stability, financial system stability or payment system efficiency, security or dependability.
OJK followed in the footsteps of BI by issuing OJK Regulation No 13/POJK.02/2018 on 16 August 2018, which introduced a separate regulatory sandbox for digital finance innovations. Digital finance innovations are defined as any "digital" activity aimed at innovation in business processes, business models or financial instruments that brings added value to the financial services sector.
As the first regulatory sandbox introduced in Indonesia, the BI sandbox appears to capture a wide range of activities and innovations, including those relating to sectors that are regulated by OJK. However, now that OJK has introduced its own sandbox, digital finance innovations, particularly those in respect of non-payment activities (ie, transaction settlement, fund-raising, investment management, crowdfunding and distribution, insurance, market support and other digital finance support), are all now subject to OJK’s sandbox. There is no hard-and-fast rule to determine which unregulated activity falls under which regulator (and therefore which sandbox it will be subject to).
In general, BI and OJK require all business players conducting unregulated fintech activities to register with BI or OJK, as the case may be. Following registration, their activity will be included in the regulatory sandbox for assessment by the relevant regulator (ie, BI or OJK). The relevant regulator will assess and supervise the activities, then decide whether they:
This process is also intended to help the regulators to develop the fintech regulatory framework in Indonesia.
Based on BI's website, while 54 companies registered with BI under the sandbox regime, only one payment system company has successfully passed the regulatory sandbox assessment. The 54 companies registered with BI consist of 31 payment system companies, 11 market supporting players, and 12 supporting service providers.
For OJK’s regulatory sandbox, as of October 2019, 61 companies had registered as digital finance innovation providers under OJK’s regulatory sandbox regime. These companies include 21 aggregators, eight credit scorers, seven financial planners, five project financiers, five financing agents, four blockchain players, two E-KYC players, two claim service handlers, one digital DIRE (real estate investment fund) player, one funding agent, one online gold depository, one non-CDD (Customer Due Diligence) verifier, one online distress solution provider, one social network and robo-adviser and one tax and accounting player.
With respect to fintech activities that have been specifically regulated by BI or OJK, such activities will fall under the jurisdiction of BI or OJK. As mentioned above, BI has jurisdiction over fintech activities relating to payment systems (eg, e-money, e-wallet, payment gateway) and OJK has jurisdiction over non-payment fintech activities (ie, peer-to-peer lending and equity crowdfunding).
Overlapping of jurisdiction between regulators can occur in relation to fintech activities that have not been specifically regulated. Generally speaking, the possibility of such an overlap increases for companies with foreign shareholders because another regulator such as the Investment Co-ordinating Board (Badan Koordinasi Penanaman Modal or BKPM) then becomes involved. We have seen companies incorporated as data or technology companies under the BKPM regime then being required to apply for a BI license following the introduction of new BI regulations on payments.
Companies engaging in regulated fintech activities are allowed to co-operate with third parties in conducting their business activities subject to certain requirements under applicable laws.
For example, an e-money issuer will require prior approval from BI to engage in co-operation with third parties in relation to:
Co-operation between e-money issuers and merchants is also required to be notified to BI. The relevant regulations on e-money provide minimum requirements for these types of agreements, such as the use of Indonesian language, minimum rights and obligations of parties, dispute resolution mechanism, transaction settlement, etc. These agreements must be submitted to BI.
E-wallet and payment-gateway licence-holders must also obtain approval from BI for their co-operation with third parties. However, regulations applicable to these activities do not specifically define which type of co-operation will require approval or notification to BI. Therefore, this requirement currently applies broadly and case-by-case consultations with BI will be required in this case.
On the one hand, OJK regulations applicable to peer-to-peer lending platforms, on the other hand, only state that these companies may co-operate with third parties for the purpose of data exchange to increase their service quality; however, no further requirement or other type of co-operation is provided under such regulation. Again, this results in the necessity for case-by-case consultations with OJK. It should be noted that a draft OJK circular letter sets out other types of co-operation that peer-to-peer lending platforms can enter into, such as e-KYC service providers, but it had not been issued at the time of writing.
In general, co-operation must be conducted by fintech licence-holders with properly licensed third parties enabling them lawfully to conduct their rights and obligations under the relevant co-operation. A case-by-case analysis has to be made as to whether the particular activities can be outsourced and, if yes, which third-party service-provider (whether regulated by the same regulator or not) is best qualified to perform such activities.
In August 2018, OJK revoked the registration status of five peer-to-peer lending companies that did not comply with the peer-to-peer lending regulation. There has been no official publication on the specific breach committed by these companies and only general statements were issued by OJK, stating that the companies did not satisfy the requirements prescribed under OJK regulations on peer-to-peer lending.
