OJK Issues Long-Awaited Regulation on Alternative Credit Scoring

Issue 5 | February 2025

Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan – “OJK”) has issued a regulation that aims to make it easier for low-income earners and small businesses to access loans, even if they lack traditional credit histories.

The new regulation introduces the Alternative Credit Scorer (“ACS” or Pemeringkat Kredit Alternatif – PKA) framework, allowing approved financing providers to process alternative data – such as non-financial data – to assess creditworthiness.

OJK Regulation No. 29/POJK.03/2024 on Alternative Credit Scoring (“POJK 29/2024”) marks a significant shift in the rules governing alternative credit scoring. It clarifies the distinction between conventional credit scoring providers and ACS, while also addressing transparency, data privacy and the reliability of alternative credit scoring models.

POJK 29/2024 does not, however, apply to data alternative processing conducted by financial institutions for their own purposes.

This advisory outlines the key takeaways of POJK 29/2024 as part of OJK’s broader efforts to adapt to the digital transformation in financial services and promote a more efficient, data-driven approach to credit evaluation.

A.   What’s New: Corporate Governance Updates

Business Activity

Innovative credit scoring (“ICS”) in Indonesia was previously regulated under OJK Regulation No. 3 of 2024 on the Implementation of Financial Sector Technology Innovations, which required ICS providers to register in OJK’s regulatory sandbox for assessment before obtaining approval. With the enactment of POJK 29/2024, ICS providers are now subject to a dedicated regulatory framework that requires them to obtain a business license from OJK.

Under POJK 29/2024, the term alternative credit scoring is introduced as a new category of Financial Sector Technology Innovation Provider (Inovasi Teknologi Sektor Keuangan – “ITSK”) that processes data other than credit or financing data for the purpose of describing the eligibility, condition, or profile of consumers.

ACS conducts business activities in the form of processing alternative data to generate credit scores, which financial institutions may use when evaluating consumers for the provision of financial services.

Additionally, ACS may also carry out other processing activities that utilize alternative data to provide added value to ACS users, such as fraud indication alerts, individual profile mapping, and individual monitoring and evaluation. These activities must obtain approval from the OJK.

Company Form, Minimum Capital, and Foreign Ownership Restriction

Every ACS must be in the form of a limited liability company with at least IDR5 billion in issued and paid-up capital. However, considering the Investment Coordinating Board (BKPM) Regulation No. 4 of 2021 on Guidelines and Procedures for Risk-Based Business Licensing Services and Investment Facilities, ACS in the form of foreign investment companies (PT PMAs) must still comply with the requirement of minimum issued and paid-up capital requirement of at least IDR10 billion. This capital must not, among other things, come from loans and must be deposited under the ACS’ name in an Indonesian bank.

The new regulation imposes an 85% foreign ownership limit on the paid-up capital, whether directly or indirectly, unless the ACS is a public company with shares traded on the stock exchange.

Board Composition

An ACS must at least have two members on the board of directors (“BOD”) and one member on the board of commissioners (“BOC”). At least one of the BOD members must have knowledge and/or experience in:

a.    the credit scoring industry;

b.    the information technology industry; and/or

c.    a financial services institution.

BOD members may concurrently serve on other BODs, BOCs, or as executive officers, but only in companies, organizations, or institutions that are non-profit.

Licensing

Prospective ACS must obtain an ACS business license from the OJK by submitting an application with supporting documents and information specified in POJK 29/2024 through the OJK licensing system. 

Existing ICS providers registered with the OJK must apply for an ACS business license no later than 12 months after POJK 29/2024 came into force (i.e., by 20 December 2024). Otherwise, the ICS provider will be declared an unlicensed business entity, requiring it to cease all business activities and settle customer obligations within six months of being declared unlicensed and unsupervised by the OJK.

The following table outlines the transitional licensing provisions under this regulation. (See the table in the pdf version)

ESO Requirements

ACS with a business license from the OJK must be registered as an Electronic System Organizer (“ESO”) with the Ministry of Communications and Digital Affairs. The application for ESO registration must be (i) submitted within 30 calendar days and (ii) obtained within 60 calendar days from the issuance of the OJK business license. An ACS may not conduct business activities until this requirement is met.

After obtaining ESO registration, the ACS must (i) submit a copy of the ESO registration certificate to the OJK within 7 calendar days from the date of the ESO registration certificate, and (ii) commence business activities within 30 working days of being registered as an ESO.

For further information on requirements for ESOs, please refer to our advisories on private ESO registration and compliance obligations for foreign ESOs.

Fit and Proper Test

POJK 29/2024 also introduces a fit and proper test for ‘Prospective Main Parties’, which must obtain OJK approval before commencing their actions, duties, and functions as a main party. This applies to:

(i) Controlling main parties (Controlling Shareholders – those holding at least 25% of shares with voting rights or less than 25% but with direct or indirect control over the ACS).

(ii) Main parties in the management (BOD and BOC members).

The test involves submitting administrative documents and an assessment of the results.

Data Center Requirements

All ACS must have data centers and disaster recovery centers in Indonesia. 

Credit Score Activities

ACS may engage in (i) obtaining and collecting alternative data, (ii) processing and analyzing alternative data using technology and methods developed by the ACS, and (iii) distributing the results.

The alternative data may be obtained through cooperation with data providers and/or other sources, whether through cooperation or not. However, ACS may not use any credit or financial data in issuing credit scores.

Every credit score must fulfil the following criteria:

a.    Presented in Indonesian, except where consumers require a bilingual presentation;

b.    Presented in the form of symbols, letters, colors, and/or numbers; and

c.    Accompanied by an explanation of the score.

ACS are prohibited from sharing credit scores with any party other than the relevant customers.

B.   Conclusion

POJK 29/2024 opens new opportunities for using innovative credit scoring while ensuring transparency. It’s a chance for ITSKs to improve credit access and modernize their processes. However, it also brings new compliance challenges. Businesses should adapt quickly to stay compliant and capitalize on the opportunities this regulation offers.

-----

Click the "download file" button to read the PDF version.

If you have any questions, please contact:

1. Maria Sagrado, Managing Partner – maria.sagrado@makarim.com
2. Mawira Aruna Sudarmadi, Associate – mawira.sudarmadi@makarim.com
3. Astrid Khairunnisa Suhendar, Associate – astrid.suhendar@makarim.com

_{M&T Advisory is a digital publication prepared by the Indonesian law firm, Makarim & Taira S. It informs generally on the topics covered and should not be treated as legal advice or relied upon when making investment or business decisions. Should you have any questions on any matter contained in M&T Advisory, or other comments in general, please contact us at the emails provided at the end of this article.}