Following up on the issuance of a peer-to-peer lending regulation by Indonesia's Financial Service Authority (OJK) late last year (which was the subject of the Indonesia briefing back in February 2017), the OJK has released a circular letter setting up further guidelines on the governance and risk management aspects of peer-to-peer lending operators in Indonesia.
In addition to the requirement to register with the OJK, under the guidelines, the relevant peer-to-peer lending operator is required to register as an electronic system provider with the ministry of communication and information.
The responsibility for ensuring security, data protection, and other operational aspects of the business lies with the board of directors. The guidelines also mandate that the business sets up a data centre and a 'disaster mitigation centre' within the territory of the republic of Indonesia.
A disaster mitigation plan would need to be prepared and reviewed at least once annually. The operator is also required to prepare a human resources plan to ensure that it has and continues to have the necessary competent manpower to operate the business.
The guidelines also require that the relevant operator safeguards its data and avoids disclosure of personal information to any third party without consent, in the absence of specific regulatory directives.
Finally, the guidelines confirm that the use of electronic signatures is permissible, subject to several requirements stated within the guidelines.
The guidelines were effective as of April 18 2017.
As mentioned previously in the February briefing, peer-to-peer lending operators in Indonesia are required to register with the OJK by the end of June. In early June, Hendrikus Passagi, an OJK officer, stated that five operators had completed their OJK registration, including Modalku, Investree, Koiworks, Amartha, and Danamas. The registration of 20 additional operators is still in process.
|Oene Marseille and Emir Nurmansyah|