In today’s Indonesian business environment, governance and compliance are no longer viewed merely as internal administrative requirements. They are increasingly becoming part of the practical framework through which companies make and implement business decisions, from identifying the proper authority, assessing legal and commercial risks, and obtaining required approvals, to maintaining adequate documentation. While they do not eliminate business risk, they help companies and management demonstrate that decisions were made through a proper, accountable, and well-documented process.
The regulatory framework for governance and compliance in Indonesia
Although Indonesia does not have a single overarching regulation governing governance and compliance, the relevant principles are addressed across various sector-specific laws and regulatory frameworks.
Under Law No. 40 of 2007 on Limited Liability Companies, as amended from time to time (the Company Law), corporate governance starts from the allocation of authority among the company organs. The board of directors manages the day-to-day affairs of the company and represents the company in and outside court. The board of commissioners supervises and advises the board of directors, while shareholders exercise reserved authorities through the general meeting of shareholders.
In practice, this allocation of authority determines how corporate actions are initiated, approved, and implemented. Before taking a significant action, the company needs to identify whether the matter falls within the authority of the board of directors, requires prior approval or recommendation from the board of commissioners, or must be submitted to shareholders. This assessment should be made by reviewing the company’s articles of association, delegation of authority matrix, board manuals, internal policies, RKAP (Rencana Kerja dan Anggaran Perusahaan, or business plan), sectoral regulations, and any relevant financing or contractual restrictions.
This is particularly important for material transactions, asset disposals, financing arrangements, capital changes, related-party transactions, long-term cooperation arrangements, actions outside the approved business plan, or transactions with significant financial or strategic impact. In these cases, governance operates as a practical control process: ensuring that the proposed action is reviewed by the relevant functions, approved by the competent corporate organ, supported by adequate rationale, and properly documented before implementation.
The Company Law provides the starting point for determining corporate authority and accountability. However, the governance analysis for a corporate action does not end with the Company Law. Depending on the company’s status and the nature of the transaction, additional requirements may arise from capital market regulations, sectoral regulations, financing documents, internal policies, shareholder directions, or state-owned enterprise (SOE)-specific rules.
In practice, a corporate action may be properly approved under the general corporate law framework but still require further review under other applicable regulations, including disclosure, licensing, regulatory approval, procurement, tariff, related-party transaction, or state ownership requirements. The relevant regulatory framework may include the following:
SOEs – Minister of SOEs Regulation No. PER-2/MBU/03/2023 on the Guidelines for Governance and Significant Corporate Activities of State-Owned Enterprises;
Public companies – Financial Services Authority (OJK) Regulation No. 21/POJK.04/2015 on the Implementation of Corporate Governance Guidelines for Public Companies, and OJK Circular Letter No. 32/SEOJK.04/2015 on Corporate Governance Guidelines for Public Companies;
Banks – OJK Regulation No. 17 of 2023 on the Implementation of Governance Principles for Commercial Banks, and OJK Regulation No. 18/POJK.03/2016 on the Implementation of Risk Management for Commercial Banks;
Securities companies – OJK Regulation No. 57/POJK.04/2017 on the Implementation of Governance for Securities Companies Engaged in Underwriting and Brokerage Activities, and OJK Regulation No. 13 of 2025 on Internal Control and Conduct of Securities Companies Engaged in Underwriting and Brokerage Activities.
These regulatory references show that governance and compliance requirements in Indonesia are often layered and sector-specific. Accordingly, the applicable requirements must be assessed by reference to the company’s business sector, licensing status, ownership structure, and the nature of the relevant corporate action. For companies operating in sectors regulated by the OJK, this may include disclosure obligations, periodic and incidental reporting, prior registration or approval for certain corporate actions or transactions, and mandatory governance structures such as audit committees and nomination and remuneration committees.
Governance and compliance under the New Criminal Code
The importance of governance and compliance for corporations has entered a new phase with the introduction of Indonesia’s new criminal law framework. On January 2 2026, Indonesia brought into force three major legal reforms simultaneously:
Law No. 1 of 2023 on the Criminal Code (the New Criminal Code);
Law No. 20 of 2025 on the Criminal Procedure Code; and
Law No. 1 of 2026 on the Harmonisation of Criminal Sanctions.