In addition to the above, based on an OJK media release dated 3 July 2019, 404 unlicensed peer-to-peer lending platforms were blocked by OJK in 2018 and 683 more were blocked during the first half of 2019, making a total of 1,087 blocked unlicensed peer-to-peer lending platforms. OJK uses software such as Google Play Store and social media platforms such as Instagram to screen for unlicensed fintech activities. These blocked platforms have been included on OJK’s blacklist, making it difficult for them to apply for a peer-to-peer lending registration certificate or licence in the future.
Previously, fintech companies operated in grey areas as they were not subject to any specific KYC regulation, although some might argue that fintech companies should still perform KYC checks to comply with the general anti-money laundering law that applied to legacy players and fintech companies. It is now clear that BI and OJK also expect fintech companies to conduct KYC checks, although in practice the implementation may still be uneven (especially in contrast to the stringent KYC checks performed by legacy players). To keep up with technological developments, the regulations have also been amended to give more flexibility for e-KYC to be performed. The same OJK regulation for KYC applies to (among others) banks and peer-to-peer lending platforms, but the latter have until early 2021 to comply with the regulation. In the meantime, peer-to-peer lending platforms still have to comply with the KYC requirements set out in the peer-to-peer lending regulations.
Regulations issued by MOCIT on digital signature also provide a strong regulatory framework for fintech business schemes, as well as the requirements for fintech players to certify their electronic systems. This has boosted the confidence of Indonesians to use the products of fintech business players.
Other regulations related to fintech activities, such as data privacy and cybersecurity, will also be "modernised" by regulators to accommodate the needs of fintech business schemes.
In October 2019, Government Regulation No 71 of 2019 on the Implementation of Electronic Systems and Transactions (GR 71/2019) was issued GR 71/2019 includes both protection of electronic personal data and a requirement for localisation of data centres. However, GR 71/2019 does not cover electronic data in the financial services sector, which is regulated separately by OJK and BI. With the issuance of GR 71/2019 and the imminent enactment of a Privacy Law, OJK and BI can be expected to revise their own regulations in this area.
There is currently no specific regulation on the use of social media or other similar tools in fintech business schemes. General regulations on IT laws and advertising apply in this case.
Besides regulators, business associations – such as the Indonesia FinTech Association (Asosiasi Fintech Indonesia) and the Indonesia FinTech Crowdfunding Association (Asosiasi Fintech Pendanaan Bersama Indonesia) – play an important role as an intermediary between regulators and fintech players by accommodating the needs of fintech players and recommending regulatory developments in the fintech area. These associations have also issued codes of conduct applicable to their members as an attempt to self-regulate the industry and this has been well received by OJK.
Traditional financial products and services are highly regulated. Traditional financial institutions are generally not able to issue any new products and services without prior regulatory approval or notification. As such, traditional financial institutions do not generally offer unregulated products and services. However, traditional financial institutions (eg, banks, insurance companies and multi-finance companies) have recently developed the practice of entering into co-operation arrangements with fintech players, such as peer-to-peer lending providers (eg, banks and multi-finance companies co-operate with a peer-to-peer platform to provide small loans) and marketplace/digital platform providers (eg, insurance companies sell their insurance products through the marketplace’s online platform).
Given the fast pace at which fintech companies move, it is possible for some of them to offer products and services that are already regulated, and those that have yet to be regulated. It may not be possible to conduct more than one business activity through the same entity (eg, peer-to-peer lending platforms are not allowed to carry out other business activities). This is one reason why OJK and BI decided to form their regulatory sandboxes, so that they have visibility of new initiatives by fintech companies.
There is currently no specific regulation on robo-advisers in Indonesia. As such, any utilisation of robo-advisory services should comply with the relevant sectoral regulations.
Several financial services providers have incorporated robo-advisory services into their offerings to customers, including digital platforms that offer mutual funds (such platforms typically hold a mutual fund selling agent licence) and peer-to-peer lending platforms. These companies will have to comply with the regulations applicable to their respective asset classes in providing robo-advisory services.
Legacy players must comply with the regulations applicable to their traditional business scheme, including in implementing robo-advisory services. See 3.1 Requirement for Different Business Models.
In the context of peer-to-peer lending platforms, lenders opting for robo-advisory services are able to determine the parameters within which the robo-advisers will maintain their loan portfolios. Robo-advisers are also able to allocate lenders’ funds to loans that meet the lenders’ criteria, once the loans become available, making this service popular on peer-to-peer lending platforms with high demand for loans.
To date, this firm has not seen any cases of customer complaints relating to the use of robo-advisory services.
Online lenders under Indonesian law are accommodated through peer-to-peer lending platforms. In this case, loans may be disbursed to individuals and business entities. Different requirements only apply in relation to the specific documents they need to submit for the purpose of e-KYC.
