LogoRegulatory Alerts
2021-07-01

Bank Indonesia Regulation Number 23/6/PBI/2021 On Payment Service Providers

Bank Indonesia issued Regulation Number 23/6/PBI/2021 to establish a comprehensive regulatory framework for Payment Service Providers (PJP) to support financial digitalization and consumer protection. The regulation defines PJP activities including fund administration, payment initiation, and remittance, while mandating licensing through three distinct categories based on operational scope. It imposes strict institutional, capital, and integrity requirements on applicants, including domestic ownership thresholds and fit-and-proper tests for management and major shareholders.

Bank Indonesia logo

Indonesia

Bank Indonesia

Click to view thumbnail

  • 1 - BANK INDONESIA REGULATION NUMBER 23/6/PBI/2021 ON PAYMENT SERVICE PROVIDERS BY THE BLESSINGS OF THE ALMIGHTY GOD GOVERNOR OF BANK INDONESIA, Considering : a. that payment system regulation reform, including payment service provision, is necessary in line with the fulfillment of a fast, easy, affordable, safe, and reliable payment system by observing stability, access expansion, consumer protection, sound business practice, and application of best practices; b. that payment system regulation reform needs to accommodate development of business models and innovations in payment service provision from service providers to user, as well as interconnectedness with providers or other parties in payment system operation to support economic and financial digitalization; c. that development of activities in payment system infrastructure operation demands reinforcement of

  • 2 - access function to industry, implementation, termination of activity implementation, supervision, and processing of data and/or information on payment system; d. that based on the foregoing considerations as referred to in point a, point b, and point c, it is necessary to establish Bank Indonesia Regulation on Payment Service Providers; Observing : 1. Law Number 23 of 1999 on Bank Indonesia (State Gazette of the Republic of Indonesia of 1999 Number 66, Supplement to State Gazette of the Republic of Indonesia Number 3843) as amended several times and last by Law Number 6 of 2009 on Establishment of Government Regulation in Lieu of Law Number 2 of 2008 on the Second Amendment to Law Number 23 of 1999 on Bank Indonesia as a Law (State Gazette of the Republic of Indonesia of 2009 Number 7, Supplement to State Gazette of the Republic of Indonesia Number 4962);

  1. Bank Indonesia Regulation Number 22/23/PBI/2020 on Payment System (State Gazette of the Republic of Indonesia of 2020 Number 311, Supplement to State Gazette of the Republic of Indonesia Number 6610); HAS DECIDED: To establish : BANK INDONESIA REGULATION ON PAYMENT SERVICE PROVIDERS. CHAPTER I GENERAL PROVISIONS Article 1 In this Bank Indonesia Regulation:
  2. Payment System means a system including a set of regulation, institution, mechanism, infrastructure, source of fund for payment, and access to source of fund for payment, which are used to execute fund transfer to meet an obligation arising from an economic activity.
  • 3 -
  1. Bank means any commercial bank and people’s credit bank as referred to in the Law on banking, including branch office of foreign bank in Indonesia, and sharia commercial bank and sharia rural bank as referred to in the Law on sharia banking.
  2. Non-Bank Institution means non-Bank business entity lawfully established in Indonesia.
  3. Payment Service Provider, hereinafter referred to as PJP, means Bank or Non-Bank Institution providing services to facilitate payment transactions to users.
  4. Payment System Infrastructure Provider, hereinafter referred to as PIP, means a party operating infrastructures as a means which may be used for fund transfer for the interest of its members.
  5. Supporting Provider means a party cooperating with PJP and PIP to support the operation of Payment System service activities.
  6. User means a party using the services of PJP.
  7. Goods and/or Services Provider means a party selling goods and/or services which receives payments from Users.
  8. Self-Regulatory Organization in Payment System sector, hereinafter referred to as SRO, means a forum or institution lawfully established in Indonesia which represents the industry and is determined by Bank Indonesia to support Payment System operation.
  9. Systemically Payment System Provider, hereinafter referred to as PSPS means PJP having systemic impacts on Payment System and/or financial system in the event the PJP experiences disruption or failure.
  10. Critical Payment System Provider, hereinafter referred to as PSPK, means PJP having critical impacts on Payment System and/or financial system in the event the PJP experiences disruption or failure.
  11. General Payment System Provider, hereinafter referred to as PSPU, means PJP which not having significant impacts
  • 4 - on Payment System and/or financial system in the event the PJP experiences disruption or failure.
  1. Source of Fund for Payment, hereinafter referred to as Source of Fund, means Source of Fund used to meet obligations in payment transactions and administered in an account for payment.
  2. Digital Financial Service, hereinafter referred to as Layanan Keuangan Digital (LKD), means financial and payment system service activity conducted by PJP conducting Source of Fund administration activities in the form of electronic money issuance through cooperation with third parties and use of mobile based technology means and devices or other digital devices for digital economy and financial inclusion. CHAPTER II ACTIVITIES AND LICENSING OF PAYMENT SERVICE PROVIDERS Part One Scope of Activities Paragraph 1 PJP Activities Article 2 (1) PJP operates the following activities: a. provision of Source of Fund information; b. payment initiation and/or acquiring services; c. administration of Source of Fund; and/or d. remittance services. (2) Bank Indonesia may determine PJP activities as referred to in paragraph (1).

  • 5 - Article 3 (1) The activities of provision of Source of Fund information as referred to in Article 2 paragraph (1) point a includes provision of Source of Fund information for payment initiation according to the approval of users. (2) The activity operation of provision of Source of Fund information implemented for payment initiation as referred to in paragraph (1) is conducted through cooperation and/or interconnection with PJP conducting Source of Fund administration activities or other PJP based on the determination of Bank Indonesia. Article 4 (1) The activities of payment initiation and/or acquiring services as referred to in Article 2 paragraph (1) point b include payment transaction forwarding. (2) The payment transaction forwarding as referred to in paragraph (1) includes: a. forwarding order or instruction of fund transfer through instrument, media, and/or a set of procedures through the use of a certain method or technology in payment transactions; and/or b. forwarding payment transaction data in the form of data on instruments, payment transaction nominal amount, and other payment transactions. (3) In conducting the payment transaction forwarding as referred to in paragraph (2), PJP may: a. store Source of Fund data and/or access to Source of Fund including providing a platform to facilitate users to store data on Source of Fund and access to Source of Fund; b. process payment transactions using different instruments; c. acquire Goods and/or Services Providers; d. exchange fund with the banks for payment to Goods and/or Services Providers; and/or e. disburse fund to Goods and/or Services Providers.

  • 6 - (4) PJP, which conducts payment initiation and/or acquiring services as well as disbursement as referred to in paragraph (3) point e to Goods and/or Services Providers, is required to: a. have and perform the mechanism and procedure for:

  1. merchant acquisition facilitated with the provision of provided services; and
  2. payment settlement to Goods and/or Services Providers; and b. evaluation of smoothness and security of payment transactions conducted through Goods and/or Service Providers. (5) The mechanism and procedure as referred to in paragraph (4) point a are determined by PJP. (6) Determination of the mechanism and procedure as referred to in paragraph (5) must comply with the provisions of risk management and the principle of consumer protection in accordance with the laws and regulations. Article 5 (1) The activities of Source of Fund administration as referred to in Article 2 paragraph (1) point c include administration of Source of Fund accounts and implementation of payment transaction authorization. (2) The payment transaction authorization as referred to in paragraph (1) means approval on transaction after the activity of payment transaction data forwarding is conducted in a way of: a. verifying or authenticating the identity of Source of Fund owners conducting payment transactions; b. validating access to Source of Fund and the executed payment transactions; and c. ensuring Source of Fund adequacy. (3) The activities of Source of Fund administration as referred to in paragraph (1) is accompanied by issuance of access to Source of Fund for Users.

  • 7 - (4) In conducting the Source of Fund administration as referred to in paragraph (1), PJP may conduct fund transfer as a feature of access to the issued Source of Fund. Article 6 The activities of remittance services as referred to in Article 2 paragraph (1) point d include activities of fund transfer operation in the form of acceptance and execution of fund transfer order which source does not come from an account administered by remittance service operators. Article 7 (1) PJP which breaches the provisions as referred to in Article 4 paragraph (4) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including implementation of cooperation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) are regulated by Regulation of Member of Board of Governors. Section 2 Cooperation between PJP and Supporting Provider Article 8 PJP in Payment System Operation, may cooperate with Supporting Provider. Section 3 Activities of Supporting Provider Article 9 To support PJP activities, Supporting Provider conduct activities under following conditions: a. payment transaction processing control remains on PJP;

  • 8 - b. Supporting Provider may only provide technical or resolving supporting services; and c. Supporting Provider is prohibited from accessing and/or administering Source of Fund. Article 10 Activities of Supporting Provider in payment transaction processing include provision of: a. technology for payment transaction processing in the following forms:

  1. provision of technology for payment transaction processing including provision of technology, system, and/or platform service used by PJP in implementation of payment transaction processing in the phases of initiation, authorization, clearing, and/or settlement; and/or
  2. provision of technology service for payment transaction processing including provision of authentication features for authorization of payment transaction, fraud management system, provision of cloud computing technology, and card management system provision; and/or b. other supporting services activities in Payment System operation including:
  3. operation services in pre-transaction and post￾transaction;
  4. activities of product marketing and/or payment services;
  5. trade operators through electronic system facilitating payments;
  6. provision of infrastructures and system for other PJP for white labelling;
  7. disbursement services to Goods and/or Services Providers; and
  8. other supporting services related to implementation of PJP activities.
  • 9 - Part Two PJP Licensing Section 1 License as PJP Article 11 Any party acting as PJP must obtain license from Bank Indonesia. Article 12 License for PJP to conduct PJP activities is granted based on the following license categories: a. license one category which includes the following activities:
  1. administration of Source of Fund;
  2. provision of Source of Fund information;
  3. payment initiation and/or acquiring services; and
  4. remittance services; b. license two category which includes the following activities:
  5. provision of Source of Fund information ; and
  6. payment initiation and/or acquiring services; and/or c. license three category which includes the following activities:
  7. remittance services; and/or
  8. other activities determined by Bank Indonesia. Section 2 PJP License Period Article 13 (1) If required, Bank Indonesia may determine PJP license period. (2) The determination of PJP license period as referred to in paragraph (1) is decided based on:

  • 10 - a. license category; b. the conducted activities; and/or c. the processed Source of Fund. Section 3 PJP License Requirements Article 14 The Party which submits license application to become PJP must meet license requirements determined by Bank Indonesia including the following aspects of: a. institutional; b. capital and financial; c. risk management; and d. information system capability. Article 15 The institutional aspect as referred to in Article 14 point a includes entity legality, ownership, control, and management. Article 16 (1) The party which applies for license to become PJP must be a: a. Bank; or b. Non-Bank Institution. (2) The Non-Bank Institution as referred to in paragraph (1) point b which applies for a license as PJP in license one category and license two category must be a limited liability company. (3) The Non-Bank Institution as referred to in paragraph (1) point b which applies for licensing as PJP in license three category must be a limited liability company or any other entity lawfully established in Indonesia as specified under the laws and regulations on fund transfers.

  • 11 - Article 17 (1) The Non-Bank Institution as referred to in Article 16 paragraph (1) point b must at least have 1 (one) member of board of directors domiciled in the Republic of Indonesia. (2) The member of board of directors of Non-Bank Institution domiciled outside the Republic of Indonesia must perform his or her functions, duties, and responsibilities as a member of board directors. Article 18 (1) Members of board of directors or board of commissioners of prospective PJP may concurrently act as a member of board of directors or board of commissioners of another company, provided that: a. it remains in line with the laws and regulations on fair business competition; and b. it does not reduce effectiveness of performance of duties and responsibilities as well as the capability and integrity as a member of board of directors or board of commissioners of prospective PJP in Payment System operation. (2) Member of board of directors, member of board of commissioners, and shareholder of prospective PJP must meet institutional requirements, namely aspect of integrity and track record in performing functions as the management and/or shareholder including but not limited to: a. never been declared bankrupt and/or found guilty of causing a business entity to be declared bankrupt within the last 5 (five) years prior to submitting their request; b. never been convicted of a certain crime by a final and binding court decision within the last 5 (five) years prior to submitting the application; c. never been listed in a bad debt list when submitting the application; and

  • 12 - d. never been listed in a national blacklist of withdrawers of blank cheque or bilyet giro administered by Bank Indonesia when submitting the application. (3) The shareholder as referred to in paragraph (2) is a shareholder who holds: a. shares of 25% (twenty-five percent) or higher than the number of shares issued by a prospective PJP and have voting rights; or b. shares of less than 25% (twenty-five percent) of the number of shares issued by a prospective PJP and have voting rights but may be proven that the person concerned have controlled the prospective PJP, both directly and indirectly. Article 19 (1) Institutional aspect in the form of ownership of a prospective PJP includes share ownership composition and ownership structure. (2) Institutional aspect in the form of ownership as referred to in paragraph (1) for a prospective PJP in the form of Non￾Bank Institution is specified under the following provisions: a. share ownership composition, at least 15% (fifteen percent) of which shall be owned by:

  1. Indonesian citizen; and/or
  2. Indonesian legal entity; b. the calculation of foreign share ownership for a prospective PJP in the form of Non-Bank Institution with the status of public company is conducted only with share ownership percentage of 5% (five percent) or more; c. for a prospective PJP in the form of Non-Bank Institution with the status of public company, share ownership with the percentage below 5% (five percent) traded on the stock exchange is calculated as domestic owned share; d. for a Non-Bank Institution in the form of public company, share ownership with the percentage below
  • 13 - 5% (five percent) traded on the stock exchange will be calculated as foreign share in the event that the share:
  1. is traded on Indonesia stock exchange and declared to be owned by a foreign party by prospective PJP; or
  2. is traded outside Republic of Indonesia; e. share ownership composition is calculated based on valid and latest proof of share ownership; f. foreign share ownership portion is calculated according to direct or indirect ownership; g. the direct ownership as referred to in point f is calculated based on 1 (one) share ownership level above the prospective PJP; h. the indirect ownership as referred to in point f is calculated until the ultimate shareholder; and i. PJP submits self-assessment of ownership structure at least once a year and incidentally in the event of ownership composition change. (3) In supervising implementation of PJP activities, Bank Indonesia may determine a policy on assessment of PJP ownership composition PJP in the form of Non-Bank Institution, including PJP in the form of public company, by considering: a. materiality scale; and/or b. other aspects to ensure the achievement of balance between innovation and stability and national interest. (4) In the event that there are any differences in assessment of share ownership composition between Bank Indonesia and the prospective PJP in the form of Non-Bank Institution, the assessment of share ownership composition to be used is the share ownership composition determined by Bank Indonesia.
  • 14 - Article 20 (1) Institutional aspect in the form of control of a prospective PJP in the form of Non-Bank Institution is regulated with the following provisions: a. share composition with voting rights of at least 51% (fifty-one percent) must be owned by a domestic party, namely:
  1. Indonesian citizen; and/or
  2. Indonesian legal entity; b. assessment of Bank Indonesia on share composition with voting rights is conducted collectively on each ownership level until the ultimate shareholder with the biggest voting right individually owned by a domestic party; c. in the event that there is a special right to nominate majority members of board of directors and/or members of board of commissioners, the right must be owned by a domestic party; d. in the event that there is a special right in the form of veto right against a decision or approval in a general meeting of shareholders with significant impacts on the company, the right must be owned by a domestic party; e. Bank Indonesia may determine the institutional aspect in the form of other control based on the assessment of Bank Indonesia; f. In the event that a prospective PJP has obtained an institutional license from other authorities, Bank Indonesia may determine another policy on institutional aspect in the form of ownership and/or control; and g. a prospective PJP submits self-assessment of ownership structure at least once a year and incidentally in the event of control change. (2) In supervising implementation of PJP activities, Bank Indonesia may determine a policy to assess control in PJP
  • 15 - in the form of Non-Bank Institution, including PJP in the form of public company, by considering: a. materiality scale; and/or b. other aspects to ensure the achievement of balance between innovation and stability and national interest. (3) In the event that there is any differences on the assessment of control between Bank Indonesia and a prospective PJP in the form of Non-Bank Institution, the assessment of control to be used is the control determined by Bank Indonesia. Article 21 (1) In processing of the license application as referred to in Article 14 point a, Bank Indonesia may conduct fit and proper test. (2) Fit and proper test as referred to in paragraph (1) is conducted to: a. parties who own:
  1. shares of 25% (twenty-five percent) or more than the number of shares issued by a prospective PJP and have voting rights; or
  2. shares of less than 25% (twenty-five percent) of the number of shares issued by a prospective PJP and have voting rights but may be proven that the person concerned have controlled the prospective PJP, both directly and indirectly; b. members of board of directors; and c. members of board of commissioners, of a party applying for license as PJP. (3) Fit and proper test may be conducted by Bank Indonesia in the event of: a. plan for change of the party as referred to in paragraph (2); or b. supervision result indicating any breach, fraud, and/or business performance deterioration with significant impacts on Payment System operation that conducted by the party as referred to in paragraph (2).
  • 16 - (4) Fit and proper test as referred to in paragraph (1) aims to ensure fulfillment of the following requirements: a. integrity; b. financial reputation; c. financial feasibility; and/or d. competence. (5) Fit and proper test as referred to in paragraph (4) may be conducted through administrative assessment and/or interview. (6) In the event that a prospective PJP has obtained an institutional license and/or is under supervision of other authorities, Bank Indonesia may coordinate with the authority. Article 22 (1) Requirements for license in relation to institutional aspect must be supported by fulfillment of the following documents: a. legality of the legal entity consisting of:
  1. document indicating the company’s purpose and objective, management structure, articles of association, amount of authorized capital and the latest initial capital, and the latest shareholders composition;
  2. document indicating business license from the competent authority; and
  3. document indicating recommendation for prospective PJP which has supervisory authority under the laws and regulations; b. ownership and control consisting of the latest document indicating ownership structure and control of a prospective PJP until the latest ultimate shareholder; c. management consisting of a document indicating the management integrity containing statements of each member of board of directors, member of board of
  • 17 - commissioners, and shareholders as referred to in Article 18 paragraph (3); d. representations and warranties from the relevant members of board of directors that a company is currently not being subject to:
  1. sanctions; and/or
  2. legal proceedings in criminal, civil, and/or bankruptcy case; and e. readiness of the company’s human resources and organization, including organizational structure along with job description, authority, and responsibility, including work unit or function responsible for consumer protection, implementation of anti-money laundering and countering the financing of terrorism, risk management, internal audit, and compliance. (2) Accuracy and completeness of the documents of license requirements as referred to in paragraph (1) must be accompanied by: a. result of legal due diligence from an independent legal consultant; and/or b. statement letter of the relevant members of board of directors that all of the submitted license requirements documents are accurate and complete according to the company’s condition. Article 23 Forms and details of the documents of license requirements as referred to in Article 14 and their amendments are contained in a list of requirements published on the web page of Bank Indonesia or any other media determined by Bank Indonesia. Article 24 (1) The capital and finance aspect as referred to in Article 14 point b includes minimum requirements of initial capital, feasibility analysis, and business forecasting. (2) The amount of initial capital for a prospective PJP is:
  • 18 - a. for license one category at least Rp15,000,000,000.00 (fifteen billion rupiahs); b. for license two category at least Rp5,000,000,000.00 (five billion rupiahs); and c. for license three category at least:
  1. Rp500,000,000.00 (five hundred million rupiahs) for a prospective PJP which does not provide a system that may be used by other PJP in license three category; or
  2. Rp1,000,000,000.00 (one billion rupiah) for a PJP candidate which provides a system that may be used by other PJP in license three category. (3) Fulfillment of the initial capital requirement for a prospective PJP in the form of Bank as referred to in paragraph (2) shall consider the provisions on capital fulfillment regulated by the competent authority. (4) Bank Indonesia may determine to change the minimum initial capital as referred to in paragraph (2) based on the following considerations: a. support national economic and financial policy; b. maintain national efficiency; c. protect public interest; d. maintain industrial growth; and/or e. maintain fair business competition. (5) Provisions for the change of minimum initial capital as referred to in paragraph (4) are regulated by Regulation of Member of Board of Governors. Article 25 The requirements for capital and financial aspect as referred to in Article 24 must be supported by fulfillment of the following documents: a. minimum initial capital requirements in the form of documents indicating capital structure such as amount of authorized capital and the latest initial capital;
  • 19 - b. feasibility analysis requirements in the form of documents indicating the condition, readiness, and company’s financial performance in a certain period; and c. business forecasting requirements in the form of documents indicating business feasibility calculation in implementation of Payment System activities to be conducted and the target to be achieved. Article 26 (1) The risk management aspect as referred to in Article 14 point c includes legal risk, operational risk, and liquidity risk. (2) Implementation of the risk management aspect as referred to in paragraph (1) is assessed through: a. active supervision by:
  1. board of directors and board of commissioners for prospective PJP in the form of limited liability company; or
  2. function or organ performing the functions of management and supervisor of prospective PJP in any other form of legal entity; b. availability of policies and procedures along with fulfillment of organizational structure adequacy; c. risk management process and risk management function as well as human resources; and d. internal control. Article 27 The license requirements for risk management aspect as referred to in Article 26 must be supported by the fulfillment of documents: a. indicating the policy and procedure for implementation of management of legal risk, operational risk, and liquidity risk; b. indicating cooperation plan between a company and another party in implementation of Payment System
  • 20 - activities to be conducted by the company, including but not limited to:
  1. summary of all cooperation between a prospective PJP and another party in relation to Payment System activities to be conducted; and
  2. cooperation agreement or final draft of cooperation agreement with all parties cooperating in Payment System activities to be conducted; c. indicating operational policy and procedure along with availability of instruments for consumer protection; d. indicating operational procedure for monitoring anti￾money laundering and countering the financing of terrorism; e. explaining Payment System products or activities to be conducted; f. indicating operational readiness, including standard operational procedure and specification of hardware and software in Payment System products or activities to be conducted; and g. indicating operational procedure for monitoring company liquidity in relation to implementation of Payment System activities. Article 28 The information system capability aspect as referred to in Article 14 point d shall at least be assessed through: a. procedure for security control information system; b. fraud management system; c. information system audit and security test; and d. level of capability and availability of information system. Article 29 The license requirements for information system capability aspect as referred to in Article 28 must be equipped by documents indicating:

  • 21 - a. procedure for security control of the system used in implementation of Payment System activities; b. procedure, mechanism, and infrastructures of fraud management system; c. result of system reliability test conducted by external and internal parties; and d. procedure, mechanism, and infrastructures of effective management of business continuity and disaster recovery. Section 4 Mechanism and Procedure for License Application Article 30 A party applying for license as PJP must: a. comply with the mechanism and procedure for license application determined by Bank Indonesia; b. conduct self-assessment in fulfillment of completeness of documents for license requirements; and c. submit documents for license requirements in relation to licensing aspect as requested by Bank Indonesia. Article 31 (1) The mechanism and procedure for license application as referred to in Article 30 point a are conducted through electronic system under Bank Indonesia Regulation on integrated license of Bank Indonesia through license front office. (2) In the event that the electronic system as referred to in paragraph (1) may not be implemented for certain license or it experiences disruption, the mechanism and procedure for license application are conducted under Bank Indonesia Regulation on integrated license of Bank Indonesia through license front office. Article 32 (1) Bank Indonesia reviews fulfillment of PJP license requirements.

