COMPARATIVE GUIDE
22 July 2025

FinTech Comparative Guide

Bagus Enrico & Partners

Contributor

Bagus Enrico & Partners logo
Explore Firm Details
FinTech Comparative Guide for the jurisdiction of Indonesia, check out our comparative guides section to compare across multiple countries
Indonesia Technology
Debu Batara Lubis,Rana Cinta Rahmania,Sheyla Namirah Korompot
+1 Authors

1 Legal and enforcement framework

1.1 In broad terms, which legislative and regulatory provisions govern the fintech space in your jurisdiction?

Indonesia does not have a single supranational regulatory regime or a comprehensive law governing all fintech activities. Instead, various laws and regulations apply to different fintech sub-sectors. However, Indonesia has established a regulatory sandbox framework to oversee unregulated or emerging fintech providers.

Bank Indonesia (BI) operates a regulatory sandbox for payment system fintech providers under BI Regulation 23/6/PBI/2021 on Payment Services Providers. Meanwhile, the Financial Services Authority (OJK) manages a sandbox for non-payment fintech providers under:

  • OJK Regulation 3/2024 on the Implementation of Technology Innovation in the Financial Technology Sector (POJK 3/2024); and
  • Law 4/2023 on the Development and Strengthening of the Financial Sector.

As Indonesia's fintech sector continues to expand, driven by technological advancements and digital innovation, fintech providers must ensure compliance with regulations on electronic transactions and data protection. Law 11/2008 on Information and Electronic Transactions ('ITE Law') and its amendments mandate the secure execution of electronic transactions. Additionally, Law 27/2022 on the Personal Data Protection governs the collection, processing and protection of users' personal data, reinforcing consumer rights in the digital economy.

1.2 Do any special regimes apply to specific areas of the fintech space?

Yes, and it is subject to the authority that each area falls under, whether BI or the OJK. For example:

  • digital payment systems are regulated by BI under BI Regulation 23/6/2021 on Payment Service Providers; and
  • digital banks are regulated by the OJK under:
    • OJK Regulation 12/POJK.03/2021 on Commercial Banks; and
    • OJK Regulation 21/2023 on Digital Services by Commercial Banks.

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

The regulatory bodies of Indonesia's fintech industry are managed by two key institutions, which both have the authority to supervise, regulate and issue licences specific for each fintech sub-sector:

  • BI, which regulates the payment ecosystem, including:
    • digital payments; and
    • electronic money; and
  • the OJK, which oversees:
    • peer-to-peer lending;
    • crowdfunding;
    • digital banking;
    • insurance technology;
    • cryptocurrencies; and
    • unrecognised fintech providers.

In addition, the Ministry of Communication and Digital (MCD) plays a pivotal role in supervising fintech providers in Indonesia, particularly in overseeing:

  • electronic transactions;
  • the cybersecurity of platforms provided by fintech providers; and
  • consumer data protection.

The MCD is also responsible for certifying electronic system organisers, including fintech providers, to ensure compliance with national cybersecurity standards.

1.4 What is the regulators' general approach to fintech?

The main regulators of the financial industry (ie, BI and the OJK) basically see fintech as an opportunity to:

  • promote financial inclusion; and
  • enhance the efficiency of payment systems.

In this light, they have a generally supportive approach to fintech.

For example, back in 2019, BI introduced the Payment Systems Blueprint of 2019–2025, which includes five initiatives:

  • open banking;
  • retail payment systems;
  • financial market infrastructure;
  • data; and
  • regulatory licensing supervisory.

Its open banking initiative includes the development of an application programme interface; and its policy context includes " fostering national digital economy and finance by interlink between fintech and banks to increase efficiency of payment system and to encourage financial inclusion". This reflects BI's support for fintech and making the financial system accessible for players.

Further, as early as 2016, the OJK formed a Digital Economic and Financial Innovation Development Team, tasked with:

  • reviewing and studying fintech development; and
  • coming up with relevant strategies for its development.