It is also possible for legacy players such as banks and multi-finance companies to offer their loans through online channels. Similarly, they can offer loans to both individuals and business entities, and the KYC documentation required will differ, depending on the type of borrower.
The underwriting process by peer-to-peer lending platforms is not specifically regulated under OJK regulations; however, there is a general requirement for the providers of peer-to-peer platforms to conduct risk mitigation steps. Accordingly, practice may vary from provider to provider. Typically, providers will conduct a limited due diligence (in addition to minimum KYC requirements) on potential borrowers, including in relation to their legal standing and the viability of the project to be funded. The providers will then apply a credit rating mechanism and will rate each of the funding opportunities available in their platform.
We understand that OJK has been placing increasing emphasis on the importance of a robust credit scoring mechanism. Given that peer-to-peer lending platforms are not allowed to provide any guarantee for payment of the loans on their platforms, credit insurance has been adopted as a risk-mitigating measure in this sector.
In Indonesia, the term "online lender" is typically associated with peer-to-peer lending platforms. Online lenders under Indonesian law are accommodated through peer-to-peer lending platforms and, as stated above, these platforms are prohibited from providing on-balance sheet loans. Therefore, the funds for these loans may only be sourced from third-party lenders. Increasingly, legacy financial services institutions like banks and multi-finance companies are providing loans online, where the source of funds is typically on-balance sheet.
Syndication of loans through peer-to-peer lending platforms is common in Indonesia. Peer-to-peer lending platform-providers would typically act as the facility agent to administer the loans on behalf of the various lenders. Legal principles and regulations that are typically applicable to syndication loans would also apply in this context.
Payment processors are not restricted from using existing payment rails. They may create or implement new payment rails such as the use of blockchain technology in their business schemes. However, since these new payment rails are unregulated, this is where the regulatory sandbox becomes potentially relevant, as, in general, every fintech player is required to be registered and to report or obtain approval from their relevant regulatory authority (BI or OJK) for any development of their business scheme, including any plans to implement new payment mechanisms.
Fund transfer activities in Indonesia fall under the supervision of BI. Such activities can be conducted by both banks and non-bank entities. Banks are also subject to OJK’s supervision in carrying out their activities generally.
Non-bank entities have to obtain a fund transfer licence from BI to carry out fund transfer activities, and an additional approval is required to execute cross-border fund transfers. BI may also impose a limit on cross-border transfer amounts carried out by non-bank entities.
Cross-border fund transfer activities must be reported to both BI and Indonesia’s Financial Transaction Reporting and Analysis Centre (PPATK).
Fund administrators or companies providing administrative support on the process of running a collective investment scheme are not specifically regulated. However, under the relevant OJK regulations, an Indonesian fund adviser (or, as they are more commonly known in Indonesia, an "investment manager") is only permitted to outsource to third parties the following functions:
In the event that an investment manager outsources any of the above functions to third-party service-providers, the responsibility in respect of the above functions (although they are performed by third parties) will remain with the investment manager. The investment manager is also required to have and implement a standard operation procedure to monitor the activities of the third-party service-providers.
Under the relevant OJK regulations, an investment manager is required to ensure the third-party service-provider (ie, the fund administrator) is a professional with the capacity and capability to perform the outsourced functions and able to fulfil its obligations under the contract. Such a contract between an investment manager and the third-party service-provider must contain the minimum provisions as required under the regulation, such as confidentiality and security of information, prohibition on subcontracting and obligation of the service-provider to provide, on demand, all necessary information and/or assistance to the investment manager, auditor of the investment manager and/or the OJK in relation to the outsourced functions.
The OJK regulations are silent on this, but this can be regulated further under the service agreement between the fund adviser (investment manager) and fund administrator. As noted, at a minimum, the service agreement must include an obligation for the service-provider to provide, on demand, all necessary information and assistance to the investment manager, its auditor and/or the OJK in relation to the outsourced functions.
Capital Market (Trading of Stocks and Bonds)
Certain securities companies in Indonesia (which engage in broker-dealer activities) have been providing online trading services to their customers. Where the relevant customer opens a securities account with the broker-dealer and deposits certain minimum funds into the account, they can directly trade the scrip-less shares by way of accessing the online trading platform provided by the relevant broker-dealer companies (ie, direct market access). It is understood that OJK (Capital Market division, previously known as Bapepam) and Indonesian Stock Exchange (IDX) regulators may inspect the customer and the securities company if any breach of the trading regulations occurs through online trading.
Under Decree of Head of Bapepam-LK No Kep-548/BL/2010 dated 28 December 2010 on Rule No VD3 on Internal Control of Securities Companies Conducting Broker-Dealer Business Activities (Rule No VD3), "online trading system" is defined as a trading system provided by broker-dealers through an electronic communication platform (including via the internet, short-messages service, wireless application protocols, or other electronic media) to conduct securities transactions.
