Testing the waters
IFLR is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Testing the waters

Sponsored by

Blockchain technology futuristic hud banner.

Maria Sagrado and Yanuar Pribadhie, of Makarim & Taira S., discuss the country’s central bank’s regulatory sandbox initiative for fintech players



After a lengthy discussion with business players (mainly startups in the payment systems sector, such as e-money issuers and payment gateway providers), at the end of 2017, Bank Indonesia issued regulation No. 19/12/PBI/2017 on the Organisation of Financial Technology (the Fintech regulation).

In general, the Fintech regulation imposes an obligation on fintech players that provide or will provide fintech services to register with/submit an activity report to Bank Indonesia, the Indonesian Central Bank. Certain exceptions to the registration requirement apply to fintech players that fall under the supervision of different authorities. An example is the popular online peer-to-peer (P2P) lending players which fall under the supervision of the Indonesian Financial Services Authority (OJK).

Another feature the fintech regulation introduces is the regulatory sandbox for fintech players. Below is a brief introduction to these initiatives.

First regulation to mention the regulatory sandbox

The Fintech regulation is the first regulation issued by an Indonesian authority that explicitly refers to the regulatory sandbox. Before it, the OJK issued Regulation No. 77/POJK.01/2016 on IT-based Money Lending Services (the P2P lending regulation) regulating P2P lending service providers (that are open to 85% for foreign share ownership). This regulation introduces a registration process before P2P lending services providers can apply for a business licence. A registration certificate is far less burdensome to obtain than a business licence, yet P2P lending services providers can operate fully upon obtaining a registration certificate, but they must have applied for a business licence within a year.

Although not explicitly stated in the regulation, according to a variety of sources, the above gap between registration and obtaining a business licence was once claimed to be the OJK's version of a regulatory sandbox, because it provides space for these businesses to operate under minimal regulatory requirements for a year before they must play according to the stricter rules which apply to obtaining a business licence. However, Bank Indonesia's version of the regulatory sandbox is different from that of the OJK. Currently, the OJK is in the process of preparing another regulation that may be similar to Bank Indonesia's regulatory sandbox.

In Bank Indonesia's version, the regulatory sandbox is a space where fintech players, including foreign companies, can try out their products, services, technology or business models, in a very limited manner (eg for a limited period, with limited coverage and for a limited number of users). In that sense, while fintech players can try out their products, they cannot fully operate like services providers covered by the P2P lending regulation during this registration phase.

Why the regulatory sandbox matters

In the fintech business, products often develop faster than the regulations. It is not uncommon for fintech products to not clearly fall under any of the Bank Indonesia categories of payment system services (eg payment cards, e-money (which is overseen by a new regulation issued on 4 May 2018), digital wallets, payment gateways, switching services providers and proprietary channels). The regulatory sandbox provides businesses with a chance to find out whether or not their products fall under a certain business classification, and therefore if they require a licence.

In a number of public awareness events, the players have expressed the expectation that participants in the regulatory sandbox, if they pass the test, have an advantage in the licensing procedure as they have met Bank Indonesia's expectation that they will comply with the prevailing regulations during the trial period. This incentive is fairly important from a commercial perspective as in practice, obtaining a licence to provide payment system services can be quite burdensome.

How to become eligible for the regulatory sandbox

The Fintech regulation introduces a criteria-based regulatory sandbox (instead of an application-based one), meaning that not everyone is eligible for the initiative. To be determined eligible, fintech players must first be registered with Bank Indonesia or have filed a report on their business activities if they have held a licence as a payment systems services provider before the fintech regulation was issued.

Bank Indonesia will then assess a variety of criteria, including whether: (i) the fintech involves the element of a payment system under the jurisdiction of Bank Indonesia; (ii) it is innovative; (iii) it can benefit customers/the economy; (iv) it is non-exclusive; (v) it can be widely used; (vi) it is equipped with risk identification and mitigation; and (vii) any other criteria Bank Indonesia considers important.

Preparing for the regulatory sandbox

If from their registration Bank Indonesia determines that certain players are likely to be eligible for the regulatory sandbox, it will invite the players to make a presentation on the business model and risk management, and to submit certain documents (the company profile and the business to be tested in the sandbox).