  • 22 - (2) The review of PJP license as referred to in paragraph (1) is conducted through the following phases: a. administrative review; and b. substance analysis of the application according to the applied license categories, including feasibility analysis, and institutional aspect, capital and finance, risk management, and information system capability. (3) After the phase of review of PJP license application as referred to in paragraph (2), Bank Indonesia may conduct an on site visit for prospective PJP. Article 33 (1) In particular conditions, Bank Indonesia may not conduct on site visit in PJP licensing process by requesting additional documents indicating operational readiness as replacement of on site visit. (2) The particular conditions as referred to in paragraph (1) include: a. natural disasters; b. pandemic; and/or c. any other conditions determined by Bank Indonesia. Article 34 (1) To fulfill the completeness of licensing requirements documents of a prospective PJP, Bank Indonesia will hold: a. pre-consultative meeting; b. consultative meeting; and/or c. coaching clinic. (2) The pre-consultative meeting as referred to in paragraph (1) point a is held by Bank Indonesia and must be attended by a prospective PJP. (3) Bank Indonesia holds the pre-consultative meeting as referred to in paragraph (2) in phases prior to or during submission of required documents through an electronic system. (4) Bank Indonesia holds the consultative meeting and/or coaching clinic as referred to in paragraph (1) point b and

  • 23 - point c in the phase of revision to the required documents and checking. (5) In the event that the consultative meeting and/or coaching clinic is held by Bank Indonesia as referred to in paragraph (4), a prospective PJP must attend it. Article 35 (1) The administrative review as referred to in Article 32 paragraph (2) point a is conducted under Bank Indonesia Regulation on integrated licensing of Bank Indonesia through license front office. (2) The substance analysis as referred to in Article 32 paragraph (2) point b is conducted under the following provisions: a. Bank Indonesia conducts a substance analysis of license requirements within a maximum period of 20 (twenty) business days after requirement documents is accepted and declared complete by the front office license; b. in the event that the documents for license requirements are incompliant with the analysis result by Bank Indonesia, a prospective PJP must submit its revision within a maximum period of 40 (forty) business days; and c. Bank Indonesia conduct substance analysis on the license requirements to the revision as referred to in point b within a maximum period of 20 (twenty) business days after a prospective PJP submits the revision. (3) Bank Indonesia rejects the license application at the substance analysis phase as referred to in paragraph (2) in the event that: a. based on the analysis result of the requirement document revision as referred to in paragraph (2) point b are still incompliant;

  • 24 - b. the revised documents as referred to in paragraph (2) point b are not submitted to Bank Indonesia by a prospective PJP; or c. submission of the revised documents by a prospective PJP passes the period as referred to in paragraph (2) point b. Article 36 (1) The on site visit as referred to in Article 32 paragraph (3) is conducted within a maximum period of 20 (twenty) business days after the substance analysis as referred to in Article 32 paragraph (2) point b is declared compliant. (2) In the event that, according to the on site visit result as referred to in paragraph (1), there are findings to be revised, a prospective PJP must submit a report and/or revised document to Bank Indonesia within a maximum period of 120 (one hundred twenty) business days since the completion date of the on site visit. (3) Bank Indonesia rejects the license application at the on site visit phase as referred to in Article 32 paragraph (3) in the event that: a. the report and/or revised document based on the on site visit as referred to in paragraph (2) is incompliant; b. the report and/or revised document is submitted after the period as referred to in paragraph (2); or c. the report and/or revised document as referred to in paragraph (2) is not submitted by a prospective PJP. (4) The rejection of license application as referred to in paragraph (3) and Article 35 paragraph (3) shall be notified by Bank Indonesia in writing. Article 37 Provisions for submission period of the report and/or revised document at the on site visit phase as referred to in Article 36 paragraph (2) shall apply mutatis mutandis to submission of additional documents in particular conditions as referred to in Article 33 paragraph (1).

  • 25 - Article 38 In the event that a prospective PJP has conducted the testing of products, activities, services, and business models in testing environment for development of innovations in Payment System technology for Payment System and it is declared successful by Bank Indonesia, the on site visit phase as referred to in Article 32 paragraph (3) may not be conducted. Article 39 In the event that the license application of a prospective PJP is rejected: a. a prospective PJP may re-apply the license application after 180 (one hundred eighty) business days as from the rejection letter date as referred to in Article 36 paragraph (4); and b. Bank Indonesia returns all submitted documents for the license. Section 5 Authority of Bank Indonesia to Request Completeness of License Requirements Article 40 (1) Bank Indonesia has the authority to request a prospective PJP to submit required additional data and/or information related to institutional aspect, capital and financial, risk management, and information system capability in PJP license. (2) The request for additional documents as referred to in paragraph (1) is submitted through the web page of Bank Indonesia or any other media determined by Bank Indonesia. (3) In the event that there are needs of the additional document as referred to in paragraph (1), Bank Indonesia informs in writing or through electronic media to a prospective PJP which is in the license process.

  • 26 - Part Three Grant of PJP Licenses Article 41 (1) Bank Indonesia grants license for the submitted application based on: a. result of license review and on site visit as referred to in Article 32 and Article 33; or b. result of license review and the declared testing of development of innovations in Payment System technology declares successful as referred to in Article 32 and Article 38. (2) Bank Indonesia has the authority to determine a policy to grant the license as referred to in paragraph (1) based on the following considerations to: a. support national economic and financial policy; b. maintain national efficiency; c. protect public interest; d. maintain industrial growth; and/or e. maintain fair business competition. Article 42 (1) PJP which has obtained license must conduct its activities not later than 120 (one hundred twenty) business days commencing from the date of license grant letter from Bank Indonesia. (2) PJP which has conducted Payment System activities must submit its realization report in writing to Bank Indonesia through the license application of Bank Indonesia. (3) In the event that the application as referred to in paragraph (2) may not be implemented or experiences disruption, the realization report will be submitted directly in accordance with the mechanism determined by Bank Indonesia. (4) The report as referred to in paragraph (2) shall be submitted not later than 10 (ten) business days from the effective date of activity commencement.

  • 27 - (5) In the event that PJP does not conduct its activities within the period as referred to in paragraph (1), the license granted by Bank Indonesia will be declared null and void. (6) PJP whose license is declared null and void as referred to in paragraph (5) may resubmit a license application within 180 (one hundred eighty) business days at the earliest commencing from the null and void date. Article 43 Bank Indonesia publishes the names of Banks and Non-Bank Institutions which have obtained licenses and have effectively conducted activities as PJP on the web page of Bank Indonesia. CHAPTER III PAYMENT SYSTEM OPERATION BY PJP Part One General Principles of Operation Article 44 PJP is required to meet general principles in Payment System operation consisting of: a. operational obligation including the following aspects:

  1. governance;
  2. risk management including prudential principle;
  3. information system security standard;
  4. interconnection and interoperability; and
  5. compliance with the laws and regulations; b. Bank Indonesia policy on price scheme in Payment System operation; and c. capability of human resources and organization, as well as code of ethics and code of conduct in code of conduct in sound business practices.
  • 28 - Section 1 PJP Obligations in Payment System Operation Article 45 (1) The obligation in governance aspect as referred to in Article 44 point a point 1 is fulfilled according to the following principles: a. openness; b. accountability; c. responsibility; d. independence; and e. fairness. (2) PJP applies the governance principle as referred to in paragraph (1) in every business activity. (3) Implementation of the governance principle as referred to in paragraph (1) is realized at least in: a. performance of duties and responsibilities:
  1. board of directors and board of commissioners for PJP in the form of limited liability company; or
  2. function or organ performing the functions of management and supervisor of PJP in any form other than limited liability company; b. fulfillment of institutional aspect in the form of the following obligations:
  3. maintain fulfillment of institutional aspect including legality of legal entities, ownership, control, and management as referred to in Article 15 until Article 20; and
  4. submit an action plan in the event of breach of institutional aspect fulfillment as referred to in paragraph (3) point b point 1 and must obtain approval of Bank Indonesia. c. implementation of compliance, internal audit, and external audit functions; d. implementation of risk management; e. strategic plan; and
  • 29 - f. transparency of financial and non-financial conditions. Article 46 The fulfillment of obligation of the risk management aspect, including prudential principle, as referred to in Article 44 point a point 2 at least includes: a. active supervision by:
  1. board of directors and board of commissioners for PJP in the form of limited liability company; or
  2. function or organ performing the functions of management and supervisor of PJP in any other form of legal entity; b. availability of policies and procedures as well as fulfillment of organizational structure adequacy; c. risk management process and risk management function along with human resources; and d. internal control. Article 47 (1) The fulfillment of obligation in information system security standard aspect as referred to in Article 44 point a point 3 at least includes: a. availability of written policies and procedures for information system; b. use of a safe and reliable system at least for:
  3. security and protection of data confidentiality;
  4. fraud management;
  5. fulfillment of certification and/or standard for system security and reliability;
  6. maintenance and improvement of technology security; and
  7. information system availability; c. implementation of cyber security standard; d. security of data and/or information; and e. implementation of periodic information system audit.

  • 30 - (2) The fraud management as referred to in paragraph (1) point b point 2 includes the phases of prevention, detection, resolution, and monitoring. (3) The fraud management as referred to in paragraph (2) is implemented at least by applying fraud detection system on account and transaction phase. (4) Certification and/or standard for system security and reliability as referred to in paragraph (1) point b point 3 is generally applicable certification and/or standard determined by Bank Indonesia, authority, or related institutions relevant to the types of activities conducted by PJP and/or PJP classifications. (5) The data and/or information security as referred to in paragraph (1) point d includes but is not limited to security of data and/or information related to Users, payment instruments, and payment transactions. Article 48 (1) The fulfillment of obligation in interconnection and interoperability aspect as referred to in Article 44 point a point 4 at least includes: a. compliance with interconnection and interoperability mechanism, including the standard determined by Bank Indonesia; b. fulfillment of mechanism of interconnection with data infrastructure and Payment System infrastructure; and c. domestically process of payment transaction. (2) The domestically process of payment transaction as referred to in paragraph (1) point c applies for the phases of initiation, authorization, clearing, and settlement. (3) The domestically process of payment transaction as referred to in paragraph (2) is conducted for any transaction which: a. uses access to Source of Fund in the form of instruments and/or services provided by PJP; and

  • 31 - b. is executed within the territory of the Republic of Indonesia. (4) Electronic system used for transaction processing in the phases of initiation, authorization, clearing, and settlement is placed in the data center and disaster recovery center within the territory of the Republic of Indonesia. (5) Bank Indonesia shall determine the types of access to Source of Fund and implementation phases of domestically process of transactions. (6) The payment transaction may be processed outside the territory of the Republic of Indonesia to the extent it has been approved by Bank Indonesia. (7) The approval of Bank Indonesia for payment transaction processing outside the territory of the Republic of Indonesia as referred to in paragraph (6) may be granted by considering: a. the usage of electronic system and/or activities integrated with PJP head office outside the territory of the Republic of Indonesia; b. readiness level of the national industry and infrastructures; and/or c. other aspects determined by Bank Indonesia. (8) The approval of Bank Indonesia will be granted provided that the PJP guarantees that processing outside the territory of the Republic of Indonesia does not reduce the effectiveness of supervision, data collection, and personal data protection. Article 49 Fulfillment of interconnection and interoperability obligation as referred to in Article 44 point a point 4 is exempted for instruments or channels that are able to interoperate each other without PIP designated by Bank Indonesia.

  • 32 - Article 50 The fulfillment of obligation to comply with the laws and regulations as referred to in Article 44 point a point 5 includes: a. fair business competition; b. electronic information and transaction; c. anti-money laundering and countering the financing of terrorism; d. consumer protection; e. implementation of mandatory use of rupiah; f. personal data protection; and g. other laws and regulations. Article 51 (1) PJP is required to educate and guide Goods and/or Services Providers cooperating with PJP. (2) PJP is required to terminate the cooperation with Goods and/or Services Providers conducting any action which may be detrimental to and/or misuse the payment transaction processing using access to certain Source of Fund. (3) PJP may exchange information or data with other PJP regarding Goods and/or Services Providers conducting detrimental actions and may propose to include the name of the Goods and/or Services Providers in a merchant black list. (4) Technical and micro provisions related to minimum clauses which must be included in a cooperation agreement between PJP and Goods and/or Services Providers may be regulated by SRO with the approval of Bank Indonesia. Article 52 (1) Goods and/or Services Providers are prohibited from charging any surcharge to Users for any cost charged by PJP to Goods and/or Services Providers.

  • 33 - (2) PJP is required to ensure compliance of Goods and/or Services Providers with the prohibition as referred to in paragraph (1). Article 53 (1) PJP cooperating with Goods and/or Services Providers for payment transaction processing must provide information on payment transaction processing to Goods and Services Providers. (2) The information provision as referred to in paragraph (1) is conducted to support the delivery of goods and/or services to end customers after the end customers make payments in online transactions. Section 2 Price Scheme Article 54 (1) Bank Indonesia determines price scheme policy in Payment System operation as referred to in Article 44 point b. (2) Determination of the price scheme policy as referred to in paragraph (1) consider: a. promoting expansion of acceptance, service, and innovation; b. increasing efficiency and competition; and/or c. observing the interest of the public and industry in a balanced manner. (3) The price scheme policy as referred to in paragraph (1) includes: a. price scheme from PJP to Users; b. price scheme from PJP to Goods and/or Services Providers; c. price scheme between PJP, PIP, and/or other relevant parties; and d. any other price schemes determined by Bank Indonesia.

  • 34 - (4) In addition to applicable to PJP, the price scheme policy in Payment System operation as referred to in paragraph (1) must be complied with by parties cooperating with PJP. (5) Details of the price scheme as referred to in paragraph (3) are determined under a decree of Member of Board of Governors of Bank Indonesia. (6) Bank Indonesia may evaluate the determination of price scheme policy as referred to in paragraph (1). (7) PJP is required to fulfill the principles of price transparency and fair business competition in determining price scheme in Payment System operation. Section 3 Capability of Human Resources and Organization, and Code of Ethics and Code of Conduct Article 55 (1) In Payment System operation, PJP is required to ensure capability of human resources and organization, as well as fulfillment of code of ethics and code of conduct in sound business practices. (2) The capability of human resources and organization, along with fulfillment of code of ethics and code of conduct in sound business practices as referred to in paragraph (1) at least includes: a. build and ensure the capability of quality human resources and organization, including development of competence in accordance with competence standard in Payment System; and b. build integrity including reputation in realizing sound business practices. Article 56 (1) PJP which breaches the provisions as referred to in Article 44, Article 51 paragraph (1), Article 51 paragraph (2), Article 52, Article 54 paragraph (7), or Article 55 paragraph (1) is subject to the following administrative sanctions:

  • 35 - a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) are regulated by Regulation of Member of Board of Governors. Part Two Fund Transfer Operation Article 57 Fund transfers are operated in accordance with the laws and regulations on fund transfers. Part Three PJP Classifications Section 1 Classifications of PSPS, PSPK, and PSPU Article 58 In Payment System operation, Bank Indonesia determines PJP classifications. Article 59 The PJP classifications as referred to in Article 58 consist of: a. PSPS; b. PSPK; and c. PSPU. Section 2 Criteria of Determination of PJP Classifications Article 60 (1) In determining the PJP classifications as referred to in Article 58, Bank Indonesia considers the following criteria: a. size;

  • 36 - b. interconnectedness; c. complexity; and/or d. substitutability. (2) The determination of PJP classifications under the criteria as referred to in paragraph (1) aims to identify Payment System industry structures according to their roles and/or contributions to the national Payment System ecosystem. (3) The size criterion as referred to in paragraph (1) point a are criteria which describe the size of PJP in an ecosystem measured by using performance of the processed transaction. (4) The interconnectedness criterion as referred to in paragraph (1) point b are criteria which describe the interconnectedness between one PJP and another PJP, PIP, and/or Supporting Provider measured by using performance of the processed transaction. (5) The complexity criterion as referred to in paragraph (1) point c are criteria which explain the complexity of payment services provided in implementation of PJP activities. (6) The substitutability criterion as referred to in paragraph (1) point d are criteria which describe the substitutability level of payment functions and/or services provided by PJP in implementation of PJP activities. Article 61 Bank Indonesia may use PJP classifications as considerations in determining: a. the direction of development of Bank Indonesia Payment System infrastructures; and/or b. treatment in operation of Bank Indonesia infrastructures and/or standardization policy. Article 62 (1) Bank Indonesia may determine fulfillment of certain obligations for PJP in accordance with the PJP classifications as referred to in Article 59.

  • 37 - (2) PJP is required to meet the certain obligations in accordance with the PJP classifications as referred to in paragraph (1) including the following aspects: a. capital; b. risk management and information system security standard; and c. others determined by Bank Indonesia. Section 3 Payment System Capital Obligation Article 63 (1) PJP in the form Non-Bank Institution is required to meet the capital aspect as referred to in Article 62 paragraph (2) point a in the form of ongoing capital during implementation of business activities. (2) The obligation to provide ongoing capital during implementation of business activities as referred to in paragraph (1) is calculated according to the transaction nominal amount and PJP classifications. (3) The obligation to provide ongoing capital during implementation of business activities as referred to in paragraph (1) is calculated by using the ratio of Payment System capital obligation under the following provisions: a. at least 10% (ten percent) of risk-weighted transaction for all PJP classifications; and b. surcharge of capital requirements based on PJP classifications amounts to:

  1. 2.5% (two point five percent) of risk-weighted transaction for PSPS; and
  2. 1.5% (two point five percent) of risk-weighted transaction for PSPK. Article 64 The ongoing capital during implementation of business activities as referred to in Article 63 consists of: a. core capital including:
  • 38 -
  1. main core capital; and
  2. additional core capital; and b. supplementary capital. Article 65 (1) The main core capital as referred to in Article 64 point a point 1 includes: a. capital stock; b. advance payment of capital; c. agio or disagio stock; d. current profit or loss, including accumulated profit or loss in the previous year; and e. balance of other comprehensive income. (2) The main core capital as referred to in paragraph (1) is calculated by deduction factors including: a. deferred tax asset; b. goodwill; c. intangible asset; d. all shares with ownership of more than 5% (five percent) or more; e. repurchase of capital instrument acknowledged as PJP capital components; and f. fund placement in debt instruments of other entities acknowledged as capital components by the issuing entity. Article 66 (1) The additional core capital as referred to in Article 64 point a point 2 includes: a. debt instruments in the following forms:
  3. debt securities; and
  4. subordinated loan, with no period and yield payment may not be accumulated; b. hybrid instruments with no period and yield payment may not be accumulated;

  • 39 - c. non-cumulative preferred shares with or without purchase option feature; and d. premium or discount from issuance of instruments as referred to in point a and point b. (2) The additional core capital as referred to in paragraph (1) is owned by another party which is unaffiliated. (3) The additional core capital as referred to in paragraph (1) is calculated by deduction factors including components of additional core capital which is: a. self-owned by contractual obligations; and b. owned by other parties indicated as cross holding scheme. (4) The additional core capital calculated after the deduction factors as referred to in paragraph (3) is 1/3 (one-third) at the maximum of the main core capital. Article 67 (1) The supplementary capital as referred to in Article 64 point b includes: a. long-term debt instruments, in the form of debt securities and subordinated loan with maturity of 5 (five) years and over; and b. premium or discount from issuance of instruments as referred to in point a. (2) The supplementary capital as referred to in paragraph (1) is owned by another party which is unaffiliated. (3) The supplementary capital as referred to in paragraph (1) is calculated by deduction factors including components of supplementary capital which is: a. self-owned by contractual obligations; and b. owned by other parties indicated as cross holding. (4) The supplementary capital calculated after the deduction factors as referred to in paragraph (3) is 1/3 (one-third) at the maximum of the additional core capital.

  • 40 - Article 68 (1) The risk-weighted transaction as referred to in Article 63 paragraph (3) point a is determined 10 (ten) times of the transaction expense. (2) The transaction expense as referred to in paragraph (1) is regulated with following provisions: a. the transaction expense for PJP in license one category and license two category is total of the following calculation range:

  1. 4% (four percent) of the transaction nominal amount processed by PJP with a range up to Rp100,000,000,000.00 (one hundred billion rupiah);
  2. 1% (one percent) of the transaction nominal amount processed by PJP with a range above Rp100,000,000,000.00 (one hundred billion rupiah) until Rp1,000,000,000,000.00 (one trillion rupiah); and
  3. 0.1% (zero point one percent) of the transaction nominal amount processed by PJP with a range above Rp1,000,000,000,000.00 (one trillion rupiah); b. the transaction expense for PJP in license three category amounts to 0.1% (zero point one percent) of the nominal amount of incoming and outgoing transactions processed within and outside the country; c. for PJP in license one category conducting Source of Fund administration activities in the form of electronic money issuance, the transaction expense as referred to in point a shall be added 5% (five percent) of the managed floating fund; d. for PJP in license one category conducting Source of Fund administration activities in the form of
  • 41 - electronic money issuance, the calculated transaction nominal amount shall be outgoing transactions consisting of shopping, transfer, and redeem transactions; and/or e. for PJP in license one category or license two category conducting payment initiation and/or acquiring services, forwarding payment transactions using different instruments, the transaction nominal amount is calculated from:
  1. all transactions processed with merchant aggregator business model; and/or
  2. 10% (ten percent) of all transactions processed with facilitator business model. Article 69 The obligation to provide ongoing capital for PJP in the form of Bank means the mandatory minimum capital requirement in accordance with the laws and regulations on financial services. Article 70 (1) Bank Indonesia may determine the change of: a. the component of ongoing capital as referred to in Article 65, Article 66, and Article 67; and b. the transaction expense as referred to in Article 68 paragraph (2), by considering characteristics of activities implemented by PJP. (2) In the event that there is any difference in calculation of ongoing capital between Bank Indonesia and PJP, the calculation used as a reference shall be the calculation that determined by Bank Indonesia. (3) Provisions for the change of ongoing capital and transaction expense as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors.