Collectively, these reforms represent the most fundamental transformation of Indonesia’s criminal law framework in over a century.
From a corporate governance perspective, one of the most important changes is the express recognition of corporations as subjects of criminal liability under the New Criminal Code. Previously, under Law No. 1 of 1946, criminal liability was generally centred on individuals, as corporations were not expressly recognised as subjects of criminal law. The New Criminal Code changes this position by expressly recognising corporations as subjects of criminal liability. The scope of “corporations” under the New Criminal Code is broad. It includes legal entities such as limited liability companies, foundations, cooperatives, SOEs, regional government-owned enterprises, and other entities treated as legal entities under applicable laws. It also covers associations, whether or not they are legal entities, and business entities such as firms, limited partnerships, or their equivalent under prevailing laws.
The practical relevance of governance and compliance is particularly reflected in the attribution grounds under Article 48 of the New Criminal Code that relate to corporate policy, prevention, compliance, mitigation, and tolerance. In particular, governance becomes directly relevant where the alleged criminal act is adopted or accepted as corporate policy; where the corporation fails to take necessary preventive measures, mitigate impacts, or ensure compliance with applicable laws; and where the corporation allows the criminal act to occur. These elements require an assessment of how the corporation is actually managed, supervised, controlled, and monitored.
Other attribution grounds, such as whether the act falls within the corporation’s business or activities or whether it unlawfully benefits the corporation, are not governance elements in themselves but may still be tested through governance records. These may include the articles of association, licences, business plan, delegation of authority, approval documents, transaction records, internal correspondence, risk assessment, compliance review, audit findings, and evidence of how the relevant act or benefit was approved, received, retained, escalated, or addressed.
Accordingly, Article 48 gives governance and compliance a concrete legal function. A well-implemented governance framework may help demonstrate that unlawful conduct was not part of corporate policy, was not tolerated by the corporation, and occurred despite preventive and compliance measures. Conversely, weak or undocumented governance may make it more difficult for a corporation to show that the relevant conduct was isolated, unauthorised, or contrary to its internal standards.
SOE governance reform: the roles of BP BUMN and Danantara
In the SOE sector, the development of governance and compliance has entered a distinct phase through two successive amendments to Law No. 19 of 2003 on State-Owned Enterprises (the SOE Law). First, Law No. 1 of 2025 introduced Badan Pengelola Investasi Daya Anagata Nusantara (Danantara) as part of the new SOE management and investment framework. Subsequently, Law No. 16 of 2025 further amended the SOE Law by introducing Badan Pengaturan BUMN (BP BUMN) to replace the role previously carried out by the Ministry of SOEs/Kementerian BUMN in the relevant governance and regulatory framework.
Broadly, BP BUMN represents the state’s governance, regulatory, and shareholder-function interface in the SOE sector, while Danantara is positioned to carry out investment management and value-optimisation functions within the SOE ecosystem. This distinction is important because it reflects an effort to create clearer institutional roles between policy, governance, supervision, and investment execution.
From a governance perspective, the introduction of BP BUMN and Danantara makes the approval and accountability mapping for SOEs more important. Significant corporate actions should be assessed not only by reference to the SOE’s internal corporate organs but also by reference to the respective roles of BP BUMN and Danantara where relevant. Depending on the nature of the matter, the relevant considerations may include shareholder direction, strategic policy alignment, investment mandate, restructuring plan, dividend policy, holding structure, group-level coordination, or other governance requirements applicable within the SOE ecosystem.
At a high level, the respective roles and authorities of BP BUMN and Danantara can be summarised as follows.
