.jpg)
18 January, 2017
IT-Based Lending Regulation
We set out below a summary of the key aspects of the IT-Based Lending Regulation.
1. Scope. ”Information Technology-Based Lending Services” or IT-Based Lending is defined as “the provision of financial services which seeks to connect a provider of loans with a recipient of loans through a direct loan agreement in Indonesian Rupiah currency via electronic systems using an internet network”. The IT-Based Lending Regulation envisages that IT-Based Lending is undertaken by a Provider of Loans providing a loan to the Recipient of Loans where the source of funds originates from the Provider of Loans. This is sufficiently broad to capture marketplace or peer-to-peer lending platforms.
There are a number of key defined terms in the IT-Based Lending Regulation which merits attention, in particular:
“Information Technology-Based Lending Services Operator” or IT-Based Lending Operator which is defined as an “Indonesian legal entity which makes available, manages and operates Information-Technology Based Lending Services”.
“Provider of Loans” which is defined as “individuals, a legal entity and/or business enterprise which has a right to a receivable pursuant to an IT-Based Lending agreement”.
“Recipient of Loans” which is defined as “individuals, and/or a legal entity which has a debt obligation pursuant to an IT-Based Lending agreement”.
“IT-Based Lending Users” which is defined as a “Provider of Loans and Recipient of Loans who use the IT-Based Lending services”.
2. Foreign ownership limit. The maximum foreign ownership limit for (direct or indirect) shareholding in an IT-Based Lending Operator is set at 85%.
3. Registration and Licensing. An IT-Based Lending Operator must register with, and obtain a license from OJK, in a two-stage process. An IT-Based Lending Operator who has engaged in the activity of IT-Based Lending prior to the enactment of IT-Based Lending Regulation (i.e., prior to 29 December 2016) must submit a registration application to OJK at the latest within 6 months from 29 December 2016 (the date the IT-Based Lending Regulation was enacted). Once registered, the IT-Based Lending Operator must submit an application to OJK for the business license of the IT-Based Lending Operator at the latest within 1 year of being registered with OJK. Subsequent change of ownership in IT-Based Lending Operator will require OJK prior approval.
4. Minimum capital requirements. There are certain minimum capital requirements which an IT-Based Lending Operator will need to satisfy, namely:
- at the point of registration of the IT-Based Lending Operator with OJK: minimum paid-up capital of IDR 1,000,000,000; and
- at the point of submission of an application for the business license to OJK: minimum paid-up capital of IDR 2,500,000,000.
5. Origin of Provider and Recipient of Loans. The Provider of Loans may originate from both inside and outside Indonesia, and may include loans from individuals and legal entities. However, the Provider of Loans can only provide loans to Recipient of Loans who originates from (berasal dari), and is domiciled in, the legal territory of Indonesia.
6. Lending limit. An IT-Based Lending Operator must observe certain lending limit in respect of each Recipient of Loans of up to a maximum of IDR 2,000,000,000 (approximately USD 148,149 based on an exchange rate of IDR 13,500) (“Lending Limit”).
7. Maximum Interest. Unlike in the previous draft of the regulation, the final version of the IT-Based Lending Regulation does not set a specific maximum interest rate that can be charged by a Provider of Loans to a Recipient of Loans. Instead the wording in the final version is a lot less prescriptive and has been watered down – now the regulation simply provides that the Operator may provide “suggestions” regarding the interest rate offered by a Provider of Loans and Recipient of Loans, taking into consideration, the fairness of the rate and development of the national economy. The elucidation of Article 17 provides that in measuring “fairness” of the rate various factors are to be taken into consideration including, the level of inflation or national interest.
8. Expertise. An IT-Based Lending Operator must:
- have available human resources who have expertise and/or background in information technology; and
- employs at least 1 director and 1 commissioner who have at least 1 year experience in financial services industry.
9. Risk Mitigation. An IT-Based Lending Operator is required to undertake risk mitigation measures, including in relation to operational and credit risks. For example, there is a requirement for repayment of loans by the borrower to be via an escrow account, this is required in order to prevent the IT-Based Lending Operator from taking deposit from the public into the IT-Based Lending Operator’s own account.
10. Data Centre. An IT-Based Lending Operator must place its data center and disaster recovery center in Indonesia. Apart from the data center and disaster recovery center, Operators must meet minimum standards of IT, risk management and security.
