Fintech 2020

Last Updated March 02, 2020


Law and Practice


Hiswara Bunjamin & Tandjung is a full-service Indonesian law firm, associated with global law firm Herbert Smith Freehills. All of the partners are experienced Indonesian lawyers with many years' experience advising clients across all major industry sectors. The firm's client base includes some of the largest multinational corporations and financial institutions. The Jakarta office has several long-term international counsel seconded from Herbert Smith Freehills, while Herbert Smith Freehills' Singapore office includes Indonesian lawyers and recognised Indonesia specialists, including in the TMT and fintech space. The fintech practice group includes ten members of the broader corporate M&A and TMT practices, ranging from partner level to associates and trainees. The firm's key areas of practice in relation to the fintech sector include corporate M&A, regulatory advice, company establishment and general corporate advice in the areas of digital payments, peer-to-peer lending, traditional finance models (including digital developments in Indonesia's banking, insurance and multi-finance sectors), and data protection.

Indonesia has been widely perceived as an under-tapped market for fintech opportunities, largely due to its population of over 260 million people, relatively high smartphone usage and internet penetration, and affordable mobile data (priced lower than in most other Association of Southeast Asian Nations countries. However, this perception is changing, given the pace at which some of the fintech verticals have been growing recently. With approximately 40% of the adult population not possessing a bank account and, as a result, having limited access to financial services, innovative fintech businesses are being encouraged by the Indonesian government, which advocates various long-term policy goals aimed at promoting financial inclusion and the development of SMEs.

In 2019, e-money and peer-to-peer lending companies continued to dominate the fintech landscape in Indonesia in terms of maturity level. The regulations and market practices in relation to e-money are more settled and sophisticated than those relating to peer-to-peer lending, especially since the central bank of Indonesia (Bank Indonesia, or BI) revised the e-money regulations in 2018. This is not surprising, given that e-money activities have been carried out and regulated in Indonesia for more than a decade whereas the first peer-to-peer lending regulation was only introduced by Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan, or OJK) in 2016.

While Indonesia’s e-money sector used to be dominated by legacy players such as banks and telecommunication companies, recent data indicate that new entrants are catching up. In response to the proliferation of new e-money players in the market, during 2019 four major Indonesian legacy players merged their e-money platforms to form a new national e-money champion called LinkAja. We expect to see further consolidation in the e-money vertical in the coming years.

In relation to peer-to-peer lending, based on OJK data released in November 2019, there were 139 registered and 25 licensed peer-to-peer lending platforms. The aggregate amount of loans disbursed through peer-to-peer lending platforms was IDR74.54 trillion – an increase of 228.88% in one year.

Digital platform and e-commerce businesses have been well received in Indonesia by both businesses and consumers. Over the past two years there has been continuing interest from foreign investors in these businesses. There are currently five unicorn digital platform and e-commerce start-ups in Indonesia – Traveloka, Go-Jek, Bukalapak, Tokopedia, and Ovo, the latter achieving unicorn status in late 2019. Go-Jek, a ride-hailing company, has now achieved decacorn status.

Although digital platform and e-commerce businesses are growing rapidly, their growth is still constrained by low credit card ownership, making online payments difficult for some Indonesians. Technology innovations in payments and the financial sector as a whole are therefore necessary to provide solutions to these challenges and there is increasing interest in virtual credit cards. This has spurred growth in the e-money sector, with more digital and e-commerce platforms either obtaining their own e-money license or co-operating with e-money license holders to allow payment on their platforms. We have also seen increasing use of PayLater services, which allow payment by installments on digital and e-commerce platforms. These services are typically offered in collaboration with multi-finance companies and/or peer-to-peer lending platforms. 

On 31 December 2018, OJK issued a regulation on equity crowdfunding that enables small to medium-scale companies to sell their shares through electronic platforms. This vertical is still in its infancy in Indonesia and did not gain much traction during 2019, although that may change in 2020.

The fintech sector in Indonesia continues to grow as legacy financial services business models are "modernised" and investor interest in the sector remains steady. Regulators are in a constant race to keep up with evolving fintech business trends. In 2020, we expect to see continued foreign investment in fintech start-ups, an interesting mix of collaboration and competition between legacy players and new entrants, and on-going discussions among fintech players, regulators, and industry associations.


E-money is the first regulated fintech activity in Indonesia and it now has a relatively strong and clear regulatory foundation. Major legacy players in the banking sector and the telecommunications sector (XL Axiata, Telkomsel and Indosat) have expanded their businesses to include e-money offerings to their broader customer base. However, since e-money is a payment-related activity, the Indonesian government is, generally speaking, more protective of this sector than other fintech sectors, as evidenced by the introduction of a 49% foreign ownership limitation under a BI regulation issued in May 2018. This has slowed foreign investor interest in a sector that was previously 100% open to foreign ownership

At a high level, the e-money business model in Indonesia is similar to e-money services in other countries. E-money exists in banking computer systems for legacy players and other online systems (such as marketplaces) for new players. The value of the e-money is backed by fiat currency and it can be exchanged in lieu of fiat for goods or services for convenient electronic uses. E-money can also be physically transferred back into fiat money through banking computer systems (via ATMs, branches, etc).

There were 39 e-money licence holders in Indonesia as of 24 October 2019 based on data published on BI’s website. In practice, Indonesians generally hold multiple e-money accounts in order to utilise the features and enjoy the promotions offered by various platforms.

To promote a “national champion” among e-money players, a co-operation was formed in mid-2019 by four major legacy players in Indonesia – TCASH (Telkomsel), E-Money (Bank Mandiri), BRIZZI (Bank BRI), and BNI TapCash (Bank BNI). These four legacy players integrated their e-money platforms and branded the integrated platform as LinkAja. The cooperation was intended to combine the customer base of these four e-money platforms, with the hope that LinkAja will become the largest e-money platform in Indonesia. Given the large number of e-money license holders and increasingly intense competition among them, consolidation is likely to continue.

Peer-to-peer Lending Platforms

In light of the ongoing need for credit among Indonesians (particularly the "unbanked") and the strict regulatory framework associated with traditional lending services, in the last couple of years many new fintech players have sought to offer peer-to-peer lending services to Indonesian consumers. OJK adopts a two-stage licensing process for peer-to-peer platforms, with registration followed by licensing. As at 20 December 2019, there were 139 peer-to-peer platforms registered with OJK and 25 peer-to-peer platforms licensed by OJK.

To be a traditional lender providing on-balance sheet loans, companies generally require a multifinance or banking licence, and their loan application and approval processes tend to be more rigid. Peer-to-peer lending platforms in Indonesia are prohibited to provide on-balance sheet loans (ie, they cannot be a lender on their own platform) and can only act as intermediaries between lenders and borrowers. Given the nature of the peer-to-peer lending business in Indonesia and given that the lenders in this space do not have to be licensed lending entities (ie, they can be individuals), the requirements for obtaining credit from a peer-to-peer lending platform are less onerous, but the interest rate is generally higher than traditional lending schemes. Peer-to-peer lending platforms are limited to a maximum of 85% foreign ownership (see below for more details).

With OJK’s issuance of more licences for peer-to-peer platforms, we have seen increasing interest in this segment. One strategy adopted by some groups is to have one entity with a lending licence (a bank or multifinance company) and another with a peer-to-peer platform licence.

BI regulates matters relating to payment in Indonesia, focusing on monetary policy and payment system stability as a whole. Payment-related fintech activities such as e-money, electronic wallets, payment gateways and other payment system-providers are under the purview of BI. E-money has been regulated since April 2009 and, following a 2018 amendment to the relevant regulation, has a stricter foreign ownership limitation compared to other regulated fintech activities, being a maximum of 49% for foreign investment (the remaining 51% must be owned by local shareholders).

E-wallet (the functionality of which is often paired with e-money business activities in Indonesia) and payment gateway activities were first regulated in November 2016 and are presently 100% open for foreign investment. The e-wallet functionality is viewed as different to e-money by Indonesian regulators as an e-wallet is not a payment instrument itself. Rather, an e-wallet is a feature to store customers’ payment instruments (which can be in the form of debit card, credit card, or e-money information).

Another regulatory body, OJK, has the authority to regulate matters relating to non-payment financial services in the banking, capital markets, insurance, pension fund and financing sectors. Accordingly, fintech innovations in these sectors, including digital banking and peer-to-peer lending services, fall under OJK’s purview. Peer-to-peer lending was the first fintech activity regulated by OJK. The relevant regulation was issued in December 2016. As mentioned above, a peer-to-peer lending-platform is subject to a foreign ownership limit of 85%. OJK also issued a regulation on equity crowdfunding in December 2018. To date, no foreign ownership limitation has been applied for equity crowdfunding.