  • 42 - Section 4 Implementation of Risk Management and Information System Security Standard by PJP Classifications Article 71 (1) The fulfillment of obligations in risk management and information system security standard as referred to in Article 62 paragraph (2) point b for PSPS at least include the following: a. having adequate policy and standard of operational procedure for risk management; b. having capability of maintaining service availability level; c. having separate internal audit unit, compliance unit, and risk management unit; d. having data center and disaster recovery center in separate locations with the same and simultaneously active information system infrastructure capacity according to business impact analysis; e. conducting a testing of disaster recovery plan for application system and supporting infrastructures of payment system to the disaster recovery center at least once a year including cyber resilience simulation; f. having fraud management system which can detect fraud activities on the level of account, network activities, and transactions; g. implementing an information technology audit by an external independent information technology auditor registered with the authority or SRO, at least once a year; h. implementing a comprehensive penetration test by an external independent information technology auditor registered with the authority or SRO, at least once a year; i. implementing a financial audit by a public accountant registered with the authority; and

  • 43 - j. having international standard certificate on security of information on the main Payment System activities. (2) The fulfillment of obligations in risk management and information system security standard as referred to in Article 62 paragraph (2) point b for PSPK at least include the following: a. having adequate policy and standard of operational procedure for risk management; b. having capability of maintaining service availability level; c. having at least an internal audit unit, a unit performing compliance function and risk management function; d. having data center and disaster recovery center in separate locations with the same information system infrastructure capacity according to business impact analysis; e. conducting a testing of disaster recovery plan for application system and supporting infrastructures of payment system to the disaster recovery center at least once a year including cyber resilience simulation; f. having fraud management system which can detect fraud activities on the level of account, network activities, and transactions; g. implementing an information technology audit by an external independent information technology auditor registered with the authority or SRO, at least once a year; h. implementing a comprehensive penetration test by an external independent information technology auditor registered with the authority or SRO, at least once a year; i. implementing a financial audit by a public accountant registered with the authority; and

  • 44 - j. having at least national standard certificate on security of information on the main Payment System activities. (3) The fulfillment of obligations in risk management and information system security standard as referred to in Article 62 paragraph (2) point b for PSPU at least include the following: a. having adequate policy and standard of operational procedure for risk management; b. having capability of maintaining service availability level; c. having at least an internal audit unit, compliance function and risk management function; d. having data center and disaster recovery center in separate locations with the same information system infrastructure capacity according to business impact analysis; e. conducting a testing of disaster recovery plan for application system and supporting infrastructures of payment system to the disaster recovery center at least once a year including cyber resilience simulation; f. having fraud management system which can detect fraud activities on the level of account, network activities, and transactions; g. implementing an information technology audit by an external independent information technology auditor registered with the authority or SRO or internal independent information technology auditor, at least once a year; h. implementing a comprehensive penetration test by an external independent information technology auditor registered with the authority or SRO, at least once a year; i. implementing a financial audit by a public accountant registered with the authority; and

  • 45 - j. at least adopting a generally applicable practice in the industry relating to information security. (4) The fulfillment of obligation of risk management and information system security standard as referred to in Article 62 paragraph (2) point b for PSPU in the form PJP in license three category which does not provide a system which may be used by other PJP in license three category, at least includes: a. having adequate policy and standard of operational procedure for risk management; b. having capability of maintaining service availability level; c. having an internal audit function, compliance function, or risk management function; d. conducting fraud management practices; e. in the event that the service is supported by information system, at least have:

  1. separate information system infrastructure in the data center and disaster recovery center;
  2. conducting a testing of disaster recovery plan for application system and payment system supporting infrastructures to the disaster recovery center at least once a year; and
  3. conduct information technology audit by an independent information technology auditor at least once a year, including assessment of information system security of the main Payment System service; f. implementing a financial report audit by an internal audit function; and g. conducting information security practice. (5) Further provisions on risk management implementation and information system by PJP classifications shall be regulated by Regulation of Member of Board of Governors.
  • 46 - Article 72 (1) In addition to the fulfillment of obligation in risk management and information system security standard as referred to in Article 71, PJP is required to ensure the implementation of cyber security standard at least uses the following approaches: a. governance aspect; b. prevention aspect; and c. resolution aspect. (2) Implementation of the governance aspect as referred to in paragraph (1) point a includes: a. having framework and policy related to cyber-risk management that are separate from information technology management; b. having an independent cyber-risk management function or organ of business and information system management function; and c. ensuring the fulfillment of human resources with cyber resilience and security competence to support cyber-risk culture. (3) The implementation of the prevention aspect as referred to in paragraph (1) point b includes: a. availability of mechanism to monitor cyber resilience and security in a sustainable manner; and b. having data management capability and/or analysis of cyber resilience and security. (4) The implementation of the resolution aspect as referred to in paragraph (1) point c includes a function for cyber incident management, including supporting infrastructures according to business scale and implementation of periodic security test. (5) The implementation of the cyber security standard aspect as referred to in paragraph (1) until paragraph (4) is conducted by PJP classifications as referred to in Article

  • 47 - Article 73 PJP in the form of Non-Bank Institution must meet the provision on the obligation to provide ongoing capital as well as risk management and information system security standard specified under this Bank Indonesia Regulation by with observing the provisions on capital and risk management and information system security standard specified by other authorities. Article 74 (1) PJP which breaches the provisions as referred to in Article 62 paragraph (2) point a or point b or Article 71 paragraph (1) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Section 5 Other Obligations Determined by Bank Indonesia Article 75 Bank Indonesia has the authority to determine the obligations in other aspects as referred to in Article 62 paragraph (2) point c based on the supervision result to mitigate legal risk, operational risk, liquidity risk, and/or other risks. Section 6 Evaluation, Notice, and Deadline for Obligation Fulfillment Article 76 (1) Bank Indonesia evaluates the determination of PJP classifications as referred to in Article 59.

  • 48 - (2) The evaluation as referred to in paragraph (1) is conducted periodically at least once a year or incidentally if required. (3) For the first time, the periodic evaluation as referred to in paragraph (1) is conducted not later than 1 (one) year as from determination of PJP classifications. Article 77 (1) Bank Indonesia submits a written notice to PJP of: a. result of PJP classifications; and b. evaluation result of determination of PJP classification in the event of change of PJP classifications. (2) Bank Indonesia may determine other mechanisms to notify the classification result and evaluation result as referred to in paragraph (1) to PJP. Article 78 (1) Bank Indonesia determines the deadline for obligation fulfillment according to PJP classifications based on a follow-up plan prepared by PJP. (2) The follow-up plan as referred to in paragraph (1) is required to obtain the approval of Bank Indonesia. (3) Bank Indonesia may review fulfillment of the follow-up plan as referred to in paragraph (2). (4) PJP which breaches the provisions as referred to in paragraph (2) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (5) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (4) shall be regulated by Regulation of Member of Board of Governors.

  • 49 - Part Four Activity Development, Product Development, and/or Cooperation Section 1 The Scope of Activity Development, Product Development, and/or Cooperation Article 79 (1) PJP may conduct activity development, product development, and/or cooperation with other parties according to the risk category, to the extent they are approved by or reported to Bank Indonesia. (2) The activity development as referred to in paragraph (1) is an addition of activities in the same PJP license category. (3) The product development as referred to in paragraph (1) consists of: a. addition or development of features; b. addition of types of access to Source of Fund in the form of instrument or channel; c. platform replacement; d. system replacement; e. movement of infrastructures; and/or f. other product development in Payment System operation. (4) The cooperation with other parties as referred to in paragraph (1) may be conducted with: a. other PJP and/or PIP; and/or b. Supporting Provider. Section 2 Categories of Activity Development, Product Development, and/or Cooperation Article 80 Activity development, product development, and/or cooperation are categorized by the level of risks consisting of:

  • 50 - a. low risk; b. medium risk; and c. high risk. Article 81 The activity development, product development, and/or cooperation with low risk as referred to in Article 80 point a are: a. activity development or product development with criteria affecting pre-transaction and/or post-transaction phase and it will only be in the form of:

  1. enhancement of the system currently in use; and/or
  2. enhancement of the infrastructure currently in use; or b. cooperation with an Indonesian citizen and/or Indonesian legal entity and is not accompanied by product and/or activity development. Article 82 The activity development, product development, and/or cooperation with medium risk as referred to in Article 80 point b are: a. activity development and/or product development with the following criteria:
  3. affecting to the phases of initiation, authorization, clearing, and/or settlement as follows: a) enhancement of the system currently in use; and/or b) enhancement of the infrastructure currently in use; or
  4. affecting to pre-transaction and/or post-transaction as follows: a) enhancement of transaction security feature; b) cross-border enhancement; and/or c) use of new system and/or infrastructure that have never been used; or b. activity development and/or product development accompanied by cooperation with criteria affecting pre￾transaction and/or post-transaction phase and provision
  • 51 - of information technology solution and/or technical service by another party that has an impact on business sustainability of PJP; or c. cooperation with an Indonesian citizen and/or Indonesian legal entity that is not accompanied by product and/or activity development. Article 83 The activity development, product development, and/or cooperation with high risk as referred to in Article 80 point c are: a. activity development and/or product development with criteria affecting the phases of initiation, authorization, clearing, and/or settlement as follows:
  1. change of transaction security feature;
  2. cross-border activity or product development; and/or
  3. use of new system and/or infrastructure that has never been used; or b. activity development and/or product development accompanied by cooperation with criteria affecting phases of initiation, authorization, clearing, and/or settlement and provision of information technology solution and/or technical service by another party that has an impact on business sustainability of PJP. Article 84 (1) Bank Indonesia may adjust the criteria for each risk category as referred to in Article 81, Article 82, and Article 83 by considering developments of: a. innovations in business model and infrastructure; and b. complexity of activities in the industry. (2) Provisions for the adjustment to the criteria for each risk category as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors.

  • 52 - Section 3 Risk Assessment of Activity Development, Product Development, and/or Cooperation Article 85 (1) PJP must first conduct self-risk assessment of the planned activity development, product development, and/or cooperation to be implemented by risk category. (2) The self-assessment as referred to in paragraph (1) is conducted by referring to the risk category as referred to in Article 80 in the format and procedure determined by Bank Indonesia and published through the license application of Bank Indonesia. (3) Bank Indonesia may determine different risk categories from the PJP self-assessment result as referred to in paragraph (2). (4) The risk category determination by Bank Indonesia as referred to in paragraph (3) must be comply by PJP. Section 4 Application of Activity Development, Product Development, and/or Cooperation Article 86 (1) Based on the risk assessment result, PJP is required to: a. submit to Bank Indonesia reports on activity development, product development, and/or cooperation if the activity development, product development, and/or cooperation meet low risk category; or b. submit the approval request for activity development, product development, and/or cooperation to Bank Indonesia if the activity development, product development, and/or cooperation meet medium or high risk category.

  • 53 - (2) PJP which breaches the provisions as referred to in paragraph (1) is subject to the following administrative sanctions: a. warning; b. penalty; c. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or d. revocation of license as PJP. (3) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (2) shall be regulated by Regulation of Member of Board of Governors. Article 87 (1) PJP is required to submit the reports on activity development, product development, and/or cooperation as referred to in Article 86 paragraph (1) point a. (2) The reports as referred to in paragraph (1) are submitted through the license application of Bank Indonesia not later than 10 (ten) business days after realization of the activity development, product development, and/or cooperation. (3) The mechanism and procedure for report submission as referred to in paragraph (1) are conducted under the provisions of Bank Indonesia Regulation on integrated licensing of Bank Indonesia through license front office. (4) In the event that electronic system as referred to in paragraph (2) may not be implemented or experiences disruption, the reports shall be submitted directly in accordance with the mechanism determined by Bank Indonesia. (5) The reports as referred to in paragraph (1) are submitted in Indonesian with supporting documents containing information on the following: a. description of the conducted activity, product, and/or cooperation; b. realization of the conducted activity, product, and/or cooperation; and

  • 54 - c. any other documents required by Bank Indonesia. (6) The form and detail of documents as referred to in paragraph (5) and their amendments are published through the web page of Bank Indonesia or any other media determined by Bank Indonesia. Article 88 (1) In the event that PJP submits the reports after the deadline as referred to in Article 87 paragraph (2) until the following 30 (thirty) business days, the report submission is declared as late. (2) In the event that PJP submits the reports after the deadline as referred to in paragraph (1), PJP will be declared as not submitting the reports to Bank Indonesia. (3) PJP which is declared as late in submitting the reports as referred to in paragraph (1) is subject to an administrative sanction in the form of penalty amounting to Rp500,000.00 (five hundred thousand rupiah) per delay business day per report. (4) PJP which does not submit or is declared as not submitting the reports as referred to in paragraph (2) is subject to an administrative sanction in the form of penalty amounting to Rp20,000,000.00 (twenty million rupiah) per report. (5) The mechanism of penalty payment as referred to in paragraph (3) and paragraph (4) is conducted through: a. debiting of giro account at Bank Indonesia; b. fund transfer to an account determined by Bank Indonesia; or c. any other payment mechanisms determined by Bank Indonesia. (6) Further provisions on the penalty payment mechanism as referred to in paragraph (5) shall be regulated by Regulation of Member of Board of Governors. Article 89 (1) Bank Indonesia reviews any approval request for activity development, product development, and/or cooperation.

  • 55 - (2) The approval request review as referred to in paragraph (1) is conducted through the following phases: a. administrative review; b. analysis of business model of the planned activity development, product development, and/or cooperation; and c. substance analysis against fulfillment of requirements based on the submitted documents. (3) After the phase of approval request review as referred to in paragraph (2), Bank Indonesia may conduct an on site visit. (4) Bank Indonesia grants approval for the submitted approval request based on: a. result of the approval request review as referred to in paragraph (2); or b. result of the approval request review as referred to in paragraph (2) and on site visit as referred to in paragraph (3). (5) Bank Indonesia has the authority to determine a policy on approval for activity development, product development, and/or cooperation with other parties as referred to in paragraph (4) based on the following considerations to: a. support national economic and financial policy; b. maintain national efficiency; c. protect public interest; d. maintain industrial growth; and/or e. maintain fair business competition. (6) PJP which has conducted activity development, product development, and/or cooperation in medium risk or high risk category without the approval of Bank Indonesia is subject to an administrative sanction in the form of penalty amounting to Rp30,000,000.00 (thirty million rupiah) for each activity development, product development, and/or cooperation conducted with the approval of Bank Indonesia. (7) The mechanism of penalty payment as referred to in paragraph (6) is applied through:

  • 56 - a. debiting of giro account at Bank Indonesia; b. fund transfer to an account determined by Bank Indonesia; or c. any other payment mechanisms determined by Bank Indonesia. (8) Further provisions on the penalty payment mechanism as referred to in paragraph (7) shall be regulated by Regulation of Member of Board of Governors. Article 90 (1) In particular conditions, Bank Indonesia may omit on site visit in approval process for activity development, product development, and/or cooperation by requesting additional documents indicating operational readiness to replace the on site visit. (2) The particular conditions as referred to in paragraph (1) include: a. natural disasters; b. pandemic; and/or c. any other conditions determined by Bank Indonesia. Article 91 (1) The application of approval request for activity development, product development, and/or cooperation in medium risk and high risk categories is submitted through the license application of Bank Indonesia. (2) The mechanism and procedure for approval request processing, including administrative review, are conducted under the provisions of Bank Indonesia Regulation on integrated licensing of Bank Indonesia through license front office. (3) In the event that the application as referred to in paragraph (1) may not be implemented or experiences disruption, the application of approval request shall be submitted directly in accordance with the mechanism determined by Bank Indonesia.

  • 57 - Article 92 (1) The mechanism and procedure for approval request processing of activity development, product development, and/or cooperation in high risk category are specified as follows: a. Bank Indonesia may conduct a pre-consultative meeting for PJP on fulfillment of documents required for the approval request, prior to the approval request submission; and b. Bank Indonesia may conduct a consultative meeting and/or coaching clinic for PJP in the phase of document revision and review. (2) PJP conducts self-assessment of the planned activity development, product development, and/or cooperation to be implemented by risk category; (3) After the approval request documents are declared complete and correct based on the administrative review as referred to in Article 91 paragraph (2), Bank Indonesia conducts analysis of business model and analysis of substance of the approval requirement within 20 (twenty) business days at the maximum. (4) In the event that the document of approval request requirement does not meet the requirements based on the analysis of business model and analysis of substance as referred to in paragraph (3), PJP must revise the documents and submit them to Bank Indonesia within 40 (forty) business days at the maximum. (5) Bank Indonesia conducts analysis of substance of approval request within 20 (twenty) business days at the maximum after PJP submits the revised documents as referred to in paragraph (4). Article 93 (1) The on site visit as referred to in Article 89 paragraph (3) is conducted within 20 (twenty) business days at the maximum after a notice is delivered to PJP stating that the

  • 58 - approval request documents are declared to meet the requirements. (2) In the event that there is any finding based on the on site visit as referred to in paragraph (1), PJP must make revision according to the review findings and submit the revision evidence to Bank Indonesia within 120 (one hundred twenty) business days as from the completion date of the on site visit. (3) Provisions for submission period of the revised document in the review phase as referred to in paragraph (2) shall apply mutatis mutandis to submission of additional documents in particular conditions as referred to in Article 90 paragraph (1). Article 94 (1) Bank Indonesia declines the approval request in the phase of analysis of business model and analysis of substance and/or on site visit if: a. based on the analysis of business model and analysis of substance of the revised documents as referred to in Article 92 paragraph (4), the documents do not meet the requirements; b. based on the analysis of revised report after on site visit as referred to in Article 93 paragraph (2), the documents are still incompliance; or c. the revised documents are not submitted by PJP to Bank Indonesia within the period as referred to in Article 92 paragraph (4) or Article 93 paragraph (2). (2) The decline of the approval request as referred to in paragraph (1) shall be notified by Bank Indonesia to the applicant in writing. (3) If Bank Indonesia decline the approval request as referred to in paragraph (1): a. PJP may resubmit the approval request after 180 (one hundred eighty) business days as from the decline letter date as referred to in paragraph (2); and

  • 59 - b. Bank Indonesia returns all submitted approval request documents. Article 95 (1) The mechanism and procedure for approval request processing of activity development, product development, and/or cooperation in medium risk category are specified as follows: a. Bank Indonesia may conduct a pre-consultative meeting for PJP on fulfillment of documents required for the approval request, prior to the approval request submission; and/or b. Bank Indonesia may conduct a consultative meeting for PJP in the document revision phase. (2) PJP conducts self-assessment of the planned activity development, product development, and/or cooperation to be implemented by risk category; (3) After the approval request documents are declared complete and correct based on the administrative review as referred to in Article 91 paragraph (2), Bank Indonesia conduct the analysis of business model and the analysis of substance of approval request within 20 (twenty) business days at the maximum. (4) In the event that the approval request documents do not meet the requirements based on the analysis of business model and the analysis of substance as referred to in paragraph (3), PIP must revise the documents and submit them to Bank Indonesia within 30 (thirty) business days at the maximum. (5) Bank Indonesia conducts the analysis of substance of approval request within 20 (twenty) business days at the maximum after PJP submits the revised documents as referred to in paragraph (4).

