Q: Does your jurisdiction regulate Fintech services under the traditional Financial Services laws or does it have any ad hoc regulatory frameworks for fintech services? (Financial Services Laws/Ad Hoc Framework/Hybrid)

A: Generally, financial technology ("Fintech") companies in Indonesia are regulated and supervised by the Financial Service Authority (Otoritas Jasa Keuangan or "OJK") and Bank of Indonesia ("BI"). OJK is the authority that supervises the peer-to-peer ("P2P") lending companies, while BI supervises the payment service providers and electronic money companies.

Q: Make a list of fintech services that may obtain a license in your jurisdiction?

A: As there are three different authorities that supervise fintech activities, please find below, the list of fintech activities and the relevant authorities having jurisdiction to issue the licenses:

  1. OJK issues the license and supervises:
    1. P2P Lending Companies;
    2. Equity Crowdfunding; and
    3. Fintech Companies.
  2. BI issues the license and supervises:
    1. Payment Service Providers; and
    2. Electronic Money Companies.
  3. Bappebti issues the license and supervises:
    1. Crypto Asset Service Providers; and
    2. Futures Brokers.

Q: What is(are) the name(s) of the regulatory authority(ies) responsible to grant licenses and regulate fintech service providers? If there is more than one, please list which fintech services are regulated by which authority.

A:

  1. OJK issues the license and supervises:
    1. P2P (conventional and sharia) Lending Companies;
    2. Equity Crowdfunding; and
    3. Fintech Companies.
  2. BI issues the license and supervises:
    1. Payment Service Providers; and
    2. Electronic Money Companies.
  3. Bappebti issues the license and supervises:
    1. Crypto Asset Service Providers; and
    2. Futures Brokers;

Q: Are there any specific restrictions on the types of fintech services that can be offered in and/or from your jurisdiction?

A: Fintech companies in Indonesia have to follow significant restrictions. BI (as the supervisory body for this type of fintech activities) prohibits any payment service provider from storing virtual currency together with fiat currency. Furthermore, P2P lending companies supervised by OJK cannot act as lenders and borrowers in their services. They are only allowed to become the providers for the lenders and borrowers.

Additionally, BI prohibits any form of fintech company from utilizing a foreign currency within their services because Law No. 7 of 2011 obligates any transaction within the Indonesian territory to be made in IDR.

Q: Is reverse solicitation allowed in your jurisdiction, for fintech firms licensed in other reputable jurisdictions? (Meaning that a third-country fintech firm can offer services to clients in your jurisdiction providing its at the exclusive initiative of the client).

A: Indonesian Law does not recognize Reverse Solicitation practice.

Q: Are there any specific requirements for companies providing fintech services in your jurisdiction?

A: In addition to the general business requirements (i.e., Business Identification Number) as regulated by the Indonesia Investment Coordination Board ("BKPM"), fintech services operators must be registered to or licensed by the relevant authority (see our answers to questions 2 and 3 above). As these operators utilize electronic services, it is mandatory for them to conduct Electronic System Operator ("ESO") Registration.

Furthermore, any fintech service, particularly P2P lending company established in Indonesia must consider the following requirements:

  1. their foreign shareholder is permitted to hold not more than 85% of the company's paid-up capital (Article 3 (4) of POJK 10/2022;
  2. their minimum equity should be IDR 12.5 billion (Article 50 (1) of POJK 10/2022);
  3. the maximum allowed funding for each beneficiary is IDR 2 billion, while the maximum funding from the lender should be 25% of the previous funding (Article 26 (3) and (4) of POJK 10/2022;
  4. their foreign employees cannot be employed for more than three years (Article 18 of POJK 10/2022); and
  5. The company must appoint a data protection officer (Article 52 of Law No. 27 of 2022).

Q: Are there any specific consumer protection measures that apply to fintech services in your jurisdiction?

A: Given a fintech service operator should control and process its consumers' data (as the controller and processor of personal data), it has to comply with the personal data protection regulations.

The obligations of the controller and processor of personal data are:

  1. Obligations of a Controller:
    1. obtains an explicit agreement or consent from the data subject;
    2. fulfills the agreed obligations and requests of the data subject;
    3. protects the vital interest of the data subject.
    4. fulfills the data controller's obligations based on the prevailing laws and regulations;
    5. implements the tasks of a controller for the public interests and services;
    6. fulfills the legitimate interests in terms of the purposes and needs of data processing; and creates a balance between the interests of the Controller and the rights of the Data Subject.
    (Articles 20 up to 52 of PDP Law)
  2. Obligations of a Processor:
    1. processes the Personal Data based on the instructions of the Controller;
    2. involves other Processors (if necessary) in conducting the Personal Data processing;
    3. obtains the written approval of the Controller before involving other Processors in processing the Personal Data;
    4. processes the Personal Data with the consent of the Controller, otherwise, it will implicate individual liabilities on the Processor.
    (Article 51 of PDP Law)

Q: Are there any other legal issues that companies should be aware of when providing fintech services in your jurisdiction?