See 2.6 Jurisdiction of Regulators on the possibility of overlapping jurisdiction.

E-Money players are allowed to charge customers fees for the purchase of e-money media (such as cards or NFC stickers), top-ups, cash withdrawals through third parties, and fund transfers across e-money platforms.

E-wallet players and payment gateway operators are in general allowed to charge fees for the services they provide to users. The same goes for peer-to-peer lending operators which can charge users a fee for their services, except when handling customer complaints.

In general, the fees they impose must be disclosed upfront to their customers. The fee structures offered to customers are assessed by the relevant regulatory authority during the licence application stage.

In general, the regulatory framework applicable to legacy players engaging in traditional financial services activities (whether payment or non-payment) tends to be stricter than those that are applicable to new fintech players; ie, more onerous licensing, "know your customer" (KYC), minimum capital injection and reporting requirements, etc. This is largely due to the different nature of the business and monetary limitations applicable to these players, as well as the Indonesian government’s desire to promote financial inclusion by relying on (among others) the fintech industry. To clarify, legacy players in traditional payment or non-payment activities can generally disburse or manage higher amounts of money than those in the fintech sector that are subject to stricter financial limits and this might have been yet another reason for the different stringency of the regulations.

By way of example, peer-to-peer lending players in Indonesia are prohibited from carrying out any on-balance sheet lending. They may only manage off-balance sheet lending. On-balance sheet lending may only be performed by traditional financial institutions such as banks and multi-finance companies. Another example is that e-money accounts may only store a value of money not exceeding IDR2 million (for unregistered users) or IDR10 million (for registered users) and their aggregate monthly transaction value is limited to IDR20 million. These limitations do not apply to traditional payment instruments such as debit or credit cards.

Aside from monetary limitations such as the above, regulation of the fintech sector is more "relaxed" than traditional financial services, which is in line with the Indonesian government’s policy aimed at developing the fintech industry to promote longer-term financial inclusion and the establishment of SMEs.

The rapid growth of innovations in the fintech sector has resulted in certain fintech activities not being regulated. Regulators have responded by issuing regulations introducing a ‘sandbox’ as a "catch-all" regulation for all (previously unregulated) innovative fintech activities.

On 30 November 2017, BI introduced a regulatory sandbox through Regulation No 19/12/PBII/2017. This sandbox is broad enough to capture all activities utilising technology in the financial services sector that leads to the use of new products, services, technology or business models that might affect monetary stability, financial system stability or payment system efficiency, security or dependability.

OJK followed in the footsteps of BI by issuing OJK Regulation No 13/POJK.02/2018 on 16 August 2018, which introduced a separate regulatory sandbox for digital finance innovations. Digital finance innovations are defined as any "digital" activity aimed at innovation in business processes, business models or financial instruments that brings added value to the financial services sector.

As the first regulatory sandbox introduced in Indonesia, the BI sandbox appears to capture a wide range of activities and innovations, including those relating to sectors that are regulated by OJK. However, now that OJK has introduced its own sandbox, digital finance innovations, particularly those in respect of non-payment activities (ie, transaction settlement, fund-raising, investment management, crowdfunding and distribution, insurance, market support and other digital finance support), are all now subject to OJK’s sandbox. There is no hard-and-fast rule to determine which unregulated activity falls under which regulator (and therefore which sandbox it will be subject to).

In general, BI and OJK require all business players conducting unregulated fintech activities to register with BI or OJK, as the case may be. Following registration, their activity will be included in the regulatory sandbox for assessment by the relevant regulator (ie, BI or OJK). The relevant regulator will assess and supervise the activities, then decide whether they:

  • should be approved (by BI, OJK, or any other applicable authority) for use in Indonesia;
  • need to be modified; or
  • are not recommended for use in Indonesia.

This process is also intended to help the regulators to develop the fintech regulatory framework in Indonesia.

Based on BI's website, while 54 companies registered with BI under the sandbox regime, only one payment system company has successfully passed the regulatory sandbox assessment. The 54 companies registered with BI consist of 31 payment system companies, 11 market supporting players, and 12 supporting service providers.

For OJK’s regulatory sandbox, as of October 2019, 61 companies had registered as digital finance innovation providers under OJK’s regulatory sandbox regime. These companies include 21 aggregators, eight credit scorers, seven financial planners, five project financiers, five financing agents, four blockchain players, two E-KYC players, two claim service handlers, one digital DIRE (real estate investment fund) player, one funding agent, one online gold depository, one non-CDD (Customer Due Diligence) verifier, one online distress solution provider, one social network and robo-adviser and one tax and accounting player.

With respect to fintech activities that have been specifically regulated by BI or OJK, such activities will fall under the jurisdiction of BI or OJK. As mentioned above, BI has jurisdiction over fintech activities relating to payment systems (eg, e-money, e-wallet, payment gateway) and OJK has jurisdiction over non-payment fintech activities (ie, peer-to-peer lending and equity crowdfunding).

Overlapping of jurisdiction between regulators can occur in relation to fintech activities that have not been specifically regulated. Generally speaking, the possibility of such an overlap increases for companies with foreign shareholders because another regulator such as the Investment Co-ordinating Board (Badan Koordinasi Penanaman Modal or BKPM) then becomes involved. We have seen companies incorporated as data or technology companies under the BKPM regime then being required to apply for a BI license following the introduction of new BI regulations on payments. 

Companies engaging in regulated fintech activities are allowed to co-operate with third parties in conducting their business activities subject to certain requirements under applicable laws.

For example, an e-money issuer will require prior approval from BI to engage in co-operation with third parties in relation to:

  • the provision of supporting facilities and infrastructure;
  • digital finance services (ie, for user registration, top-up, billing payment, government aid facilitation);
  • cash remittance; and
  • co-branding co-operation.

Co-operation between e-money issuers and merchants is also required to be notified to BI. The relevant regulations on e-money provide minimum requirements for these types of agreements, such as the use of Indonesian language, minimum rights and obligations of parties, dispute resolution mechanism, transaction settlement, etc. These agreements must be submitted to BI.

E-wallet and payment-gateway licence-holders must also obtain approval from BI for their co-operation with third parties. However, regulations applicable to these activities do not specifically define which type of co-operation will require approval or notification to BI. Therefore, this requirement currently applies broadly and case-by-case consultations with BI will be required in this case.

On the one hand, OJK regulations applicable to peer-to-peer lending platforms, on the other hand, only state that these companies may co-operate with third parties for the purpose of data exchange to increase their service quality; however, no further requirement or other type of co-operation is provided under such regulation. Again, this results in the necessity for case-by-case consultations with OJK. It should be noted that a draft OJK circular letter sets out other types of co-operation that peer-to-peer lending platforms can enter into, such as e-KYC service providers, but it had not been issued at the time of writing.

In general, co-operation must be conducted by fintech licence-holders with properly licensed third parties enabling them lawfully to conduct their rights and obligations under the relevant co-operation. A case-by-case analysis has to be made as to whether the particular activities can be outsourced and, if yes, which third-party service-provider (whether regulated by the same regulator or not) is best qualified to perform such activities.

In August 2018, OJK revoked the registration status of five peer-to-peer lending companies that did not comply with the peer-to-peer lending regulation. There has been no official publication on the specific breach committed by these companies and only general statements were issued by OJK, stating that the companies did not satisfy the requirements prescribed under OJK regulations on peer-to-peer lending.

In addition to the above, based on an OJK media release dated 3 July 2019, 404 unlicensed peer-to-peer lending platforms were blocked by OJK in 2018 and 683 more were blocked during the first half of 2019, making a total of 1,087 blocked unlicensed peer-to-peer lending platforms. OJK uses software such as Google Play Store and social media platforms such as Instagram to screen for unlicensed fintech activities. These blocked platforms have been included on OJK’s blacklist, making it difficult for them to apply for a peer-to-peer lending registration certificate or licence in the future.

Previously, fintech companies operated in grey areas as they were not subject to any specific KYC regulation, although some might argue that fintech companies should still perform KYC checks to comply with the general anti-money laundering law that applied to legacy players and fintech companies. It is now clear that BI and OJK also expect fintech companies to conduct KYC checks, although in practice the implementation may still be uneven (especially in contrast to the stringent KYC checks performed by legacy players). To keep up with technological developments, the regulations have also been amended to give more flexibility for e-KYC to be performed. The same OJK regulation for KYC applies to (among others) banks and peer-to-peer lending platforms, but the latter have until early 2021 to comply with the regulation. In the meantime, peer-to-peer lending platforms still have to comply with the KYC requirements set out in the peer-to-peer lending regulations.

Regulations issued by MOCIT on digital signature also provide a strong regulatory framework for fintech business schemes, as well as the requirements for fintech players to certify their electronic systems. This has boosted the confidence of Indonesians to use the products of fintech business players.

