Following up on the issuance of a peer-to-peer lending
regulation by Indonesia's Financial Service Authority (OJK)
late last year (which was the subject of the Indonesia briefing
back in February 2017), the OJK has released a circular letter
setting up further guidelines on the governance and risk
management aspects of peer-to-peer lending operators in
In addition to the requirement to register with the OJK,
under the guidelines, the relevant peer-to-peer lending
operator is required to register as an electronic system
provider with the ministry of communication and
The responsibility for ensuring security, data protection,
and other operational aspects of the business lies with the
board of directors. The guidelines also mandate that the
business sets up a data centre and a 'disaster mitigation
centre' within the territory of the republic of Indonesia.
A disaster mitigation plan would need to be prepared and
reviewed at least once annually. The operator is also required
to prepare a human resources plan to ensure that it has and
continues to have the necessary competent manpower to operate
The guidelines also require that the relevant operator
safeguards its data and avoids disclosure of personal
information to any third party without consent, in the absence
of specific regulatory directives.
Finally, the guidelines confirm that the use of electronic
signatures is permissible, subject to several requirements
stated within the guidelines.
The guidelines were effective as of April 18 2017.
As mentioned previously in the February briefing,
peer-to-peer lending operators in Indonesia are required to
register with the OJK by the end of June. In early June,
Hendrikus Passagi, an OJK officer, stated that five operators
had completed their OJK registration, including Modalku,
Investree, Koiworks, Amartha, and Danamas. The registration of
20 additional operators is still in process.
||Oene Marseille and Emir