A: A fintech service company needs to be aware of the regulations on Counter-Terrorism Financing ("CTF") and Anti Money Laundering ("AML") preventions, unfair commercial practices, personal data protection, consumer rights, and reporting obligations to the relevant authorities (i.e. OJK and BKPM)

Q: Are virtual assets (such as cryptocurrencies and) permitted in your jurisdiction? (Yes/No)

A: Yes

Q: If the answer is Yes, is there any licensing /authorisation/notification process that needs to be followed for a person to issue a new virtual asset? (Yes/No)

A: Yes

Q: If the answer is Yes, please provide a summary of the process that needs to be followed by a person to issue a new virtual asset).

A: After the person or company issues a new virtual asset or crypto asset, Bappebti will conduct an assessment on the asset. Pursuant to Article 3 (2) of Bappebti Regulation No. 8 of 2021 on Implementing Guideline of Physical Market Trading of Crypto Assets in the Futures Exchange ("Reg. 8/2021"), crypto assets traded in the market must conform to certain requirements to make them lawful as tradable assets. The requirements for a tradeable crypto asset are:

  1. the asset is based on distributed ledger technology;
  2. it is in the form of utility crypto asset or crypto backed asset; and
  3. it has passed the assessment through the Analytical Hierarchy Process ("AHP") method set by Bappebti.

During the AHP assessment, Bappebti must consider several conditions, which are:

  1. the crypto asset market capitalization value (coin market cap);
  2. the asset is included in a major transaction exchange for crypto assets;
  3. the asset offers economic benefits (i.e., taxation, digital economic growth, information technology ("IT"), information industry, and competency of IT field experts); and
  4. the asset has completed the assessment on the risks of money laundering, terrorism financing, and weapons of mass destruction financing.

(Article 3 (3) of Reg. 8/2021)

If the crypto asset is deemed tradable in the crypto asset market, Bappebti will issue a stipulation and the asset will be included in Bappebti's list of crypto assets.

Q: Are Virtual Asset service providers regulated in your jurisdiction? (Yes/No)

A: Yes

Q: If the answer to your previous question is Yes, please provide a summary of the framework that regulates such service providers explaining which licence(s) need to be obtained from which authority(ies).

A: In addition to the general business requirements (i.e., Business Identification Number) of BKPM, a specific license must be obtained by the Virtual Assets Service Provider.

Under Bappebti regulation, a crypto assets service provider is recognized as Crypto Assets Physical Trader ("CAPT"). Bappebti is the only authority that issues the specific license for any CAPT. Please be informed that Bappebti requires a CAPT to carry out all the crypto assets activities, which include:

  1. sale and purchase of Crypto Assets in Indonesian Rupiah;
  2. exchange between one or more Crypto Assets;
  3. storage of Crypto Assets owned by customers; and
  4. transfer or assign Crypto Assets between Wallets.

("Crypto Assets Activity")

(Article 13 (2) of Bappebti Regulation No. 8 of 2021 on Guideline of the Implementation of Physical Market Trading of Crypto Assets on Futures Exchanges, as lastly amended by Bappebti Regulation No. 13/2022 ("Bappebti Regulations on Crypto Assets Futures Exchange"))

The above activities are cumulative because a CAPT is not permitted to perform only one of the permitted activities, such as the storage of Crypto Assets (point c).

Prior to obtaining the license from Bappebti, the CAPT company must fulfill the following requirements:

  1. having a minimum paid-up capital of IDR 100 billion;
  2. maintaining an equity of, at least, IDR 50 billion;
  3. having a minimum organizational structure: accounting, legal, IT, etc.
  4. having trading rules;
  5. having, at least, one employee who is a certified information systems security professional (CISSP);
  6. the prospective director, commissioner, and shareholders must complete the fit and proper test of Bappebti;
  7. having an SOP in relation to the crypto assets market service.

(Article 14 of Bappebti Regulations on Crypto Assets Futures Exchange)

Once the CAPT has satisfied the above requirements, the Head of Bappebti would issue an approval or specific license for the relevant CAPT. (Article 13 (1) of Bappebti Regulations on Crypto Assets Futures Exchange)

Q: Are you as a firm providing services and advice relating to Virtual Assets? (Yes/No)

A: Yes

Q: Please feel free to add any pertinent comments in addition to your answers.

A: N/A

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.