Other regulations related to fintech activities, such as data privacy and cybersecurity, will also be "modernised" by regulators to accommodate the needs of fintech business schemes.

In October 2019, Government Regulation No 71 of 2019 on the Implementation of Electronic Systems and Transactions (GR 71/2019) was issued GR 71/2019 includes both protection of electronic personal data and a requirement for localisation of data centres. However, GR 71/2019 does not cover electronic data in the financial services sector, which is regulated separately by OJK and BI. With the issuance of GR 71/2019 and the imminent enactment of a Privacy Law, OJK and BI can be expected to revise their own regulations in this area.

There is currently no specific regulation on the use of social media or other similar tools in fintech business schemes. General regulations on IT laws and advertising apply in this case.

Besides regulators, business associations – such as the Indonesia FinTech Association (Asosiasi Fintech Indonesia) and the Indonesia FinTech Crowdfunding Association (Asosiasi Fintech Pendanaan Bersama Indonesia) – play an important role as an intermediary between regulators and fintech players by accommodating the needs of fintech players and recommending regulatory developments in the fintech area. These associations have also issued codes of conduct applicable to their members as an attempt to self-regulate the industry and this has been well received by OJK.

Traditional financial products and services are highly regulated. Traditional financial institutions are generally not able to issue any new products and services without prior regulatory approval or notification. As such, traditional financial institutions do not generally offer unregulated products and services. However, traditional financial institutions (eg, banks, insurance companies and multi-finance companies) have recently developed the practice of entering into co-operation arrangements with fintech players, such as peer-to-peer lending providers (eg, banks and multi-finance companies co-operate with a peer-to-peer platform to provide small loans) and marketplace/digital platform providers (eg, insurance companies sell their insurance products through the marketplace’s online platform).

Given the fast pace at which fintech companies move, it is possible for some of them to offer products and services that are already regulated, and those that have yet to be regulated. It may not be possible to conduct more than one business activity through the same entity (eg, peer-to-peer lending platforms are not allowed to carry out other business activities). This is one reason why OJK and BI decided to form their regulatory sandboxes, so that they have visibility of new initiatives by fintech companies.

There is currently no specific regulation on robo-advisers in Indonesia. As such, any utilisation of robo-advisory services should comply with the relevant sectoral regulations.

Several financial services providers have incorporated robo-advisory services into their offerings to customers, including digital platforms that offer mutual funds (such platforms typically hold a mutual fund selling agent licence) and peer-to-peer lending platforms. These companies will have to comply with the regulations applicable to their respective asset classes in providing robo-advisory services.

Legacy players must comply with the regulations applicable to their traditional business scheme, including in implementing robo-advisory services. See 3.1 Requirement for Different Business Models.

In the context of peer-to-peer lending platforms, lenders opting for robo-advisory services are able to determine the parameters within which the robo-advisers will maintain their loan portfolios. Robo-advisers are also able to allocate lenders’ funds to loans that meet the lenders’ criteria, once the loans become available, making this service popular on peer-to-peer lending platforms with high demand for loans.

To date, this firm has not seen any cases of customer complaints relating to the use of robo-advisory services.

Online lenders under Indonesian law are accommodated through peer-to-peer lending platforms. In this case, loans may be disbursed to individuals and business entities. Different requirements only apply in relation to the specific documents they need to submit for the purpose of e-KYC.

It is also possible for legacy players such as banks and multi-finance companies to offer their loans through online channels. Similarly, they can offer loans to both individuals and business entities, and the KYC documentation required will differ, depending on the type of borrower.

The underwriting process by peer-to-peer lending platforms is not specifically regulated under OJK regulations; however, there is a general requirement for the providers of peer-to-peer platforms to conduct risk mitigation steps. Accordingly, practice may vary from provider to provider. Typically, providers will conduct a limited due diligence (in addition to minimum KYC requirements) on potential borrowers, including in relation to their legal standing and the viability of the project to be funded. The providers will then apply a credit rating mechanism and will rate each of the funding opportunities available in their platform.

We understand that OJK has been placing increasing emphasis on the importance of a robust credit scoring mechanism. Given that peer-to-peer lending platforms are not allowed to provide any guarantee for payment of the loans on their platforms, credit insurance has been adopted as a risk-mitigating measure in this sector.

In Indonesia, the term "online lender" is typically associated with peer-to-peer lending platforms. Online lenders under Indonesian law are accommodated through peer-to-peer lending platforms and, as stated above, these platforms are prohibited from providing on-balance sheet loans. Therefore, the funds for these loans may only be sourced from third-party lenders. Increasingly, legacy financial services institutions like banks and multi-finance companies are providing loans online, where the source of funds is typically on-balance sheet.

Syndication of loans through peer-to-peer lending platforms is common in Indonesia. Peer-to-peer lending platform-providers would typically act as the facility agent to administer the loans on behalf of the various lenders. Legal principles and regulations that are typically applicable to syndication loans would also apply in this context.

Payment processors are not restricted from using existing payment rails. They may create or implement new payment rails such as the use of blockchain technology in their business schemes. However, since these new payment rails are unregulated, this is where the regulatory sandbox becomes potentially relevant, as, in general, every fintech player is required to be registered and to report or obtain approval from their relevant regulatory authority (BI or OJK) for any development of their business scheme, including any plans to implement new payment mechanisms.

Fund transfer activities in Indonesia fall under the supervision of BI. Such activities can be conducted by both banks and non-bank entities. Banks are also subject to OJK’s supervision in carrying out their activities generally.

Non-bank entities have to obtain a fund transfer licence from BI to carry out fund transfer activities, and an additional approval is required to execute cross-border fund transfers. BI may also impose a limit on cross-border transfer amounts carried out by non-bank entities.

Cross-border fund transfer activities must be reported to both BI and Indonesia’s Financial Transaction Reporting and Analysis Centre (PPATK).

Fund administrators or companies providing administrative support on the process of running a collective investment scheme are not specifically regulated. However, under the relevant OJK regulations, an Indonesian fund adviser (or, as they are more commonly known in Indonesia, an "investment manager") is only permitted to outsource to third parties the following functions:

  • IT;
  • HR development; and
  • accounting and finance.

In the event that an investment manager outsources any of the above functions to third-party service-providers, the responsibility in respect of the above functions (although they are performed by third parties) will remain with the investment manager. The investment manager is also required to have and implement a standard operation procedure to monitor the activities of the third-party service-providers.

Under the relevant OJK regulations, an investment manager is required to ensure the third-party service-provider (ie, the fund administrator) is a professional with the capacity and capability to perform the outsourced functions and able to fulfil its obligations under the contract. Such a contract between an investment manager and the third-party service-provider must contain the minimum provisions as required under the regulation, such as confidentiality and security of information, prohibition on subcontracting and obligation of the service-provider to provide, on demand, all necessary information and/or assistance to the investment manager, auditor of the investment manager and/or the OJK in relation to the outsourced functions.

The OJK regulations are silent on this, but this can be regulated further under the service agreement between the fund adviser (investment manager) and fund administrator. As noted, at a minimum, the service agreement must include an obligation for the service-provider to provide, on demand, all necessary information and assistance to the investment manager, its auditor and/or the OJK in relation to the outsourced functions.

Capital Market (Trading of Stocks and Bonds)

Certain securities companies in Indonesia (which engage in broker-dealer activities) have been providing online trading services to their customers. Where the relevant customer opens a securities account with the broker-dealer and deposits certain minimum funds into the account, they can directly trade the scrip-less shares by way of accessing the online trading platform provided by the relevant broker-dealer companies (ie, direct market access). It is understood that OJK (Capital Market division, previously known as Bapepam) and Indonesian Stock Exchange (IDX) regulators may inspect the customer and the securities company if any breach of the trading regulations occurs through online trading.

Under Decree of Head of Bapepam-LK No Kep-548/BL/2010 dated 28 December 2010 on Rule No VD3 on Internal Control of Securities Companies Conducting Broker-Dealer Business Activities (Rule No VD3), "online trading system" is defined as a trading system provided by broker-dealers through an electronic communication platform (including via the internet, short-messages service, wireless application protocols, or other electronic media) to conduct securities transactions.

Futures Commodities Trading

Futures commodities trading in Indonesia is supervised by the Supervisory Agency for Commodity Futures Trading (Badan Pengawas Perdagangan Berjangka Komoditi, or BAPPEBTI), as the government institution responsible for futures trading supervision.