  • 60 - Article 96 (1) Bank Indonesia declines the approval request in the phase of the analysis of business model and the analysis of substance if: a. based on the result of the analysis of business model and the analysis of substance of the revised documents as referred to in Article 95 paragraph (4), the documents are incompliance; or b. the revised documents are not submitted by PJP to Bank Indonesia within the period as referred to in Article 95 paragraph (4). (2) The decline of the approval request as referred to in paragraph (1) shall be notified by Bank Indonesia to the applicant in writing. (3) In the event that Bank Indonesia declines the approval request as referred to in paragraph (1): a. PJP may resubmit the approval request after 180 (one hundred eighty) business days as from the decline letter date as referred to in paragraph (2); and b. Bank Indonesia returns all submitted approval request documents. Article 97 Processing of reports on activity development, product development, and/or cooperation in low risk category is specified as follows: a. PJP conducts self-assessment of the planned activity development, product development, and/or cooperation to be implemented by risk category; b. Bank Indonesia checks completeness of reporting documents within 10 (ten) business days at the maximum as from the request is received in the license application of Bank Indonesia; c. Bank Indonesia conducts an administrative review of the request as referred to in point b; d. based on the administrative review result, in the event that any of the submitted documents are incomplete and/or

  • 61 - inaccurate, Bank Indonesia shall inform to PJP to complete and/or revise the documents within 14 (fourteen) calendar days at the maximum; and e. after the required reporting documents are declared complete and accurate based on the administrative review, Bank Indonesia accepts the report from PJP. Article 98 (1) The submission of approval request for activity development, product development, and/or cooperation with supporting documents to meet the requirements includes the following aspects: a. operational readiness; b. security and reliability of the system; c. implementation of risk management; and d. consumer protection. (2) In addition to the supporting documents as referred to in paragraph (1), Bank Indonesia may consider the supervision result of PJP performance. (3) If required, Bank Indonesia may request PJP to submit any required additional data and/or information. (4) Bank Indonesia submits the request for additional data and/or information as referred to in paragraph (3) in writing or by electronic media to PJP which is in the process of approval. Article 99 Requirements for operational readiness aspect for activity development and/or product development in high risk category are accompanied by fulfillment of documents which at least show: a. recommendation for PJP which has supervisory authority under the laws and regulations; b. recommendation for PJP from an institution or organ that has an authority to stipulate fatwa in sharia sector for the planned activity development and/or product development under sharia principles;

  • 62 - c. complete explanation of business model or transaction flow; d. sustainable business feasibility and potential; and e. operational readiness. Article 100 Requirements for operational readiness aspect for activity development and/or product development with cooperation in high risk category are accompanied by fulfillment of documents which at least: a. indicate recommendation for PJP which has supervisory authority under the laws and regulations; b. indicate recommendation for PJP from an institution or organ that has an authority to stipulate fatwa in sharia sector for the planned activity development and/or product development under sharia principles; c. indicate complete explanation of business model or transaction flow; d. indicate sustainable business feasibility and potential; e. indicate operational readiness; f. indicate cooperation agreement between PJP and the cooperating party; and g. especially for cooperation with Supporting Provider, the documents shall include:

  1. indication of assessment result of PJP against the Supporting Provider in relation to its ability to provide the service to be cooperated;
  2. indication that PJP is fully responsible for secure and smooth payment transaction processing; and
  3. if required, Bank Indonesia may request additional documents to strengthen the assessment result as referred to point 1 indicating the capability of Supporting Provider in providing services. Article 101 Requirements for system security and reliability aspect for activity development and/or product development in high risk

  • 63 - category are accompanied by fulfillment of documents which at least indicate: a. security control procedure for the system used; b. audit result of information system and security test from an internal or external independent auditor; c. fraud management infrastructure; and d. procedure, mechanism, and infrastructures of effective management of business continuity and disaster recovery. Article 102 Requirements for system security and reliability aspect for activity development and/or product development with cooperation in high risk category must be fulfilled by submitting documents which at least indicate: a. security control procedure for the system used; b. audit result of information system and security test from an internal or external independent auditor; c. fraud management infrastructure; d. procedure, mechanism, and infrastructures of effective management of business continuity and disaster recovery; and e. PJP assessment result of system security and reliability of a party to be invited for cooperation. Article 103 Requirements for implementation of risk management aspect for activity development and/or product development in high risk category are accompanied by fulfillment of documents which at least indicate: a. policy and procedure for implementation of risk management; b. operational procedure for monitoring anti-money laundering and countering the financing of terrorism; c. procedure and mechanism of fraud management; and d. assessment result of arising risk exposure and risk mitigation.

  • 64 - Article 104 Requirements for implementation of risk management aspect for activity development and/or product development with cooperation in high risk category are accompanied by the fulfillment of documents which at least indicate: a. policy and procedure for risk management application; b. operational procedure for monitoring anti-money laundering and countering the financing of terrorism; c. procedure and mechanism of fraud management; and d. assessment result of arising risk exposure and risk mitigation. Article 105 Requirements for consumer protection aspect for activity development and/or product development in high risk category are accompanied by fulfillment of documents which at least indicate: a. policy and operational procedure for consumer protection; b. transparency of activities or products developed for the User; c. procedure and mechanism to handle and settle customer complaints; and d. PJP obligations to maintain the security and confidentiality of User’s data. Article 106 Requirements for consumer protection aspect for activity development and/or product development with cooperation in high risk category are accompanied by fulfillment of documents which at least indicate: a. policy and operational procedure for consumer protection; b. transparency of activities or products developed for the User; c. procedure and mechanism to handle and settle customer complaints; d. PJP obligations to maintain the security and confidentiality of User’s data; and

  • 65 - e. obligations of a party to be invited for cooperation to maintain the security and confidentiality of customer data. Article 107 Requirements for operational readiness aspect for activity development and/or product development in medium risk category are accompanied by fulfillment of documents which at least indicate: a. recommendation for PJP which has supervisory authority under the laws and regulations; b. recommendation from an institution or organ that has an authority to stipulate fatwa in sharia sector for the planned activity development and/or product development under sharia principles; c. complete explanation of business model or transaction flow; d. sustainable business feasibility and potential; and e. operational readiness. Article 108 Requirements for operational readiness aspect for cooperation in medium risk category are accompanied by fulfillment of documents which at least: a. indicate recommendation for PJP which has supervisory authority under the laws and regulations; b. indicate recommendation from an institution or organ that has an authority to stipulate fatwa in sharia sector for the planned activity development and/or product development under sharia principles; c. indicate complete explanation of business model or transaction flow of the cooperation to be implemented; d. indicate cooperation agreement between PJP and the cooperating party; and e. especially for cooperation with Supporting Provider, the accompanying documents shall :

  • 66 -

  1. indicate assessment result of PJP against the Supporting Provider in relation to its ability to provide the service to be cooperated;
  2. indicate that PJP is fully responsible for security and smoothness of payment transaction processing; and
  3. if required, Bank Indonesia may request additional documents to strengthen the assessment result as referred to in point 1 indicating the capability of Supporting Provider in providing services. Article 109 Requirements for operational readiness aspect for activity development and/or product development with cooperation in medium risk category are accompanied by fulfillment of documents which at least: a. indicate recommendation for PJP which has supervisory authority under the laws and regulations; b. indicate recommendation from an institution or organ that has an authority to stipulate fatwa in sharia sector for the planned activity development and/or product development under sharia principles; c. indicate complete explanation of business model or transaction flow; d. indicate sustainable business feasibility and potential; e. operational readiness; f. indicate cooperation agreement between PJP and the cooperating party; and g. especially for cooperation with Supporting Provider, the accompanying documents shall:
  4. indicate assessment result of PJP against the Supporting Provider in relation to its ability to provide the service to be cooperated;
  5. indicate that PJP is fully responsible for security and smoothness of payment transaction processing; and
  6. if required, Bank Indonesia may request additional documents to strengthen the assessment result as

  • 67 - referred to in point 1 indicating the capability of Supporting Provider in providing services. Article 110 Requirements for system security and reliability aspect for activity development and/or product development in medium risk category are accompanied by fulfillment of documents which at least indicate: a. audit result of information system and/or security test from an internal or external independent auditor; b. PJP assessment result of activity development and/or product development impacts on change of procedures for security control, fraud management system, as well as the procedure, mechanism, and infrastructure of management of business continuity and disaster recovery; and c. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point b. Article 111 Requirements for system security and reliability aspect for cooperation in medium risk category are accompanied by documents which at least indicate PJP assessment result of system security and reliability of a party to be invited for cooperation. Article 112 Requirements for system security and reliability aspect for activity development and/or product development with cooperation in medium risk category are accompanied by fulfillment of documents which at least indicate: a. audit result of information system and/or security test from an internal or external independent auditor; b. PJP assessment result of activity development and/or product development impacts on change of procedures for security control, fraud management system, as well as the procedure, mechanism, and infrastructure of management of business continuity and disaster recovery;

  • 68 - c. PJP assessment result of system security and reliability of a party to be invited for cooperation; and d. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point b. Article 113 Requirements for implementation of risk management aspect for activity development and/or product development in medium risk category are accompanied by fulfillment of documents which at least indicate: a. assessment result of arising risk exposure and risk mitigation; b. assessment result of the procedure for monitoring anti￾money laundering or countering the financing of terrorism as well as procedure and mechanism of fraud management; and c. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point b. Article 114 Requirements for implementation of risk management aspect for cooperation in medium risk category are accompanied by fulfillment of documents which at least indicate: a. assessment result of risk exposure arising from the cooperation and risk mitigation; b. assessment result of the procedure for monitoring anti￾money laundering or countering the financing of terrorism as well as procedure and mechanism of fraud management; and c. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point b. Article 115 Requirements for implementation of risk management aspect for activity development or product development with cooperation in medium risk category are accompanied by fulfillment of documents which at least indicate:

  • 69 - a. assessment result of arising risk exposure and risk mitigation; b. assessment result of the procedure for monitoring anti￾money laundering or countering the financing of terrorism as well as procedure and mechanism of fraud management; and c. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point b. Article 116 Requirements for consumer protection aspect for activity development and/or product development in medium risk category are accompanied by fulfillment of documents which at least indicate: a. transparency of activities or products developed for the Users; b. PJP obligations to maintain the security and confidentiality of User’s data; c. PJP assessment result on activity development and/or product development impacts on change of policy and operational procedure for consumer protection as well as procedure and mechanism to handle and settle customer complaints; and d. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point c. Article 117 Requirements for consumer protection for cooperation in medium risk category are accompanied by fulfillment of documents which at least indicate obligations of a party to be invited for cooperation to maintain the security and confidentiality of customer data. Article 118 Requirements for consumer protection aspect for activity development and/or product development with cooperation in

  • 70 - medium risk category must be fulfilled by submitting documents which at least indicate: a. transparency of activities or products developed for the Users; b. PJP obligations to maintain the security and confidentiality of User’s data; c. obligations of a party who is invited for cooperation to maintain the security and confidentiality of customer data. d. PJP assessment result on activity development and/or product development and cooperation impacts on change of policy and operational procedure for consumer protection as well as procedure and mechanism to handle and settle customer complaint; and e. result of adjustment to the procedure and mechanism based on the assessment result as referred to in point d. Article 119 (1) In the event that there is any approval request for cooperation as part of activity development and/or product development in medium risk or high risk category, PJP shall submit it in 1 (one) approval request. (2) The PJP as referred to in paragraph (1) is a PJP which conducts activity development and/or product development. (3) The PJP as referred to in paragraph (2) must ensure fulfillment of required documents for approval request from a party to be invited for cooperation. Article 120 Form and detail of the required documents for the approval request as referred to in Article 99 to Article 119 and their amendments are contained in a list of requirements published on the web page of Bank Indonesia or any other media determined by Bank Indonesia.

  • 71 - Article 121 (1) PJP is required to be responsible for the validity and accuracy of all documents, data, information, reports, details, and/or explanation submitted to Bank Indonesia for application of activity development, product development, and/or cooperation. (2) In the event that evidence is found that the submitted documents, data, and/or information as referred to in paragraph (1) are invalid and/or inaccurate, Bank Indonesia has the authority to revoke any granted approval and/or apply any other further actions to the supervision. Article 122 (1) In the event that any approval request for cooperation between PJPs or between PJP and PIP, the approval request shall be submitted by one of PJP or PIP which: a. has the system or infrastructure; or b. has been agreed between PJPs or between PJP and PIP to enter into cooperation. (2) Bank Indonesia may determine the PJP or PIP which will apply for cooperation approval. Article 123 (1) Bank Indonesia may determine a policy on processing an approval for activity development, product development, and/or cooperation in order to: a. support implementation of national economic and financial programs; and/or b. maintain industry’s efficiency and growth. (2) The policy on processing as referred to in paragraph (1) is conducted through: a. granting conditional approval; and/or b. determining the requirements for different approval processing. (3) The conditional approval as referred to in paragraph (2) point a must be accompanied by a statement of commitment including:

  • 72 - a. fulfillment of operational system security and reliability by implementing risk mitigation; b. no disruption, procedural error or fraud; c. no breach of the principles of consumer protection and anti-money laundering and countering the financing of terrorism; and d. compliance with the laws and regulations. (4) The conditional approval as referred to in paragraph (2) point a shall be granted after documents are declared accurate and complete based on administrative review. (5) The conditional approval as referred to in paragraph (4) is granted for 6 (six) months at the maximum. (6) Within the 6 (six) months as referred to in paragraph (5), PJP is required to meet the following requirements and approval phases: a. analysis of business model of the planned activity development, product development, and/or cooperation; b. substance analysis against fulfillment of requirements based on the submitted documents; and c. on site visit if required. (7) In the event that PJP does not meet the requirements and phases as referred to in paragraph (6), Bank Indonesia shall revoke the conditional approval. Article 124 (1) The determination of the requirements for different approval processing as referred to in Article 123 paragraph (2) point b may be granted provided that the approval processing is conducted according to the phases as referred to in Article 89. (2) The determination of the requirements for different approval processing as referred to in paragraph (1) may be granted after: a. PJP obtains good rating in risk management assessment from Bank Indonesia;

  • 73 - b. PJP participates in the testing of development of innovation in Payment System technology conducted by Bank Indonesia and is declared successful; c. activity development, product development, and/or cooperation have obtained recommendation from SRO that is conducted to meet the national standard determined by Bank Indonesia; and/or d. meets any other aspects determined by Bank Indonesia. Article 125 (1) PJP which has obtained approval must conduct its activities maximum 120 (one hundred twenty) business days as from the date of approval grant letter from Bank Indonesia. (2) PJP which has obtained the approval as referred to in paragraph (1) is required to submit its realization report in writing to Bank Indonesia through the license application of Bank Indonesia. (3) In the event that the application as referred to in paragraph (2) may not be implemented or experiences disruption, the realization report is submitted directly by the mechanism determined by Bank Indonesia. (4) The report as referred to in paragraph (2) shall be submitted not later than 10 (ten) business days as from the effective date of activity commencement. (5) In the event that PJP does not conduct its activities within the period as referred to in paragraph (1), the approval granted by Bank Indonesia shall be declared null and void. (6) PJP whose the approval is declared null and void as referred to in paragraph (5) may resubmit an approval request within 180 (one hundred eighty) business days at the earliest as from the null and void date.

  • 74 - Article 126 (1) PJP which breaches the provisions as referred to in Article 121, Article 123 paragraph (6), or Article 125 paragraph (2) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors. Section 5 PJP Responsibilities in Cooperation with Supporting Provider Article 127 (1) PJP cooperating with Supporting Provider must: a. assess the Supporting Provider; and b. be fully responsible for the security and smoothness of payment transaction processing. (2) The minimum responsibilities for security and smoothness of payment transaction processing as referred to in paragraph (1) point b shall be conducted at least by: a. having a mechanism for monitoring of Supporting Provider performance; b. ensuring implementation of risk management; and c. ensuring availability of access to Supporting Provider for Bank Indonesia. Article 128 The assessment of Supporting Provider as referred to in Article 127 paragraph (1) point a is conducted prior to the cooperation implementation to at least ensure: a. legality and profile of Supporting Provider;

  • 75 - b. performance of Supporting Provider; c. fulfillment of security and reliability principle of information system and infrastructures; d. capability or competency of Supporting Provider; and e. compliance with the laws and regulations. Article 129 PJP must conduct periodic evaluation on the performance of Supporting Provider. Article 130 (1) The implementation of risk management by Supporting Provider as referred to in Article 127 paragraph (2) point b in the form of periodic information system audit implementation, strengthening of business continuity plan, and mitigation of single point of failure. (2) Implementation of risk management is conducted in an integrated manner in each phase of Supporting Provider use in the process of planning, procurement, development, operation, maintenance, until termination of cooperation. Article 131 PJP must ensure availability of access for Bank Indonesia to data or information, system and infrastructure, and human resources of Supporting Provider. Article 132 Bank Indonesia may determine prudential aspect to Supporting Provider that conducting payment forwarding from PJP to a Goods and/or Services Provider, including: a. has an agreement expressly stipulating rights and obligations related to fund management, including service level agreement on payment forwarding from Supporting Provider to Goods and/or Services Provider; b. fund escrow does not exceed the period determined by Bank Indonesia or SRO provisions;

  • 76 - c. the fund to be forwarded is not placed in assets that have risks, which may result in unfulfilled obligations of Supporting Provider. Article 133 Bank Indonesia may request PJP to terminate or not to extend any cooperation with another party in the event that the cooperation: a. breaches the laws and regulations; b. does not contribute to development of fast, easy, affordable, safe, and reliable payment system; and/or c. may potentially be detrimental to or decrease the performance of PJP. Section 6 Implementation of Cooperation between PJP and Supporting Provider and/or Payment System Service Provider Outside the Territory of the Republic of Indonesia Article 134 (1) In addition to considering the fulfillment of cooperation requirements, in the event that there is a request to enter into cooperation by PJP and Supporting Provider and/or Payment System service provider outside the territory of the Republic of Indonesia, Bank Indonesia may consider the following: a. reciprocal aspect b. equal standard for risk management implementation; and/or c. benefits for the economy of Indonesia. (2) The consideration as referred to in paragraph (1) observes license categories and PJP classifications.

  • 77 - Part Five Single Ownership Policy Article 135 (1) Any party is prohibited from owning: a. shares of 25% (twenty-five percent) or higher than the number of shares issued and have voting rights; or b. shares of less than 25% (twenty-five percent) of the number of shares issued and have voting rights but may be evidenced that they have control, both directly and indirectly, in more than 1 (one) Non-Bank Institution, each of which has license as PJP in the same license category and/or in more than 1 (one) Non-Bank Institution which has license as PJP and designation as PIP. (2) The party as referred to in paragraph (1) must ensure fulfillment of its PJP capital. Article 136 (1) PJP in the form of Non-Bank Institution is prohibited from taking any corporate actions resulting in a change of parties who hold: a. shares of 25% (twenty-five percent) or higher than the number of shares issued by PJP and have voting rights; or b. shares of less than 25% (twenty-five percent) of the number of shares issued by PJP and have voting rights but may be proven that they have control over the PJP, both directly and indirectly, for 5 (five) years as from the license is first granted except with the approval of Bank Indonesia. (2) The approval of Bank Indonesia as referred to in paragraph (1) is granted for: a. fulfillment of provisions and/or further action to the supervision by Bank Indonesia; and/or

  • 78 - b. capital strengthening to increase provider performance which is not intended as license transfer to obtain certain benefits. Article 137 (1) The party which breaches the provisions as referred to in Article 135 or Article 136 is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors. Part Six Corporate Actions, Change of Ownership, and Change of Control of PJP Article 138 In the event that PJP conducts corporate actions in the form of merger, consolidation, spin-off, and/or acquisition of PJP, the following provisions shall apply: a. PJP in the form of Non-Bank Institution is required to first obtain approval from Bank Indonesia; and b. PJP in the form of Bank is required to submit a report to Bank Indonesia. Article 139 The approval request and report as referred to in Article 138 shall at least contain the following information: a. background of the corporate action; b. party that will conduct the corporate action; c. targeted time of the corporate action;

  • 79 - d. management structure, share ownership structure, and corporate ownership structure after the corporate action; and e. business plan for Payment System service provider after the corporate action. Article 140 (1) In the event of merger, consolidation or spin-off with change of members of board of directors responsible for the operation of Payment System, the proposed changes must be first reported to Bank Indonesia. (2) Based on the result of report as referred to in paragraph (1), Bank Indonesia may request the substitution of prospective members of board of directors. (3) The substitution of prospective members of board of directors as referred to in paragraph (2) shall be conducted in the event that Bank Indonesia assesses that the prospective members of board of directors does not meet the requirements. (4) The assessment by Bank Indonesia as referred to in paragraph (3) may be based on information obtained from the result of administrative examinations and interviews with the candidate prospective members of board of directors. Article 141 (1) For PJP merging with other PJP, the surviving PJP must report in writing to Bank Indonesia in the event it intends to continue its activities as PJP. (2) In the event of PJP acquisition, the PJP license remains inherent in the acquired Bank or Non-Bank Institution. (3) The acquired PJP as referred to in paragraph (2) must report in writing to Bank Indonesia regarding the acquisition. (4) A legal entity resulting from merger, consolidation or spin￾off which has not obtain license as PJP must first obtain

  • 80 - license from Bank Indonesia if it intends to conduct activities as PJP. Article 142 The mechanism, format, and procedure for approval and reporting as referred to in Article 138 shall be further regulated in the Regulation of Member of Board of Governors. Article 143 (1) PJP which breaches the provisions as referred to in Article 138 is subject to the following administrative sanctions in the form of: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP . (2) Further provisions for the procedure of the administrative sanction imposition as referred to in paragraph (1) shall be regulated in the Regulation of Member of Board of Governors. Part Seven Source of Funds and Access to Source of Funds Section 1 Elements of Source of Fund Article 144 Source of Funds must meet the following elements: a. have value in rupiah unit; b. be used for payment purposes and/or fulfillment of economic activities; c. the value of money in the Source of Fund is according to the fund first deposited to the party administering the Source of Fund or in the form of credit facility extended by the party administering the Source of Fund; d. be stored in electronic media or any other media;

  • 81 - e. be able to be used for payment other than to the party administering the Source of Fund or only be able to be used for payment to the party administering the Source of Fund according to the limitation determined by Bank Indonesia; and f. represent the rights of User and/or claims against an issuer except for the Source of Fund according to credit facility. Article 145 Bank Indonesia may determine the elements of Source of Fund by observing the development of business model and the operation of Payment System. Article 146 (1) Source of Funds according to credit facilities shall be based on facilities provided by credit cards. (2) Characteristics, features, and/or business models of access to Source of Funds according to credit facilities as referred to in paragraph (1) include: a. have identification code of credit facility; b. have credit facility ceiling; c. are used in transaction business models involving PJP, users, and/or Goods and/or Service Providers by using certain platform (media or application); d. credit facilities may be used for the purpose of recurring payment provided that it is accordance with the credit facility ceiling specified; and e. repayment of credit facilities is made in full and/or in installments. (3) Bank Indonesia may determine characteristics, features, and/or business models of access to the same Source of Fund as the credit card as referred to in paragraph (2) by observing the development of business model and the operation of Payment System . (4) A legal entity, which offers a product or service in the form of access to Source of Fund according to credit facilities

  • 82 - that does not meet the characteristics as referred to in paragraph (2), may not market the product or service using the terminology of access to Source of Fund in the form of payment instrument. Section 2 Operation of Source of Funds and Access to Source of Funds for Payment Article 147 Access to Source of Fund is a device, medium, and/or a set of procedures, in initiating payment transactions and/or providing access to Source of Funds for payment through certain method or usage of technology in the following forms: a. instruments; b. channels; and/or c. access to other Source of Funds determined by Bank Indonesia. Article 148 (1) The instruments as referred to in Article 147 point a include: a. electronic money; b. transfer order; c. card-based means of payment or any virtual forms with characteristics similar to card-based means of payment ; d. cheque; e. bilyet giro; and f. other fund transfer instruments determined by Bank Indonesia. (2) Bank Indonesia may determine access to Source of Funds in the form of other instruments based on credit transfer and debit transfer mechanisms by considering: a. technology development; and/or b. development of payment transaction business models.