Nevertheless, the support of BI and the OJK is tempered by a cautious regulatory approach. The fintech regulatory framework is stringent in its institutional and consumer protection aspects. For instance, BI Regulation 23/2021 on Payment Service Providers sets out detailed institutional requirements for providers to obtain a licence from BI. Further, the OJK has a specific regulation for consumer protection in the financial sector: OJK Regulation 22/2023 on Protection of the Consumers and Community of the Financial Services Sector.

1.5 Are there any trade associations for the fintech sector?

The primary association for the fintech sector in Indonesia is Asosiasi Fintech Indonesia (AFTECH). However, there are other associations dedicated to specific fintech sub-sectors, such as:

  • Asosiasi Fintech Pendanaan Bersama Indonesia for peer-to-peer lending companies;
  • Asosiasi Fintech Syariah Indonesia for Sharia fintech companies; and
  • Asosiasi Layanan Urun Dana Indonesia for crowdfunding companies.

These fintech associations:

  • collaborate with the OJK to foster fintech innovation; and
  • assist in supervising the implementation of OJK regulations among fintech providers in Indonesia.

The requirement for fintech providers to join these associations varies by sub-sector. In general, fintech companies supervised by the OJK must become members of AFTECH and other associations as relevant.

2 Fintech market

2.1 Which sub-sectors of the fintech industry have become most embedded in your jurisdiction?

According to an annual members survey 2024, Asosiasi Fintech Indonesia's (AFTECH) membership as of the first quarter of 2024 comprised 297 companies, including:

  • 101 fintech lending or peer-to-peer lending companies;
  • 47 payment system providers;
  • 36 aggregation fintech companies;
  • 15 innovative credit scoring fintech companies;
  • eight transaction authentication fintech companies;
  • seven digital asset fintech companies;
  • six digital banks; and
  • 78 other fintech companies.

The three most embedded fintech industries in Indonesia are thus:

  • peer-to-peer lending (33.7%);
  • payment systems (15.8%); and
  • aggregation (12.1%).

2.2 What products and services are offered?

Indonesia's fintech landscape is diverse, offering a wide range of products and services. These products and services include payment systems, such as:

  • payment gateways;
  • e-wallets and digital remittances;
  • peer-to-peer lending;
  • crowdfunding;
  • digital bank, crypto and digital assets;
  • insurance.

2.3 How are fintech players generally structured?

Fintech companies are generally structured in the form of limited liability companies. However, depending on each sub-sector's regulations, some fintech companies may structured in the form of a cooperative. A cooperative is a business entity consisting of individuals or legal entities which:

  • operates based on cooperative principles; and
  • serves as an economic movement founded on the principle of mutual cooperation.

Fintech companies that are permitted to be structured in the form of a cooperative include peer-to-peer lending, crowdfunding and payment systems companies that hold a Category 3 licence (ie, remittance services and others as determined by BI).

2.4 How are they generally financed?

AFTECH's annual members survey 2024 indicates that:

  • 45% of fintech companies in Indonesia secured their funding through venture capital; and
  • 35.9% of respondents relied on self-funding.

Although not as prevalent, some fintech companies also secured funding from:

  • private equity;
  • angel investors;
  • initial public offerings; and
  • government support.

The survey revealed that the majority of funding comes from domestic investors, accounting for 50.4% of the total. However, foreign investors still play a crucial role in financing Indonesia's fintech sector. Among them, Singapore stands out as the leading foreign investor, contributing 26.7%, followed by China at 6.9%.

2.5 How are they positioned within the broader financial services landscape?

Fintech companies are expected to be a key driver in advancing financial inclusion in Indonesia through innovation, technology adoption and strategic partnerships with financial institutions. The Financial Services Authority (OJK) has also issued OJK Regulation 3/2023 on the Enhancement of Financial Literacy and Inclusion in the Financial Services Sector for Consumers and the Public for financial service providers, including fintech providers, to help achieve the country's financial inclusion index target of 98% by 2045.