Futures Commodities Trading
Futures commodities trading in Indonesia is supervised by the Supervisory Agency for Commodity Futures Trading (Badan Pengawas Perdagangan Berjangka Komoditi, or BAPPEBTI), as the government institution responsible for futures trading supervision.
Law 32/1997 (as amended) sets out the general principle that all transactions involving Commodity Futures Contracts (as defined in Law 32/1997) must be conducted through a commodities and futures exchange licensed by BAPPEBTI, and in accordance with Law 32/1997 and its implementing regulations. There are currently two commodities and futures exchanges licensed by BAPPEBTI in Indonesia – the Indonesia Commodity and Derivatives Exchange (ICDX) and the Jakarta Futures Exchange (JFX). Each commodities exchange maintains a trading system for market participants. The JFX maintains an electronic trading platform known as JAFeTS. In order to trade on JAFeTS, a trader must register as a member of the platform by submitting an application and supporting documents to the JFX.
Commercial paper transactions, money market transactions, or commercial paper transactions on the secondary market in Indonesia are conducted through a government-run centralised system known as the Bank Indonesia-Electronic Trading Platform (BI-ETP) system, in line with BI Regulation No 17/18/PBI/2015 as amended, and its implementing regulations. The BI-ETP system has limited users and is not open to the public. BI-ETP users include securities companies, banks, Indonesia’s Ministry of Finance, BI, money market brokers, security deposit agencies and other institutions with the requisite approval from BI.
BI now allows private entities that are limited liability companies (Perseroan Terbatas or PTs) to operate electronic trading platforms for money market and/or foreign exchange transactions in Indonesia. A specific business licence is required from BI in order to operate an electronic trading platform, including requirements for minimum paid-up capital of IDR30 billion and maximum foreign ownership of 49%.
As mentioned above, each asset class has its own regulatory regime and supervisory body. Capital market products are subject to OJK regulations and IDX rules. Futures commodities are subject to BAPPEBTI regulations and applicable Ministry of Trade regulations. Financial market products are subject to BI regulations and applicable OJK regulations.
Through BI Regulation No 18/40/PBI/2016 on Payment Transaction Processing Operations, BI prohibits the use of virtual currency (note that the prohibition targets cryptocurrency despite the terminology used) for transactions within Indonesia. To date, there are no specific laws regulating cryptocurrency or digital asset exchanges.
Under Ministry of Trade Regulation No 99 of 2018 on General Policy on Crypto Asset Trading, cryptocurrency assets are deemed as commodities that can be traded on Indonesian futures exchanges.
BAPPEBTI recently issued an implementing regulation that sets out technical provisions regulating crypto asset trading on futures and digital exchanges. Under the newly issued regulation, crypto assets can now be traded on a futures exchange or an electronic platform owned by futures traders. The platform itself should connect with the futures exchange platform. The relevant crypto assets that can be traded will be determined by BAPPEBTI. All existing crypto trading providers are required to first register with BAPPEBTI and meet certain registration requirements, including having minimum paid-up capital of IDR100 billion and a final capital balance of IDR80 billion. See 12 Blockchain for more on this.
Listing standards are currently only relevant to stock or bond assets in Indonesia. If a public company wishes to be listed on the IDX, the listing requirements set out in Decision of the Board of Directors of IDX No Kep-00183/BEI/12-2018 on Regulation No I-A, which concerns the listing of shares and equity-type securities issued by listed companies (IDX Listing Rule), are applicable. The IDX Listing Rule prescribes the listing requirements to be satisfied by a listing applicant, which include holding the status of an Indonesian limited liability company (PT), provision of an "effective statement" from OJK, and having a minimum share price of IDR100 per share.
There are two listing boards on the IDX: the "main board" and the "developing board". Listings on the developing board (a more junior listing board introduced to facilitate listings by smaller companies) involve less demanding listing requirements. The overwhelming majority of internationally marketed Indonesian IPOs are listed on the IDX main board, which imposes more onerous requirements such as having at least 1,000 shareholders of record and net tangible assets of at least IDR100 billion.
In relation to stock trading on the IDX, this firm is not aware of any specific guideline from OJK regarding order handling rules in Indonesia. However, under Rule No VD3, a securities broker that provides an online trading system is obliged to provide certain publicly accessible information on its website, including a description of order handling and/or any delayed instruction when there is any technical issue with the online trading system.
Although the number of peer-to-peer trading platforms in Indonesia is not yet significant, OJK issued OJK regulation No 37/POJK.04/2018 on Equity Crowdfunding to accommodate the future development of equity crowdfunding platforms. As of 31 December 2019, just three companies were listed on OJK’s website as licenced equity crowdfunding companies.