BP BUMN | Danantara |
· Establishing general policy direction for SOEs; · Formulating SOE governance policies and frameworks; · Setting and submitting the SOE roadmap to the relevant parliamentary committee; · Issuing assignments and directives to SOEs; · Determining key performance indicators (KPIs) and related standards; · Setting criteria for write-off and recovery of SOE assets; · Establishing new SOEs; · Conducting audits and supervisory reviews of SOEs; · Proposing privatisation plans; · Approving the agency’s work plan; · Ensuring SOEs act as agents of national economic and social development; · Supervising SOE compliance with governance policies, KPIs, and government assignments; and · Exercising any other authority as delegated by the president. | · Managing dividends from the investment holding, operational holding, and SOEs; · Approving capital injections into or reductions of SOEs; · Establishing and structuring the investment and operational holdings; · Approving write-off and recovery of SOE assets proposed by the relevant holdings; · Providing and receiving financing and pledging assets, subject to presidential approval; · Acting as guarantor for the investment holding (with supervisory board approval); · Approving and consulting with Parliament on the work plans and budgets of the holdings; and · Establishing strategic policies in key areas, including accounting and finance, investment development, operations and procurement, information technology, human resources, risk management and internal control, legal and compliance, corporate social responsibility, and ESG. |
From a governance perspective, this structure is significant because it reshapes the allocation of roles within the SOE ecosystem. Danantara is positioned to carry out management, investment, and value-optimisation functions, while BP BUMN represents the state’s regulatory, governance, and shareholder-function interface, including through the holding of Series A Dwiwarna shares. This structure is also reflected in the revised shareholding arrangement, where the state of the Republic of Indonesia holds 1% Series A Dwiwarna shares through BP BUMN, while 99% Series B shares are held through Danantara.
As a result, the approval landscape for SOEs has become more layered. For each material action, the SOE can no longer rely only on the previous approval route under the Kementerian BUMN framework. Management must first classify the nature of the proposed action: whether it is a matter of ordinary business operation, investment or portfolio management, shareholder reserved matter, restructuring, financing, capital action, dividend policy, guarantee, procurement, affiliate transaction, or other strategic corporate action. This classification is important because it determines whether the matter should be submitted to Danantara, BP BUMN, the SOE’s own corporate organs, or more than one of them.
This additional process may slow down business approvals, especially during the transition period when SOEs are still adjusting their articles of association, internal authority matrix, board procedures, and approval templates to the BP BUMN–Danantara framework. A transaction that previously moved through a single shareholder-approval route may now require separate analysis of whether the matter is an investment-management matter for Danantara, a governance or control matter for BP BUMN, or an internal corporate matter for the SOE. Without early classification, the approval process may become circular: the SOE submits the matter to one institution, only to be redirected because the matter is viewed as falling within another authority.
Against this backdrop, the governance relevance of the BP BUMN–Danantara framework lies in how SOEs translate the new allocation of institutional roles into their corporate decision-making process. The answer is not to treat the additional approval route as a separate administrative exercise after the commercial proposal has been prepared. The approval analysis should be built into the transaction planning from the outset. This means that legal, finance, risk, compliance, corporate secretary, and business teams should jointly determine the approval roadmap before the matter is submitted to any corporate organ or institution. By doing so, the SOE can avoid sequential or fragmented approvals, reduce the risk of resubmission, and ensure that the relevant proposal is presented to the proper decision-maker with the necessary supporting analysis from the beginning.
The classification should also distinguish between approval, consultation, confirmation, direction, reporting, and notification. This is important because unnecessary formal escalation may slow down business execution, while insufficient escalation may create governance exposure. By making this distinction clearly, SOEs can avoid treating every institutional interaction as a formal approval requirement, while still ensuring that matters with governance, shareholder, strategic, or accountability implications are escalated appropriately.
Under this approach, governance helps make the BP BUMN–Danantara framework operational. It enables SOEs to identify the correct approval route, prepare the required materials, engage the appropriate institution, and maintain a proper decision-making record. This is particularly important during the transition period, as articles of association, authority matrices, board procedures, and approval templates continue to be aligned with the new framework. In this sense, governance should function as a transaction-readiness mechanism.
The key point is that SOEs should not approach the new framework passively. They should actively build an internal approval protocol that translates the respective roles of Danantara, BP BUMN, and the SOE’s corporate organs into a practical decision-making process. Without that protocol, the new institutional structure may create delay and repeated escalation. With that protocol, the same structure can support more disciplined, better-documented, and more defensible SOE corporate actions.