  • 83 - Article 149 The channels as referred to in Article 147 point b include: a. payment channel using quick response code technology under merchant presented mode scheme or any other scheme determined by Bank Indonesia; b. electronic data capture machine; c. automatic teller machine; d. mobile or internet-based online payment channel, including proprietary channel or shared channel by PJP conducting Source of Fund administration activities; and e. payment channel using other particular method or the use of other technologies for debit transfer and credit transfer. Article 150 (1) In the operation of access to Source of Funds, Bank Indonesia may determine: a. obligations and prudential aspect of operation including:

  1. features, facilities, and limitation for the operation of access to Source of Funds;
  2. price scheme for the operation of access to Source of Funds;
  3. standard for the operation of access to Source of Funds;
  4. interest rate, delay penalty, and minimum payment for access to Source of Funds in the form of instruments based on Source of Funds in the form of credit facilities; and/or
  5. obligations and other prudential aspects determined by Bank Indonesia; b. limitation for the operation of access to Source of Funds to meet risk management and consumer protection principle, shall include:
  6. limitation of transaction nominal amount;
  7. limitation of value stored in access to Source of Funds in the form of instrument or data storage service of payment instrument;
  • 84 -
  1. limitation of cash withdrawal; and/or
  2. limitation of the operation of access to other Source of Funds determined by Bank Indonesia. (2) Determination of policy on the operation of access to Source of Funds as referred to in paragraph (1) considers: a. the development of transaction; b. public or industry needs; c. risk management; d. consumer protection; and/or e. encouraging the expansion of acceptance, efficiency, competition, services, and innovation. Article 151 (1) PJP and parties cooperating with PJP is required to comply with the standard for the operation of access to Source of Funds determined by Bank Indonesia, including the national standard for payment interconnection and interoperability. (2) The standard for the operation of access to Source of Funds as referred to in paragraph (1) considers: a. technical specification; b. operational specification; c. security specification; and/or d. other aspects. (3) Bank Indonesia may assign SRO or other institutions determined by Bank Indonesia to prepare, manage, and/or develop the standard as referred to in paragraph (2). (4) To protect public interest, the standard as referred to in paragraph (2) and paragraph (3) shall belong to Bank Indonesia. Article 152 As part of the standard determination as referred to in Article 151 paragraph (1), Bank Indonesia may determine: a. procedures to collect documents; b. parties required to perform transactions processing; c. limit of transaction nominal amount;

  • 85 - d. price scheme for transaction processing; and/or e. other mechanisms and procedures in standard determination. Article 153 PJP conducting the operation of Source of Fund activities in the form of issuance of payment instrument must provide complete and clear information to prospective consumers and consumers in writing in Indonesian language, at least containing the following: a. product and the charged cost; b. characteristics of the issued product; c. procedure and mechanism of use; d. inherent features and facilities; e. risks potentially arising from use of payment instruments; f. mechanism of reporting on lost and request for blocking; g. rights and obligations; h. cost charging mechanism; i. complaint procedure; and j. any other information determined by Bank Indonesia. Article 154 (1) Bank Indonesia may determine certain requirements and/or limits on the use of Source of Funds administered and/or access to Source of Funds issued outside the territory of Republic of Indonesia. (2) The determination of certain requirements and/or limits as referred to in paragraph (1) apply to the use within the territory of Republic of Indonesia including: a. usage of access to Source of Funds; b. cooperation with PJP or PIP; and/or c. scheme or arrangement for payment processing, including price scheme.

  • 86 - Article 155 (1) PJP which breaches the provisions as referred to in Article 151 is subject to the following administrative sanctions in the form of: a. warning; b. temporary, partial, or full suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in the Regulation of Member Board of Governors. Part Eight Access to Source of Fund in the Form of Instrument Section 1 Access to Source of Fund in the Form of Electronic Money Article 156 Electronic money is a payment instrument which meets the following elements: a. issued based on Source of Fund in rupiah value which is first deposited to PJP conducting Source of Fund administration activities; and b. the Source of Fund in rupiah value is stored electronically in a media of server or chip. Article 157 (1) The value of electronic money is the value of money stored electronically in a media of server or chip that can be transferred for the purpose of fund transfer . (2) The value of electronic money as referred to in paragraph (1) managed by PJP conducting Source of Fund administration activities does not constitute as saving as specified in the law on banking.

  • 87 - Article 158 Based on the scope of its operation, electronic money is divided into: a. closed loop; and b. open loop. Article 159 Access to Source of Fund in the form of electronic money may be distinguished based on: a. the storage media of the value of electronic money :

  1. server based; and
  2. chip based; and b. recording of electronic money user’s identity data:
  3. registered; and
  4. unregistered. Article 160 (1) The limit of the value of electronic money e which may be stored in electronic money is determined as follows: a. for unregistered electronic money, the maximum amount is Rp2,000,000.00 (two million rupiah); and b. for registered electronic money, the maximum amount is Rp10,000,000.00 (ten million rupiah). (2) The limit of the transaction value by electronic money in 1 (one) month is Rp20,000,000.00 (twenty million rupiah) at the maximum. (3) The limit of the transaction value of electronic money as referred to in paragraph (2) is calculated from incoming transactions. (4) The limit of the value of electronic money as referred to in paragraph (1) which may be stored and the limit of transaction value of electronic money as referred to in paragraph (2) does not apply to the account which records

  • 88 - the value of electronic money from the Goods and/or Service Providers. (5) Bank Indonesia may adjust the limit of the value of electronic money which may be stored as referred to in paragraph (1) and the limit of transaction value of electronic money as referred to in paragraph (2) by considering: a. development of payment transactions including incoming ones; b. public or industry needs; and/or c. other aspects in encouraging expansion of service acceptance and innovation. (6) Provisions regarding changes to the limit of the value of electronic money which may be stored and the limit of transaction value of electronic money as referred to in paragraph (5) shall be regulated in the Regulation of Member of Board of Governors. Article 161 (1) PJP conducting Source of Fund administration activities in the form of electronic money issuance may determine the validity period of electronic money media. (2) The determination of validity period of electronic money media as referred to in paragraph (1) may be determined by considering: a. technical lifetime of the used electronic money media; and b. other aspects. (3) The expiration of validity period of the electronic money media as referred to in paragraph (1) does not omit and/or eliminate the electronic money value that has not been used. (4) PJP conducting Source of Fund administration activities in the form of issuance of electronic money must inform electronic money users regarding the expiration of validity period of electronic money media and submit the

  • 89 - mechanism to settle the value of electronic money that has not been used. Article 162 (1) For the party conducting the operation of Source of Fund administration activities in the form of closed loop electronic money issuance in an amount of floating fund of less than Rp1,000,000,000.00 (one billion rupiah) is exempted from the obligation to obtain a license as PJP as referred to in Article 11. (2) In the event that there is a party operates more than 1 (one) closed loop electronic money, the amount of floating fund as referred to in paragraph (1) is calculated from all closed loop electronic money operated by that party. (3) In the event that a Non-Bank Institution has conducted the operation of Source of Fund administration activities as referred to in paragraph (1) applies for a license to Bank Indonesia, then during the licensing process, the Non￾Bank Institution may remain allowed to conduct its activities by limiting the floating fund amount and/or the number of electronic money users. (4) The party operating closed loop electronic money as referred to in paragraph (1) must observe at least: a. the implementation of risk management ; and b. consumer protection. (5) Bank Indonesia has the authority to conduct inspection and/or request reports, documents, data, information, details, and/or explanation from parties operating Source of Funds administration activities in the form of issuance of closed loop electronic money with the floating fund as referred to in paragraph (1). (6) Bank Indonesia may adjust the limit of floating fund of closed loop electronic money which is exempted from the obligation to obtain a license as referred to in paragraph (1) by considering: a. the development of incoming payment transactions; b. public or industry needs; and/or

  • 90 - c. other aspects in encouraging expansion of service acceptance and innovation. (7) Provisions for the change on the limit of the amount of floating fund in closed loop electronic money which is exempted from the obligation to obtain a license as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors. Article 163 (1) In the licensing process, prospective PJP is prohibited from conducting PJP activities, except for testing the readiness of the operation of PJP activity, under the following conditions: a. the testing is conducted on electronic money users in a limited area coverage within a certain period of time based on the approval from Bank Indonesia; and b. PJP submits the following reports to Bank Indonesia regarding the plan for testing implementation and termination :

  1. the report on testing implementation plan shall be submitted to Bank Indonesia not later than 30 (thirty) calendar days prior to the testing implementation; and
  2. the report on testing termination and testing implementation result shall be submitted to Bank Indonesia not later than 10 (ten) calendar days after the testing termination date. (2) The submission of report on testing implementation as referred to in paragraph (1) point b point 1 must at least contain: a. testing procedure or mechanism, including information on the number of electronic money users, area coverage, and time period; b. implementation of risk management; and c. implementation of consumer protection.
  • 91 - Article 164 (1) Floating fund is the entire value of electronic money at PJP conducting Source of Fund administration activities in the form of electronic money issuance resulting from electronic money issuance and/or top up which is become the PJP obligation to electronic money users and Goods and/or Services Providers. (2) Floating fund is not an asset or possession of PJP conducting Source of Fund administration activities in the form of electronic money issuance. Instead, it is the asset or possession of electronic money users under the JPJP’s control and management as deposit fund. (3) In the event that PJP conducting Source of Fund administration activities in the form of electronic money issuance is declared bankrupt, the floating fund as referred to in paragraph (1) will not be part of liquidation estate or bankruptcy estate. Article 165 (1) PJP conducting Source of Fund administration activities in the form of electronic money issuance must record floating funds as immediate liabilities or miscellaneous liabilities account. (2) PJP conducting Source of Fund administration activities in the form of electronic money issuance must place floating fund under the following conditions: a. at least 30% (thirty percent) of the floating fund in:
  1. cash, for PJP which conducts Source of Fund administration activities in the form of electronic money issuance that is a Bank that falls in category of the commercial bank based on business activity (BUKU) 4; or
  2. current account at Bank that falls in category of commercial bank based on business activity (BUKU) 4 for: a) PJP which conducts Source of Fund administration activities in the form of
  • 92 - electronic money issuance that is a Bank that does not fall in category of commercial bank based on business activity (BUKU) 4; and b) PJP which conducts Source of Fund administration activities in the form of electronic money issuance that is a Non￾Bank Institution; and b. a maximum of 70% (seventy percent) of the floating fund in:
  1. securities or liquid financial instruments issued by the Government of the Republic of Indonesia or Bank Indonesia; or
  2. an account at Bank Indonesia. (3) PJP conducting Source of Fund administration activities in the form of electronic money issuance must guarantee the security of placed and/or administered floating fund from liquidity risk, credit risk, legal risk, market risk, and operational risk. (4) With due regard to the provisions as referred to in paragraph (2), the percentage of floating fund placement must be adjusted to the monthly average of liquidity needs to meet obligations to electronic money users and Goods and/or Services Providers within the last 12 (twelve) months and is monitored on a daily basis. (5) The recording of floating fund as referred to in paragraph (2) is conducted as follows: a. the recording of floating fund of registered electronic money must be equipped with nominative list which at least includes names of electronic money users, electronic money numbers, and the value of electronic money; and b. the recording of floating fund of unregistered electronic money must be equipped with electronic money numbers and value of electronic money.

  • 93 - (6) Bank Indonesia may determine the change of composition of management and placement as referred to in paragraph (2), as well as the mechanism to record the floating fund as referred to in paragraph (5) by considering: a. the development of payment transaction; b. Maintaining industrial growth; c. national efficiency; d. public interest; and/or e. other aspects in encouraging expansion of service acceptance and innovation. (7) Provisions for the change of composition of management and placement as well as the mechanism to record floating fund as referred to in paragraph (6) shall be regulated in Regulation of Member of Board of Governors. Article 166 (1) Floating fund may only be used to fulfill the obligations of PJP conducting Source of Fund administration activities in the form of electronic money issuance to electronic money users and Goods and/or Services Providers and it is prohibited from being used for any other purposes. (2) To fulfill the obligations to electronic money users and Goods and/or Services Providers as referred to in paragraph (1), PJP conducting Source of Fund administration activities in the form of electronic money issuance must: a. have system and mechanism to record floating fund; b. have system and mechanism to record floating fund availability; c. ensure fulfillment of obligations in timely manner; d. record floating fund separately from recording other liabilities of PJP conducting Source of Fund administration activities in the form of electronic money issuance; and e. place floating fund in separated account from operational account of PJP conducting Source of Fund

  • 94 - administration activities in the form of electronic money issuance. Article 167 (1) The features of electronic money, which may be provided by PJP conducting Source of Fund administration activities in the form of electronic money issuance, consist of: a. top up; b. payment transaction for shopping; and/or c. bill payment. (2) In addition to the features as referred to in paragraph (1), PJP conducting Source of Fund administration activities in the form of electronic money issuance may provide the following features: a. fund transfer and cash withdrawal for open loop and registered electronic money; and/or b. other features based on the approval of Bank Indonesia. (3) The feature of fund transfer as referred to in paragraph (2) point a includes: a. transfer between electronic money users consisting of:

  1. between registered electronic money; and/or
  2. from registered electronic money to unregistered electronic money which is treated as a top up; b. transfer from an electronic money user to a saving account; and c. transfer from an account to an electronic money user which is treated as a top up. (4) In the event that registered electronic money is accompanied by feature of fund transfer, the transaction of fund transfer through registered electronic money must be processed online and real-time. (5) PJP conducting Source of Fund administration activities in the form of electronic money issuance with the feature of fund transfer must provide cash withdrawal facility, except it is carried out to implement the program of the Government of the Republic of Indonesia.
  • 95 - (6) In providing cash withdrawal feature, PJP conducting Source of Fund administration activities in the form of electronic money issuance may cooperate with cash withdrawal venues. (7) The cash withdrawal feature as referred to in paragraph (2) point a may apply to part of or all electronic money value. Article 168 (1) PJP conducting Source of Fund administration activities in the form of electronic money issuance is prohibited from issuing electronic money with the value higher or lower than the money deposited to PJP conducting Source of Fund administration activities in the form of electronic money issuance. (2) The value of money deposited in electronic money must be able to be used and transacted in its entirety until it has zero balance. (3) PJP conducting Source of Fund administration activities in the form of electronic money issuance is prohibited from: a. determining the minimum value of electronic money as:
  1. the requirement for the use of electronic money; and/or
  2. the requirement for ending the use of electronic money (redeem); b. unilaterally withholding or blocking the value of electronic money; c. charging for redemption fee of electronic money usage; and/or d. omit, change, or eliminate the value of electronic money except when an electronic money user end the use of electronic money according to the mechanism agreed with the user. (4) Topping up the value of electronic money must use a Source of Fund based on the fund deposited in advance and not based on a credit facility.

  • 96 - Article 169 (1) In addition to implementing the information system security standard as referred to in Article 45 point a point 3, PJP conducting Source of Fund administration activities in the form of electronic money issuance is required to increase the transaction security standard for electronic money with value limit above Rp2,000,000.00 (two million rupiah). (2) The increase of transaction security standard for electronic money as referred to in paragraph (1) is applied through at least two-factor authentication or any other security standard determined by Bank Indonesia. (3) Bank Indonesia may determine the change of value limit of electronic money as referred to in paragraph (1) by considering: a. the development of incoming payment transactions; b. public or industry needs; and/or c. other aspects in encouraging expansion of service acceptance and innovation. (4) Provisions regarding the change of value limit of electronic money as referred to in paragraph (3) shall be regulated in Regulation of Member of Board of Governors. Article 170 (1) In the operation of electronic money, PJP conducting Source of Fund administration activities in the form of electronic money issuance may charge the following fees: a. purchasing fee of electronic money instrument media for the first use or replacement of damaged or lost electronic money instrument media; b. top up fee; c. cash withdrawal fee made through another party or another party’s channel (off us); d. transaction fee for fund transfer between users on electronic money instrument from PJP conducting Source of Fund administration activities in the form of issuance of different electronic money; and/or

  • 97 - e. other fees determined by Bank Indonesia. (2) The fees charged by PJP conducting Source of Fund administration activities as referred to in paragraph (1) may not be in contravention with the policy of Bank Indonesia on price scheme as referred to in Article 54. Article 171 (1) PJP is prohibited from cooperating with other parties to exclusively provide public services. (2) The cooperation is regarded as exclusive if it meets the following elements such as: a. the cooperation is conducted only between a public service provider and 1 (one) or several PJP or PIP thus preventing other PJPs or PIPs from entering; and b. public service payment activity depends on certain electronic money product. Article 172 (1) PJP conducting Source of Fund administration activities in the form of electronic money issuance that will become LKD Provider must first obtain the approval of Bank Indonesia. (2) The operation of LKD is provided by PJP conducting Source of Fund administration activities in the form of electronic money issuance through cooperation with a LKD agent in the form of Indonesian legal entity and/or individual. (3) PJP with Source of Fund administration activities providing LKD must ensure due diligence on LKD agents. Article 173 LKD Provider may cooperate with LKD agent by at least observing the following aspects: a. risk management; b. assets and capital; c. fulfillment of anti-money laundering and countering the financing of terrorism principle; d. sufficient information system; and

  • 98 - e. reliable agent complaint monitoring submission system. Article 174 In LKD operation, LKD agent must support interconnection and interoperability of payment transaction services between LKD providers to increase efficiency and convenience of User. Article 175 PJP providing LKD may use service from third party in the form of an Indonesian legal entity to: a. search and educate LKD agents; b. conduct due diligence to LKD agents; c. facilitate branding of LKD agents; d. manage liquidity of LKD agents; e. monitor and supervise LKD agents; and/or f. other purposes to facilitate LKD agents, with the responsibility remains at PJP. Article 176 (1) Electronic money issued outside the territory of Republic of Indonesia may only be transacted within the territory of Republic of Indonesia by using payment channels connected with the national payment gateway or interconnection and interoperability mechanism determined by Bank Indonesia. (2) Each party conducting the transaction as referred to in paragraph (1) must cooperate with PJP in the form of Bank that falls in category of commercial bank based on business activity (BUKU) 4 and is connected with the national payment gateway or interconnection and interoperability mechanism determined by Bank Indonesia. (3) In the event that there is the change to category of commercial bank category based on business activity (BUKU) 4 as referred to in paragraph (2), determination of the bank cooperating with the foreign electronic money

  • 99 - issuer must observe the category equivalent to that established by the authority in financial service sector. (4) Bank Indonesia may adjust the policy on interconnection of electronic money issued outside the territory of Republic of Indonesia with payment channels, including PJP involved in the cooperation. Article 177 For consumer protection, PJP which conducts Source of Fund administration activities in the form of electronic money issuance is required to: a. limit the request and use of data and/or information on electronic money users to the extent that is necessary to operate electronic money; b. widely provide the facility and/or infrastructure for top up to fulfill the needs of electronic money users; and c. have a mechanism to compensate financial losses of electronic money users provided that such losses are not attributable to the error or negligence of electronic money users. Article 178 (1) The operation of electronic money by sharia commercial banks, sharia business units, or Non-Bank Institutions conducting business activities under sharia principle shall be conducted under the provisions hereunder, to the extent they are not in contravention of sharia principle. (2) For PJP in the form of sharia commercial banks, sharia business units, or Non-Bank Institutions conducting business activities under sharia principle and Source of Fund administration activities in the form of electronic money issuance as referred to in paragraph (1), the placement of floating fund as referred to in Article 166 paragraph (2) is conducted in the current account of:

  • 100 - a. sharia business unit of a commercial bank that falls in category of commercial bank based on business activity (BUKU) 4; or b. sharia commercial bank having ownership relationship with a commercial bank that falls in category of commercial bank based on business activity (BUKU) 4. (3) In the event that there is a change of the commercial bank category based on business activity (BUKU) as referred to in paragraph (2), the determination of bank for placement of floating fund must observe the category equivalent to that determined by the authority in financial service sector. (4) Bank Indonesia may adjust the policy on the placement of floating fund for PJP in the form of sharia commercial banks, sharia business units, or Non-Bank Institutions conducting business activities under sharia principle and Source of Fund administration activities in the form of electronic money issuance. Article 179 (1) PJP which breaches the provisions as referred to in Article 163 paragraph (1), Article 165 paragraph (1), paragraph (2), paragraph (4), Article 166, Article 168 paragraph (1), paragraph (3), paragraph (4), Article 169 paragraph (1), Article 171 paragraph (1), Article 172 paragraph (1), paragraph (3), Article 176 paragraph (2), or Article 177 is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors.

  • 101 - Section 2 Access to Source of Fund in the Form of Fund Transfer Order Article 180 The execution of fund transfer order in the operation of fund transfer is conducted in accordance with the provisions of laws and regulations on fund transfers. Section 3 Access to Source of Fund in the Form of Card-Based Means of Payment Article 181 Card-based means of payment is a means of payment in the form of credit cards, automatic teller machine cards, and/or debit cards, in physical form or any other forms with characteristics, features, and/or business models similar to credit cards, automatic teller machine cards, and/or debit cards. Article 182 Credit card is a card-based means of payment which may be used to pay liabilities arising from an economic activity, including payment transactions and/or cash withdrawals where the payment liability of a card-based means of payment user is paid first by PJP conducting payment initiation and/or acquiring services or PJP conducting Source of Fund administration activities, and the card-based means of payment user must make payment in the agreed time in full or in installments. Article 183 Automatic teller machine card is a card-based means of payment which may be used for cash withdrawals and/or fund transfers where the liability of a card-based payment instrument user is paid outright by directly deducting the user’s

  • 102 - savings at a Bank or Non-Bank Institution authorized to collect funds in accordance with the laws and regulations. Article 184 Debit card is a card-based means of payment instrument which may be used to pay liabilities arising from an economic activity, including shopping transactions, where the liability of a card￾based means of payment user is paid outright by directly deducting the user’s savings at a Bank or Non-Bank Institution authorized to collect funds in accordance with the laws and regulations. Article 185 PJP conducting Source of Fund administration activities and payment initiation and/or acquiring services related to transaction processing of card-based means of payment is required to use the standard determined by Bank Indonesia as the national standard for card-based means of payment. Article 186 (1) PJP conducting Source of Fund administration activities in the form of credit card issuance is required to apply credit risk management by observing at least: a. minimum age limit of prospective credit card users; b. minimum income limit of prospective credit card users; c. maximum credit ceiling limit extended to credit card users; d. maximum number limit of PJP which conducts Source of Fund administration activities in the form of credit card issuance; and e. minimum payment limit by credit card users. (2) To implement the credit risk management as referred to in paragraph (1), PJP conducting Source of Fund administration activities in the form of credit card issuance is required to update data of credit card users.

