Conventus Law

Conventus Law

by

In February 2025, the Indonesian Financial Services Authority (Otoritas Jasa Keuangan or “OJK“) issued Regulation No. 4 of 2025 regarding Financial Services Aggregation Providers (“OJK Reg. 4/2025“). This regulation introduces the first dedicated legal framework for financial services aggregators, following the OJK’s broader regime on financial technology innovations under OJK Regulation No. 3 of 2024 regarding Technological Innovations in the Financial Sector (“OJK Reg. 3/2024“).

Previously, aggregators operated under the general framework for Technological Innovations in the Financial Sector (Inovasi Teknologi Sektor Keuangan or “ITSK”) under OJK Reg. 3/2024, without specific licensing rules. With OJK Reg. 4/2025, aggregators now have clarity on ownership, licensing, governance and operation requirements.  

Below are key points in the new OJK regulation. Notably, several of these align with the provisions introduced under OJK Reg. 3/2024.

Definition and Scope

An Aggregator is defined under OJK Reg. 4/2025 as an ITSK provider that collects, filters and/or compares financial product information through electronic systems. Activities under this scope include:

  • displaying information on financial products and/or services and providing consumer choices; 
  • forwarding consumer data to financial institutions;
  • distributing financial products to consumers; and
  • handling product- and/or service-related documentation.

Certain companies, however, may be exempt from being considered aggregators if aggregation is strictly internal, ancillary to their main business, one-way in nature and without the processing of consumer data, conducted by an entity already supervised by the OJK in another sector, or not linked to marketing or distribution.

Ownership and Capital 

OJK Reg. 4/2025 closes loopholes used in structuring control beyond ownership caps. Foreign ownership of an Aggregator, either directly or indirectly, is capped at 85%, whether by individuals or legal entities. Nominee arrangements are expressly prohibited. Minimum paid-up capital is set at IDR 500 million, which must not come from loans or illicit sources (for example, money laundering, terrorism funding or funding of the proliferation of weapons of mass destruction).

Governance and Key Personnel 

Aggregators must have at least two Directors and one Commissioner, with at least one Director experienced in aggregation, information technology and/or in financial institutions, as evidenced by either certification or proof of at least three years of relevant work experience. 

OJK Reg. 4/2025 prohibits Directors from holding concurrent positions as Directors, Commissioners or executive officers in other entities, with certain exceptions.

Principal Parties, including controlling shareholders and board members, require OJK fit-and-proper approval before appointment. The OJK will consider factors such as the integrity, financial feasibility or financial reputation, and competence of the candidates.

Use of Foreign Workers

Foreign workers may only serve one level below the Board of Directors or as experts/consultants and are limited to three-year terms. Aggregators that intend to use foreign workers must also prepare foreign worker utilization plans and submit any changes thereto to the OJK; such plans must be submitted to the OJK as part of the annual business plan.

Aggregators must first consider the availability of Indonesian workers prior to hiring foreign workers. They must also pair each foreign hire with an Indonesian companion worker and ensure skills transfer. Foreign workers cannot be employed in compliance or HR roles. 

Operational Requirements

As regulated under OJK Reg. 4/2025, Aggregators are now required to obtain ISO 27001 information security certification within three years of licensing. Before obtaining the certification, Aggregators must establish internal policies governing information security.

In addition, OJK Reg. 4/2025 requires Aggregators to locate their data and recovery centers in Indonesia and to register as Electronic System Providers (Tanda Daftar Penyelenggara Sistem Elektronik or “TDPSE”) with the Ministry of Communications and Digital Affairs.

In operating their businesses, Aggregators are also required to enter into cooperations with financial service institutions and/or other parties in the financial services sector. Such cooperation must be formalized through a written agreement that covers key matters, including:

  • the duration of the agreement;
  • the duties and responsibilities of each party;
  • details of commission arrangements;
  • the mechanism for updating financial product or service information;
  • the complaint-handling mechanism;
  • the mechanism for data distribution to or from financial institutions or relevant parties, if applicable;
  • the mechanism for the exchange, use and protection of personal data, if applicable; and
  • a statement that the financial institution or relevant party remains fully responsible for all processes relating to the financial products or services it owns.

