Indonesia’s Omnibus Law Focuses on Fintech Innovation

Issue 1 | February 2023

The Indonesian Government recently introduced a new omnibus law to regulate the financial sector Law No. 4 of 2023 on Financial Sector Development and Reinforcement (“P2SK Law”) was enacted on 12 January 2023. It amends 17 laws in the financial sector, including the Banking Law, Capital Market Law, Futures Trading Law, Sovereign Debt Instruments Law, Insurance Law, and Currency Law, as well as the laws on Bank Indonesia and the Financial Services Authority. The P2SK Law also regulates some ‘new’ financial products such as bullion, trust arrangements, digital assets, and a digital Rupiah.

This Advisory focuses on the P2SK Law’s chapter on Financial Sector Technological Innovation.

A. Products & Activities

Financial Sector Technological Innovation (Inovasi Teknologi Sektor Keuangan - “ITSK”) is regulated under Chapter XVI, from Articles 213 through to 221. ITSK is broadly defined as any technology-based innovation with an impact on products, activities, services, and business models in the digital financial ecosystem.

Wide in scope, ITSK covers:

  1. payment systems (e.g. technological innovation in all payment processing stages, comprising pre-transaction, initiation, authorization, clearing, settlement and post-transaction activities);
  2. settlement of securities transactions (e.g. technological innovation in clearing processes, settlement processes, and registration of ownership and custodies services for money market and capital market products);
  3. equity participation (e.g. securities crowdfunding through an electronic system operator);
  4. investment management (e.g. robo-advisors using advanced algorithms, as well as automated advice and management, retail algorithmic trading);
  5. risk management (e.g. technological innovation in underwriting, claims handling);
  6. collection and/or distribution of funds (e.g. digital banking, peer-to-peer landing, funding agents, financing agents, project financing);
  7. market support (e.g. credit scoring, aggregators and e-Know-Your-Customer involving the use of artificial intelligence, machine learning, big data);
  8. activities related to financial assets that are stored or represented digitally (e.g. crypto assets); and
  9. other digital financial services activities.

ITSK can be used to support economic and financial activities, including those based on sharia principles.

B. Requirements for ITSK Entities

Entities that carry out ITSK must be either financial services institutions (lembaga jasa keuangan – LJK) and/or other parties that conduct legitimate activities in the financial sector. ITSK entities must be incorporated in the form of either a limited liability company or other legal entities. ITSK entities must meet the following requirements:

  1. uphold the principles of good governance (including transparency, accountability, responsibility, independence and fairness);
  2. perform risk management (including active supervision by management, availability of policies, procedures and compliance on organizational structure, risk management processes and internal control);
  3. ensure security and reliability of information systems (including written policies and procedures on information systems, protection of data, fraud management, implementation of cyber security standards, regular information system audits);
  4. uphold consumer and personal data protection (including through education and financial literacy); and
  5. comply with prevailing laws and regulations.

C. ITSK Supervision

ITSK is regulated and supervised by the central bank, Bank Indonesia (“BI”), and the Financial Services Authority (“OJK”) in accordance with their respective authorities.

The regulation and supervision are conducted on the following principles: (a) balancing innovation and risk mitigation, (b) digital economy and digital finance integration, (c) efficiency and best business practices, (d) consumer protection, and (e) coordination of regulation and supervision between authorities.

BI and OJK have the authority to evaluate and seek clarification on the results of innovations developed by ITSK entities. They are also allowed to evaluate fintech innovations through ‘sandbox’ trials. For this, BI and OJK may regulate procedures and mechanisms for sandbox trials, in line with their respective authorities. As reference, to date for the regulation of sandbox trials, BI has issued Regulation No. 23/6/PBI/2021 implemented by Member of the Board of Governors Regulation No. 24/7/PADG/2022, while OJK has issued Regulation No. 13/POJK.02/2018 implemented by Circular Letter No. 21/SEOJK.02/2019.

If a product, activity, service or business model generated by an ITSK entity passes the trial and obtains the requisite licenses or permits from the relevant authorities, then the applicable regulatory, supervisory and sanctioning mechanisms will be shifted to the relevant industry where the ITSK operates. Conversely, if the result of a sandbox trial is deemed unsatisfactory, BI and OJK have the authority to take follow-up measures. Furthermore, ITSK entities are required to submit data, information and periodic or non-periodic reports to BI and OJK, which can then process, exchange and disseminate these through the appropriate digital information systems.

D. Association

ITSK entities must comply with requirements to join a relevant association, as approved and regulated by BI and OJK, according to their respective authorities.

The rules set out by each association for its members must be in line with regulations stipulated by BI and OJK. The association must conduct development and supervision of its registered members according to their functions and roles, as determined by the relevant authority.

E.    Conclusion

The P2SK Law was issued with the aim, among other things, of supporting technological innovation in financial services, while also protecting consumers and strengthening the financial sector amid rapid digital development.

By regulating ITSK under the P2SK Law, the Government provided a stronger legal basis for financial technology entities to make more innovations. Moreover, the P2SK Law provides a clear relationship between fintech authorities and associations, delineating their respective rights and obligations in promoting an innovative financial sector. Simultaneously, it has established robust supervisory mechanisms to ensure protection of consumers and personal data. This includes by providing a framework to eradicate illegal fintech activities.  

The financial sector should now become more accommodative and adaptive to support innovation, including digital banking, peer-to-peer lending, online start-ups and cryptocurrency asset transactions. Companies in these sectors will need to adapt to the new rules, which should ultimately lead to greater stability, growth and public trust.


If you have any questions, please contact:

  1. Dang Alam Perkasa Panjaitan, Associate, Makarim & Taira S.
  2. Maria Sagrado, Managing Partner, Makarim & Taira S.


M&T Advisory is a digital publication prepared by the Indonesian law firm, Makarim & Taira S. It informs generally on the topics covered and should not be treated as legal advice or relied upon when making investment or business decisions. Should you have any questions on any matter contained in M&T Advisory, or other comments in general, please contact us at the emails provided at the end of this article.

Download File