Indonesia has a significant unbanked population and fintech companies play a crucial role in bridging this gap. Mobile wallets, digital lending platforms and other innovative solutions are helping underserved communities to gain access to essential financial services. Additionally, small and medium-sized enterprises, which often struggle to secure traditional financing, are benefiting from alternative lending options provided by fintech platforms.

By integrating cutting-edge technology, regulatory support and inclusive financial solutions, fintech firms are reshaping Indonesia's financial landscape and positioning themselves as essential players within the broader financial services ecosystem.

2.6 Do start-ups generally outsource back office functions and is there a developed market for them to access? What are the legal implications of outsourcing?

Startups in Indonesia generally outsource back-office functions. Especially for fintech companies, common examples of outsourced tasks include IT development and debt collection. The legal implications of outsourcing mainly relate to data privacy. As a result, certain regulations – such as the P2P Regulation – restrict peer-to-peer lending companies from outsourcing tasks that involve funding eligibility assessments and/or IT operations (eg, user access management activities and database management).

3 Technologies

3.1 How are the following key technologies in the fintech space regulated and what specific legal issues are associated with each? (a) Internet (e-commerce); (b) Mobile (m-commerce); (c) Big data (mining); (d) Cloud computing; (e) Artificial intelligence; and (f) Distributed ledger technology (Blockchain, cryptocurrencies)

(a) Internet (e-commerce)

The regulation of internet (e-commerce) and mobile (m-commerce) within Indonesia's fintech space is a shared responsibility, with:

  • Bank Indonesia (BI) primarily overseeing payment systems; and
  • the Financial Services Authority (OJK) regulating broader fintech integrations.

BI focuses on ensuring the security and efficiency of digital payment methods, including electronic money, payment gateways and fund transfers, which are essential for e-commerce and m-commerce transactions. BI Regulation 23/6/PBI/2021 on Payment Services Providers is central to establishing a secure and interoperable payment ecosystem. When e-commerce and m-commerce platforms integrate fintech services such as 'pay later' options or digital financing, OJK regulations become applicable, ensuring that these services comply with lending and financial innovation standards.

E-commerce and m-commerce in Indonesia face a range of legal challenges, including:

  • data privacy compliance under Law 27/2022 on Personal Data Protection ('PDP Law'), ensuring strong consumer protection against fraud and deceptive practices; and
  • the validity of electronic contracts under Law 11/2008 on Information and Electronic Transactions.

(b) Mobile (m-commerce)

Please see question 3.1.

(c) Big data (mining)

The regulation of big data mining in Indonesia's fintech sector is fundamentally rooted in the nation's data protection laws, most notably the PDP Law. Both the OJK and BI actively oversee big data mining practices, with a focus on:

  • ensuring financial stability; and
  • protecting consumer rights.

OJK regulations, especially those regarding digital financial innovation, address the use of data analytics in areas such as credit scoring and risk assessment; while BI focuses on safeguarding payment systems against fraud and ensuring transaction security.

The recent OJK Regulation 3/2024 on the Implementation of Technology Innovation in the Financial Technology Sector ('POJK 3/2024') also plays a key role. The regulation allows for the use of regulatory sandboxes, which are important when testing new big data mining technologies, allowing for the assessment of potential risks such as data privacy breaches and model instability or inaccuracy.

(d) Cloud computing

Cloud computing in Indonesia's fintech sector is regulated through a framework centred on data protection, information security and financial service guidelines, primarily enforced by the OJK and BI. The PDP Law mandates stringent data protection measures, including considerations for data localisation, especially for sensitive financial information.

OJK and BI guidelines on IT risk management require robust security controls, vendor due diligence and business continuity planning for cloud adoption. Additionally, adherence to information security standards such as ISO/IEC 27001 and compliance with outsourcing regulations are crucial for fintech companies utilising cloud services.

(e) Artificial intelligence

The regulation of artificial intelligence (AI) within Indonesia's fintech sector is still evolving, primarily operating within the existing frameworks of:

  • data protection;
  • consumer protection; and
  • financial technology innovation.

