Indonesia’s central bank has for the first time issued a regulation designed to deal with financial technology (“fintech”) in general. Bank Indonesia (“BI”) Regulation Number 19/12/PBI/2017 regarding the Provision of Financial Technology, dated November 30, 2017 (“Reg. 19/2017”), was made public by BI on December 7. The stated aim of Reg. 19/2017 is to regulate the implementation of fintech to foster innovation, ensure consumer protection, and manage risk in order to maintain monetary and financial system stability, and an efficient, safe and reliable payment system.
Reg. 19/2017 defines fintech as the use of technology in a financial system that generates products, services, technology and/or new business models, and may have an impact on monetary stability, financial system stability and/or the efficiency, fluency, security and reliability of payment systems. A fintech provider is defined as any party that organizes fintech activities.
Reg. 19/2017 divides fintech activities into the following categories:
- payment system;
- market support;
- investment management and risk management;
- lending, financing, and provision of capital; and
- other financial services.
The fintech activities above shall meet the following criteria:
- can influence products, services, technology and/or existing financial business models;
- can benefit the public;
- can be widely used; and
- other criteria set by BI.
Registration of Fintech Providers
In general, all fintech providers that will organize or are already organizing activities that meet the above criteria are required to register with BI. This registration requirement does not apply to the following:
- Payment System Service Providers (as defined in the BI regulation on the Provision of Payment Transaction Processing) that have obtained a license from BI; and/or
- Financial Technology Providers under the auspices of another government authority.
However, fintech providers under the auspices of a government agency other than BI, as mentioned in point b, that provide payment system financial technology are required to register with BI. Payment System Service Providers that have obtained a license from BI and are therefore exempt from the registration requirement must still submit information to the central bank on their products, services, technology and/or new business models that fulfill the criteria of fintech.
Reg. 19/2017 provides that a fintech provider that is required to register with BI must be a business entity. Specifically, a non-bank fintech provider that is also a Payment System Service Provider must be a business entity in the form of an Indonesian legal entity.
Requirements for Registered Fintech Providers
Fintech providers registered with BI are required to:
- implement the principle of consumer protection;
- maintain the confidentiality of consumer data and/or information, including transaction data and/or information;
- implement risk management and prudential principles;
- use Rupiah in every transaction conducted in Indonesia, in accordance with prevailing laws and regulations on currency;
- implement anti-money laundering and prevention of terrorism funding principles in accordance with prevailing laws and regulations; and
- adhere to other prevailing laws and regulations in Indonesia.
Within three months of registering with BI, fintech providers must submit a letter of compliance with the obligations above.
Fintech providers are prohibited from conducting payment system activities using virtual currency. “Virtual currency” is defined as digital money that is issued by parties other than the monetary authority obtained by way of mining, purchase or reward system. This prohibition stems from the fact that virtual currency is not a lawful payment instrument in Indonesia.
Reg. 19/2017 introduces the Regulatory Sandbox. This is defined as a “safe space” where fintech providers can test their products, services, technology and/or business models.
The objective of the Regulatory Sandbox is to help fintech providers ensure their products, services, technology and/or business models satisfy all the criteria of financial technology as discussed above. BI shall determine which fintech providers and products, services, technology and/or business models will be tested in the Regulatory Sandbox. Fintech providers must already be registered with BI or have submitted information to the central bank as a licensed Payment System Service Provider before they can be allowed into the Regulatory Sandbox, under the supervision of BI.
Once the Regulatory Sandbox period set by BI expires, the central bank will classify the test as:
- unsuccessful; or
- other status as determined by BI.
If the result is “successful” and the fintech provider falls under the payment system category, such fintech provider will need to apply for a license and/or approval in accordance with BI regulations on the provision of payment transaction processing, before marketing the tested product, service, technology and/or business model. If the result is “unsuccessful” the fintech provider will be prohibited from marketing the tested product, service, technology and/or business model. If the tested product, service, technology and/or business model is deemed as fintech outside the field of payment systems, BI may convey the test result to the authority that has jurisdiction over the tested product, service, technology and/or business model.
Fintech providers categorized as Payment System Service Providers must obtain a license from BI in accordance with central bank regulations on the provision of payment transaction processing. Payment System Service Providers that generate new products, services, technology and/or business models for (a) the development of payment system services activities and/or (b) the development of payment system service products and/or activities, but do not meet the criteria for financial technology, must obtain BI approval in accordance with BI regulations on the provision of payment transaction processing before marketing the products and/or services or using the technology and/or business model.
Monitoring of Fintech Providers
BI will publish a list of registered fintech providers on its official website and will monitor the activities of registered fintech providers. Fintech providers must also submit to BI any data and/or information requested by BI.
Any cooperation between a Payment System Service Provider and a registered Financial Technology Service Provider must first obtain approval from BI. Payment System Service Providers are prohibited from cooperating with a fintech provider that has not satisfied the applicable registration and/or licensing under Reg. 19/2017. Payment System Service Providers are required to identify any cooperation with fintech providers and in the event that the cooperation involves a fintech provider that is not registered, the Payment System Service Provider must ensure such cooperation adheres to the registration and/or licensing requirements for fintech providers within six months of the effective date of Reg. 19/2017.
To support the implementation of Reg. 19/2017, BI issued Member of the Board of Governors Regulation Number 19/14/PDAG/2017 regarding Regulatory Sandbox and Member of the Board of Governors Regulation Number 19/15/PDAG/2017 regarding Procedures for the Registration, Submission of Information and Monitoring of Financial Technology Providers. Both came into effect on November 30, 2017.