Approval and Reporting

In addition to the matters outlined above, OJK approval is required for any changes in ownership, mergers, consolidations or acquisitions. Aggregators must also submit: 

  • Annual business plans, including any foreign worker utilization, as discussed above;
  • Periodic reports (semesterly and annually, with audited financials); and
  • Incidental reports within five days of events such as shareholder changes, disputes, fraud or cyberattacks. 

Sanctions

Non-compliance with OJK Reg. 4/2025, including the provisions set out above, may result in administrative sanctions in the form of:

  • written warnings;
  • temporary, partial or complete suspension of activities;
  • fines up to IDR 1 billion; 
  • blacklisting of Principal Parties; and
  • revocation of business license.

Transitional Provisions

Certain ITSK entities registered under OJK Reg. 3/2024, consisting of aggregators, financing agents, funding agents and wealth-tech firms, must apply for a license under OJK Reg. 4/2025 by February 21, 2026. Businesses must also adjust ownership structures and operational models to meet the new requirements within the transitional period.

Conclusion

OJK Reg. 4/2025 provides long-awaited certainty for financial services aggregators by setting clear rules on ownership, governance, licensing and operations, while carrying over certain obligations for ITSKs previously set out under OJK Reg. 3/2024. 

Companies currently active or planning to enter the market should review their structures, cooperation agreements and technology systems to ensure compliance ahead of the 2026 deadline. 

The regulation also signals the OJK’s intent to roll out specific frameworks for other ITSK models, underscoring the need for ongoing regulatory monitoring. (13 October 2025)

WRITTEN BY

For further information, please contact:

Winnie Yamashita Rolindrawan – SSEK,
winnierolindrawan@ssek.com

Winnie Yamashita Rolindrawan - SSEK. Winnie Yamashita Rolindrawan holds a Bachelor of Laws in economic law from the University of Indonesia and a Master of Science in communications management. She also earned an LL.M. and a Business Law Certificate from UC Berkeley.

Winnie Yamashita Rolindrawan received her Bachelor of Laws in economic law from the University of Indonesia in 2002. In 2007, she earned her Master of Science from the Faculty of Social and Political Sciences at the same university, majoring in communications management. In 2016, Winnie received her Master of Laws (LL.M.) from the University of California, Berkeley, School of Law, where she also earned a Business Law Certificate from the Berkeley Center for Law and Business.

Winnie joined SSEK in 2007 and has represented major domestic firms and multinational companies in a variety of transactions. She has worked on numerous projects involving M&A, financial services and fintech, data privacy, pharmaceuticals and healthcare, corporate and commercial matters, foreign investment, e-commerce, and real estate and property (particularly hotels).

Her projects in the fintech sector include acting as Indonesian counsel to Didi Chuxing in the acquisition of a substantial stake in Grab Inc., a transaction valued at over US$1 billion, and acting as lead Indonesian counsel to Mastercard as the lead investor in the series B funding round of Digiasia, an Indonesian fintech startup. Winnie advises clients on all aspects of fintech and payment systems (including e-money, remittances, payment gateways and switching), from obtaining the relevant licenses to cross-border fintech M&A transactions and navigating complex regulatory, legal and commercial challenges to ensure compliance with the relevant fintech and payment system regulations of Indonesia’s Financial Services Authority (OJK) and Central Bank (Bank Indonesia).

In the healthcare sector, Winnie has represented pharmaceutical companies, including manufacturers and distributors, in providing practical solutions for their day-to-day operations, corporate and commercial contracts, and specific regulatory issues.

Prior to joining SSEK, Winnie worked at another prominent corporate law firm in Jakarta, where she was involved in various capital market transactions including IPOs, bond issues and rights issues. She helped handle several debt restructuring projects involving the Indonesian Bank Restructuring Agency (IBRA), an independent government agency established in response to the Indonesian financial crisis.

Winnie was also an associate procurement expert for an Asian Development Bank-Indonesian Ministry of National Development Planning (Bappenas) project, where she developed and drafted model national procurement documents.

Winnie is a licensed attorney and a member of the Indonesian Advocates Association (Peradi). She participated in the 2014 Academy of American and International Law, sponsored by the Southwestern Institute for International and Comparative Law in Dallas, Texas.

Having spent her childhood in Hamburg, Germany, she speaks German in addition to English and her native Indonesian.

Register for your monthly Asia legal updates from Conventus Law

Error: Contact form not found.

RELATED ARTICLES