  • 103 - (3) In the event that a credit card user has monthly income higher than the minimum income limit as referred to in paragraph (1) point b, PJP conducting Source of Fund administration activities in the form of credit card issuance may provide credit ceiling and number of credit cards according to risk analysis. (4) The provisions as referred to in paragraph (1) shall apply mutatis mutandis to credit card issuance which is guaranteed: a. by another party, including company or corporation using credit cards; and/or b. by deposits of credit card users at PJP which conducts Source of Fund administration activities in the form of credit card issuance. (5) Technical and micro provisions for minimum age related to the minimum age limit of prospective credit card users, minimum income limit of prospective credit card users, maximum credit ceiling limit, maximum number limit of PJP which conducts Source of Fund administration activities in the form of credit card issuance, and minimum payment limit by credit card users as referred to in paragraph (1) may be regulated by SRO under the approval of Bank Indonesia. Article 187 (1) PJP conducting Source of Fund administration activities in the form of credit card issuance is required to increase the security standard for transactions with certain criteria. (2) The increase of security standard for credit card transactions as referred to in paragraph (1) is applied through provision of transaction alerts to credit card users through the media approved by credit card users and/or other security standards. (3) Technical and micro provisions related to transactions with certain criteria as referred to in paragraph (1) and the security standard for credit card transactions as referred

  • 104 - to in paragraph (2) may be regulated by SRO under the approval of Bank Indonesia. Article 188 (1) PJP conducting Source of Fund administration activities in the form of credit card issuance is required to provide information in writing to credit card users at least including: a. procedure and mechanism of use; b. important matters to be observed by credit card users in credit card use as well as consequences or risks potentially arising from credit card use; c. rights and obligations of credit card users; d. mechanism to file a complaint about the provided credit card and time estimate to handle the complaint; e. pattern, mechanism and components made as the basis for calculation of interest, fee, and penalty; f. type of fee and penalty imposed; g. procedure and mechanism to terminate and/or close a credit card; and h. summary performance based on request and/or with the approval of a credit card user. (2) In the event that there is a change in information as referred to in paragraph (1), PJP conducting Source of Fund administration activities in the form of credit card issuance is required to submit the change of information in writing to a credit card user. Article 189 (1) PJP conducting Source of Fund administration activities in the form of credit card issuance is required to submit billing information to credit card users correctly, accurately, and timely manner. (2) PJP conducting Source of Fund administration activities in the form of credit card issuance is required to inform payment leeway if the payment due date falls on a holiday.

  • 105 - (3) PJP conducting Source of Fund administration activities in the form of credit card issuance is prohibited from imposing penalty on credit card users who make bill payment during the payment leeway. Article 190 (1) PJP conducting Source of Fund administration activities in the form of credit card issuance is required to prepare and implement a credit policy. (2) The credit policy as referred to in paragraph (1) shall at least contain: a. the prudential principle in credit card issuance; b. organization and management of credit card issuance; c. policy on credit card approval; d. documentation and administration of credit cards; e. credit card supervision; and f. settlement of non-performing credit cards. (3) The assessment of credit quality by PJP conducting Source of Fund administration activities in the form of credit card issuance is carried out by referring to the regulation of the authority in financial service sector. (4) The calculation of interest arising from credit card transactions is required to be conducted by at least observing: a. for shopping transactions, interest is charged if the credit card user does not make payment, not make full payment, or makes full payment after the due date; b. for cash withdrawal transactions, interest is charged if the credit card user does not make payment, not make full payment, or makes full payment either before or after the due date; c. the calculation of days of interest upon credit card debt is based on and started from the posting date;

  • 106 - d. fee and penalty, as well as outstanding interest shall not be used as components of interest calculation; and e. The determination of daily interest is based on the calculation of number of calendar days in a year and it is set for 365 (three hundred sixty-five) days. Article 191 (1) In billing credit cards, PJP conducting Source of Fund administration activities with credit card issuance is required to comply with debt collection ethics, including but not limited to: a. guarantee that debt collection by PJP itself or debt collectors services is conducted under the provisions of Bank Indonesia and the laws and regulations; and b. if debt collection is conducted by debt collectors services as referred to in point a, PJP is required to guarantee that:

  1. credit card debt collection is only for debt with doubtful credit quality or bad credit; and
  2. collection quality must be the same as the quality of collection when conducted by PJP itself. (2) Technical and micro provisions related to the principal of debt collection ethic may be specified by SRO with the approval of Bank Indonesia. Article 192 (1) PJP conducting Source of Fund administration activities in the form of automatic teller machine cards and/or debit cards is required to apply risk management by observing at least the following: a. financial readiness to meet payment liabilities potentially arising from automatic teller machine card and/or debit card crimes. b. maximum limit transaction amount; and c. maximum limit cash withdrawal amount.

  • 107 - (2) The maximum transaction amount and maximum cash withdrawal amount as referred to in paragraph (1) shall not be in contravention of the policy of Bank Indonesia. Article 193 PJP conducting Source of Fund administration activities by issuing automatic teller machine cards and/or debit cards is required to provide at least the following information in writing to users of automatic teller machine cards and/or debit cards: a. procedure and mechanism of use of automatic teller machine cards and/or debit cards, facilities in the automatic teller machine cards and/or debit cards, and risks potentially arising from the use of automatic teller machine cards and/or debit cards; b. rights and obligations of users of automatic teller machine cards and/or debit cards; and c. mechanism to file complaints of problem related to the use of automatic teller machine cards and/or debit cards and the time required to handle the complaint. Article 194 (1) PJP which breaches the provisions of Article 185 paragraph (1), Article 186 paragraph (1), paragraph (2), Article 187 paragraph (1), Article 188, Article 189, Article 190 paragraph (1), paragraph (4), Article 191 paragraph (1), Article 192 paragraph (1), or Article 193, is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors.

  • 108 - Section 4 Access to Source of Fund in the Form of Checks Article 195 The implementation of instrument in the form of check as referred to in Article 148 paragraph (1) point d is administered under the laws and regulations. Section 5 Access to Source of Fund in the Form of Bilyet Giro Article 196 The implementation of instrument in the form of bilyet giro as referred to in Article 148 paragraph (1) point e is administered under Bank Indonesia Regulation on bilyet giro. Part Nine Access to Source of Fund in the Form of Fund Transfer Channel Article 197 Provision of access to Source of Fund in the form of channel must observe fulfillment of the following aspects: a. risk management; b. security standard; c. consumer protection; d. anti-money laundering and countering the financing of terrorism; and e. compliance with the laws and regulations. Part Ten Data Storage Service on Access to Source of Fund in the form of Payment Instruments Article 198 (1) The party operating payment initiation and/or acquiring services in the form of data storage on payment

  • 109 - instruments that provides a platform to facilitate User in storing data on payment instruments with active users has reached or is planned to reach minimum of 300,000 (three hundred thousand) users, is required to obtain a license as PJP. (2) Bank Indonesia has the authority to conduct an audit and/or request reports, documents, data, information, details, and/or explanation to any party operating payment initiation and/or acquiring services in the form of data storage on payment instruments providing a platform to facilitate User in storing data on payment instruments for active users that have not reached or have not been planned to reach active users number as referred to in paragraph (1). (3) Bank Indonesia may adjust the limit of number of active users exempted from the mandatory license as PJP as referred to in paragraph (1) by considering: a. transaction development; b. public or industry needs; c. risk management; d. consumer protection; and/or e. encourage expansion of acceptance, efficiency, competition, services, and innovation. (4) Provisions for the adjustment to the limit of number of active users as referred to in paragraph (3) shall be regulated in Regulation of Member of Board of Governors. Article 199 (1) In the event that a request is made to refund after cancellation of payment transaction using any of the stored instrument, the PJP conducting payment initiation and/or acquiring services activities in the form of storage of data on payment instruments is required to immediately make the refund to the data storage service user. (2) PJP conducting payment initiation and/or acquiring services activities in the form of storage of data on payment

  • 110 - instruments is required to have a procedure to ensure realization of the refund as referred to in paragraph (1). (3) The refund as referred to in paragraph (1) is required to be immediately returned to the original Source of Fund used to make the relevant payment transaction. Article 200 (1) PJP which breaches the provisions as referred to in Article 198 paragraph (1) or Article 199 is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors. Part Eleven Policy on Value which May be equated to Money Article 201 PJP is prohibited from having and/or managing the value which may be equated to the value of money or value other than rupiah which may be widely used for the payment purpose. Article 202 PJP is prohibited from: a. accepting any virtual currency used as a Source of Fund in payment transaction processing; b. processing any payment transaction by using virtual currency as a Source of Fund; and/or c. connecting any virtual currency to payment transaction processing.

  • 111 - Article 203 PJP is prohibited from facilitating trade of virtual currency as a commodity except that is regulated in accordance with the provisions of laws and regulations. Article 204 (1) The value which may be equated to money that does not meet the Source of Fund elements as referred to in Article 144 includes: a. value represented digitally or in any other media; and b. digital money issued by any party other than the monetary authority (virtual currency) having the following characteristics:

  1. it is stated in a unit;
  2. it uses cryptography and distributed ledger or any other latest technology to arrange new unit creation and transaction processing mechanism;
  3. it is used for payment purposes or fulfillment of economic activities;
  4. it may be transferred, stored, or traded electronically; and
  5. it meets any other characteristics determined by Bank Indonesia. (2) The value represented digitally or in any other media as referred to in paragraph (1) point a must have the following limits: a. it may not be claimed to the issuer; b. it may not be transferred or sold to be exchanged to rupiah; c. it may only be used in the issuer or certain Goods and/or Services Providers appointed by the issuer; d. it has validity; e. it is guaranteed with sufficient fund according to the value that can be used by customers; and f. any other limits determined by Bank Indonesia. (3) Bank Indonesia may conduct inspection and/or request reports, documents, data, information, details, and/or

  • 112 - explanation to the issuer whose value may be equated to the money used for payment purposes and/or fulfillment of economic activities. Article 205 (1) PJP which breaches the provisions as referred to in Article 201, Article 202, or Article 203 is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of termination of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors. Part Twelve Operation of Integrated Payment Interface Article 206 Bank Indonesia may operate integrated payment interface infrastructure that connects access to Source of Funds with PJP to forward the process of payment initiation and/or authorization of payment transactions. Article 207 (1) In the operation of integrated payment interface as referred to in Article 206, Bank Indonesia has the authority to determine, including but not limited to, the following: a. price and cost scheme; b. parties connecting with the integrated payment interface; c. access to Source of Fund to be processed through integrated payment interface;

  • 113 - d. interconnectedness with Payment System infrastructure and data infrastructure determined by Bank Indonesia; e. features and service types of integrated payment interface, such as a function to facilitate payment processing and collection of data and/or information; and/or f. other aspects related to access, standard, security, branding, implementation, and termination of interconnectedness with integrated payment interface. (2) Further provisions on the operation of integrated payment interface as referred to in paragraph (1) shall be regulated in Regulation of Member of Board of Governors. Article 208 (1) In the operation of integrated payment interface, the party connected with the integrated payment interface as referred to in Article 207 paragraph (1) point b is required to: a. meet the obligation to operate and collect data and/or information in the operation of integrated payment interface; and b. comply with other obligations determined by Bank Indonesia in the operation of integrated payment interface. (2) PJP which breaches the provisions as referred to in paragraph (1) is subject to the following administrative sanctions: a. warning; and/or b. temporary, partial, or entire suspension of termination of activities, including cooperation implementation. (3) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (2) shall be regulated in Regulation of Member of Board of Governors.

  • 114 - CHAPTER IV INNOVATIONS IN PAYMENT SYSTEM TECHNOLOGY Part One Scope of Innovations in Payment System Technology Article 209 Bank Indonesia provides testing environment for development of innovations in Payment System technology to support development of digital economy and finance. Article 210 Innovations in Payment System technology include: a. product; b. activity; c. service; and d. business model, using innovative technology in digital economy and finance ecosystem which may support Payment System operation. Article 211 Innovative technology means technology used in the digital economy and finance ecosystem which may support Payment System operation, including but not limited to: a. use of un-tested technology; b. use of technology with limited use; c. use of non-standardized technology; and/or d. use of new technology, which may impact financial system and Payment System. Article 212 Provision of testing environment aims to: a. promote technology innovations; and b. monitor and detect opportunities and risks of innovations in technology against development of digital economy and finance ecosystem as well as Payment System operation.

  • 115 - Article 213 The testing of development of innovation in Payment System technology as referred to in Article 210 is conducted by Bank Indonesia through the following testing: a. development of innovations which have been unused or used in the Payment System industry in a limited manner (innovation lab); b. innovations in policies or provisions for Payment System (regulatory sandbox); and c. innovations which have been used in the Payment System industry and must be promoted for wider use (industrial sandbox). Part Two Request for Testing of Development of Innovation in Payment System Technology Article 214 The testing for development of innovation in Payment System technology may come from: a. requests submitted by:

  1. PJP; or
  2. any other parties determined by Bank Indonesia; or b. initiative of Bank Indonesia. Article 215 (1) PJP or other parties determined by Bank Indonesia which requests for testing of development of innovation in Payment System technology must submit a written request in Indonesian to Bank Indonesia. (2) The request as referred to in paragraph (1) is accompanied by supporting documents.

  • 116 - Article 216 (1) The supporting documents as referred to in Article 215 paragraph (2) includes: a. profile of prospective participant, including information of entity; b. contact person; and c. data and information. (2) The data and information as referred to in paragraph (1) point c consist of: a. features of the product, activity, service, and business model to be tested; b. elements of innovation in the product, activity, service, and business model to be tested; c. benefits for consumers and/or economy; d. risk management, information security, consumer protection, anti-money laundering and countering the financing of terrorism, as well as infrastructure and operational readiness; e. proposed scenario for testing of development of innovation in Payment System technology; f. the testing scope includes the limit of number of users or merchants, limit of transaction nominal amount, limit of regional nominal amount, and other limits; and/or g. implementation period of testing of development of innovation in Payment System technology. (3) For application of testing for industrial sandbox, in addition to the supporting documents as referred to in paragraph (2), it also includes information on list of parties participating in the testing and profile of all prospective participant. (4) If required, Bank Indonesia may request additional supporting documents for the application of testing of development of innovation in Payment System technology as referred to in paragraph (1) and paragraph (2).

  • 117 - Article 217 (1) The application and supporting documents as referred to in Article 215 are submitted to Bank Indonesia through the license application of Bank Indonesia. (2) In the event that the application as referred to in paragraph (1) may not be implemented or experiences disruption, the application and supporting documents shall be submitted directly in accordance with the mechanism determined by Bank Indonesia. Part Three The Testing Environment for Development of Innovation in Payment System Technology Article 218 (1) Bank Indonesia may determine: a. the product, activity, service, technology, and business model related to Payment System operation to be facilitated through the testing environment for development of innovation in Payment System technology; and b. participants of testing environment for development of innovation in Payment System technology. (2) The determination as referred to in paragraph (1) is submitted by Bank Indonesia to participants of testing environment for development of innovation in Payment System technology in writing or any other media determined by Bank Indonesia. Article 219 The implementation of testing environment for development of innovation in Payment System technology is conducted by applying the following principles: a. criteria-based process; b. transparency; c. proportionality; d. fairness;

  • 118 - e. equal treatment; and f. forward looking. Article 220 In the implementation of the testing for development of innovation in Payment System technology, Bank Indonesia may involve SRO and/or another party. Article 221 (1) The period of testing environment for development of innovation in Payment System technology is determined maximum 6 (six) months at the maximum as from the date of the determination of participant in the testing environment for development of innovation in Payment System technology. (2) If required, the period as referred to in paragraph (1) may be extended once for 6 (six) months at the maximum. (3) The period extension as referred to in paragraph (2) is requested in writing by a participant of testing environment for development of innovation in Payment System technology to Bank Indonesia within not later than 1 (one) month prior to the end of the testing period as referred to in paragraph (1), with the reasons and required extension period. (4) Bank Indonesia replies to the request submitted prior to the end of the period as referred to in paragraph (1). Article 222 (1) During the process of testing for development of innovation in Payment System technology, Bank Indonesia may determine a certain policy on the testing participants, including but not limited to: a. certain limits, including limit of area, number of users and/or certain period; and/or b. ease to operate development of innovation in Payment System technology during the testing process.

  • 119 - (2) The determination of certain policy as referred to in paragraph (1) is based on the following considerations: a. characteristics of the product, activity, service, and business model to be tested; b. development of innovation in Payment System technology; and/or c. development of digital economy and finance ecosystem which may support Payment System operation. Part Four Coordination in Implementation of Testing for Development of Innovation in Payment System Technology Article 223 (1) Bank Indonesia may coordinate with another authority within and/or outside the country in implementation of testing for development of innovation in Payment System technology. (2) The coordination as referred to in paragraph (1) is conducted to: a. synchronize the implementation of innovation in Payment System technology which has intersecting functions or powers among authorities; b. identify and response to issues related to matters that have not been regulated by each authority in implementation of innovation in Payment System technology; c. to develop and integrate the digital economy and finance; and/or d. others related to implementation of testing for development of innovation in Payment System technology considered necessary by Bank Indonesia and other authorities. (3) The synchronization in implementing innovation in Payment System technology that has intersecting

  • 120 - functions or powers among authorities as referred to in paragraph (2) point a is conducted by considering: a. testing implementation against each scenario for testing of products, activities, services, technology, and business model related to functions or powers of the relevant authorities; and/or b. other considerations related to the alignment of innovation in Payment System technology. Part Five Result of Testing for Development of Innovation in Payment System Technology Article 224 (1) Bank Indonesia determines the result status of testing for development of innovation in Payment System technology based on the assessment result of all activities during the testing. (2) The assessment as referred to in paragraph (1) is conducted by considering: a. suitability with the proposed testing scenario; b. correlation with Payment System; c. features and risk level; d. system readiness and reliability; e. implementation of consumer protection, risk management, and prudential principle; f. compliance with the laws and regulations. (3) Based on the assessment result as referred to in paragraph (2), Bank Indonesia determines the following result status of testing for development of innovation in Payment System technology: a. successful; or b. unsuccessful. (4) Bank Indonesia submits the result status of testing for development of innovation in Payment System technology to applicants in writing or any other media determined by Bank Indonesia.

  • 121 - (5) In the event that the testing is declared successful as referred to in paragraph (3) point a as well as the product, activity, service, and business model are included in Payment System operation category, the participant is prohibited from marketing the tested product, activity, service, and business model prior to obtaining the license and/or approval under the provisions of Bank Indonesia for Payment System. (6) In the event that the testing is declared unsuccessful as referred to in paragraph (3) point b and the product, activity, service, and business model are included in Payment System operation category, the participant is prohibited from marketing the product and/or service and from using the tested technology and/or business model. (7) PJP which breaches the provisions as referred to in paragraph (6) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension termination of activities, including cooperation implementation; and/or c. revocation of license as PJP. (8) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (7) shall be regulated in Regulation of Member of Board of Governors. Article 225 The evaluation result of testing for development of innovation in Payment System technology may serve as the consideration of Bank Indonesia in formulation of regulations, supervision, and development of products, activities, services, and business models in digital economy and finance development. Article 226 Bank Indonesia may publish on its web page the testing for development of innovation in Payment System technology to be

  • 122 - conducted and the result of the testing for development of innovation in Payment System technology. CHAPTER V PAYMENT SYSTEM SUPERVISION Part One Supervision Approach Article 227 Bank Indonesia supervises Payment System operation by using risk-based and/or compliance-based supervision approach. Part Two Supervision Purpose Article 228 Supervision of Payment System operation aims to ensure achievement of the Payment System operation objectives while keep encouraging industry innovations in Payment System as well as observing international standards and practices. Part Three Supervision Object Article 229 (1) The supervision object of Payment System operation is PJP. (2) In conducting the supervision of PJP as referred to in paragraph (1), Bank Indonesia may supervise the party cooperating with PJP. (3) The party cooperating with PJP as referred to in paragraph (2) is Supporting Provider or other parties in cooperation with PJP in facilitating payment transactions.

  • 123 - Part Four Supervision Mechanism Article 230 (1) The supervision of Payment System operation is conducted through: a. off-site supervision; and b. on-site supervision. (2) Bank Indonesia may assign another party for and on behalf of Bank Indonesia to conduct on-site supervision as referred to in paragraph (1) point b. (3) Another party as referred to in paragraph (2) is required to meet the provisions of Bank Indonesia. Article 231 (1) The off-site supervision as referred to in Article 230 paragraph (1) point a is conducted through monitoring, identification, and/or assessment through analysis of reports, data, and information obtained by Bank Indonesia. (2) The on-site supervision as referred to in Article 230 paragraph (1) point b is conducted through periodic and/or incidental inspection both face-to-face and by any other mechanisms determined by Bank Indonesia. (3) The inspection as referred to in paragraph (2) is conducted on documents, infrastructures, information system, and other aspects used by PJP. Part Five Scope of Supervision Article 232 Scope of supervision by Bank Indonesia on the supervision object includes: a. risk exposure, including compliance with the laws and regulations;

  • 124 - b. application of governance and risk management; and c. other aspects determined by Bank Indonesia. Article 233 Mechanism, intensity, and focus of supervision by Bank Indonesia are conducted by observing PJP classifications and scope of supervision as referred to in Article 232. Part Six Data and/or Information for Supervision Article 234 (1) PJP is required to provide, including but not limited to, the following to Bank Indonesia or any other parties assigned by Bank Indonesia: a. documents, data, information, and/or reports; b. oral and written details and/or explanation; and/or c. access to infrastructures and/or information system required in supervision. (2) If requested by Bank Indonesia, the obligation as referred to in paragraph (1) related to Payment System applies to parties in cooperation with PJP. (3) PJP is responsible to ensure that parties in cooperation with PJP meet the obligations as referred to in paragraph (2). (4) The PJP as referred to in paragraph (1) and parties in cooperation with PJP as referred to in paragraph (2) is required to be responsible for the validity, accuracy, completeness, and punctuality of each submission to Bank Indonesia or any other parties assigned by Bank Indonesia as referred to in paragraph (1). (5) The documents, data, information, reports, details, and/or explanation as referred to in paragraph (1) are submitted through: a. reporting; b. direct meeting; and/or c. any other media determined by Bank Indonesia.

