You are here
Back to topIndonesia’s Financial Services Authority (OJK) has recently issued OJK Regulation No. 12 of 2024 (OJK Reg 12), consolidating the anti-fraud framework in the financial services sector. This regulation will be effective on 31 October 2024, allowing a three-month transition period for regulated entities to adopt it and comply.
Prior to this regulation, regulated entities were already subject to separate anti-fraud frameworks based on their relevant sub-sectors: banking, multifinance, and insurance.
We discuss here key provisions of the framework that may require regulated entities to make significant adjustments to their existing business processes and strategies.
You can also read the Indonesian-language regulation here.
DEFINITION OF ‘FRAUD’
Prior to OJK Reg 12, the definition of ‘fraud’ focused solely on “intent” and “impact” (eg an action resulting in a loss to a consumer). OJK Reg 12 helpfully elaborates on what sort of activities are considered as ‘fraud’, as follows:
- ‘private’ corruption – unlawful conflict of interest, bribery, unlawful payment, or blackmail
- misuse of assets – misuse of cash, assets, or inventory
- financial statement engineering – overstating or understating net assets or net income
- misleading statements (penipuan)
- breach of confidential information
- other similar fraud
The regulation retains the “intent” and “impact” elements when considering whether an act constitutes ‘fraud’, meaning there are now three elements that all need to be present – the perpetrator’s intent, the action, and the impact of the action on customers/third parties.
These refined definitions offer helpful guidance for (a) regulated entities in refining their anti-fraud strategies and protocols (Anti-fraud Strategy), and (b) OJK and regulated entities in navigating regulatory compliance with this regulation going forward.
We note two key takeaways:
- There is no change in the underlying approach (in the context of this regulation) that fraud is an administrative breach attracting administrative sanctions from OJK. The regulation retains that approach and does not categorise any of these activities as crimes in the context of this regulation.
- Administrative sanctions will not be imposed on regional pawnshops (pegadaian daerah) or micro financial institutions (micro savings cooperatives).
EXPANDED SCOPE OF ‘CONTROLLED ENTITIES’
The regulation requires each regulated entity, eg a bank, to procure full implementation of its Anti-fraud Strategy by any entity that it controls (including non-regulated entities), with failure to comply attracting administrative sanctions such as suspension of business activities.
The regulation does not provide quantitative or qualitative definitions of ‘control’ or ‘controlled’ while the elucidation of the relevant article provides examples of non-regulated entities.
For example, if a bank (a regulated entity) controls an education foundation (yayasan) (a non-regulated entity), the bank must ensure that the foundation adheres to the bank’s Anti-fraud Strategy.
It remains to be seen (a) how OJK will interpret the term “control”, (eg whether ‘control’ includes ‘actual’ control or ‘indirect’ control), and (b) how OJK will test compliance with this requirement in practice.
Combining this requirement with the concept of kelompok usaha (entity grouping) in the financial services sector (eg a banking group (kelompok usaha bank) and a financial conglomerate), any regulated entity that is also designated the ‘main entity’ of that business group (kelompok usaha) or financial conglomerate should also take into account such requirement in further refining its business processes and strategy.
The board of directors and board of commissioners of the relevant regulated entity are named as ‘responsible parties’ to ensure compliance with this requirement, with failure to comply attracting administrative sanctions such as revocation of the respective directors’ and commissioners’ fit-and-proper tests.
ADDITIONAL PREVENTIVE MEASURE – COMBATING CRIME INVOLVING FINANCIAL PRODUCTS
OJK Reg 12 requires regulated entities to expressly consider and plan for any future-proofing measures to mitigate the risk of them being used as a tool in criminal activities. For instance, regulated entities should start considering preventive measures on risks relating to illegal gambling and illegal online investments.
* * *
Please reach out to your usual contact if you have any questions on this new OJK regulation, and on how best to navigate these new requirements.