Law 32/1997 (as amended) sets out the general principle that all transactions involving Commodity Futures Contracts (as defined in Law 32/1997) must be conducted through a commodities and futures exchange licensed by BAPPEBTI, and in accordance with Law 32/1997 and its implementing regulations. There are currently two commodities and futures exchanges licensed by BAPPEBTI in Indonesia – the Indonesia Commodity and Derivatives Exchange (ICDX) and the Jakarta Futures Exchange (JFX). Each commodities exchange maintains a trading system for market participants. The JFX maintains an electronic trading platform known as JAFeTS. In order to trade on JAFeTS, a trader must register as a member of the platform by submitting an application and supporting documents to the JFX.

Financial Market

Commercial paper transactions, money market transactions, or commercial paper transactions on the secondary market in Indonesia are conducted through a government-run centralised system known as the Bank Indonesia-Electronic Trading Platform (BI-ETP) system, in line with BI Regulation No 17/18/PBI/2015 as amended, and its implementing regulations. The BI-ETP system has limited users and is not open to the public. BI-ETP users include securities companies, banks, Indonesia’s Ministry of Finance, BI, money market brokers, security deposit agencies and other institutions with the requisite approval from BI.

BI now allows private entities that are limited liability companies (Perseroan Terbatas or PTs) to operate electronic trading platforms for money market and/or foreign exchange transactions in Indonesia. A specific business licence is required from BI in order to operate an electronic trading platform, including requirements for minimum paid-up capital of IDR30 billion and maximum foreign ownership of 49%.

As mentioned above, each asset class has its own regulatory regime and supervisory body. Capital market products are subject to OJK regulations and IDX rules. Futures commodities are subject to BAPPEBTI regulations and applicable Ministry of Trade regulations. Financial market products are subject to BI regulations and applicable OJK regulations.

Through BI Regulation No 18/40/PBI/2016 on Payment Transaction Processing Operations, BI prohibits the use of virtual currency (note that the prohibition targets cryptocurrency despite the terminology used) for transactions within Indonesia. To date, there are no specific laws regulating cryptocurrency or digital asset exchanges.

Under Ministry of Trade Regulation No 99 of 2018 on General Policy on Crypto Asset Trading, cryptocurrency assets are deemed as commodities that can be traded on Indonesian futures exchanges.

BAPPEBTI recently issued an implementing regulation that sets out technical provisions regulating crypto asset trading on futures and digital exchanges. Under the newly issued regulation, crypto assets can now be traded on a futures exchange or an electronic platform owned by futures traders. The platform itself should connect with the futures exchange platform. The relevant crypto assets that can be traded will be determined by BAPPEBTI. All existing crypto trading providers are required to first register with BAPPEBTI and meet certain registration requirements, including having minimum paid-up capital of IDR100 billion and a final capital balance of IDR80 billion. See 12 Blockchain for more on this.

Listing standards are currently only relevant to stock or bond assets in Indonesia. If a public company wishes to be listed on the IDX, the listing requirements set out in Decision of the Board of Directors of IDX No Kep-00183/BEI/12-2018 on Regulation No I-A, which concerns the listing of shares and equity-type securities issued by listed companies (IDX Listing Rule), are applicable. The IDX Listing Rule prescribes the listing requirements to be satisfied by a listing applicant, which include holding the status of an Indonesian limited liability company (PT), provision of an "effective statement" from OJK, and having a minimum share price of IDR100 per share.

There are two listing boards on the IDX: the "main board" and the "developing board". Listings on the developing board (a more junior listing board introduced to facilitate listings by smaller companies) involve less demanding listing requirements. The overwhelming majority of internationally marketed Indonesian IPOs are listed on the IDX main board, which imposes more onerous requirements such as having at least 1,000 shareholders of record and net tangible assets of at least IDR100 billion.

In relation to stock trading on the IDX, this firm is not aware of any specific guideline from OJK regarding order handling rules in Indonesia. However, under Rule No VD3, a securities broker that provides an online trading system is obliged to provide certain publicly accessible information on its website, including a description of order handling and/or any delayed instruction when there is any technical issue with the online trading system.

Although the number of peer-to-peer trading platforms in Indonesia is not yet significant, OJK issued OJK regulation No 37/POJK.04/2018 on Equity Crowdfunding to accommodate the future development of equity crowdfunding platforms. As of 31 December 2019, just three companies were listed on OJK’s website as licenced equity crowdfunding companies.

The trading mechanism for the equity crowdfunding platform will be determined by the equity crowdfunding platform provider itself. The mechanism should be more straightforward compared to a conventional trading system in the stock market, where there are certain requirements for trading via intermediaries (ie, a broker/securities company) and settlement and depository processes with the Indonesian Central Depository Institution (Kustodian Sentral Efek Indonesia, or KSEI) and Indonesian Clearing House (Kustodian Penjamin Efek Indonesia, or KPEI). The purpose of simplifying the process is to enable potentially less sophisticated investors in equity crowdfunding platforms to buy and sell shares directly with each other rather than working through an intermediary or third-party service, as in conventional stock trading.

Due to the rapid growth of peer-to-peer trading platforms in Indonesia, IDX recently issued a new Listing Regulation that introduces certain changes to simplify listing procedures and broaden the financial criteria for listing, the aim of which is to increase interest from unicorn start-ups in listing their shares on the IDX.

In relation to stock trading on the IDX, there are no specific best execution obligations or guidelines imposed by OJK or the IDX. IDX Market Trading Rule No II-A Kep-00168/BEI/11-2018 is very high-level in nature and simply states that securities companies should apply best-execution practices for customer trades in order to execute orders on behalf of its customers to seek to obtain the best price possible for customers.

In practice, several securities companies have adopted their own internal policies for the implementation of best execution of customers’ trades, which appear to be based on international best practices.

This firm is not aware of any best-execution obligation or policy in different asset classes.

There is no strict regulation on payment for order flow in Indonesia.

However, Bapepam Rule No VE1 on Ethical Business of Broker Dealers (Rule No VE1) broadly stipulates that in the event that a securities company has an interest in a stock that it is recommending, the securities company must then notify its clients of that interest before the clients buy or sell the recommended securities. Based on this general requirement, payment for order flow should, strictly speaking, be notified to the customers of the relevant securities company.

The regulations in Indonesia do not provide definitions of high-frequency and algorithmic trading. In practice, trading in Indonesia is conducted through the electronic trading system of the IDX, namely JATS. This scripless securities trading system covers the trading of securities, which includes shares, bonds, pre-emptive rights, warrants and other derivative instruments.

Despite there being no specific regulation on high-frequency trading, the Indonesian Capital Market Law contains a general prohibition on market manipulation. Under this provision, relevant parties (eg, individuals, companies, partnerships, associations or organised groups, as applicable) are prohibited from:

  • deceiving or misleading other parties by using any means and/or methods whatsoever;
  • participating in a fraud or deception against any other parties; and
  • giving false statements of material facts, or failing to disclose material facts that are necessary in order to avoid a statement being misleading.

If the implementation of high-frequency trading tactics (front running, spoofing, arbitrage, etc) creates manipulation in the market, the perpetrator may be subject to administrative sanctions and the market manipulation may also constitute a criminal offence.

Other than the above, there are no specific regulations on the creation or usage of high-speed or algorithmic trading. Further, there is no delineation between different asset classes as regards use of this trading technology.

The current regulatory landscape does not clarify this point. See 7.1 Permissible Trading Platforms.

A market maker is only recognised in the Indonesian futures commodities trading sector and is defined as a party that continuously bids and/or sells within the trading period. To become a market maker in Indonesian futures commodities trading, a party will require a determination by the futures exchanges and the clearing house, with approval from the head of BAPPEBTI.

There are no specific obligations or requirements regarding registration of market maker status in the context of high-speed or algorithmic trading platforms or processes.

See 7.7 Issues Relating to Best Execution of Customer Trades.

The regulations do not make a distinction between funds and dealers engaged in these activities.

As far as this firm is aware, no licensed Indonesian securities company engages in high-frequency and/or algorithmic trading, therefore payment for order flow in relation to high-frequency and algorithmic trading is not relevant in Indonesia.

All businesses in Indonesia are required to obtain a business licence in line with their business activities. This firm's preliminary view, broadly speaking, is that a financial research platform that provides financial news and information – including trading news, financial data and related analysis – may be categorised as a "digital platform-provider" pursuant to Indonesian Standard Industrial Classification (KBLI) No 63122, which is subject to a 49% foreign ownership restriction or can be 100% open for foreign investment if the total investment is at least IDR100 billion. Ultimately, the specific activities of each financial research platform would need to be assessed on a case-by-case basis to understand what specific regulatory requirements may be applicable.

A financial research platform provider is required to register its platform with MOCIT in order to obtain an Electronic System Provider Registration Certificate.

Under Law No 11 of 2008 on Electronic Information and Transactions (as amended), any person who knowingly and without authority disseminates false and misleading information resulting in consumer loss in electronic transactions can be sentenced to imprisonment for up to six years and/or a fine of up to IDR1 billion.