The trading mechanism for the equity crowdfunding platform will be determined by the equity crowdfunding platform provider itself. The mechanism should be more straightforward compared to a conventional trading system in the stock market, where there are certain requirements for trading via intermediaries (ie, a broker/securities company) and settlement and depository processes with the Indonesian Central Depository Institution (Kustodian Sentral Efek Indonesia, or KSEI) and Indonesian Clearing House (Kustodian Penjamin Efek Indonesia, or KPEI). The purpose of simplifying the process is to enable potentially less sophisticated investors in equity crowdfunding platforms to buy and sell shares directly with each other rather than working through an intermediary or third-party service, as in conventional stock trading.
Due to the rapid growth of peer-to-peer trading platforms in Indonesia, IDX recently issued a new Listing Regulation that introduces certain changes to simplify listing procedures and broaden the financial criteria for listing, the aim of which is to increase interest from unicorn start-ups in listing their shares on the IDX.
In relation to stock trading on the IDX, there are no specific best execution obligations or guidelines imposed by OJK or the IDX. IDX Market Trading Rule No II-A Kep-00168/BEI/11-2018 is very high-level in nature and simply states that securities companies should apply best-execution practices for customer trades in order to execute orders on behalf of its customers to seek to obtain the best price possible for customers.
In practice, several securities companies have adopted their own internal policies for the implementation of best execution of customers’ trades, which appear to be based on international best practices.
This firm is not aware of any best-execution obligation or policy in different asset classes.
There is no strict regulation on payment for order flow in Indonesia.
However, Bapepam Rule No VE1 on Ethical Business of Broker Dealers (Rule No VE1) broadly stipulates that in the event that a securities company has an interest in a stock that it is recommending, the securities company must then notify its clients of that interest before the clients buy or sell the recommended securities. Based on this general requirement, payment for order flow should, strictly speaking, be notified to the customers of the relevant securities company.
The regulations in Indonesia do not provide definitions of high-frequency and algorithmic trading. In practice, trading in Indonesia is conducted through the electronic trading system of the IDX, namely JATS. This scripless securities trading system covers the trading of securities, which includes shares, bonds, pre-emptive rights, warrants and other derivative instruments.
Despite there being no specific regulation on high-frequency trading, the Indonesian Capital Market Law contains a general prohibition on market manipulation. Under this provision, relevant parties (eg, individuals, companies, partnerships, associations or organised groups, as applicable) are prohibited from:
If the implementation of high-frequency trading tactics (front running, spoofing, arbitrage, etc) creates manipulation in the market, the perpetrator may be subject to administrative sanctions and the market manipulation may also constitute a criminal offence.
Other than the above, there are no specific regulations on the creation or usage of high-speed or algorithmic trading. Further, there is no delineation between different asset classes as regards use of this trading technology.
The current regulatory landscape does not clarify this point. See 7.1 Permissible Trading Platforms.
A market maker is only recognised in the Indonesian futures commodities trading sector and is defined as a party that continuously bids and/or sells within the trading period. To become a market maker in Indonesian futures commodities trading, a party will require a determination by the futures exchanges and the clearing house, with approval from the head of BAPPEBTI.
There are no specific obligations or requirements regarding registration of market maker status in the context of high-speed or algorithmic trading platforms or processes.
See 7.7 Issues Relating to Best Execution of Customer Trades.
The regulations do not make a distinction between funds and dealers engaged in these activities.
As far as this firm is aware, no licensed Indonesian securities company engages in high-frequency and/or algorithmic trading, therefore payment for order flow in relation to high-frequency and algorithmic trading is not relevant in Indonesia.
All businesses in Indonesia are required to obtain a business licence in line with their business activities. This firm's preliminary view, broadly speaking, is that a financial research platform that provides financial news and information – including trading news, financial data and related analysis – may be categorised as a "digital platform-provider" pursuant to Indonesian Standard Industrial Classification (KBLI) No 63122, which is subject to a 49% foreign ownership restriction or can be 100% open for foreign investment if the total investment is at least IDR100 billion. Ultimately, the specific activities of each financial research platform would need to be assessed on a case-by-case basis to understand what specific regulatory requirements may be applicable.
A financial research platform provider is required to register its platform with MOCIT in order to obtain an Electronic System Provider Registration Certificate.
Under Law No 11 of 2008 on Electronic Information and Transactions (as amended), any person who knowingly and without authority disseminates false and misleading information resulting in consumer loss in electronic transactions can be sentenced to imprisonment for up to six years and/or a fine of up to IDR1 billion.
In the capital markets context, the spreading of rumours and other unverified information may relate to market manipulation provisions under Indonesia’s Capital Markets Law, which prohibits giving a false statement of material facts or making a statement or providing information that is materially false or misleading. If a player is found guilty of market manipulation activities, it may be subject to administrative sanctions (ranging from a written warning to revocation of business licence and cancellation of registration) and, in more serious cases, such activities may also constitute a criminal offence for which a maximum fine of IDR15 billion may be imposed.