While there is no dedicated AI-specific law, the OJK and BI are increasingly focused on the implications of AI adoption. POJK 3/2024 is highly relevant, as it provides a regulatory sandbox environment for testing AI-driven fintech solutions, allowing for:

  • the assessment of risks; and
  • the development of appropriate guidelines.

The legal risks associated with AI in Indonesian fintech are multifaceted. Data privacy breaches are a major risk, given the large datasets that AI algorithms process, which can be vulnerable to cyberattacks. Additionally, IP risks arise from the development and use of AI algorithms. The lack of clear regulatory guidelines creates uncertainty, making it challenging for fintech companies to ensure compliance. The use of the sandbox environment is meant to mitigate these risks, but this is still a new and developing area.

(f) Distributed ledger technology (Blockchain, cryptocurrencies)

Cryptocurrency was previously regulated by the Indonesian Commodity Futures Trading Regulatory Agency. However, following the enactment of Law 4/2023 on the Development and Strengthening of the Financial Sector, the authority for overseeing crypto assets was transferred to the OJK. Since then, cryptocurrencies have been regulated under OJK Regulation 27/2024 on the Organisation of Trading of Digital Financial Assets Including Crypto Assets ('POJK 27/2024'). POJK 7/2024 requires that digital financial asset trading organisers – that is, the exchange, clearing and guarantee and settlement institutions, depository managers and traders – to obtain a business licence from the OJK.

A specific legal issue related to cryptocurrency is the potential of misuse of blockchain encryption system for money-laundering purposes. In this light, the OJK has specific regulations in place concerning anti-money laundering – for instance, under OJK Regulation 8/2023 on Implementation of Anti-money Laundering, Counter-terrorism Financing, and Counter-Proliferation of Weapons of Mass Destruction Programmes in the Financial Services Sector, which also applies to the cryptocurrency industry.

4 Activities

4.1 How are the following key activities in the fintech space regulated and what specific legal issues are associated with each? (a) Crowdfunding, peer-to-peer lending; (b) Online lending and other forms of alternative finance; (c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb); (d) Forex; (e) Trading; (f) Investment and asset management; (g) Risk management; (h) Roboadvice; and (i) Insurtech.

(a) Crowdfunding, peer-to-peer lending

Crowdfunding and peer-to-peer lending are respectively regulated under:

  • Financial Services Authority (OJK) Regulation 57/2020 on Offering of Securities Through Information Technology-Based Crowdfunding Services, as amended by OJK Regulation 16/2021 on the amendment of OJK Regulation 57/2020; and
  • OJK Regulation 10/2022 on Information Technology-Based Co-Funding Services ('POJK 10/2022').

Both require:

  • a business licence from the OJK; and
  • registration with the Ministry of Communications and Informatics as a private electronic system operator.

As activities that involve the movement of money through technology without face-to-face interaction, one relevant legal issue associated with crowdfunding and peer-to-peer lending is the potential for fraudulent activities, such as the misappropriation of funds raised through peer-to-peer lending platforms. The OJK has put in place Regulation 12/2024 on the Implementation of Anti-fraud Strategy for the Financial Services Sector as an anti-fraud measure, requiring players in the financial services sector to have anti-fraud strategies that must be submitted to the OJK.

(b) Online lending and other forms of alternative finance

In Indonesia, besides peer-to-peer lending and crowdfunding, other forms of alternative finance have emerged, such as invoice financing and earned wage access, which are now growing markets.

The implementation of invoice financing in Indonesia is regulated through OJK Regulation 35/POJK.05/2018 of 2018 on the Organisation of the Business Activities of Financing Companies and its amendments. It requires a licence from, and falls under the supervision of, the OJK.

Earned wage access is currently not specifically regulated in Indonesia, as the OJK still sees it as a financial wellness benefit rather than a loan facility. However, this does not rule out the possibility that, in the future, it may enter the OJK's regulatory sandbox (ie, a testing ground for digital financial innovations that allows the OJK to evaluate and develop appropriate regulations).

