Over the past decade, numerous cases of fraud have been recorded in Indonesia's financial service sector. These incidents include fraudulent activities involving banking institutions, investment scams, illegal pawnbroking, unauthorized credit loans, and other financial offenses. These incidents show that Indonesia has experienced financial losses amounting to billions of Rupiah.
In response to this, the Indonesia Financial Service Authority (Otoritas Jasa Keuangan or "OJK") has enacted the new OJK Regulation No. 12 of 2024 on Implementation of Anti-Fraud Strategy for Financial Services Institution ("OJK Reg 12/2024"). This new regulation aims to consolidate and set a new standard for the development and implementation of comprehensive strategy in combatting occurrences of frauds ("Anti-Fraud Strategy"). These matters were previously regulated under several OJK Regulations that governed initial AntiFraud Strategy, as well as pre-emptive measures against the offenses. These regulations are (i) OJK Regulation No. 39/POJK.03/2019 on Application of the Anti-Fraud Strategy for Commercial Banks ("OJK Reg 39/2019") (ii) OJK Regulation No. 10/POJK.05/2019 on Business Operations of Sharia Finance Companies and Sharia Business Units of Finance Companies, (iii) OJK Regulation No. 35/POJK.05/2018 on Financing Company Business Operations, and (iv) OJK Regulation No. 69/POJK.05/2016 on Business Implementation of Insurance Companies, Sharia Insurance Companies, Reinsurance Companies and Sharia Reinsurance Companies.
In light of the above, we provide an overview of the enactment and changes introduced by OJK Regulation 12/2024, focusing on: (i) Scope and Fraud Criteria, (ii) Anti-Fraud Implementation, (iii) Reporting Obligations, and (iv) Sanctions
Scope and Fraud Criteria: Under the previous regulation, the obligation to implement an AntiFraud Strategy were limited to those of conventional banking, insurance and reinsurance, and financing companies. With the issuance of this OJK Reg 12/2024, the scope has been broadened to include all financial services that are operated in Indonesia, including securities companies, venture capital, financing companies, pawnshops, and others (collectively, "Financial Service Companies").
In addition, OJK Reg 12/2024 provides a more detailed elaboration of actions categorized as frauds. For your ease of reference, please refer to the table below, which highlights the differences in the criteria of frauds under the previous regulation, compared to the criteria under OJK Reg 12/2024:
Other acts of fraud, though not explicitly defined, can be interpreted to include actions, such as using a fake identity, inducing others to unlawfully dispose goods or objects, acts of deception, waiving receivables, and other misconducts that are generally included in Article 378 of the current Indonesia Criminal Code, and Article 492 of the new Indonesia Criminal Code.
The expanded and clarified fraud categorization under OJK Reg 12/2024 can significantly enhance Financial Service Companies' ability to identify frauds and implement effective antifraud measures. Additionally, the generalized definition of fraud, compared to the previous categorization, provides greater flexibility and convenience for Financial Service Companies in addressing fraud incidents.
Implementation of Anti-Fraud: In line with previous regulations, Financial Service Companies are required to consider multiple aspects when preparing the Anti-Fraud Strategy. However, OJK Reg 12/2024 introduces an additional requirement that emphasizes the company's internal conditions in the preparation process. The Anti-Fraud Strategy must include the sufficiency of resources. For further reference, these aspects under this new regulation include:
a. Internal and external environment conditions;
b. Complexity of the line of business;
c. Type of fraud;
d. Risk related to fraud; and
e. Resource sufficiency.
(Article 4 (1) of OJK Reg 12/2024)
Although this regulation supersedes the previous regulation, OJK Reg 12/2024 still retain that any Anti-Fraud Strategy must be implemented within the pre-determined guideline, which includes the classification and characteristics of fraud, as well as the implementation of the Anti-Fraud Strategy through four key pillars: (i) prevention, (ii) detection, (iii) investigation, reports and sanctions, and (iv) monitoring, evaluation, and follow up (Article 5 and Appendix 1 of OJK Reg 12/2024).