  • 125 - (6) Further provisions on the mandatory submission of data and/or information for supervision as referred to in paragraph (1) and paragraph (2) shall be regulated by Regulation of Member of Board of Governors. Article 235 (1) PJP which breaches the provisions as referred to in Article 234 paragraph (1) or paragraph (4) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Part Seven Integrated Supervision Article 236 (1) Bank Indonesia may conduct an integrated supervision of PJP and parent companies, subsidiaries, and/or any other affiliated parties. (2) Integrated supervision is conducted to: a. identify and mitigate risk exposure arising from ownership relationship, control, business, and finance which may affect sustainability of operational activities and PJP payment processing, and Payment System ecosystem; b. ensure fulfillment of institutional and legal aspect, business feasibility, governance, and risk management by PJP; c. ensure fair business competition and efficiency in the industry, and support financial system stability; and

  • 126 - d. ensure fulfillment of other aspects determined by Bank Indonesia. (3) The integrated supervision as referred to in paragraph (1) is conducted through: a. off-site supervision; and/or b. on-site supervision. (4) The off-site supervision as referred to in paragraph (3) point a is conducted through monitoring, identification, and/or assessment of parent companies, subsidiaries, and/or other affiliated parties through analysis of reports, data, and information obtained by Bank Indonesia. (5) On-site supervision as referred to in paragraph (3) point b is conducted through periodic and/or incidental inspection of parent companies, subsidiaries, and/or other affiliated parties either face-to-face or by any other mechanisms. (6) The inspection as referred to in paragraph (5) is conducted on documents, infrastructures, information system used by PJP, and other inspection objects. (7) If requested by Bank Indonesia, parent companies, subsidiaries, and/or other affiliated parties is required to provide: a. requested information and data; b. opportunities to examine all bookkeeping and records, documents, and physical facilities related to their business activities; and/or c. any other requirements, for implementation of the integrated supervision as referred to in paragraph (2). (8) PJP, parent companies, subsidiaries, and/or other affiliated parties are prohibited from hindering supervision process by Bank Indonesia. (9) Bank Indonesia may coordinate with other authorities if parent companies, subsidiaries, and/or other affiliated parties are under the supervision of other authority.

  • 127 - Article 237 (1) PJP which breaches the provisions as referred to in Article 236 paragraph (7) or paragraph (8) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Part Eight Further Actions to the Supervision Article 238 (1) Based on the supervision result as referred to in Article 230 paragraph (1), Bank Indonesia shall conduct the following further actions to the supervision actions: a. requesting PJP to:

  1. do or not do any action;
  2. limit activities or operation; and/or
  3. conduct temporary, partial, or entire suspension of activities, including cooperation implementation; and/or b. revoking any granted license and/or approvals. (2) The further actions to the supervision as referred to in paragraph (1) may be accompanied by: a. adjustment to PJP license category; b. public announcement; c. termination of approval processing for activity development, product development, and/or cooperation; and/or d. submission to other authority of information and/or recommendations resulting from supervision, if the supervision result relates to other authorities,

  • 128 - by Bank Indonesia. (3) The further actions to the supervision as referred to in paragraph (1) may be conducted by observing PJP classifications. (4) Bank Indonesia may conduct further actions to the supervision of PJP which is considered to have potential difficulties detrimental to business continuity. (5) The PJP as referred to in paragraph (4) is assessed through the following aspects: a. business performance and capital; b. risk management and sufficient security and reliability of information system; and/or c. integrity and/or competence of the management and shareholders. (6) PJP is required to submit an action plan and execute it to resolve issues according to the aspect as referred to in paragraph (5). (7) PJP which breaches the provisions as referred to in paragraph (6) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (8) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (7) shall be regulated by Regulation of Member of Board of Governors. Article 239 (1) Bank Indonesia has the authority to impose administrative sanctions on PJP in the following forms: a. warning; b. penalty; c. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or d. revocation of license as PJP.

  • 129 - (2) In imposing the administrative sanctions on PJP, Bank Indonesia considers the following aspects: a. level of errors and/or breaches; and b. consequences on:

  1. smoothness and security of Payment System aspect;
  2. consumer protection aspect;
  3. anti-money laundering and countering the finance of terrorism aspect; and/or
  4. other aspects determined by Bank Indonesia. (3) The imposition of sanction as referred to in paragraph (1) may be accompanied by: a. public announcement; b. termination of approval processing for activity development, product development, and/or cooperation; and/or c. adjustment to the license category, by Bank Indonesia. (4) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Article 240 (1) In the event that PJP does not meet its obligation to pay penalty sanction as referred to in Article 239 paragraph (1) point b, Bank Indonesia may change the imposed penalty into the sanction of termination or license revocation. (2) The change of imposed penalty into the sanction of termination or license revocation as referred to in paragraph (1) shall be imposed if PJP does not make a penalty payment until the deadline determined by Bank Indonesia. (3) Based on the sanction change as referred to in paragraph (2), the imposed penalty is declared to be omitted.
  • 130 - Article 241 (1) Other parties which breaches the provisions as referred to in Article 230 paragraph (3) is subject to the following administrative sanctions: a. written warning; and/or b. recommendation for the relevant institution to:
  1. remove the other party assigned from a particular profession list; and/or
  2. revoke business license. (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Article 242 (1) Any party is prohibited from conducting Payment System activities prior to obtaining license from Bank Indonesia. (2) PJP is prohibited from marketing any product, activity, and/or cooperation categorized to have medium or high risk prior to obtaining approval from Bank Indonesia. (3) PJP which breaches the provisions as referred to in paragraph (2) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (4) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (3) shall be regulated by Regulation of Member of Board of Governors.

  • 131 - CHAPTER VI TERMINATION OF PAYMENT SYSTEM OPERATION Part One Evaluation of PJP Licenses Article 243 (1) Bank Indonesia evaluates licenses granted to PJP. (2) The evaluation of licenses as referred to in paragraph (1) is conducted periodically every 3 (three) years from the date of license issuance by Bank Indonesia or incidentally. (3) The evaluation as referred to in paragraph (1) is conducted based on: a. supervision result by Bank Indonesia; b. corporate actions by PJP; c. request for extension of license if Bank Indonesia determines the license period; d. recommendations from other authority; e. final and binding court decision; f. request from PJP to terminate their activities; and/or g. other considerations in creating fast, easy, affordable, safe, and reliable Payment System. (4) In conducting the license evaluation as referred to in paragraph (3) point a, Bank Indonesia conducts further action to the supervision as referred to in Article 238 paragraph (3) until paragraph (6). (5) In conducting license evaluation as referred to in paragraph 3, Bank Indonesia may consider the following aspects, including but not limited to: a. transaction performance; b. business or institution activities; c. efficiency or concentration level in Payment System industry; and/or d. compliance with the laws and regulations. (6) The license evaluation as referred to in paragraph (2) and/or further actions to the supervision as referred to in paragraph (4) may serve as the basis for Bank Indonesia to:

  • 132 - a. shorten or extend license period if the license is granted within a certain period; b. revoke PJP license; or c. carry on business continuity of PJP. Article 244 (1) PJP whose license is revoked is required to notify all parties in cooperation with the PJP that its license has been revoked. (2) PJP which has license from Bank Indonesia is required to terminate its cooperation with any PJP that is subject to sanction of license revocation not later than the following business day from the date of license revocation notice as referred to in paragraph (1). (3) PJP is required to ensure consumer protection aspect during the process period of cooperation termination. (4) Implementation of the cooperation termination as referred to in paragraph (2) is required to be notified in writing and received by Bank Indonesia not later than 10 (ten) business days from the date of cooperation termination implementation. Article 245 (1) PJP submitting a request for termination of activity or license revocation at its own request must submit it in writing to Bank Indonesia of the plan for activity termination or license revocation not later than 30 (thirty) business days prior to the date of activity termination or license revocation. (2) The request as referred to in paragraph (1) is equipped by the following information and documents on: a. reasons for activity termination; b. effective date of activity termination; c. mechanism of notification or publication to the relevant parties of the activity termination plan;

  • 133 - d. mechanism of completion of rights and obligations; and e. any other information requested by Bank Indonesia. (3) Bank Indonesia issues the letter on termination of activity or license revocation as PJP based on the request for termination of termination or license revocation as referred to in paragraph (1) after completion of the rights and obligations of PJP. (4) PJP must report the implementation of termination of activity or license revocation in writing to Bank Indonesia not later than 10 (ten) business days from the date of termination of activity or license revocation letter from Bank Indonesia as referred to in paragraph (2) equipped with: a. documents or evidence containing completion of the rights and obligations to the relevant parties; and b. statement letter from the management that all claims arising from the termination of activity or license revocation shall be the full responsibility of the management. (5) Information on revocation of license as PJP by Bank Indonesia is published on the web page of Bank Indonesia or any other media determined by Bank Indonesia. Article 246 (1) PJP which breaches the provisions as referred to in Article 245 is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the imposition of sanction procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors.

  • 134 - Part Two Completion of PJP Obligations Article 247 (1) PJP must complete all obligations to User and/or parties cooperating in Payment System operation prior to revocation of PJP license by Bank Indonesia. (2) Mechanism and period of completion of all obligations arising from Payment System operation as referred to in paragraph (1) are determined by Bank Indonesia by observing the action plan submitted by PJP. (3) If required, Bank Indonesia may determine extension of the period as referred to in paragraph (1) at the request of PJP accompanied by the reasons and proposed and required extension period. (4) The request for period extension as referred to in paragraph (3) is submitted in writing to Bank Indonesia not later than 30 (thirty) business days prior to the end of the period of obligation completion determined by Bank Indonesia as referred to in paragraph (2). (5) In the event that PJP has not completed obligations within the period extension as referred to in paragraph (3), Bank Indonesia may revoke the license which may be accompanied by follow-up to the obligation completion. (6) The follow-up to the obligation completion as referred to in paragraph (5) is conducted through transfer of PJP obligations to the Probate Court or other follow-ups. (7) With the license revocation by Bank Indonesia, all impacts arising from obligations between PJP and User and cooperating parties shall become the responsibilities of PJP. Article 248 (1) Follow-up in the form of obligation transfer from PJP to the Probate Court as referred to in Article 247 paragraph (6) is conducted not later than 30 (thirty) business days as from

  • 135 - the end of the obligation completion period as referred to in Article 247 paragraph (2) and paragraph (3). (2) The obligation transfer from PJP to the Probate Court as referred to in paragraph (1) is conducted under the laws and regulations. (3) In conducting the obligation transfer as referred to in paragraph (1), PJP may apply transfer fee charged on the obligation transferred to the Probate Court. Part Three License Revocation at Own Request Article 249 (1) In the event that the license revocation is conducted by the request of PJP, PJP must submit the request in writing to Bank Indonesia for the plan for termination of activity not later than 30 (thirty) business days prior to the termination of activity date. (2) The request as referred to in paragraph (1) is equipped by the following information and documents on: a. reasons for activity termination; b. effective date of activity termination; and c. mechanism of notice or publication to the relevant parties of the activity termination plan. (3) Revocation of license as PJP by Bank Indonesia is conducted after all obligations arising from Payment System operation completed by PJP. (4) In the event that the obligations arising from Payment System operation as referred to in paragraph (2) fail to be completed, PJP may transfer the obligations to the Probate Court under the laws and regulations. (5) After the obligations arising from the Payment System operation are transferred to the Probate Court as referred to paragraph (4), Bank Indonesia may revoke the license as PJP.

  • 136 - (6) PJP must report the implementation of termination of activity in writing to Bank Indonesia not later than 10 (ten) business days from the date of license revocation letter from Bank Indonesia equipped with: a. documents containing completion of the rights and obligations to the relevant parties; and b. statement letter from the management that all claims arising from the termination of activity as PJP shall be the full responsibility of the management. (7) Information on revocation of license as PJP by Bank Indonesia is published on the web page of Bank Indonesia or any other media determined by Bank Indonesia. (8) Bank Indonesia may re-evaluate license revocation at the request of PJP, in the event a request to cancel the license revocation is made by PJP, which is in the process of obligation completion or license revocation. (9) The request for cancellation of the license revocation as referred to in paragraph (8) is submitted by PJP to Bank Indonesia in writing and accompanied by documents or information indicating: a. reasons for cancellation of the license revocation; b. efforts made to improve the conducted Payment System activities; and c. PJP commitment to resume Payment System activities under the provisions of Bank Indonesia. (10) Based on the license revocation request as referred to in paragraph (1) or evaluation as referred to in paragraph (8), Bank Indonesia will: a. approve; or b. decline, the license revocation.

  • 137 - CHAPTER VII DATA AND/OR INFORMATION Part One Subject of Data and/or Information Acquirement Article 250 (1) PJP is required to submit data and/or information related to Payment System to Bank Indonesia. (2) The data and/or information related to Payment System as referred to in paragraph (1) are on: a. payment transaction; b. payment transaction information details; c. PJP performance; d. Payment System operation; and/or e. other data and/or information. (3) The data and/or information as referred to in paragraph (2) are in the form of: a. documents, reports, raw data, and/or processed data; and/or b. oral and/or written details and/or explanation, related to Payment System. (4) Bank Indonesia may process the data and/or information as referred to in paragraph (1), including to use it for the interest of Bank Indonesia. Article 251 (1) In the event that the data and/or information are requested by Bank Indonesia, other parties cooperating with PJP is required to submit them in the following forms: a. documents, reports, raw data, and/or processed data; and/or b. oral and/or written details and/or explanation, related to Payment System. (2) The other parties cooperating with PJP as referred to in paragraph (1) included but not limited to:

  • 138 - a. Supporting Provider; and b. Goods and/or Services Providers. (3) The data and/or information as referred to in paragraph (1) include: a. payment transaction; and/or b. payment transaction information details. Article 252 (1) PJP which breaches the provisions as referred to in Article 250 paragraph (1) or Article 251 is subject to the following administrative sanctions such as: a. warning; b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (2) Further provisions on the administrative sanctions imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Part Two Mechanism of Data and/or Information Acquirement Article 253 (1) Mechanism to acquire data and/or information on Payment System from PJP and/or any other parties cooperating with PJP is conducted through: a. submission of reports to Bank Indonesia; b. data capturing through inter-system connections; and/or c. any other mechanism determined by Bank Indonesia. (2) The reports to Bank Indonesia as referred to in paragraph (1) point a may be periodically or incidentally submitted online through the system of Bank Indonesia and/or offline.

  • 139 - (3) The data capturing through inter-system connections as referred to in paragraph (1) point b may be conducted directly and real-time. (4) The data and/or information by other mechanism as referred to in paragraph (1) point c may be submitted in a meeting with Bank Indonesia or any other media determined by Bank Indonesia. (5) The procedure and mechanism of data and/or information as referred to in paragraph (1) are applied under Bank Indonesia regulation on data collection. Article 254 (1) PJP is required to submit Payment System operation reports to Bank Indonesia. (2) The reports submitted to Bank Indonesia as referred to in paragraph (1) include the following aspects: a. institution; b. capital and finance; c. governance and risk management; d. information system capability; and e. any other aspects determined by Bank Indonesia. (3) The reports as referred to in paragraph (1) consist of: a. periodic reports; and b. incidental reports. (4) Submission of the periodic reports as referred to in paragraph (3) point a includes but not limited to: a. daily report; b. weekly report; c. monthly report; d. quarterly report; e. annual report; f. report on audit result of information system and security test from an internal or external independent auditor; and/or g. report on Payment System capital obligation. (5) The incidental reports as referred to in paragraph (3) point b consist of:

  • 140 - a. statement of changes in equity and/or report on change of ownership and control structure as well as change of PJP management structure; b. report on change of data and information in documents submitted to Bank Indonesia for license request; c. report on disruption in payment transaction processing and the conducted follow-up; d. report on force majeure in the implementation of payment transaction processing; e. report on information system audit from an independent auditor in the event of significant changes; and f. other reports which are required by Bank Indonesia. (6) The disruption as referred to in paragraph (5) point c and force majeure as referred to in paragraph (5) point d must be notified to Bank Indonesia not later than 1 (one) hour after the disruption occurrence. Article 255 (1) The submission of periodic reports as referred to in Article 254 paragraph (4), the following provisions shall apply: a. the daily report as referred to in Article 254 paragraph (4) point a is submitted not later than the end of the following day; b. the weekly report as referred to in Article 254 paragraph (4) point b is submitted not later than Wednesday in the following week; c. the monthly report as referred to in Article 254 paragraph (4) point c is submitted not later than the fifteenth day of the following month; d. the quarterly report as referred to in Article 254 paragraph (4) point d is submitted not later than the fifteenth day of the following month; e. the annual report as referred to in Article 254 paragraph (4) point e is conducted under the following provisions:

  • 141 -

  1. annual report on payment system is submitted not later than 15 December of the current year;
  2. report on management and supervision by the board of commissioners is submitted not later than 4 (four) months after the financial year ends; and
  3. audited financial statement is submitted not later than 6 (six) months after the financial year ends; f. the report on audit result of information system and security test from an internal or external independent auditor as referred to in Article 254 paragraph (4) point f is submitted not later than 10 (ten) business days after the audit report is completed; and g. the report on payment system capital obligation as referred to in Article 254 paragraph (4) point g is submitted not later than 7 (seven) months after the financial year ends, the calculation of which refers to an audited financial statement as of December and transactions processed in the financial year. (2) The submission of incidental reports as referred to in Article 254 paragraph (5), the following provisions shall apply: a. the report on changes in equity and/or report on change of ownership and control structure as well as change of PJP management structure as referred to in Article 254 paragraph (5) point a and report on change of data and information as referred to in Article 254 paragraph (5) point b are submitted not later than 20 (twenty) business days after the change takes place; b. the report on trouble as referred to in Article 254 paragraph (5) point c is submitted not later than 3 (three) days after the trouble occurrence; c. the report on force majeure as referred to in Article 254 paragraph (5) point d is submitted not later than 3 (three) business days after the force majeure occurrence; and

  • 142 - d. the report on audit result of information system from an independent auditor in the event of significant changes as referred to in Article 254 paragraph (5) point e is submitted not later than 10 (ten) business days after the audit report is completed. (3) In the event that the report submission dates as referred to in paragraph (1) and paragraph (2) fall on Saturdays, Sundays, holidays, and/or joint leave, determined by Bank Indonesia, the report may be submitted on the following business day. (4) For online periodic report submissions and sanctions imposition, are conducted under Bank Indonesia regulation. (5) The provision of change of reference for ongoing capital during implementation of business activities as referred to in paragraph (1) point g is specified under Regulation of Member of Board of Governors. Article 256 (1) PJP which breach the provisions as referred to in Article 254 paragraph (1) is subject to the following administrative sanctions: a. warning; b. penalty; c. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or d. revocation of license as PJP. (2) The administrative sanctions in the form of penalty as referred to in paragraph (1) point b for any PJP which breaches the provisions as referred to in Article 255 paragraph (1) point e point 2, paragraph (1) point f, and/or paragraph (2) point b are determined Rp7,500,000.00 (seven million five hundred thousand rupiah) per report. (3) The mechanism of penalty payment as referred to in paragraph (2) is applied through: a. debiting of giro account at Bank Indonesia;

  • 143 - b. fund transfer to an account determined by Bank Indonesia; or c. any other payment mechanisms determined by Bank Indonesia. (4) Further provisions on the penalty payment mechanism as referred to in paragraph (3) shall be regulated by Regulation of Member of Board of Governors. Part Three Processing of Data and/or Information Article 257 (1) In processing of data and/or information related to Payment System, PJP and/or any other parties cooperating with PJP is required to: a. apply personal data protection principles including meeting the aspect of User’s approval for the use of their personal data, including:

  1. personal data is collected in a limited and specific manner, legal, proper, and transparent;
  2. personal data is processed according to its purpose;
  3. personal data is processed by guaranteeing the rights of personal data owners;
  4. personal data is processed in an accurate and complete manner, not misleading, updated, may be justified, and observing the purpose of personal data processing;
  5. personal data is processed by protecting personal data security from loss, misuse, illegal access and disclosure, and changing or tampering of personal data;
  6. personal data is processed by informing the collection purpose, processing activities, and personal data protection failure; and
  7. the processed personal data will be destroyed and/or deleted unless the data remains in

  • 144 - retention period as required under the laws and regulations. b. fulfill mechanism of processing data and/or information on Payment System determined by Bank Indonesia, including processing mechanism through data infrastructures and Payment System infrastructures of Bank Indonesia; c. fulfill mechanism of utilization of third-party data infrastructures determined by Bank Indonesia; d. apply cyber risk management in Payment System operation, including information system security standard; e. observe data integrity which represents actual and consistent facts or conditions by using a transparent method; and f. comply with the laws and regulations. (2) The principle of personal data protection as referred to in paragraph (1) point a is applied by considering public interest and/or other requirements determined by the authority. (3) The mechanism of processing data and/or information on Payment System as referred to in paragraph (1) point b consists of: a. the mechanism of processing data and/or information on payment between User and PJP; b. the mechanism of processing data and/or information on payment between PJP; c. the mechanism of processing data and/or information on payment between PJP and Bank Indonesia; d. the mechanism of processing data and/or information on payment between User; and e. the mechanism of processing data and/or information on payment between User and Bank Indonesia. (4) PJP which breach the provisions as referred to in paragraph (1) will be imposed by the following administrative sanctions: a. warning;

  • 145 - b. temporary, partial, or entire suspension of activities, including cooperation implementation; and/or c. revocation of license as PJP. (5) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (4) shall be regulated by Regulation of Member of Board of Governors. Article 258 The mechanism of processing of data and/or information on Payment System as referred to in Article 257 paragraph (1) point b includes: a. access and procedure for processing; b. data standardization, technical standardization, security standardization, and governance standardization; and/or c. any other mechanisms determined by Bank Indonesia. Article 259 (1) PJP and/or other parties in the implementation of data standardization, technical standardization, security standardization, and governance standardization as referred to in Article 258 point b is required to meet: a. standard application; b. standard testing and verification; c. system development, change, and maintenance; and d. other obligations determined by Bank Indonesia. (2) Provisions for other obligations as referred to in paragraph (1) point d are specified in Bank Indonesia regulation. (3) PJP and/or other parties which fail to meet the obligations as referred to in paragraph (1) is subject to the following administrative sanctions: a. warning; b. temporary, partial, or entire suspension termination of activities, including cooperation implementation; and/or c. revocation of license as PJP. (4) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (3) shall

  • 146 - be regulated by Regulation of Member of Board of Governors. Article 260 In the event that the data and/or information on Payment System is processed through utilization of data infrastructures of the third party, PJP, and/or any party cooperating with PJP must at least meet the following: a. access and surveillance by Bank Indonesia; b. risk management and information system security; c. data protection; d. service reliability; and e. data integrity. Article 261 To follow up the supervision result, Bank Indonesia may determine a certain policy on data and/or information processing to PJP. CHAPTER VIII SRO Part One SRO Obligations Article 262 SRO is required to: a. perform duties determined by Bank Indonesia; and b. maintain confidentiality of data and/or information. Article 263 (1) In the event that SRO breaches the provisions as referred to in Article 262, Bank Indonesia has the authority to impose the following administrative sanctions: a. warning; and/or b. change of management.