In the capital markets context, the spreading of rumours and other unverified information may relate to market manipulation provisions under Indonesia’s Capital Markets Law, which prohibits giving a false statement of material facts or making a statement or providing information that is materially false or misleading. If a player is found guilty of market manipulation activities, it may be subject to administrative sanctions (ranging from a written warning to revocation of business licence and cancellation of registration) and, in more serious cases, such activities may also constitute a criminal offence for which a maximum fine of IDR15 billion may be imposed.

At present, there is no clear regulation in Indonesia regarding how market-manipulation concepts would be applied to financial research platforms, peer-to-peer exchanges or exchanges trading digital assets. As noted above, the space remains largely unregulated.

At present, conversation curation is unregulated in Indonesia and would likely be a matter of internal policy for the financial research platform to implement. As noted, there are no regulations or guidelines regarding the operation of such platforms in Indonesia, including whether a platform is supposed to be actively censoring all pump-and-dump schemes, spreading of insider information, or other types of unacceptable behaviour on its platform.

However, in the context of an e-commerce platform, a regulation was issued by MOCIT, namely Circular Letter No 5 of 2016 on Limitation of Responsibility of Platform Providers and Trade Merchants through Electronic Systems in the form of User Generated Content. Under this regulation, a platform-provider is responsible for the performance of the electronic system and management of the content on the platform. However, if a mistake, negligence or other unacceptable action on the part of a trade merchant or a user of the platform can be proven, that platform-provider may be exonerated from the consequences of such actions (to be determined on a case-by-case basis). Considering that financial research platforms are currently unregulated in Indonesia, it is possible that regulators may also apply this concept to financial research platforms (eg, where a user promotes pump-and-dump schemes, divulges insider information or engages in other potential damaging behaviours).

Again, platform-providers are currently unregulated in Indonesia. Accordingly, whether a platform-provider is supposed to be actively acting as a "gatekeeper" when it sees suspicious or unlawful behaviour by its users is largely up to the internal protocols of the platform in question. However, the principle mentioned above limiting the responsibility of the platform-provider may also be relevant here.

Insurance companies in Indonesia use underwriting processes to evaluate an insurance application. For example, in the case of life insurance, the process involves determining the applicant's risk by reviewing medical information, lifestyle and financial information of its prospective client as well as considering the client's age and gender. Based on this information, the underwriter determines if the client qualifies for life insurance coverage and, if so, how much they will pay for it.

OJK, under OJK Regulation No 69/POJK.05/2016 (as amended), only sets out general principles in relation to underwriting procedures. For example, it is stated that all insurance companies should have in place internal underwriting guidelines, which contain and cover the possibility of risk in the future, mitigation of risk and types of risk that will be insured. Insurtech is still in its early stages in Indonesia and as a result remains largely unregulated. It is understood that OJK has been having discussions internally as well as with market players regarding insurtech and intends to prepare a draft regulation on insurtech business in due course.

The insurance business in Indonesia is regulated by OJK under Law No 40 of 2014 on Insurance Business (Insurance Law). Under the Insurance Law, insurance is divided into two categories, namely life insurance and general insurance.

Life insurance business activities involve providing insurance to the policy-holder, the insured, or other entitled parties in the event of death or life of the insured. General insurance business activities cover a broader range of activities and involve providing compensation to the insured or policy-holder due to loss, damage, incurred cost, lost profit, or legal liability towards third parties that may be suffered by the insured or policy-holder due to an uncertain event.

Other types of insurance may also be differentiated based on whether they incorporate Shari'a principles.

There is potential for a regtech industry to develop in Indonesia. However, to date, there has been very little by way of a private sector regtech industry in Indonesia other than providers of online tax filing services. In 2017 Indonesia’s first regtech Association was established. It is unclear whether this association is still in operation. There only appear to be around six companies registered as members.

In the context of regtech for tax-filing activities, the Directorate General of Taxes of Indonesia has issued a regulation setting out the requirements to apply as a tax-filing digital service-provider. The licence for digital tax-filing service-providers is valid for five years and can be extended for a further five years. Currently, there are a handful of tax-filing service-providers in Indonesia, including,, and, in the context of peer-to-peer lending activities, OJK requires the underlying peer-to-peer agreement to use digital signatures. MOCIT has recently issued a regulation that sets out guidelines for a company to become a digital signature-provider and currently this firm is aware of only one digital signature-provider in Indonesia, namely PrivyId.

Other than the above, this firm is not aware of any specific regulation for regtech providers in Indonesia to date.

It is worth noting, however, that under OJK Regulation No 13/POJK.02/2018 on Financial Technology Innovations in the Financial Services Sector, financial technology innovation providers must have a system that can improve the efficiency of, and compliance with, the OJK’s supervisory process, and must also establish a special technology regulation unit.

There appear to be very few regtech business-providers in Indonesia and even fewer that have entered into co-operation arrangements with financial services firms, such as banks. This may soon change given how the regulations in the financial services sector have evolved to allow more technology-driven solutions to be implemented (eg, e-KYC, data analytics, credit scoring). In this firm's view, important contractual terms in contracts between banks and a third-party identity verification provider largely centre around protection of customer data. The regulations applicable to the relevant financial services firms may also set out certain contractual terms that have to be included in the firms’ agreements with service-providers. For example, under OJK Regulation No 9/POJK.03/2016 on Prudential Principles for Banks that Outsource Services to Other Parties, OJK sets out the types of activity that can be outsourced by banks, including IT activities. Under the OJK regulation, co-operation agreements between banks and service-providers must be set out in writing and should cover the following areas:

  • scope of work;
  • term of agreement;
  • contract value;
  • cost structure and payment mechanisms;
  • rights, obligations and responsibilities of the banks and the service-providers;
  • standards and benchmarks for the execution of work;
  • criteria or conditions for early contract termination;
  • sanctions and penalties; and
  • dispute settlement mechanism.

The regtech sector in Indonesia has not reached this level of maturity as yet and regulations pertaining to online tax-filing service-providers and digital signature-providers are silent on this point. As mentioned above, the regtech market in Indonesia is still in its infancy.

The "building blocks" for an Indonesian blockchain industry have started to emerge in recent years. Although still in the early stages compared with its neighbour Singapore, Indonesia is home to several blockchain start-ups, including Indodax (previously Bitcoin Indonesia), the country’s largest cryptocurrency exchange, and Pundi X, a point-of-sale device manufacturer supporting payments in cryptocurrency. The blockchain association of Indonesia was also launched in early 2018 at the blockchain hub, a centre dedicated to developing, promoting and offering education around blockchain technology in Jakarta.

The implementation of blockchain technology in the financial services sector has also started to gain momentum as four blockchain-based players registered with OJK passed OJK’s regulatory sandbox assessment in 2019.

There are also reports that OJK has a dedicated team to study how blockchain may impact the sector. BI has also publicly stated that it is studying blockchain technology, including investigating the introduction of a central bank digital currency (CBDC) for domestic payments. It is understood that the CBDC would be pegged to the Indonesian rupiah.

In general, BI has adopted a relatively welcoming approach to blockchain technology, in contrast to its statements against cryptocurrency in Indonesia. In 2017, BI banned the use of cryptocurrency for payment transactions, although it does not prohibit the trading of digital tokens themselves. The ban stands, to date.

BI's interest in blockchain has, according to several reports, meant that five major Indonesian banks (Bank Negara Indonesia, Bank Rakyat Indonesia, Bank Mandiri, Bank Danamon and Bank Permata) are exploring the idea of implementing blockchain in their systems. This firm is not aware of concrete initiatives having been implemented to date.

One area of interest in relation to the application of blockchain technology is migrant remittance payments. Indonesia is ranked 14th in the world for receipts of migrant remittances according to the World Bank. Remittance is the transfer of money by a migrant worker to an individual in his or her home country. Traditionally, these transfers are carried out through banks or financial intermediaries at significant cost and with well-known inefficiencies. Senders and recipients of these remittances are often unbanked. There have been media reports of financial services-providers (including legacy players and start-ups) looking to blockchain technology as a potential means to reduce fees and transfer times for these types of remittances.

In general, the "blockchain buzz" in Indonesia to date appears chiefly focused on the potential of the technology to enable increased efficiency and greater transparency, with applications being rolled out in areas and industries such as logistics, e-voting, record-keeping and agriculture. Most of these applications are start-ups, both local and foreign.

Policy makers see the potential for blockchain technology and the benefits of immutable records as a way of reducing corruption and money-laundering issues that continue to be an issue for Indonesia. Like other emerging markets, Indonesia has faced challenges in maintaining accurate records due to a lack of technical capacity and resources. It is understood that the public and private sectors are now looking at blockchain technology to overcome some of these challenges.