At present, there is no clear regulation in Indonesia regarding how market-manipulation concepts would be applied to financial research platforms, peer-to-peer exchanges or exchanges trading digital assets. As noted above, the space remains largely unregulated.
At present, conversation curation is unregulated in Indonesia and would likely be a matter of internal policy for the financial research platform to implement. As noted, there are no regulations or guidelines regarding the operation of such platforms in Indonesia, including whether a platform is supposed to be actively censoring all pump-and-dump schemes, spreading of insider information, or other types of unacceptable behaviour on its platform.
However, in the context of an e-commerce platform, a regulation was issued by MOCIT, namely Circular Letter No 5 of 2016 on Limitation of Responsibility of Platform Providers and Trade Merchants through Electronic Systems in the form of User Generated Content. Under this regulation, a platform-provider is responsible for the performance of the electronic system and management of the content on the platform. However, if a mistake, negligence or other unacceptable action on the part of a trade merchant or a user of the platform can be proven, that platform-provider may be exonerated from the consequences of such actions (to be determined on a case-by-case basis). Considering that financial research platforms are currently unregulated in Indonesia, it is possible that regulators may also apply this concept to financial research platforms (eg, where a user promotes pump-and-dump schemes, divulges insider information or engages in other potential damaging behaviours).
Again, platform-providers are currently unregulated in Indonesia. Accordingly, whether a platform-provider is supposed to be actively acting as a "gatekeeper" when it sees suspicious or unlawful behaviour by its users is largely up to the internal protocols of the platform in question. However, the principle mentioned above limiting the responsibility of the platform-provider may also be relevant here.
Insurance companies in Indonesia use underwriting processes to evaluate an insurance application. For example, in the case of life insurance, the process involves determining the applicant's risk by reviewing medical information, lifestyle and financial information of its prospective client as well as considering the client's age and gender. Based on this information, the underwriter determines if the client qualifies for life insurance coverage and, if so, how much they will pay for it.
OJK, under OJK Regulation No 69/POJK.05/2016 (as amended), only sets out general principles in relation to underwriting procedures. For example, it is stated that all insurance companies should have in place internal underwriting guidelines, which contain and cover the possibility of risk in the future, mitigation of risk and types of risk that will be insured. Insurtech is still in its early stages in Indonesia and as a result remains largely unregulated. It is understood that OJK has been having discussions internally as well as with market players regarding insurtech and intends to prepare a draft regulation on insurtech business in due course.
The insurance business in Indonesia is regulated by OJK under Law No 40 of 2014 on Insurance Business (Insurance Law). Under the Insurance Law, insurance is divided into two categories, namely life insurance and general insurance.
Life insurance business activities involve providing insurance to the policy-holder, the insured, or other entitled parties in the event of death or life of the insured. General insurance business activities cover a broader range of activities and involve providing compensation to the insured or policy-holder due to loss, damage, incurred cost, lost profit, or legal liability towards third parties that may be suffered by the insured or policy-holder due to an uncertain event.
Other types of insurance may also be differentiated based on whether they incorporate Shari'a principles.
There is potential for a regtech industry to develop in Indonesia. However, to date, there has been very little by way of a private sector regtech industry in Indonesia other than providers of online tax filing services. In 2017 Indonesia’s first regtech Association was established. It is unclear whether this association is still in operation. There only appear to be around six companies registered as members.
In the context of regtech for tax-filing activities, the Directorate General of Taxes of Indonesia has issued a regulation setting out the requirements to apply as a tax-filing digital service-provider. The licence for digital tax-filing service-providers is valid for five years and can be extended for a further five years. Currently, there are a handful of tax-filing service-providers in Indonesia, including spt.co.id, pajakku.com, eform.bri.co.id and online-pajak.com.Further, in the context of peer-to-peer lending activities, OJK requires the underlying peer-to-peer agreement to use digital signatures. MOCIT has recently issued a regulation that sets out guidelines for a company to become a digital signature-provider and currently this firm is aware of only one digital signature-provider in Indonesia, namely PrivyId.
Other than the above, this firm is not aware of any specific regulation for regtech providers in Indonesia to date.
It is worth noting, however, that under OJK Regulation No 13/POJK.02/2018 on Financial Technology Innovations in the Financial Services Sector, financial technology innovation providers must have a system that can improve the efficiency of, and compliance with, the OJK’s supervisory process, and must also establish a special technology regulation unit.
