Batavia Advocatorum
Language EN
Back to Insights Financial Services

Urgent: New OJK Regulations on Digital Financial Services

January 10, 2024 Batavia Alerts
Urgent: New OJK Regulations on Digital Financial Services

The Financial Services Authority (OJK) has issued new regulations governing digital financial services, requiring compliance by March 2024. Companies must assess their digital platforms and update compliance frameworks.

New Regulatory Framework

The Financial Services Authority (OJK) has issued POJK No. 21 of 2023 on Digital Financial Services (“POJK 21/2023”), establishing a comprehensive regulatory framework for digital financial services in Indonesia. The regulation applies to banks, insurance companies, securities firms, and other financial institutions offering digital services.

Key Requirements

Licensing and Registration Financial institutions must obtain OJK approval before launching new digital financial services. Existing digital services must be registered within 6 months of the regulation’s effective date.

Consumer Protection Enhanced disclosure requirements for digital products, including standardized terms and conditions, risk warnings, and complaint handling procedures accessible through digital channels.

Data Security Mandatory implementation of:

  • Multi-factor authentication for all transactions
  • End-to-end encryption for data transmission
  • Regular penetration testing and vulnerability assessments
  • Incident response procedures with 24-hour notification to OJK

Operational Resilience Requirements for business continuity planning, disaster recovery capabilities, and minimum uptime standards for critical digital services.

Compliance Timeline

RequirementDeadline
Registration of existing servicesMarch 2024
Consumer protection updatesJune 2024
Data security implementationSeptember 2024
Full complianceDecember 2024

Action Items

Financial institutions should take immediate steps to:

  1. Conduct Gap Analysis - Assess current digital services against POJK 21/2023 requirements
  2. Prepare Registration Documents - Compile technical specifications, security protocols, and consumer protection measures
  3. Update Terms and Conditions - Revise digital service agreements to comply with disclosure requirements
  4. Enhance Security Measures - Implement required authentication and encryption standards
  5. Train Staff - Ensure relevant teams understand new compliance obligations

OJK Supervision

Non-compliance may result in administrative sanctions including written warnings, fines, suspension of digital services, or revocation of business licenses.

This alert is for general information purposes. For specific compliance guidance, please contact Towy Aryanosa at towy.aryanosa@b-av.co.