Indonesia to Regulate Fintech

1. Criteria and Registration

As a response to the wake of technology-abled financial transactions, several regulations regarding
the industry have been issued although it is still at its development stage. The Central Bank of
Indonesia (BI) issued the Regulation No. 19/12/PBI/2017 regarding the Implementation of
Financial Technology (Fintech). It defines fintech as the technological use in the financial systems
that generate products, services, technology and/ new business model that can have an impact on
the stability of the monetary system and/or the efficiency, fluency, security, and reliability of
payment system. Article 3 (1) of the same regulation sets forth the categories of fintech into:

a. payment system;
b. market support;
c. investment management and risk management;
d. lending, funding and capital raising;
e. other financial services.

Furthermore, the criteria of fintech are also regulated, fintech should have innovative nature and
can affect product, service, technology and or/ finance al business model and it is able to be used
widely. There are also other additional characteristics that can be added by BI.
Operating fintech companies or fintech companies that will operate is required to register the
business with BI. There are exclusions to the registration if:

a. payment system service providers have obtained the license from BI, and/or
b. fintech companies are regulated by other regulatory institutions, and
c. fintech companies do not provide services in the payment system.

However, there is still an obligation for excluded fintech companies to inform BI regarding their
product, service, technology and/or business model that meets the criteria set above. In addition,
fintech companies should be established in the form of business entities. Specifically, fintech
providers that engage in the business of payment system, they shall be run by legal entities.

BI then issued Members of Governor Board Regulation No. 19/15/PADG/2017 on Registration

Procedure, Information Delivery, and Monitoring. It stipulates that the registration request shall
be addressed to BI in writing attached to the registration form including the supporting documents.
The format of request and registration form have been provided by BI and the application can be
submitted online to BI’s website. BI will notify the requester through electronic mails in case of
incomplete documents that shall be completed within 10 working days. The registration process
will be canceled provided the requester fails to submit the remaining documents within the set
deadline. BI will examine the authenticity of the documents and once they are declared true and
appropriate, BI will include the name of the requester in the list of financial technology organizer.
The aforementioned list will be updated by BI. BI will also delete the name of fintech providers
from the list if:

a. the product, service, technology and/or business model are found not being used anymore;
b. the fintech providers have obtained the license from BI or authorized institutions;
c. sanctions have been imposed on the fintech providers by BI or authorized institutions;
d. fintech providers have been proven to have committed crimes or declared bankrupt by
binding court decision;
e. there are recommendations and/ or written request from authorized institutions;
f. written requests from fintech providers; and/or
g. fintech providers have provided data and/or information that does not suit the actual
conditions.

2. Monitoring and Surveillance

BI will monitor registered fintech providers. Fintech companies are obligated to provide BI with
data and/ information that is requested by BI. The data and/or information requested including but
not limited to transactions, product service, technology and/or business model, financial condition,
management, and ownership. The information regarding transactions shall be provided on monthly
basis.

3. Regulatory Sandbox
Regulatory sandbox is set up to ensure that product, service, technology and/or business model of
fintech providers meet the criteria that have been set in the regulation No. 19/12/PBI/2017. BI will
select fintech companies including their product, service, technology and/ business model to be
tested in regulatory sandbox. The results of the test will be determined as successful, unsuccessful
or other status determined by BI. Fintech companies that engage in payment system are still
required to register the businesses although the results are determined as successful. If the
regulatory sandbox tests are unsuccessful, fintech payment service providers are prohibited to
market their products and/ services as well as use technology and/or tested business model.

The implementation of regulatory sandbox is further stipulated in the Member of Governor Board
Regulation No. 19/14/PADG/2017. It states the factors considered by BI in choosing fintech
companies to be tested in the regulatory sandbox, among others, risk identification and mitigation
equipped with the technology. The information in detail regarding the listed factors will then be
further explained by the selected fintech companies by means of a presentation covering at least
their business model also risk management and submitting relevant documents to BI.

It should be noted that regulatory sandbox is not part of licensing process carried out by BI. Once
this process has been completed, fintech companies shall propose the scenario of regulatory
sandbox test within 10 business days from the date of assignment. BI reserves the right to review
the scenario and prohibit the marketing of the product, service, technology and/ business model
that will be tested if the review conducted by BI with regard to the proposed scenario has not yet
been accommodated by the fintech companies. In short, Regulatory sandbox test can only take
place according to the scenario that has been approved by BI.

The same regulation also regulates payment system providers. It restates that such fintech
companies should obtain the business license from BI. Payment system providers can only be
established in the form of limited liability companies and meet the feasibility aspects listed in
Annex 5.

4. Getting More Specific: P2P Lending

Financial Service Authorities (OJK) introduced regulation on lending already in 2016. The
regulation is numbered No. 77/POJK.01/2016 (POJK 2016) regulating technology-based loan
arrangement where the source of money comes from the lender. It sets 2 billion Rupiah as the
maximum amount that can be granted to each debtor. Qualified debtors are limited to Indonesian
citizens residing in Indonesia or Indonesian legal entities.

The regulation specifies that P2P companies can only exist in the form of limited liability or
cooperative with foreign ownership is capped at 85% maximum. P2P platforms, either as limited
liability company or cooperative, should deposit minimum paid-up capital of 1 billion rupiah when
registering to OJK and 2.5 million upon registration for license. Registered P2P lending companies
have the obligation to report their transactions on a quarterly basis to OJK. Any ownership change
shall also be reported to OJK. P2P lending companies, once their business licenses are granted,
should fill electronic reports on monthly and annual basis.

The loan lending transactions should comprise two electronic agreements signed electronically
between:
a. the P2P companies and the loan providers; and
b. the loan providers debtors.

Both the providers and lenders must open escrow accounts and virtual accounts to conduct the
transactions. Virtual accounts for the lenders will be installed by the P2P providers. The settlement
shall be repaid by the borrowers through escrow accounts where the fund will be forwarded to the
lenders.

P2P lending companies are restricted from conducting any business other than regulated in POJK
2016. It is not allowed as well for P2P lending companies to act as lender or debtor, to provide
guarantee, to issue promissory notes, to recommend any lender or debtor, to publish fictitious or
misleading information, to offer its service through private without users’ consent and to impose
fee in the event of filing complaints.