There appear to be very few regtech business-providers in Indonesia and even fewer that have entered into co-operation arrangements with financial services firms, such as banks. This may soon change given how the regulations in the financial services sector have evolved to allow more technology-driven solutions to be implemented (eg, e-KYC, data analytics, credit scoring). In this firm's view, important contractual terms in contracts between banks and a third-party identity verification provider largely centre around protection of customer data. The regulations applicable to the relevant financial services firms may also set out certain contractual terms that have to be included in the firms’ agreements with service-providers. For example, under OJK Regulation No 9/POJK.03/2016 on Prudential Principles for Banks that Outsource Services to Other Parties, OJK sets out the types of activity that can be outsourced by banks, including IT activities. Under the OJK regulation, co-operation agreements between banks and service-providers must be set out in writing and should cover the following areas:
The regtech sector in Indonesia has not reached this level of maturity as yet and regulations pertaining to online tax-filing service-providers and digital signature-providers are silent on this point. As mentioned above, the regtech market in Indonesia is still in its infancy.
The "building blocks" for an Indonesian blockchain industry have started to emerge in recent years. Although still in the early stages compared with its neighbour Singapore, Indonesia is home to several blockchain start-ups, including Indodax (previously Bitcoin Indonesia), the country’s largest cryptocurrency exchange, and Pundi X, a point-of-sale device manufacturer supporting payments in cryptocurrency. The blockchain association of Indonesia was also launched in early 2018 at the blockchain hub, a centre dedicated to developing, promoting and offering education around blockchain technology in Jakarta.
The implementation of blockchain technology in the financial services sector has also started to gain momentum as four blockchain-based players registered with OJK passed OJK’s regulatory sandbox assessment in 2019.
There are also reports that OJK has a dedicated team to study how blockchain may impact the sector. BI has also publicly stated that it is studying blockchain technology, including investigating the introduction of a central bank digital currency (CBDC) for domestic payments. It is understood that the CBDC would be pegged to the Indonesian rupiah.
In general, BI has adopted a relatively welcoming approach to blockchain technology, in contrast to its statements against cryptocurrency in Indonesia. In 2017, BI banned the use of cryptocurrency for payment transactions, although it does not prohibit the trading of digital tokens themselves. The ban stands, to date.
BI's interest in blockchain has, according to several reports, meant that five major Indonesian banks (Bank Negara Indonesia, Bank Rakyat Indonesia, Bank Mandiri, Bank Danamon and Bank Permata) are exploring the idea of implementing blockchain in their systems. This firm is not aware of concrete initiatives having been implemented to date.
One area of interest in relation to the application of blockchain technology is migrant remittance payments. Indonesia is ranked 14th in the world for receipts of migrant remittances according to the World Bank. Remittance is the transfer of money by a migrant worker to an individual in his or her home country. Traditionally, these transfers are carried out through banks or financial intermediaries at significant cost and with well-known inefficiencies. Senders and recipients of these remittances are often unbanked. There have been media reports of financial services-providers (including legacy players and start-ups) looking to blockchain technology as a potential means to reduce fees and transfer times for these types of remittances.
In general, the "blockchain buzz" in Indonesia to date appears chiefly focused on the potential of the technology to enable increased efficiency and greater transparency, with applications being rolled out in areas and industries such as logistics, e-voting, record-keeping and agriculture. Most of these applications are start-ups, both local and foreign.
Policy makers see the potential for blockchain technology and the benefits of immutable records as a way of reducing corruption and money-laundering issues that continue to be an issue for Indonesia. Like other emerging markets, Indonesia has faced challenges in maintaining accurate records due to a lack of technical capacity and resources. It is understood that the public and private sectors are now looking at blockchain technology to overcome some of these challenges.
Under Ministry of Trade Regulation No 99 of 2018 on General Policy on Crypto Asset Trading, cryptocurrency/crypto-assets are deemed as commodities that can be traded on the Indonesian futures exchange. As noted, BAPPEBTI has issued BAPPEBTI Regulation No 5 of 2019 on Technical Provision of Physical Market of Crypto in the Futures Exchange, as amended by BAPPEBTI Regulation No 9 of 2019 (BAPPEBTI Regulation), which provides further detail to the 2018 Ministry of Trade regulation. Pursuant to the BAPPEBTI Regulation, it is now clear that crypto-assets can be traded in Indonesia on futures exchanges or electronic platforms established by trading platforms, connected to the futures exchange platform. The crypto-assets that can be traded in the market will be determined by the head of BAPPEBTI and must fulfil criteria such as:
The BAPPEBTI Regulation also provides that existing crypto trading providers are required to register with BAPPEBTI and have a minimum paid-up capital of IDR25 billion, as well as equity no lower than IDR20 billion. Further, by 8 February 2020, all registered traders must obtain status as a licensed trader through BAPPEBTI and meet certain requirements such as having a minimum paid-up capital of at least IDR50 billion and operating an online platform to facilitate the trading of crypto-assets that are connected and compatible with the futures exchange and related clearing-house system.