(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb)

Payment service providers (penyedia jasa pembayaran (PJPs)) are regulated under BI Regulation 23/6/PBI/2021 on Payment Services Providers ('PJP Regulation'). Any party – whether bank or non-bank – that provides services to facilitate payments to service users (eg, in the forms of provision of information on source of funds, payment initiation and/or acquisition services, administration of source of funds, remittance services and other activities if decided by the OJK) must:

  • obtain a specific type of PJP licence from Bank Indonesia (BI) to operate; and
  • adhere to numerous capitalisation and institutional requirements.

Further, the failure of PJPs that undertake certain activities or are of a certain size may cause damage to the payment or monetary system. The PJP Regulation thus categorises PJPs into three types and may require PJPs that fall under specific categories to fulfil certain obligations, including obligations related to:

  • capitalisation or risk management; and
  • information security system standards.

(d) Forex

Foreign exchange activities are primarily regulated under BI Regulation 6/2024 on Money Market and Foreign Exchange Market. Any party that carries out activities in the foreign exchange market must obtain a licence from BI, which can take the form of:

  • a business licence;
  • an operational licence;
  • an agreement;
  • a registered certificate; or
  • another form of licence stipulated by BI.

In addition to foreign exchange actors, BI may also grant licences for:

  • products;
  • reference pricing; and
  • financial market infrastructure.

Indonesia's foreign exchange market is closely regulated by BI to maintain rupiah stability and financial integrity. Key regulations:

  • mandate the rupiah's use domestically;
  • restrict certain foreign exchange transactions; and
  • enforce strict anti-money laundering/counter-terrorism financing measures.

Further, business actors must secure proper licences and adhere to reporting to operate legally within Indonesia's foreign exchange landscape.

(e) Trading

Trading in Indonesia's fintech sector is primarily regulated by the OJK through POJK 27/2024, under which online securities platforms must:

  • secure licences; and
  • adhere to stringent capital market rules, prioritising investor protection against fraud and market manipulation.

Key legal issues arising from trading activities include:

  • obtaining a licence;
  • combating cybersecurity threats; and
  • managing the inherent volatility of digital assets.

The OJK is also focused on mitigating risks associated with algorithmic trading and cross-border transactions.

(f) Investment and asset management

Investment management falls under the supervision of the OJK and is regulated under:

  • Law 8/1995 on Capital Market and its amendments;
  • OJK Regulation 17/POJK.04/2022 on the Code of Conduct for Investment Managers; and
  • OJK Regulation 10/POJK.04/2018 on the Application of Investment Manager Governance and its amendment.

An investment manager:

  • must implement policies, provide recommendations and make decisions rationally and in the best interests of investment products; and
  • is prohibited from:
    • consulting without authorisation;
    • executing orders from unapproved third parties; or
    • concluding transactions that violate investment policies.

Investment managers in Indonesia face legal risks related to:

  • regulatory compliance;
  • fiduciary duties; and
  • market conduct.

Failure to obtain proper licensing, mismanaging client funds or violating disclosure rules can lead to sanctions or lawsuits.

(g) Risk management

Risk management within Indonesia's fintech landscape is primarily overseen by the OJK, which mandates robust frameworks to safeguard financial stability and consumer interests. Regulations focus on key risk areas, including credit, operational, market, technology and anti-money laundering/counter-terrorism financing risks, tailored to the specific nature of each fintech segment.

The OJK employs various regulatory tools – such as licensing, prudential requirements and supervisory oversight – to ensure compliance and mitigate potential threats. Notably, POJK 3/2024 emphasises a structured approach to managing risks associated with financial sector technology innovation, including the use of regulatory sandboxes for controlled testing.

(h) Roboadvice

Indonesia has yet to establish a dedicated regulation for roboadvice activities. As a result, they are primarily regulated under POJK 3/2024. However, as roboadvice services often involve investment management or advisory activities, regulations related to investment managers are equally relevant.

Roboadvisers in Indonesia face legal risks related to:

  • regulatory compliance;
  • investor protection; and
  • data security.

