General Overview

In order to cover previously unregulated information technology-based services, on August 15, 2018, OJK issued the OJK Regulation No. 13/POJK.02/2018 on Digital Financial Innovation (Inovasi Keuangan Digital – “IKD). IKD is defined as business process update activity, business model, and financial instruments that provide newly added value in the financial services sector by involving digital ecosystem.

This regulation also introduced a testing mechanism conducted by OJK to assess the reliability of business processes, business models, financial instruments, and governance (“Regulatory Sandbox”).

Purpose, Scope, and Criteria of IKD

Any Party that carries out the IKD (“Organizer”) must perform its services to support the development of IKD responsibly, to support the monitoring of IKD effectively, and encourage synergy in the digital ecosystem on financial services.

The scope of IKD includes:

    1. transaction settlement,
    2. capital gathering, including equity crowdfunding, virtual exchange, smart contract and alternative due diligence;
    3. investment management, including advanced algorithm, cloud computing, capabilities sharing, open source information technology, automated advice and management, social trading, dan retail algorithmic trading;
    4. gathering and distribution of funds, including P2P Lending, alternative adjudication, virtual technologies, mobile 3.0, and third-party application programming interface;
    5. insurance, including sharing economy, autonomous vehicle, digital distribution, and securitization and hedge fund;
    6. market support, including artificial intelligence/machine learning, machine readable news, social sentiment, big data, market information platform and automated data collection and analysis;
    7. other digital financial supports, including social/eco crowdfunding, Islamic digital financing, e-waqf, e-zakat, robo advise dan credit scoring; and/or
    8. other financial services activities, including invoice trading, vouchers, token and blockchain.

The criteria of IKD includes:

  1. innovative and forward-looking;
  2. using information and communication technology as the main means of providing services to users in the financial services sector;
  3. supports inclusion and financial literacy;
  4. useful and widely used;
  5. can be integrated into existing financial services;
  6. using a collaborative approach;
  7. prioritize user and data protection.

Recording (Pencatatan), Regulatory Sandbox and Registration

The Organizer consists of Financial Services Institution, and/or other parties that conduct business in the financial services sector. The Organizer must be in the form of a limited liability company or a cooperative, and Organizer is prohibited to manage portfolio or exposure on its own, which means that the Organizer will only provide the platform to facilitate the transaction and financial services.

The Organizer must apply to OJK to be recorded, and OJK shall records the Organizer by taking into account the validity and fulfillment of documents that provided by Organizer.

After completion of the recording process above, OJK shall conduct the Regulatory Sandbox in order to ensure that IKD has fulfilled IKD criteria as mentioned above. The Regulatory Sandbox is implemented in the most time period for 1 (one) year and can be extended for 6 (six) month if needed.

After the completion of the Regulatory Sandbox, the Organizer may obtain the following status:

  1. Recommended, in which OJK shall issue a recommendation for registration;
  2. Revised (Perbaikan), in which OJK shall extend the Regulatory Sandbox on the Organizer for a maximum of 6 (six) months; or
  3. Not recommended, in which the Organizer is not able to apply for the same IKD.

Any Organizer that has obtained recommended status is entitled to submit registration to OJK and such registration must be made in no later than 6 (six) months since the Organizer obtained recommended status, otherwise the status will be revoked and declared invalid.

Data Protection and Confidentiality

The Organizer is obliged to maintain confidentiality, integrity, and availability of personal data, transaction data, financial data managed by it. The utilization of user data and information must requirements stipulated thereof.


OJK has the powers to impose administrative sanctions on a Provider for a violation of obligations and prohibited activities under this regulation in the form of:

  1. a written warning;
  2. a penalty;
  3. limitation for access to business activities; and
  4. revocation of license/registration.

Going Forward

We still need to see further measures taken by OJK on this POJK 13 of 2008 given some parts are still unclear, including any policy to be applied by OJK.