After assessing the presentation and documents submitted to it, Bank Indonesia will issue a decision on its eligibility. Upon being determined eligible, the fintech player must submit a scenario proposal for the product testing, which must include, among other things, the products to be tested, the testing period, the target, the limitations on coverage, the customers and other limitations.

Starting your regulatory sandbox

Bank Indonesia will review the scenario proposal it receives and decide whether or not to approve it. The testing period given can be up to six months as of the date of the decision, and can be extended once under certain circumstances for up to six months. During the testing period, the fintech player may only engage in the business activities specified in the approved scenario.

While fintech players eligible for the regulatory sandbox benefit from a more lenient regulatory regime, they are expected to apply appropriate consumer protection principles, risk management, prudential principles, and to comply with the prevailing laws and regulations.

During the testing period, Bank Indonesia will assist and review the company's activities, the result of which will be used as a basis for deciding on the outcome of the testing.

The outcome of the testing

The testing should result in one of three decisions: (i) a pass; (ii) a fail; or (iii) another status determined by Bank Indonesia.

If the result is a pass, Bank Indonesia will categorise the business, ie whether or not it is a payment system business. If so, the fintech player must apply for a business licence in the appropriate category before it can continue selling its products/services. If it is not (if, for example, it is a P2P lending business), Bank Indonesia will refer the result to the relevant authority (eg the OJK).

The regulatory sandbox regime does not prohibit participants from applying for a business licence at the same time as they participate in the sandbox. If they do so, fintech players which pass the test can continue marketing their products until their licence is issued. This way, applying for a licence while participating in the regulatory sandbox would seem more advantageous as the business can continue marketing its products/services after passing the test, but pending the issuance of a licence.

If the result is a fail, the fintech player will not be able to market its products/services further.

Fintech players which pass the test and are categorised as payment system services providers must identify their role according to the category. Currently, the categories are defined in Bank Indonesia Regulation No. 18/40/PBI/2016 on Processing Payment Transactions. Under this regulation, payment system services providers include: (i) payment card (ATM, debit and credit cards) players (ie acquirers, issuers, principals, end settlement and clearing processors); (ii) chip-based and server-based e-money providers (ie issuers, acquirers, principals, end settlement and clearing processors); (iii) funds transmitting businesses; (iv) payment gateway providers; (v) switching services providers; (vi) digital wallet providers; (vii) proprietary channels; and (viii) other payment system services providers.

In addition to the requirement to establish a limited liability company, certain businesses are subject to foreign share ownership restrictions. Currently, foreign parties can hold up to 20% of the shares in principals (e-money and payment card providers), end-settlement and clearing processors, as well as switching service providers.

About the author



Maria Sagrado

Partner, Makarim & Taira S.

Jakarta, Indonesia

T: +6221 5080 8300, 252 1272

E: maria.sagrado@makarim.com

W: www.makarim.com

Maria Sagrado has extensive high-level experience in structuring foreign investment and financial transactions. She represents the interests of numerous foreign clients investing in Indonesia, including companies and investors from China, the US, the UK, Singapore and the EU.

Maria's well-rounded experience in relevant corporate and commercial practices enable her to comprehensively advise and guide foreign clients entering into local investments or transactions in Indonesia, with due consideration for the various aspects involved. She has represented clients in various sectors including FinTech such as peer-ro-peer lending and payment system operators. She is actively involved in the FinTech Association in Indonesia.

About the author



Yanuar Pribadhie

Associate, Makarim & Taira S.

Jakarta, Indonesia

T: +6221 5080 8300, 252 1272

E: yanuar.pribadhie@makarim.com

W: www.makarim.com

Yanuar Pribadhie is an Associate at Makarim & Taira S. He practices international and corporate law, and has worked extensively in matters involving technology, media and telecommunication, banking and finance, intellectual property, corporate and foreign investment. He is heavily involved in the drafting of some regulations related to fintech in Indonesia and is active in the FinTech Association.

He has represented and assisted in a number of local and foreign investments and acquisitions. He has co-authored articles relating to the Indonesian e-commerce regulation and copyright law, among others. Together with his team, he has represented major clients in payment system and start-up companies.

Gift this article