Algorithmic errors, a lack of transparency or misleading advice can lead to investor claims. Non-compliance with data protection laws or cybersecurity breaches may result in penalties and reputational damage. Additionally, biases in AI-driven recommendations and overreliance on automation without oversight can raise ethical and regulatory concerns.

(i) Insurtech

There is no specific regulation which governs insurtech activities in Indonesia. Therefore, as for other unrecognised non-payment fintech companies, their activities are mainly regulated under POJK 3/2024.

5 Data security and cybersecurity

5.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?

Indonesia's data protection landscape is primarily governed by Law 27/2022 on Personal Data Protection ('PDP Law'), which establishes a comprehensive framework for personal data protection. This framework defines the lawful bases for processing personal data, including the following:

  • explicit and lawful consent of the data subject;
  • fulfilment of contractual obligations involving the data subject;
  • compliance with legal obligations under applicable regulations;
  • protection of the data subject's vital interests;
  • execution of:
    • public interest tasks;
    • public services; or
    • legal authority; and
  • legitimate interest.

Fintech providers are categorised as data controllers due to their corporate structure and the nature of their operations, and thus must comply with their obligation to conduct personal data processing under the above lawful basis.

The PDP Law significantly impacts fintech companies, especially when handling sensitive financial data. Fintech companies must obtain explicit user consent and implement strong security measures to protect this data. Data localisation rules may require that certain data be stored in Indonesia, affecting infrastructure and costs; while cross-border data transfers are strictly regulated, requiring user consent or safeguards in recipient countries. Fintech companies must also comply with mandatory data breach notifications, ensuring quick detection and response. Many fintech companies will likely need a data protection officer (DPO) to oversee compliance. Lastly, the PDP Law adds an administrative burden, including documentation, policy updates, training and audits, making compliance essential for both legal security and customer trust.

5.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?

Indonesia does not have a specific law governing cybersecurity. Instead, cybersecurity is primarily regulated under:

  • Law 11/2008 on Information and Electronic Transactions; and
  • Government Regulation 71/2019 on the Organisation of Electronic Systems and Transactions.

These instruments require all electronic system operators, including fintech providers, to register and certify their electronic systems and information protection management systems to ensure compliance with specific information security standards.

The main authorities overseeing cybersecurity in Indonesia are:

  • the Ministry of Communication and Digital; and
  • the Cyber and National Encryption Agency (BSSN), which:
    • plays a crucial role in ensuring effective cybersecurity protection by formulating, establishing and implementing technical policies related to cybersecurity and cryptography; and
    • is responsible for developing norms, standards, procedures and technical guidelines.

To enforce cybersecurity measures, the BSSN has issued Regulation 8/2020 on Security Systems in the Operation of Electronic Systems, mandating all electronic system operators in Indonesia to implement a risk-based information security management system, including obtaining SNI ISO/IEC 27001 certification.

Additionally, the Financial Services Authority (OJK) and Bank Indonesia require fintech companies to maintain cybersecurity measures based on sector-specific regulations. For example:

  • P2P lending companies must employ experts capable of managing their electronic systems; and
  • banks (under OJK Regulation 11/POJK.03/2022 on the Organisation of Information Technology by Commercial Banks) must implement cybersecurity defences, including:
    • asset identification;
    • threat detection; and
    • incident response.

As a result, Indonesian fintech companies must establish robust cybersecurity frameworks, such as by:

  • conducting regular risk assessments;
  • implementing security controls;
  • developing incident response plans; and
  • ensuring compliance with all applicable laws and regulations, including those issued by the BSSN and the OJK.

6 Financial crime

6.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for fintech companies?

The Financial Services Authority (OJK) has implemented measures on anti-money laundering (AML), the prevention of financing of terrorism (PPT) and the prevention of financing of proliferation of weapons of mass destruction (PPPSPM) through the issuance of OJK Regulation 8/2023 on the Implementation of Anti-money Laundering and Prevention of Terrorism and Proliferation of Weapons of Mass Destruction Funding Programmes within the Financial Services Sector ('POJK 8/2023'). Additionally, Bank of Indonesia Regulation 23/6/PBI/2021 on Payment Services Providers sets out risk management requirements related to AML and PPT for payment system fintechs.

