To help regulate Technological Innovations in the Financial Sector (Inovasi Teknologi Sektor Keuangan or “ITSK”), Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan or “OJK”) recently issued OJK Regulation No. 3 of 2024 dated February 16, 2024, regarding the Implementation of ITSK (“OJK Reg. 3/2024”). This is an implementing regulation for Law No. 4 of 2023 regarding the Development and Reinforcement of the Financial Sector (the “P2SK Law”) enacted early last year.
As background, the term ITSK was introduced under the P2SK Law and defined as technology-based innovations impacting products, activities, services, and business models in the digital financial ecosystem. ITSK is classified under the P2SK Law as under the auspices and supervision of the OJK.
With the issuance of OJK Reg. 3/2024, the OJK revokes and replaces OJK Regulation No. 13/POJK.02/2018 regarding Digital Financial Innovation (Inovasi Keuangan Digital or “IKD”) (“OJK Reg. 13/2018”).
This article highlights notable provisions of OJK Reg. 3/2024, particularly regarding the new ITSK licensing regime for ITSK Providers.
New ITSK Licensing Regime
Previously under OJK Reg. 13/2018, companies seeking to engage in IKD activities had to be registered as an IKD Provider with the OJK. This registration was a three-step process, namely: (1) IKD Recordation; (2) Regulatory Sandbox Participation; and (3) IKD Registration.
With the revocation of OJK Reg. 13/2018, the nomenclature has changed from IKD activities to ITSK activities and companies seeking to engage in ITSK activities are subject to the new ITSK licensing regime provided under OJK Reg. 3/2024.
This new licensing regime involves the following: (1) Regulatory Sandbox Participation, followed by either (2) Registration as an ITSK Provider or (3) ITSK License Application. We discuss each step of the application process in turn below.
(i) Regulatory Sandbox Participation
The Regulatory Sandbox is conducted for the purpose of ensuring that technological innovations and developments in the financial sector are carried out responsibly and with adequate risk management. OJK Reg. 3/2024 explicitly regulates that companies seeking to carry out business activities within the ITSK framework are obliged to apply to the OJK to be a Regulatory Sandbox Participant (“Participant”). To apply to be a Participant a company must submit an application form provided by the OJK, a Testing Plan, and other supporting documents (together, the “Application Documents”).
Following the submission the OJK will assess the Application Documents and issue a letter to the relevant company either approving or rejecting the company’s application to be a Regulatory Sandbox Participant. If approved to be a Regulatory Sandbox Participant, the company will commence the trial and development procedure for its ITSK product in accordance with the Testing Plan submitted to the OJK.
The period of the Regulatory Sandbox will be at most one year from the issuance of the Regulatory Sandbox Participant approval by the OJK. However, the OJK is authorized to determine a different Regulatory Sandbox period for each company based solely on its own discretion and judgement.
Following the completion of the Regulatory Sandbox period, the OJK will evaluate and determine the results and the Regulatory Sandbox Participant will be informed by the OJK whether they have passed.
If the Regulatory Sandbox Participant is considered to have passed the Regulatory Sandbox, the OJK will either require the Participant to (i) register as an ITSK Provider before applying for an ITSK License from the OJK or (ii) directly apply to the OJK for an ITSK License.
If the Regulatory Sandbox Participant is deemed to have not passed the Regulatory Sandbox, the Participant will be required to fulfill the following obligations at the latest three months after receiving the letter from the OJK:
- Stop all business operations, product innovations, activities, and services using the business model tested and developed during the Regulatory Sandbox;
- Settle all its obligations to consumers and other parties; and
- Implement their exit plan in accordance with the Testing Plan submitted to the OJK at the beginning of the Regulatory Sandbox.
(ii) Registration as an ITSK Provider
Participants deemed to have passed the Regulatory Sandbox may be required by the OJK to register as an ITSK Provider before applying to the OJK for an ITSK License. In this case, the Regulatory Sandbox Participant shall submit to the OJK the relevant documents regarding the following:
- Institutional and governance;
- Business model;
- Information technology; and
- Partnerships.
The provisions of OJK Reg. 3/2024 are limited on this matter and it is still unclear how the ITSK Provider registration process will be carried out in practice. It is expected that the OJK will stipulate further details and provisions regarding ITSK Provider registration.
(iii) ITSK License Application
Participants having passed the Regulatory Sandbox are required to directly apply to the OJK for an ITSK License and must do so within six months after receiving the letter from the OJK stating that the Participant has passed the Regulatory Sandbox (“Sandbox Passing Letter”). Failure to apply within the specified time period will result in the Sandbox Passing Letter being deemed expired and invalid.
OJK Reg. 3/2024 regulates that the licensing process for the ITSK License will be subject to the OJK regulations regarding the licensing and supervision of each ITSK cluster.
This publication is intended for informational purposes only and does not constitute legal advice. Any reliance on the material contained herein is at the user’s own risk. All SSEK publications are copyrighted and may not be reproduced without the express written consent of SSEK.