Supervision of Anti-Fraud Implementation: The implementation of Anti-Fraud strategy shall be supervised by the relevant Financial Service Actor's Board of Directors ("BoD") and Board of Commissioners ("BoC") and must be applied at a minimum to its consumer, internal organization, and other parties (i.e., consultants, vendors, accountants, notary, government, etc). If the Financial Service Actor acts as a holding company, the Anti-Fraud strategy must also be implemented across its subsidiaries (Article 3 (2), (3), and Article 4 (3) of OJK Reg. 12/2024).
Reporting Obligation: Article 10 of OJK Reg 12/2024 mandates Financial Service Companies to ensure transparency by reporting to OJK. Under this new regulation, the reporting obligation has been expanded to include not only the submission of Anti-Fraud implementation reports and fraud incidents, but also the submission of the Anti-Fraud Strategy prepared by the company.
Under the previous OJK Reg 39/2019, Financial Service Companies were only required to report to OJK when a fraud incident occurred, or after the full implementation of the Anti-Fraud Strategy every 6 months on the 15th of the following month. With the issuance of OJK Reg 12/2024, companies must also report on the preparation of their Anti-Fraud Strategy. Additionally, this regulation categorizes reporting obligations into two groups: (i) commercial banks and financing companies, and (ii) pawnshops, venture capital firms, microfinance institutions, and other financial service institutions. ("Other Financial Service Institutions").
Set out below, each of the reporting deadline for the Financial Services Companies as well as Other Financial Service Institutions:
Content and Amendment of the Report: Generally, the content of the report submitted to OJK must, at least, consist of:
a. Name of the Financial Service Company;
b. Fraud's perpetrator (including any involving external and/or internal party);
c. Position/title of the perpetrator;
d. Fraud handling status;
e. Criteria of the fraud;
f. Activity and description of the fraud;
g. Location, affected division, and time of the incident; and
h. Total amount of losses.
(Article 13 of OJK Reg 12/2024)
Similar to the previous regulation, OJK Reg 12/2024 mandates any amendment of the AntiFraud Strategy to be reported to OJK within 7 business days after the changes are made (Article 12 (1) of OJK Reg 12/2024).
Sanctions: The issuance of this new regulation also extend the applicable sanctions imposed on Financial Service Companies not complying with the OJK regulation, particularly on the reporting requirement, and the implementation of Anti-Fraud Reporting. The sanctions may be in the form of:
a. Written warning;
b. Prohibition to issue new products and/or conduct activities;
c. Temporary suspension of operational activities;
d. Restriction of business activities; and/or
e. Suspension of certain business activities.
(Article 9 (1) and (3) of OJK Reg 12/2024)
In addition, OJK Reg 12/2024 introduces a new framework for calculating fines imposed on non-compliant Financial Service Companies. Under Article 18 of the previous regulation (i.e., OJK Reg 39/2019), a non-compliant Financial Service Company was subject to a fine of IDR1 million per working day, up to the maximum IDR30 million for failing to submit reports on AntiFraud implementation or fraud incidents.
However, Article 20 of OJK Reg 12/2024 establishes a more tailored approach, where the calculation of fines varies depending on the type of Financial Service Company. For reference, the following table outlines the administrative fines applicable to each category of Financial Service Company
Concluding Remarks
OJK Reg 12/2024 was introduced as a comprehensive framework for financial service companies to implement Anti-Fraud measures within their operations. While it replaces the previous anti-fraud regulation, it retains key provisions on implementation and reporting. Additionally, the scope of businesses is expanded to include Financial Service Companies previously lacked specific anti-fraud guidelines, such as rural banks, venture capital firms, pawnshops, and brokers. Beyond these extensions, OJK Reg 12/2024 also introduces new obligations, including the requirement to submit a complete Anti-Fraud Strategy to OJK upon the regulation's enactment. As a result of such expansion, this regulation provides an in-depth fine calculation as well as other applicable sanctions against companies not complying with this regulation.
With the Anti-Fraud Strategy now mandatory to be applied by all Financial Service Companies, marks a significant advancement in anti-fraud awareness in Indonesia. The enforcement would potentially enhance the financial stability, resilience, and foster public trust in the country's financial sector. In light of this, it is highly recommended that all Financial Service Companies promptly comply with OJK Reg 12/2024 by updating their existing Anti-Fraud Strategy, adhering to the new requirement on periodic reporting to OJK, and establishing an internal anti-fraud work unit.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.