POJK 8/2023:

  • is aligned with international standards, such as those established by the Financial Action Task Force (FATF); and
  • considers advancements in innovation and technology while emphasising security and confidentiality.

The regulation introduces several key provisions, including fintechs' obligations to conduct risk assessment, mitigation and reporting related to AML, PPT and PPPSPM.

7 Competition

7.1 Does the fintech sector present any specific challenges or concerns from a competition perspective? Are there any pro-competition measures that are targeted specifically at fintech companies?

A few major players, particularly in digital payments and peer-to-peer lending, have established significant market power. Their dominance is reinforced by strong financial backing, extensive user networks and prominent name brands, making it difficult for smaller and new fintech companies to compete effectively. Further, large fintech companies – particularly those integrated with e-commerce and ride-hailing platforms – often engage in exclusive partnerships. These agreements may restrict merchants from using multiple payment providers, thereby limiting consumer choice and reducing competition.

To mitigate these challenges and build a competitive fintech landscape, Indonesian regulators have implemented several pro-competition measures, such as the implementation of a unified QR payment system (QR Code Indonesia Standard) that allows seamless transactions across different payment providers, promoting competition and reducing consumer lock-in. Further, Bank Indonesia (BI) has introduced BI-FAST, a real-time payment infrastructure that facilitates interoperability between banks and fintech platforms, improving efficiency and lowering transaction costs.

Aside from payment infrastructure, BI has also established open banking and data sharing initiatives, such as Indonesia's National Open API Payment Standard (SNAP). SNAP is a technical framework established by BI to facilitate data exchange and integration between payment service providers and third parties through an open application programming interface. It encourages fintech firms and banks to share payment data securely, reducing entry barriers for new players.

8 Innovation

8.1 How is innovation in the fintech space protected in your jurisdiction?

Innovation in the fintech space in Indonesia is primarily protected through IP rights, as follows.

Patents: A patent granted by the state gives a fintech company the exclusive right to its invention in the relevant field of technology for a certain period, allowing it to implement the invention itself or grant permission to others to do so. Patents are regulated by Law 13/2016 on Patents.

Copyrights: Fintech companies can protect their original works through copyright in various fields, including software, databases and digital content, under Law 28/2014 on Copyright and its amendments.

Trademarks: Fintech companies can protect their brand names, logos and distinctive visual or audio elements through trademarks to differentiate their services from competitors. Trademarks are regulated by Law 20/2016 on Trademarks and Geographical Indications and its amendments.

Trade secrets: Fintech companies can protect confidential business information that gives them a competitive advantage – including proprietary technology and algorithms – as trade secrets under Law 30/2000 on Trade Secrets.

Industrial designs: Fintech companies can protect the visual design of their products – including user interface and user experience designs – as industrial designs under Law 31/2000 on Industrial Designs.

8.2 How is innovation in the fintech space incentivised in your jurisdiction?

The legal framework governing fintech innovation in Indonesia is primarily regulated by Law 4/2023 on the Development and Strengthening of the Financial Sector ('PPSK Law'), which introduced the concept of 'financial sector technology innovation ('inovasi teknologi sektor keuangan' (ITSK)). ITSK refers to technology-based innovations that impact products, activities, services and business models within the digital financial ecosystem.

According to Article 213 of the PPSK Law, ITSK covers a wide range of financial activities, including:

  • payment systems;
  • securities transaction settlements;
  • capital raising;
  • investment management;
  • risk management;
  • fund collection and distribution;
  • market support;
  • digital financial services; and
  • digital financial assets (including crypto assets).

Additionally, Article 216 mandates that Bank Indonesia (BI) and the Financial Services Authority (OJK) regulate and oversee ITSK according to their respective jurisdictions.