Under Ministry of Trade Regulation No 99 of 2018 on General Policy on Crypto Asset Trading, cryptocurrency/crypto-assets are deemed as commodities that can be traded on the Indonesian futures exchange. As noted, BAPPEBTI has issued BAPPEBTI Regulation No 5 of 2019 on Technical Provision of Physical Market of Crypto in the Futures Exchange, as amended by BAPPEBTI Regulation No 9 of 2019 (BAPPEBTI Regulation), which provides further detail to the 2018 Ministry of Trade regulation. Pursuant to the BAPPEBTI Regulation, it is now clear that crypto-assets can be traded in Indonesia on futures exchanges or electronic platforms established by trading platforms, connected to the futures exchange platform. The crypto-assets that can be traded in the market will be determined by the head of BAPPEBTI and must fulfil criteria such as:

  • they must use distributed ledger technology;
  • they must be a utility token and/or must be an asset-backed crypto;
  • they must be listed in the top 500 market capitalisations of cryptocurrency assets globally;
  • they must be traded on the world's largest crypto exchanges;
  • they must have economic benefits and/or have financial technical advantages; and
  • their risk must have been assessed.

The BAPPEBTI Regulation also provides that existing crypto trading providers are required to register with BAPPEBTI and have a minimum paid-up capital of IDR25 billion, as well as equity no lower than IDR20 billion. Further, by 8 February 2020, all registered traders must obtain status as a licensed trader through BAPPEBTI and meet certain requirements such as having a minimum paid-up capital of at least IDR50 billion and operating an online platform to facilitate the trading of crypto-assets that are connected and compatible with the futures exchange and related clearing-house system.

Notwithstanding BI's past announcements that cryptocurrency is banned in Indonesia and BI’s reluctance to accept it as a legitimate means of payment within the country, cryptocurrency has received recognition as tradable commodities from BAPPEBTI.

To date, there are no regulations in Indonesia confirming how "issuers" of blockchain assets shall be treated, nor how initial sales – eg, initial coin offerings (ICOs) or security token offerings (STOs) – are to be carried out or whether they are prohibited or regulated. The new BAPPEBTI Regulation on crypto-asset trading also clearly states that it does not address ICOs. Due to the lack of certainty, blockchain start-ups in Indonesia often look offshore when seeking to carry out on initial sale of blockchain assets (eg, Singapore, Jersey, Malta and the Caribbean). It is unclear whether legacy securities regulations would apply to digital assets in Indonesia.

It is worth mentioning that, under BI Regulation No 19/12/PBI/2017 on Financial Technology and Governor of BI Regulation No 19/14/PADG/2017, BI has outlined that blockchain is a payment system technology, and states that companies providing blockchain solutions may apply to be part of the BI regulatory sandbox. Meanwhile, under OJK Regulation No 13/POJK.02/2018 on Financial Technology Innovations in the Financial Institution Sector, OJK also states that companies providing blockchain solutions (as part of digital innovation more generally) may apply to be part of the OJK regulatory sandbox. As stated above, four blockchain-based players that are registered with OJK passed its regulatory sandbox assessment in 2019.

Crypto-asset trading platforms are regulated in Indonesia under the BAPPEBTI Regulation. Cryptocurrency trading platforms are now subject to certain minimum requirements. For example, exchange platforms:

  • must provide accurate, true, safe and reliable online and real-time trading software that is compatible with the Indonesian futures exchange and futures clearing house systems;
  • must meet certain specifications and functions standards as set out in the futures exchange rules and regulations;
  • must be able to protect access to the financial and transaction data of platform users;
  • must possess an up-to-date business continuity plan (BCP);
  • must have a disaster-recovery centre located at least 20km from the main server location; and
  • must fulfil other IT security technical requirements, including ISO certification.

There are no blockchain asset-specific regulations for investment funds to date. Accordingly, such funds will be subject to traditional fund regulations such as OJK Regulation No 43/POJK.04/2015 on Investment Manager Behaviour Guidelines and OJK Regulation No 10/POJK.04/2018 on Implementation of Governance of Investment Managers. These regulations impose general obligations such as restrictions to purchase and/or sell securities for customers if not in line with investment policy stipulated by the capital market regulations on the management of investment and/or the investment policy stated in the investment management agreement, unless customers agree to this.

There is no clear delineation between cryptocurrency and blockchain assets in Indonesia. As noted above, virtual currencies (note that the prohibition is targeted at cryptocurrency despite the terminology used) are not recognised as legal tender within Indonesia pursuant to BI Regulation No 18/40/PBI/2016 on Payment Transaction Processing Operations. As for blockchain assets, as mentioned above, it is clear that blockchain assets and crypto-assets can be traded as commodities in the futures exchanges.

It remains a grey area whether payment through a point-of-sale device in a cryptocurrency that immediately converts the cryptocurrency amount into the Indonesian rupiah fiat equivalent would technically be subject to the BI prohibition. This firm suspects that the prohibition would be interpreted broadly to capture such payments. It can be noted that BI's stance on payments utilising cryptocurrency resulted in inspections of retailers in Jakarta and Bali (where payment in cryptocurrency saw a dramatic rise in 2017).

Privacy concerns versus the transparency and immutability of data recorded on a blockchain are an issue that affects the global blockchain industry as a whole. This issue will certainly be a concern in Indonesia in the future. Indonesian data protection regulations provide that personal data must be protected. The data protection regulatory space continues to develop, with new regulations being introduced quite regularly. In this regard, there may be a need for balance, noting that certain blockchain technology incorporates privacy features (including the option for transactions to be private or not).

As noted above, under the BAPPEBTI Regulation, crypto trading platforms are required to have in place IT security protocols and policies to ensure that access to financial data and transaction data of customers is protected.

In 2018, OJK issued Regulation No 12/POJK.03/2018 on the Implementation of Digital Banking Services by Banks (Digital Banking Regulation). Under the Digital Banking Regulation, OJK supports open banking by allowing banks to co-operate with other financial institutions and/or non-financial institutions, in particular in providing transactional services, by utilising an open application programming interface (API), which may connect a bank’s electronic system to another institution’s electronic system.

In November 2019, BI published the 2025 Indonesia Payment System Blueprint (BI 2025 Blueprint), which outlines five initiatives, the first one being open banking. According to the BI 2025 Blueprint, this initiative will cover the standardisation of data, API, security requirements, and governance. 

We understand that several Indonesian banks have already introduced their own API.

Under the Digital Banking Regulation, OJK requires banks to comply with the prescribed customer data protection principles, including confidentiality, integrity, availability and authenticity. Banks and technology providers wishing to use or share customer data must obtain the customer's informed consent. Data privacy and data security concerns appear to be high on banks’ agendas, and they regularly inform their customers of issues relating to those areas. The BI 2025 Blueprint also highlights the importance of customer consent for the use of Open Banking and standardisation of security requirements.

Hiswara Bunjamin & Tandjung

18th Floor, Tower 1, Sudirman 7.8
Jl. Jend. Sudirman Kav.7-8
Jakarta 10220

+62 21 3973 8000

+62 21 3973 6110
Author Business Card

Trends and Developments


Assegaf Hamzah & Partners is a leading force in the Indonesian banking and finance sector, advising on, and representing clients in, everything from everyday legal matters to the most complex legal issues. The firm's team of specialists in this field comprises two leading partners and 21 qualified associates, it is adept at providing innovative tailor-made solutions for both traditional financial service providers and financial technology companies regarding their financial innovations, services applications and contents, all of which are currently contributing to the most dynamic and exciting developments in the country. The firm is in a unique position in the Indonesian legal market, able to offer integrated solutions that combine tech experience with regulatory and financial-services knowledge to clients, advising a broad spectrum of fintech companies. The firm's key areas of practice in relation to the fintech sector are banking and finance, projects, capital markets, competition and merger control practice, intellectual property, M&A, tax and customs, and TMT (telecommunications, media and technology).

Despite the presidential election of that year, which contributed to the slower development of business activities in Indonesia in general, Indonesia’s financial technology (fintech) industry still presented positive growth in 2019. Based on data from Indonesia’s financial services authority (Otoritas Jasa Keuangan; OJK), as of December 2019, the fintech lending industry had developed significantly compared to 2018.

In 2019, loan disbursement through peer-to-peer lending platforms reached IDR81.5 billion. This was an increase of 259.56%, compared to the IDR22.6 billion disbursement in 2018. The number of accounts of offshore lenders participating in fintech lending also grew by 88.18% compared to 2018. Further, based on Bank Indonesia’s report, the volume of e-money transactions in 2019 grew to IDR145.12 billion, compared to IDR47.19 billion in 2018.