11. Data Protection. An IT-Based Lending Operator must ensure:
- the secrecy, integrity and availability of the personal data, transaction data, and financial data from the moment such data is obtained until the data is destroyed;
- the availability of authentication, verification, and validation processes that support access to, processing and execution of personal data, transaction data, and financial data managed by it;
- that acquisition, usage, and disclosure of the personal data, transaction data, and financial data obtained by the IT-Based Lending Operator is based on consent of the owner of such data, unless determined otherwise by applicable laws;
- the provision of other communication media, other than the IT-Based Lending electronic platform, to ensure the continuity of the services for the customer which may be in form of e-mail, call center, or other communication media; and
- that the owner of such personal data, transaction data, and financial data is notified in writing if there is any failure to protect the secrecy of the data managed by it.
12. Prohibitions. An IT-Based Lending Operator is prohibited from:
- conducting any business activities other than the business activities stipulated under IT-Based Lending Regulation;
- acting as a Provider of Loans or Recipient of Loans;
- providing guarantee in any form in relation to the fulfillment of the obligation of another party. The elucidation to this provision does not provide further clarity on the extent to which the guarantee must not be provided by the IT-Based Lending Operator (e.g., whether the IT-Based Lending Operator is prohibited to provide guarantee for the performance of its affiliates);
- providing recommendations to the IT-Based Lending Users;
- publishing false and/or misleading information;
- offering its services to the IT-Based Lending Users and/or public through private communication media without the consent of the relevant party;
- issuing a promissory note; and
- charging a fee to IT-Based Lending Users for submission of complaints to the IT-Based Lending Operator.
13. Sanction. Sanctions for non-compliance with the OJK IT-Based Lending Regulation range from written warnings to, ultimately, revocation of business licence.
Preliminary Key Observations
14. Although regulatory developments in the fintech space still remain at a relatively early stage in Indonesia, the broad outlines of the institutional landscape of the proposed regulatory framework are already beginning to become visible. In broad terms, the main regulator in this area is likely to be the OJK, with the exception that issues relating to payment are likely to be regulated primarily by the Indonesian central bank, Bank Indonesia (“BI”). It is also important to bear in mind the regulatory role played by the Ministry of Communication and Informatics (“MOCIT”), which in broad terms regulates telecommunications and information technology related matters, as it is very likely that certain aspects of the fintech industry may fall under MOCIT’s regulatory remit. The Indonesian Foreign Investment Coordinating Board (“BKPM”) is also likely to have a role in this space in certain situations involving foreign investors, as BKPM regulates foreign investment generally (with certain notable exceptions, e.g. in the financial services sector).
15. Given the existence of multiple regulatory bodies with potentially overlapping functions, we envisage that in the immediate future the evolving regulatory framework is likely to be complex and hence a case-by-case analysis is advisable when considering new products and business platforms in this fast evolving sector in Indonesia. That said, there is reason to be optimistic that the regulators in Indonesia will eventually find a workable balance between promoting a nascent (but rapidly growing) industry which has the potential of significantly addressing Indonesia’s long term financial inclusion policy objectives, and at the same time addressing the need to create a sound regulatory framework which takes into account prudential corporate governance principles in the financial services sector (including risk management and consumer protection aspects). The new IT-Based Lending Regulation is a good step in this direction.
16. It remains to be seen however whether the IT-Based Lending Regulation does strike the optimal balance in practice, as much will depend on the details of the implementation policies which are expected in further OJK Circular Letters. Overall it appears to be an even-handed set of regulation which seeks to promote a young (but growing) industry.
17. It is encouraging to see that the foreign ownership limit has been set at a maximum of 85%, as this is likely to attract more foreign investors in this space who may prefer a controlling stake.
18. It appears that the minimum capital requirements will be implemented in stages, i.e. a minimum of IDR 1,000,000,000 at point of registration with OJK and a minimum of IDR 2,500,000,000 at point of application to OJK for business license (with a maximum period of 1 year allowed between the two stages). This reflects OJK’s desire to moderate the impact of imposing capital requirements on a young (but rapidly developing) industry by adopting a measured approach in terms of timing of the envisaged capital requirements.
19. OJK’s consumer protection policy objectives are also evident in the IT-Based Lending Regulation, particularly the requirements regarding lending limits, and data protection / security. The existence, and proper application, of such rules are likely to increase the level of confidence that consumers have in emerging lending platforms in Indonesia, but again an overly restrictive implementation policy could potentially inhibit the growth of the industry.
20. The requirement to locate data center and disaster recovery center in Indonesia is a longstanding recurring theme in Indonesian government policy, and it remains to be seen how this requirement will be implemented in practice, as this is an issue which is closely watched by foreign investors.
For further information, please contact:
David Dawborn, Partner, Herbert Smith Freehills
david.dawborn@hbtlaw.com