Further, BI Regulation 23/6/PBI/2021 on Payment Services Providers emphasises that payment system technology innovation includes products, activities, services and business models that utilise innovative technology within the economic and financial ecosystem. Meanwhile, POJK 3/2024 formally adopts the term 'ITSK' to define fintech, aligning with other regulations that recognise fintech as any technological innovation that adds value to the financial sector.

To encourage fintech innovation, the PPSK Law has restructured the regulatory sandbox framework, which was previously categorised as 'digital financial innovation'. The sandbox is now designated under ITSK and divided into specialised business models, including:

  • innovative credit scoring;
  • aggregators;
  • financing agents;
  • funding agents; and
  • wealth tech.

This regulatory framework provides a structured and supervised environment for fintech companies to develop and test their innovations, ensuring compliance while promoting growth in Indonesia's digital financial sector.

9 Talent acquisition

9.1 What is the applicable employment regime in your jurisdiction and what specific implications does this have for fintech companies?

The main regulations governs the employment in Indonesia are:

  • Law 13/2003 on Employment and its amendments; and
  • Government Regulation (GR) 35/2021 on Temporary Employment Agreement, Outsourcing, Working Hours and Breaks and Termination of Employment Relationships.

Employment relationships are established through a work agreement between an employer and its workers. The law classifies employment relationships into two distinct categories:

  • Indefinite-term employment agreement: An employment agreement can be established for an unspecified period. Such an agreement may include a probation period, which cannot exceed three months.
  • Fixed-term employment agreement: An employment agreement can be established within a designated period. This specific type of employment agreement:
    • can be created for a duration not exceeding five years; and
    • can be extended once for an additional period of up to five years.

The Employment Law and GR 35/2021 generally regulate:

  • wages;
  • benefits;
  • working hours;
  • overtime; and
  • termination and severance pay

All fintech companies must comply with the Employment Law.

9.2 How can fintech companies attract specialist talent from overseas where necessary?

Fintech companies can hire talent from overseas in Indonesia. However, this provision is subject to specific positions and timeframes. Furthermore, foreign workers are restricted from holding positions responsible for personnel management.

Fintech companies that hire foreign workers must have an expatriate utilisation plan that:

  • outlines the planned employment of foreign workers; and
  • ensures compliance with positions that are eligible to be filled by foreigners.

However, there are exceptions to this rule, which include foreign workers required by employers for various purposes, such as the following:

  • emergencies;
  • vacations;
  • technology-based startups;
  • business visits;
  • research for a specific period; and
  • production activities that have temporarily ceased.

Once a fintech company has fulfilled certain administrative procedures, a foreign workers will be granted a limited stay permit for a maximum of five years, which can be renewed once (ie, the entire stay is not more than 10 years). They will also be granted a limited stay visa.

10 Trends and predictions

10.1 How would you describe the current fintech landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

The fintech landscape in Indonesia is rapidly evolving as more and more fintech players establish themselves in the jurisdiction. Digital payment methods such as QR codes are increasingly used and help to promote financial inclusion. In the next 12 months, this trend will most likely continue and new regulations implementing Law 4/2023 on the Development and Strengthening of the Financial Sector are anticipated.

11 Tips and traps

11.1 What are your top tips for fintech players seeking to enter your jurisdiction and what potential sticking points would you highlight?

Fintech in Indonesia is subject to strict regulation by either Bank Indonesia or the Financial Services Authority. Before beginning operations, fintech companies must secure a licence from the appropriate authority, which can be a lengthy process. To streamline this as much as possible, our key advice is to ensure that potential fintech providers prepare complete and well-organised documentation that fully complies with the relevant regulations. This will help to avoid delays caused by multiple back-and-forth questions or revisions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Debu Batara Lubis
Debu Batara Lubis
Photo of Rana Cinta Rahmania
Rana Cinta Rahmania
Photo of Myra Nathania William
Myra Nathania William
Photo of Sheyla Namirah Korompot
Sheyla Namirah Korompot
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More