The fintech industry in Indonesia is mainly regulated by the OJK, the central bank (Bank Indonesia; BI), the Ministry of Communications and Informatics (MOCIT), as well as the Commodity Futures Trading Regulatory Agency of the Ministry of Trade (Badan Pengawas Perdagangan Berjangka Komoditi Kementerian Perdagangan; Bappebti). In addition, fintech players must also be a member of the Indonesian Fintech Association (Asosiasi Fintek Indonesia; AFTECH) or the Indonesian Fintech Lending Association (Asosiasi Fintek Pembiayaan Indonesia; AFPI) before they can obtain a licence or be registered with the OJK. As of December 2019, there were at least 220 registered members of the AFTECH, compared to the 160 registered members as of December 2018. In addition, about 120 fintech players are also registered with BI and the OJK’s registration and sandbox programme.

On the regulatory front, 2019 saw at least five new fintech-related Regulations issued by the Indonesian government (through the OJK, BI and Bapeppti). By way of an example, the OJK issued three circular letters to further regulate the recordation and regulatory sandbox programme. BI also issued a Regulation on the use of quick response code as an e-money payment method. Two of these Regulations are discussed in this chapter, the first is the long-awaited e-commerce Regulation and the second is the amendment to a 2012 Regulation on electronic systems and transactions.

It is expected that Indonesia’s fintech industry will be propelled to new heights in 2020. Besides continued growth in the industry’s size, and of the number of players in peer-to-peer lending and digital financial innovation, digital banking will also be a hot trend. This can be seen by several banks’ initiatives to convert their existing businesses into digital ones. But growth will not be without its challenges, especially to the traditional banking business as well as insurance and financing companies. We will discuss these challenges further below.

Fintech Lending

2019 was a busy year for the fintech lending industry. Based on OJK data, as of December 2019, besides the increase in the total disbursement amount, lender’s accounts have increased by 192.01%, equivalent to 605,000 accounts, compared to 207,000 accounts as of December 2018. Borrower’s accounts have also increased by 325.95%, equivalent to 18.5 million accounts, compared to 4.35 million accounts as of December 2018.

To ensure widespread distribution of loans from peer-to-peer lending platforms, the OJK requires that fintech lending players distribute at least 25% of their lending to rural areas in 2020. This requirement must be fulfilled before a fintech lender can apply to the OJK for a licence. In 2019, the total disbursement to non-Java islands areas reached IDR11.67 billion, compared to IDR3.04 billion in 2018.

As of December 2019, the OJK has issued 25 licences to fintech lending players and supervised 139 registered fintech lending players. To name a few, Fintag, Crowdo and Rupiah Cepat received their licences in 2019. Meanwhile, Pinjamindo, Puhui Lending, Indosaku and Danon joined as registered fintech lending players in the same year.

Nevertheless, this industry remains troubled by illegal fintech lending. In January 2020, the OJK announced that in 2019 it closed 1,494 illegal fintech lenders. Further, the OJK has already found and closed another 120 illegal fintech lending companies and terminated 28 illegal investment activities this year.

Payment Industry

E-money and other payment system players

The year 2019 was a good one for the e-money industry. The inception of the e-money provider Linkaja (previously known as Telkomsel’s t-cash) marked the first entry of a state-owned enterprise into Indonesia’s e-money industry and showed that the government is serious about developing the e-money business in Indonesia. LinkAja successfully closed its series A fund raising in 2019, and is now the fourth most used e-money provider in Indonesia, behind GoPay, Ovo and Dana.

Besides Linkaja, there are four new e-money providers that received their e-money licence from BI in 2019, namely Zipay, PACCash, Paydia and Netzme. BI also issued six payment gateway licences to Delameta, Bayarind, Cashlez, 2C2P, E2Pay and Ipay88, and one wallet licence to Bayarind in 2019. This shows the growth of the e-money market in Indonesia.

The e-money industry was shocked by rumours, based in a Reuters report, of a merger initiative between Ovo and Dana, which in 2019 were the second and third most popular e-money providers in Indonesia. But as yet, no further information has been given by either Ovo or Dana on the realisation of the proposed merger.

Quick Response Indonesian Standard (QRIS)

BI issued a new Regulation on the standardisation of quick response codes, which became effective on 1 January 2020. Under the Regulation, BI requires any cross-border e-money transaction that takes place within the Indonesian territory to use a quick response code, which must be in line with QRIS. QRIS’s specification and technical guideline (based on the EMVCo standards) will be managed and issued by a National Payment Gateway (NPG) standard institution that will be responsible for the quick response technology. Until BI appoints a specific institution responsible for the quick response technology, the Indonesian Payment System Association will be responsible for managing the QRIS’s specification and technical guideline.

With QRIS, one quick response code can be used for all of the e-money providers available. Further, BI has set a maximum limit of IDR2 million per transaction when using QRIS. The e-money transaction must also use an NPG scheme, namely Prima, Alto, Link and ATM Bersama.

Cross-border e-money transactions

In 2018, BI found that there were numerous e-money transactions conducted by foreign e-money providers, such as WeChat Pay and Alipay, in Indonesia, particularly in Bali. Such transactions were deemed illegal by BI as they did not comply with the e-money Regulations. Also, these foreign e-money providers do not hold any licence from any Indonesian authority, neither have they entered into any co-operation with any Indonesian commercial banks. This means that the funds received by them flow directly to their home country, China.

In response to these illegal transactions, starting from August 2019, BI required these foreign e-money providers to comply with the Indonesian e-money Regulation by the cut-off date of 1 January 2020. As a result, WeChat Pay initiated a collaboration with an Indonesian commercial bank, PT Bank CIMB Niaga Tbk., and this collaboration was approved by BI on 1 January 2020. Hence, starting from 1 January 2020, WeChat Pay can be used by Chinese tourists in Indonesia. Meanwhile, WeChat Pay’s competitor, Alipay, is currently in the process of obtaining BI approval for its collaboration with PT Bank Central Asia Tbk. Alipay expects that it will be able to commence the collaboration by the second quarter of 2020.

It is anticipated that other foreign e-money providers will be pursuing similar opportunities in Indonesia. This include Facebook (through Whatsapp), which is rumoured to have been discussing the possibility of launching an e-money service in Indonesia.

Cryptocurrency as a commodity

While BI and the OJK have maintained a consistent approach in prohibiting cryptocurrencies from being used as a payment instrument, Bappebti allows cryptoassets to be traded as commodities on commodities exchanges. Bappebti issued a Regulation to legalise the cryptoasset trading market in Indonesia in early 2019. The Regulation states certain requirements that must be satisfied by parties involved in cryptoasset trading, these parties include futures exchanges, brokers, customers, clearing and settlement institutions, as well as custodians. The requirements include a minimum capital level and the employment of qualified human resources, as well as adequate internal standard operating procedures and IT infrastructure. The Regulation also contains an exhaustive list of technical and non-technical requirements that must be fulfilled by the broker to ensure the security of the IT system for online trading of the cryptoassets.

In July 2019, to stimulate the cryptocurrency commodity market as well as to invite more players, Bappebti streamlined the licence application process by issuing an amendment of the relevant Regulation related to the cryptoasset trading market in Indonesia. This amendment refined several requirements that must be satisfied by the relevant players involved in cryptoasset trading. One of the important refinements is a reduced minimum capital requirement.

Digital Financial Innovation

The OJK commenced the first batch of registration related to its sandbox programme of digital financial innovation in June 2019, as part of the implementation of its Regulation on digital financial innovation issued in 2018. As of January 2020, there were 74 participants in the programme. The OJK has also determined 17 business activities, which are then further divided into clusters, that must be registered with it, including aggregator, e-KYC (know your customer), credit scoring, insurtech, regtech, and blockchain based.

In December 2019, OJK issued three circular letters to further regulate the recordation, regulatory sandbox and registration process. Based on these circular letters, prospective digital financial innovation (Inovasi Keuangan Digital; IKD) players must present their business models to the OJK prior to submission of a recordation application. Based on the presentation, the OJK will determine whether the business model can be categorised as IKD. Furthermore, the circular letters also give more clarity on the regulatory sandbox process, such as that the regulatory sandbox will be conducted in the OJK’s innovation centre for digital financial technology (Infinity) unless OJK specifies otherwise. The OJK will also require digital financial providers who have not received a recommendation to terminate their business activities and revise or adjust those business activities prior to entering the regulatory sandbox program. The OJK also requires companies that are engaged in digital financial innovation to register with AFTECH. This approach is in line with the OJK’s approach on fintech lending.

Bank Indonesia’s registration and sandbox programme

Conversely, the registration and sandbox programme in the payment system that is supervised by BI does not show any significant development compared to 2018. Of the 14 fintech players registered with BI in 2019, none is eligible to enter into the BI’s regulatory sandbox. As such, since March 2018 , Tokopandai has been the only fintech player that has participated in, and completed, the BI’s sandbox programme.

