Implementation of Risk Management for Insurance Companies, Guarantee Institutions, and Pension Funds

The Financial Services Authority (OJK) issued Regulation No. 28 of 2025 to mandate adequate, effective, and measurable risk management for insurance companies, guarantee institutions, and pension funds. This regulation replaces POJK No. 44/2020, expands the scope to include guarantee institutions with specific risk types, and integrates risk management functions within financial conglomerates. The regulation becomes effective on January 1, 2026, with initial risk profile self-assessments due by February 15, 2027.

Indonesia

Otoritas Jasa Keuangan (Financial Services Authority)

Financial Services Authority Regulation

Number 28 of 2025 regarding Implementation of Risk Management for Insurance Companies, Guarantee Institutions, and Pension Funds

Abstract:

The development of insurance companies, guarantee institutions, and pension funds requires the implementation of adequate, effective, and measurable risk management. Furthermore, the implementation of risk management for guarantee institutions has not been regulated in the Financial Services Authority Regulation Number 44/POJK.05/2020 regarding the Implementation of Risk Management for Non-Bank Financial Service Institutions (NBFIs). Therefore, it is necessary to establish a Financial Services Authority Regulation regarding the Implementation of Risk Management for Insurance Companies, Guarantee Institutions, and Pension Funds (PPDP).

The legal basis for this Financial Services Authority Regulation is:

Law Number 21 of 2011;
Law Number 40 of 2014; and
Law Number 1 of 2016 as amended by Law Number 4 of 2023.

The improvements made include changes in nomenclature from NBFIs to PPDP, the addition of guarantee institutions to the scope of risk management, the addition of risk types for guarantee institutions, the addition of risk management work units or risk management functions in the organization and risk management functions of PPDP, the exemption from the obligation to form a risk management committee, self-assessment of risk profiles, and the submission of risk profile reports.

Notes:

This Financial Services Authority Regulation shall come into force on January 1, 2026.
This Financial Services Authority Regulation was promulgated on November 24, 2025, and established on November 10, 2025.
The risk management work unit or risk management function may be combined with the risk management work unit or risk management function within the structure of the relevant PPDP financial conglomerate if the PPDP implements integrated risk management.
The implementation of Risk Management for financial institution pension funds may be combined with the implementation of Risk Management by the founder.
Guarantee institutions, insurance brokerage companies, reinsurance brokerage companies, and insurance loss assessment companies shall submit the results of their first risk profile self-assessment for the 2026 fiscal year no later than February 15, 2027.
Upon the coming into force of this Financial Services Authority Regulation, the Financial Services Authority Regulation Number 44/POJK.05/2020 regarding the Implementation of Risk Management for Non-Bank Financial Service Institutions is repealed and declared invalid.
Implementation provisions of POJK 44/2020 for Insurance Companies and Pension Funds remain valid insofar as they do not conflict with the provisions in this POJK.
Further provisions regarding the implementation of risk management for guarantee institutions will be regulated in a Commissioner Board Member Regulation.