Notwithstanding BI's past announcements that cryptocurrency is banned in Indonesia and BI’s reluctance to accept it as a legitimate means of payment within the country, cryptocurrency has received recognition as tradable commodities from BAPPEBTI.
To date, there are no regulations in Indonesia confirming how "issuers" of blockchain assets shall be treated, nor how initial sales – eg, initial coin offerings (ICOs) or security token offerings (STOs) – are to be carried out or whether they are prohibited or regulated. The new BAPPEBTI Regulation on crypto-asset trading also clearly states that it does not address ICOs. Due to the lack of certainty, blockchain start-ups in Indonesia often look offshore when seeking to carry out on initial sale of blockchain assets (eg, Singapore, Jersey, Malta and the Caribbean). It is unclear whether legacy securities regulations would apply to digital assets in Indonesia.
It is worth mentioning that, under BI Regulation No 19/12/PBI/2017 on Financial Technology and Governor of BI Regulation No 19/14/PADG/2017, BI has outlined that blockchain is a payment system technology, and states that companies providing blockchain solutions may apply to be part of the BI regulatory sandbox. Meanwhile, under OJK Regulation No 13/POJK.02/2018 on Financial Technology Innovations in the Financial Institution Sector, OJK also states that companies providing blockchain solutions (as part of digital innovation more generally) may apply to be part of the OJK regulatory sandbox. As stated above, four blockchain-based players that are registered with OJK passed its regulatory sandbox assessment in 2019.
Crypto-asset trading platforms are regulated in Indonesia under the BAPPEBTI Regulation. Cryptocurrency trading platforms are now subject to certain minimum requirements. For example, exchange platforms:
There are no blockchain asset-specific regulations for investment funds to date. Accordingly, such funds will be subject to traditional fund regulations such as OJK Regulation No 43/POJK.04/2015 on Investment Manager Behaviour Guidelines and OJK Regulation No 10/POJK.04/2018 on Implementation of Governance of Investment Managers. These regulations impose general obligations such as restrictions to purchase and/or sell securities for customers if not in line with investment policy stipulated by the capital market regulations on the management of investment and/or the investment policy stated in the investment management agreement, unless customers agree to this.
There is no clear delineation between cryptocurrency and blockchain assets in Indonesia. As noted above, virtual currencies (note that the prohibition is targeted at cryptocurrency despite the terminology used) are not recognised as legal tender within Indonesia pursuant to BI Regulation No 18/40/PBI/2016 on Payment Transaction Processing Operations. As for blockchain assets, as mentioned above, it is clear that blockchain assets and crypto-assets can be traded as commodities in the futures exchanges.
It remains a grey area whether payment through a point-of-sale device in a cryptocurrency that immediately converts the cryptocurrency amount into the Indonesian rupiah fiat equivalent would technically be subject to the BI prohibition. This firm suspects that the prohibition would be interpreted broadly to capture such payments. It can be noted that BI's stance on payments utilising cryptocurrency resulted in inspections of retailers in Jakarta and Bali (where payment in cryptocurrency saw a dramatic rise in 2017).
Privacy concerns versus the transparency and immutability of data recorded on a blockchain are an issue that affects the global blockchain industry as a whole. This issue will certainly be a concern in Indonesia in the future. Indonesian data protection regulations provide that personal data must be protected. The data protection regulatory space continues to develop, with new regulations being introduced quite regularly. In this regard, there may be a need for balance, noting that certain blockchain technology incorporates privacy features (including the option for transactions to be private or not).
As noted above, under the BAPPEBTI Regulation, crypto trading platforms are required to have in place IT security protocols and policies to ensure that access to financial data and transaction data of customers is protected.
In 2018, OJK issued Regulation No 12/POJK.03/2018 on the Implementation of Digital Banking Services by Banks (Digital Banking Regulation). Under the Digital Banking Regulation, OJK supports open banking by allowing banks to co-operate with other financial institutions and/or non-financial institutions, in particular in providing transactional services, by utilising an open application programming interface (API), which may connect a bank’s electronic system to another institution’s electronic system.
In November 2019, BI published the 2025 Indonesia Payment System Blueprint (BI 2025 Blueprint), which outlines five initiatives, the first one being open banking. According to the BI 2025 Blueprint, this initiative will cover the standardisation of data, API, security requirements, and governance.
We understand that several Indonesian banks have already introduced their own API.
Under the Digital Banking Regulation, OJK requires banks to comply with the prescribed customer data protection principles, including confidentiality, integrity, availability and authenticity. Banks and technology providers wishing to use or share customer data must obtain the customer's informed consent. Data privacy and data security concerns appear to be high on banks’ agendas, and they regularly inform their customers of issues relating to those areas. The BI 2025 Blueprint also highlights the importance of customer consent for the use of Open Banking and standardisation of security requirements.