Equity crowdfunding

As of December 2019, the OJK has introduced two licensed equity crowdfunding platforms, with at least six players still undergoing the licensing process. As this is a newly regulated sector, information is still limited, and we expect greater clarity in 2020.

Digital banking

From 2018, the OJK has regulated digital banking. However, digital banking penetration remains low as a result of rigid banking regulation (ie, an Indonesian commercial bank must recommend a new initiative in their annual banking plan). In 2019, one year from the enactment of the digital banking Regulation, several Indonesian commercial banks have initiated and implemented digital banking to convert their conventional/traditional banks.

The Regulation also allows co-operation between a bank and a digital banking agent. This would be beneficial for small to medium sized banks in penetrating rural areas at a minimal cost. Another example of the conversion of conventional/traditional banking can be seen in the introduction of digital lounges by several well-known banks. In these digital lounges, existing or prospective customers can conduct conventional/traditional banking transactions (eg, account opening) without, or with minimum assistance from, bank staff. 

The Regulation has also attracted several fintech players, which have acquired conventional/traditional banks so as to convert them into digital ones. This initiative is evidence of how banks still hold a vital position in the financial industry. It is expected that the rise of digital banks in 2020 will provide collaboration options for fintech players rather than disrupting their existing market share in Indonesia.

New E-commerce Regulation

To close 2019, the Indonesian government enacted the much-anticipated e-commerce Regulation in late November. This Regulation governs not only actors in e-commerce transaction, but also e-commerce service providers and intermediary service providers. In addition, the Regulation, among others, regulates e-contracts, online advertisements and personal data protection.

Impact on foreign businesses

Foreign businesses that are actively engaging (eg, making offers from offshore) with consumers in Indonesia and satisfy the applicable thresholds will be subject to this Regulation. The threshold will depend on the number of transactions, transaction value, number of delivery of packages and/or amount of traffic. Unfortunately, the Regulation does not elaborate on the actual threshold numbers. As such, it is expected that these thresholds will be further regulated. Once the thresholds are satisfied, the Regulation will: (i) deem a foreign business as having a physical presence in Indonesia and conducting a permanent business activity within the Indonesian jurisdiction; and (ii) require that foreign business to appoint a representative domiciled in Indonesia.

Recognition of safe harbour

Recognising the fact that the services provided by an e-commerce service provider, or an intermediary service provider, can be used by other parties to engage in unlawful conduct, measures were introduced to protect the service providers under the safe harbour rules. Similar to the safe harbour rules under the US’s Digital Millennium Copyright Act and the EU’s e-Commerce Directive, this Regulation gives broad immunity to e-commerce service providers and intermediary service providers from the legal consequences arising from illegal third-party content.

For e-commerce service providers, this Regulation discharges them from any liability for illegal content found on their platforms, provided they have acted quickly to remove or disable access to that content after finding out of its existence (either by way of a report from a third party or through finding it themselves). As for intermediary service providers, they are also discharged from any liability for illegal content provided that such providers are acting as mere conduit – eg, caching, hosting and search engine providers. Social media platforms, in particular, will be discharged from any liability for restricting or removing access to content if that restriction or removal was carried out in good faith and based on a report that the content in question was illegal.

Cross-border personal data transfer

This Regulation also regulates personal data protection. Although these provisions are largely consistent with the rules imposed by other laws and Regulations (ie, the Electronic Information and Transactions Law and the Regulation on electronic systems and transactions), it does contain a provision on cross-border personal data transfer, which we believe to be inconsistent.

Under this Regulation, a cross-border transfer of personal data can only be made to a country that is considered to have standard of personal data protection on a par with that of Indonesia. Whether another country’s personal data protection reaches that standard will depend on the discretion of the Minister of Trade (MO”). We note that usually such a function does not rest with the MOT. In light of this anomaly, we understand that the MOT has verbally indicated that he will assign the authority to determine the adequacy of another country's personal data protection regime to MOCIT following the enactment of the Personal Data Protection Bill.

Amended Regulation on Electronic Systems and Transactions

Certainty on mandatory registration

Beginning in 2012, all electronic system providers must be registered with MOCIT. This requirement was previously aimed at providers of public services. Yet, as the 2012 Regulation failed to clearly stipulate the criteria which defined public service providers, there were multiple interpretations on which "public service providers" were subject to this mandatory registration requirement. As opposed to providing clarity, MOCIT instead broadened the scope of public service providers to essentially cover all services offered via the internet to the public.

In October 2019, the government enacted a new Regulation on electronic systems and transactions to amend the 2012 Regulation. In the new regulation, while the government clearly distinguish between public and private electronic system operators, it also puts to rest the debate on registration, it is now mandatory for both public and private operators to register themselves to the MOCIT. It is important to note that the latter category of private operators is quite broad and covers foreign operators who use or operate an electronic system within the Indonesian jurisdiction. It is expected that the government will issue further implementing Regulations, as well as put in place the infrastructure necessary to accommodate the registration of private operators, particularly foreign operators.

Relaxation on data localisation

The new Regulation also clarifies the confusion surrounding the data localisation requirement by limiting its application to “public electronic systems operators” only. While private operators can now choose whether to process and/or host their electronic systems and data onshore or offshore, as a general norm they must ensure that their electronic systems and data are accessible to the authority. This flexibility does not apply to private operators in the banking and financial services sectors, as they are subject to sector-specific laws and Regulations. For example, the OJK would only allow a commercial bank to host certain data overseas upon its approval, while other financial service companies – such as those involved in insurance, peer-to-peer lending, digital financial innovation and equity crowdfunding – must, without exception, keep their data within Indonesia.

Recognition of the global standard of personal data protection

The new Regulation also introduces a robust set of rules on the processing of personal data. We understand that these rules will only apply temporarily as the government is currently working its way through the legislative process of preparing a full-fledged personal data protection regime under the Personal Data Protection Bill.

One of the most important provisions on personal data under the new Regulation is the definition of "personal data" as data that can be used to identify an individual (alone or collectively with other data). This is meaningful not only because this marks the first time that Indonesia has regulated personal data, but also because Indonesia is aligning its definition with the global standard.

The new Regulation also elaborates the right of a subject to request the removal of any data pertaining to it that is "no longer relevant" – popularly known as "the right to be forgotten". There are two elements to the right to be forgotten, the right to erasure and the right to delisting. The latter can only be requested based on a court order.

Another development is with regard to the collection, transfer or other use of personal data, which must now be based on the consent of the relevant data subject. Without such consent, the personal data collected is deemed to have been unlawfully collected or used.

Recognising that global personal data protection practice has shifted, by moving the burden from the data subject to the data controller/data processor, the government has introduced other lawful bases that can be relied on in collecting or processing personal data, for example, contractual obligation, legal obligation, vital interest and legitimate interest.

Assegaf Hamzah & Partners

Capital Place, Level 36 & 37
Jalan Jenderal Gatot Subroto Kav. 18
Jakarta 12710

+62 21 2555 7800

+62 21 2555 7899
Author Business Card

Law and Practice


Hiswara Bunjamin & Tandjung is a full-service Indonesian law firm, associated with global law firm Herbert Smith Freehills. All of the partners are experienced Indonesian lawyers with many years' experience advising clients across all major industry sectors. The firm's client base includes some of the largest multinational corporations and financial institutions. The Jakarta office has several long-term international counsel seconded from Herbert Smith Freehills, while Herbert Smith Freehills' Singapore office includes Indonesian lawyers and recognised Indonesia specialists, including in the TMT and fintech space. The fintech practice group includes ten members of the broader corporate M&A and TMT practices, ranging from partner level to associates and trainees. The firm's key areas of practice in relation to the fintech sector include corporate M&A, regulatory advice, company establishment and general corporate advice in the areas of digital payments, peer-to-peer lending, traditional finance models (including digital developments in Indonesia's banking, insurance and multi-finance sectors), and data protection.

Trends and Development


Assegaf Hamzah & Partners is a leading force in the Indonesian banking and finance sector, advising on, and representing clients in, everything from everyday legal matters to the most complex legal issues. The firm's team of specialists in this field comprises two leading partners and 21 qualified associates, it is adept at providing innovative tailor-made solutions for both traditional financial service providers and financial technology companies regarding their financial innovations, services applications and contents, all of which are currently contributing to the most dynamic and exciting developments in the country. The firm is in a unique position in the Indonesian legal market, able to offer integrated solutions that combine tech experience with regulatory and financial-services knowledge to clients, advising a broad spectrum of fintech companies. The firm's key areas of practice in relation to the fintech sector are banking and finance, projects, capital markets, competition and merger control practice, intellectual property, M&A, tax and customs, and TMT (telecommunications, media and technology).

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.