  • 147 - (2) Further provisions on the administrative sanction imposition procedure as referred to in paragraph (1) shall be regulated by Regulation of Member of Board of Governors. Part Two SRO Membership Article 264 (1) PJP must become members of SRO determined by Bank Indonesia. (2) Registration as SRO members for prospective PJP may be conducted at the same time with submission of request for license as PJP to Bank Indonesia. (3) PJP membership in SRO will be effective if PJP has received determination as PJP from Bank Indonesia. Part Three SRO Provisions Article 265 (1) In supporting the implementation of authority in Payment System, Bank Indonesia may assign SRO to prepare and issue technical and micro provisions for Payment System with the approval of Bank Indonesia. (2) SRO may determine provisions other than those assigned by Bank Indonesia as referred to in paragraph (1) for the interest of its members provided that they are not in contravention with Bank Indonesia provisions. (3) SRO must request the approval of Bank Indonesia for strategic matters in performing its functions and duties. (4) PJP as SRO member is required to meet the provisions issued by SRO. (5) Any breach of SRO provisions by PJP as referred to in paragraph (4) may serve as the basis for consideration for Bank Indonesia to conduct further actions to the supervision.

  • 148 - CHAPTER IX MISCELLANEOUS PROVISIONS Article 266 Any license, which has been obtained by a payment system service provider, will be converted to PJP license based on an assessment conducted by Bank Indonesia under Bank Indonesia regulation on Payment System. Article 267 (1) Bank Indonesia evaluates license for any payment system service provider which has obtained its license prior to enforcement of Bank Indonesia Regulation on Payment System hereunder. (2) The license evaluation as referred to in paragraph (1) is determined as follows: a. for payment system service providers declaring their willingness to meet PJP license requirements, license evaluation will be conducted within 2 (two) years at the maximum since this Bank Indonesia Regulation has came into force; or b. for payment system service providers which have met PJP license requirements, license evaluation will be conducted within 3 (three) years at the minimum since this Bank Indonesia Regulation has came into force or at any time where required. (3) Based on the evaluation result as referred to in paragraph (2), Bank Indonesia may: a. declare that any PJP license remains valid; or b. revoke any PJP license.

  • 149 - CHAPTER X TRANSITIONAL PROVISIONS Article 268 At the time when this Bank Indonesia Regulation comes into force, any payment system service provider’s license whose validity and which is granted prior to enforcement of Bank Indonesia Regulation shall be determined as PJP according to the license conversion result as specified hereunder. Article 269 (1) In the event that after the enforcement of Bank Indonesia Regulation Number 22/23/PBI/2020 on Payment System (State Gazette of the Republic of Indonesia of 2020 Number 311, Supplement to State Gazette of the Republic of Indonesia Number 6610), there is no change of foreign ownership composition by a foreign party or there is no change of control by a foreign party, the provisions for shareholding composition and/or provisions for domestic control as specified in the Bank Indonesia Regulation shall not apply to PJP as referred to in Article 266. (2) The provisions of paragraph (1) shall apply to PJP which has met Bank Indonesia provisions for shareholding composition prior to enforcement of Bank Indonesia Regulation Number 22/23/PBI/2020 on Payment System (State Gazette of the Republic of Indonesia of 2020 Number 311, Supplement to State Gazette of the Republic of Indonesia Number 6610) by observing fairness principle. (3) PJP which has not met Bank Indonesia provisions for shareholding composition prior to Bank Indonesia Regulation Number 22/23/PBI/2020 on Payment System (State Gazette of the Republic of Indonesia of 2020 Number 311, Supplement to State Gazette of the Republic of Indonesia Number 6610) must submit an action plan to meet the provisions for shareholding composition and/or domestic control specified hereunder.

  • 150 - (4) The action plan as referred to in paragraph (3) must obtain approval of Bank Indonesia. Article 270 The PJP as referred to in Article 266 will be determined as PSPS, PSPK, or PSPU since this Bank Indonesia Regulation comes into force. Article 271 (1) The PJP as referred to in Article 270 must meet the provisions for certain obligations according to PJP classifications as referred to in Article 62 paragraph (2) within 2 (two) years at the maximum since this Bank Indonesia Regulation comes into force. (2) PJP as referred to in Article 270 which has not met the certain obligations according to PJP classifications as referred to in Article 62 paragraph (2) must submit an action plan and obtain the approval of Bank Indonesia. (3) In the event that PJP does not implement an action plan which has been approved by Bank Indonesia as referred to in paragraph (2), Bank Indonesia may evaluate its PJP license. Article 272 The PJP as referred to in Article 270 must become an SRO member within 1 (one) year at the maximum since this Bank Indonesia Regulation comes into force. CHAPTER XI CLOSING PROVISIONS Article 273 At the time when this Bank Indonesia Regulation comes into force: a. Bank Indonesia Regulation Number 11/11/PBI/2009 on Implementation of Activities of Card-Based Means of Payment (State Gazette of the Republic of Indonesia of

  • 151 - 2009 Number 64, Supplement to State Gazette of the Republic of Indonesia Number 5000) as amended by Bank Indonesia Regulation Number 14/2/PBI/2012 on Amendment to Bank Indonesia Regulation Number 11/11/PBI/2009 on Implementation of Activities of Card￾Based Means of Payment (State Gazette of the Republic of Indonesia of 2012 Number 11, Supplement to State Gazette of the Republic of Indonesia Number 5275); b. Bank Indonesia Regulation Number 18/40/PBI/2016 on Payment Transaction Processing Implementation (State Gazette of the Republic of Indonesia of 2016 Number 236, Supplement to State Gazette of the Republic of Indonesia Number 5945); c. Bank Indonesia Regulation Number 19/12/PBI/2017 on Financial Technology Implementation (State Gazette of the Republic of Indonesia of 2017 Number 245, Supplement to State Gazette of the Republic of Indonesia Number 6142); and d. Bank Indonesia Regulation Number 20/6/PBI/2018 on Electronic Money (State Gazette of the Republic of Indonesia of 2018 Number 70, Supplement to State Gazette of the Republic of Indonesia Number 6203), are repealed and declared ineffective. Article 274 At the time when this Bank Indonesia Regulation comes into force: a. provisions for regulation and supervision of Payment System under Bank Indonesia Regulation Number 18/9/PBI/2016 on Regulation and Supervision of Payment System and Rupiah Management (State Gazette of the Republic of Indonesia of 2016 Number 106, Supplement to State Gazette of the Republic of Indonesia Number 5885); b. provisions for licensing under Bank Indonesia Regulation Number 14/23/PBI/2012 on Fund Transfers (State Gazette of the Republic of Indonesia of 2012 Number 283,

  • 152 - Supplement to State Gazette of the Republic of Indonesia Number 5381), are repealed and declared ineffective. Article 275 At the time when this Bank Indonesia Regulation comes into force, all implementing regulations of: a. Bank Indonesia Regulation Number 11/11/PBI/2009 on Card-Based Means Payment (State Gazette of the Republic of Indonesia of 2009 Number 64, Supplement to State Gazette of the Republic of Indonesia Number 5000) as amended by Bank Indonesia Regulation Number 14/2/PBI/2012 on Card-Based Means Payment (State Gazette of the Republic of Indonesia of 2012 Number 11, Supplement to State Gazette of the Republic of Indonesia Number 5275); b. Bank Indonesia Regulation Number 18/40/PBI/2016 on Payment Transaction Processing Implementation (State Gazette of the Republic of Indonesia of 2016 Number 236, Supplement to State Gazette of the Republic of Indonesia Number 5945); c. Bank Indonesia Regulation Number 19/12/PBI/2017 on Financial Technology Implementation (State Gazette of the Republic of Indonesia of 2017 Number 245, Supplement to State Gazette of the Republic of Indonesia Number 6142); and d. Bank Indonesia Regulation Number 20/6/PBI/2018 on Electronic Money (State Gazette of the Republic of Indonesia of 2018 Number 70, Supplement to State Gazette of the Republic of Indonesia Number 6203), are declared to remain effective until 1 (one) year at the maximum since this Bank Indonesia Regulation comes into force, to the extent not contrary to this Bank Indonesia Regulation.

  • 153 - Article 276 This Bank Indonesia Regulation comes into force on the date of its promulgation. In order that every person may know hereof, it is ordered to promulgate this Bank Indonesia Regulation by its placement in the State Gazette of the Republic of Indonesia. Issued in Jakarta on 1 July 2021 GOVERNOR OF BANK INDONESIA, PERRY WARJIYO Promulgated in Jakarta on 1 July 2021 MINISTER OF LAW AND HUMAN RIGHSTS REPUBLIC OF INDONESIA, YASONNA H. LAOLY STATE GAZETTE OF THE REPUBLIC OF INDONESIA OF 2021 NUMBER 147

ELUCIDATION OF BANK INDONESIA REGULATION NUMBER 23/6/PBI/2021 ON PAYMENT SERVICE PROVIDERS I. GENERAL Payment System regulation reform aims to strike the balance among optimization of digital innovation opportunities by maintaining stability in order to create fast, easy, affordable, safe, and reliable Payment System by observing access expansion and consumer protection. Payment System regulation reform is directed to be able to restructure Payment System industry end-to-end which prioritizes sound business practice and simplification of regulations commenced with the issuance of Bank Indonesia Regulation Number 22/23/PBI/2020 on Payment System (State Gazette of the Republic of Indonesia of 2020 Number 311, Supplement to State Gazette of the Republic of Indonesia Number 6610). The implementation of regulation reform basis on Bank Indonesia Regulation Number 22/23/PBI/2020 on Payment System (State Gazette of the Republic of Indonesia of 2020 Number 311, Supplement to State Gazette of the Republic of Indonesia Number 6610), further regulation is required including to accommodate regulation requirements and risk mitigation based on development of innovations and business models in Payment System by prioritizing forward looking, agile, and structured principles. Follow-up to Payment System regulation reform specified in this Bank Indonesia Regulation is directed to specify provision of payment services, among others are access to

-2 - industry, implementation, supervision, termination of activity operation, and processing of data and/or information on Payment System supported by strengthening of the functions and authority of Bank Indonesia as well as operational obligations of PJP. In the aspect of access to Payment System industry, regulation aims to simplify the scope of PJP activities as well as license processing and requirements, including interconnectedness between license process and testing environment of innovations in Payment System technology. In addition, regulation is also directed to ensure athe implementation of sound business practice related to regulation of ownership and control. Regulation reform is also conducted through optimization of SRO functions in issuance of technical and micro provisions as well as SRO membership to increase effectiveness of regulation by Bank Indonesia. In the aspect of Payment System operation, regulation aims to ensure fulfillment of general principles of Payment System operation including operational obligations for PJP, policy on price scheme, and building the capability and integrity of human resources and organization to realize sound business practice. In addition, to strengthen the policy of Bank Indonesia in terms of domestically process of payment transaction aspectas well as ensuring operation, the approach in Payment System operation is conducted based on the risk according to PJP classifications, including determination of classification criteria, capital obligation, risk management, and information system. On the other hand, supervision function by Bank Indonesia will also be strengthened through optimization of further actions to the supervision of PJP, including integrated supervision. Further regulation is also required to reform the functions of Bank Indonesia in facilitating development of Payment System technology innovation, simplification of processing and requirements for development of risk-based activities, products, and/or cooperation, as well as integration of regulation on Fund Sources and access to Fund Sources, including the authority of Bank Indonesia in determining price scheme policy. In the aspect of Payment System operation termination, further regulations are required to accommodate revitalization of PJP license evaluation function and further actions to the supervision by observing business performance, institution, and compliance with the laws and

-3 - regulations, including improving obligation settlement mechanism in PJP operation termination. In the aspect of data and/or information processing, regulation reform will aim to ensure obligations of PJP and parties in cooperation with PJP in implementation of consumer data protection, cyber risk management, and use of third party’s infrastructures. Payment System regulation reform will be conducted in a sustainable manner to ensure the establishment of fast, easy, affordable, safe, and reliable Payment System in line with development of activities, business models, and innovations, as well as efforts to maintain stability and mitigate risks. II. ARTICLE BY ARTICLE Article 1 Sufficiently clear. Article 2 Paragraph (1) Point a Provision of Fund Source information is known as account information services. Point b Sufficiently clear. Point c Administration of Fund Source information is known as account issuance services. Point d Sufficiently clear. Paragraph (2) Sufficiently clear. Article 3 Sufficiently clear. Article 4 Sufficiently clear.

-4 - Article 5 Sufficiently clear. Article 6 Sufficiently clear. Article 7 Sufficiently clear. Article 8 Sufficiently clear. Article 9 Sufficiently clear. Article 10 Point a Sufficiently clear. Point b Point 1 Sufficiently clear. Point 2 Sufficiently clear. Point 3 Sufficiently clear. Point 4 Sufficiently clear. Point 5 Sufficiently clear. Point 6 Provision of other supporting services in relation to PJP activity implementation consists among others of provision of card printing, card personalization, terminal, security features, and trade operators through an electronic system facilitating payment transactions. Article 11 Sufficiently clear.

-5 - Article 12 Sufficiently clear. Article 13 Sufficiently clear. Article 14 Sufficiently clear. Article 15 Sufficiently clear. Article 16 Sufficiently clear. Article 17 Paragraph (1) The terms “member of board of directors” also includes members of a function or organ performing supervisory function on PJP in the form of Non-Bank Institution with legal status other than limited liability company. Paragraph (2) Responsibilities as members of board of directors among others are to ensure effectiveness of supervision by Bank Indonesia and attend physical meetings if required by Bank Indonesia. Article 18 Paragraph (1) Sufficiently clear. Paragraph (2) Point a Sufficiently clear. Point b The term “certain crimes” means:

  1. money laundering;
  2. the financing of terrorism;

-6 - 3. predicate crimes as referred to in the law on prevention and eradication of the crime of money laundering, namely: a. corruption; b. bribery; c. narcotics; d. psychotropic drugs; e. smuggling of workers; f. smuggling of migrants; g. in banking sector; h. in capital market sector; i. in the insurance sector; j. customs; k. excise; l. human trafficking; m. illicit arms trafficking; n. terrorism; o. abduction; p. theft; q. embezzlement; r. fraud; s. counterfeit of currency; t. gambling; u. prostitution; v. taxation sector; w. forestry sector; x. environment sector; or y. marine and fishery sector; or 4. other crimes with imprisonment of 4 (four) years or more. Point c Sufficiently clear. Point d Sufficiently clear. Paragraph (3) Sufficiently clear.

-7 - Article 19 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Point a Materiality scale includes among others ownership portion with certain number of shares and complexity of ownership structure. Point b Sufficiently clear. Paragraph (4) Sufficiently clear. Article 20 Paragraph (1) Sufficiently clear. Paragraph (2) Materiality scale includes among others control portion through the number of shares, voting rights, and certain special rights as well as complexity of control structure. Paragraph (3) Sufficiently clear. Article 21 Sufficiently clear. Article 22 Sufficiently clear. Article 23 Sufficiently clear. Article 24 Paragraph (1) Sufficiently clear.

-8 - Paragraph (2) Sufficiently clear. Paragraph (3) The term “consider the provisions on capital fulfillment regulated by the competent authority” means in the event that there is stricter or higher provisions for obligation of capital than the provisions obliged by Bank Indonesia exist, the provisions of competent authority will apply. In the event that the competent authority’s provisions for obligation of capital is less strict or lower than as required by Bank Indonesia, the obligation of capitalspecified in this Bank Indonesia Regulation will apply. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Article 25 Sufficiently clear. Article 26 Paragraph (1) Operational risk includes cyber-risk. Paragraph (2) Point a Scope of active supervision among others are determination of accountability, policy, and control process to manage risks which may arise from Payment System operation. Point b Availability of policies and procedures as well as fulfillment of organizational structure adequacy among others are:

  1. clear organizational structure and separation of duties or authority;
  2. risk measurement method; and
  3. risk management procedure.

-9 - Point c Risk management process and risk management function, and human resources must at least be fulfilled with a dedicated function for risk management. Point d Internal control of Payment System operation among others includes:

  1. safety procedure and measures in providing services;
  2. audit trail of processed payment transactions;
  3. adequate procedure to guarantee integrity of data and/or information; and
  4. measures to protect confidentiality of data and/or information. Article 26 Sufficiently clear. Article 27 Sufficiently clear. Article 28 Sufficiently clear. Article 29 Sufficiently clear. Article 30 Sufficiently clear. Article 31 Sufficiently clear. Article 32 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear.

-10 - Paragraph (3) On-site visits through visit to the PJP business locations are conducted to verify the accuracy and consistency of the submitted documents and to ensure operational readiness. Article 33 Sufficiently clear. Article 34 Sufficiently clear. Article 35 Sufficiently clear. Article 36 Sufficiently clear. Article 37 Sufficiently clear. Article 38 Sufficiently clear. Article 39 Sufficiently clear. Article 40 Sufficiently clear. Article 41 Sufficiently clear. Article 42 Sufficiently clear. Article 43 Sufficiently clear.

-11 - Article 44 Point a Sufficiently clear. Point b Sufficiently clear. Point c Human resource capability includes among others is competency. Article 45 Sufficiently clear. Article 46 Sufficiently clear. Article 47 Sufficiently clear. Article 48 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Paragraph (6) Sufficiently clear. Paragraph (7) Point a The term “the usage of electronic system and/or activities integrated with PJP head office outside the territory of the Republic of Indonesia” includes among others:

  1. electronic system used for risk management;

-12 - 2. electronic system used for implementation of anti-money laundering and countering the financing of terrorism; and/or 3. transaction reconciliation, conducted in an integrated manner with PJP head office outside the territory of Republic of Indonesia. The term “PJP head office outside the territory of Republic of Indonesia” means, among others, main office or primary entity office domiciled outside the territory of Republic of Indonesia. Point b Sufficiently clear. Point c Sufficiently clear. Paragraph (8) Sufficiently clear. Article 49 The obligation to connect with PJP applies to each payment instrument and/or channel. An example of instrument interoperable without PIP is chip-based electronic money. Article 50 Sufficiently clear. Article 51 Paragraph (1) Sufficiently clear. Paragraph (2) The example of an action detrimental to and/or incompliant with the function is an action of Goods and/or Services Provider detrimental to PJP, PIP, and/or User, such as conducting cooperation with fraudster, processing cash withdrawal transaction by credit card, or imposing surcharge on a User for some fee which is supposed to be imposed by PJP on a Goods and/or Services Provider.

-13 - Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Article 52 Sufficiently clear. Article 53 Sufficiently clear. Article 54 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Point a The example of price scheme from PJP to User among others are top up fee for an instrument, cash withdrawal fee, transfer fee, and interest rate capping. Point b The example of price scheme from PJP to Goods and/or Services Provider among others are merchant discount rate and online transaction fee. Point c The example of price scheme between PJP, PIP, and/or any other related party among others are terminal usage fee, sharing infrastructure, and price scheme distribution. Letter d Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Paragraph (6) Sufficiently clear.

-14 - Paragraph (7) Sufficiently clear. Article 55 Sufficiently clear. Article 56 Sufficiently clear. Article 57 Sufficiently clear. Article 58 Sufficiently clear. Article 59 Sufficiently clear. Article 60 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) The size criterion is measured among others by using nominal amount and volume of transactions processed by PJP. Paragraph (4) The interconnectedness criterion is measured among others by using nominal amount, volume, and/or interconnection of transactions processed by PJP. Paragraph (5) The complexity criterion is measured among others by considering complexity of payment services, such as services of digital banking and online payment.

-15 - Paragraph (6) The substitutability criterion is measured among others by considering payment channel provision and processing of payment for the issued instrument. Article 61 Sufficiently clear. Article 62 Sufficiently clear. Article 63 Sufficiently clear. Article 64 Sufficiently clear. Article 65 Sufficiently clear. Article 66 Sufficiently clear. Article 67 Sufficiently clear. Article 68 Sufficiently clear. Article 69 Sufficiently clear. Article 70 Sufficiently clear. Article 71 Sufficiently clear.

-16 - Article 72 Sufficiently clear. Article 73 The term “observing the provisions on capital and risk management and information system security standard specified by other authorities” means in the event there is a stricter or higher provisions for obligation of capital as well as risk management and information system security standard than the provisions obliged by Bank Indonesia exist, the provisions of other authority will apply. In the event that the provisions of other authority specify less stricter or lower for obligation of capital as well as risk management and information system security standard than the provisions obliged by Bank Indonesia, then the obligation of capital as well as risk management and information system security standard specified in this Bank Indonesia Regulation will apply. Article 74 Sufficiently clear. Article 75 Sufficiently clear. Article 76 Sufficiently clear. Article 77 Sufficiently clear. Article 78 Sufficiently clear. Article 79 Sufficiently clear. Article 80 Sufficiently clear.

-17 - Article 81 Sufficiently clear. Article 82 Sufficiently clear. Article 83 Sufficiently clear. Article 84 Sufficiently clear. Article 85 Paragraph (1) Self assessment is conducted by observing, among others, business model catalog for development of activities, products, and/or cooperation issued by Bank Indonesia. Self assessment by PJP among others contains assessment results of risk categories and explanation of the selected risk category assessment. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Article 86 Sufficiently clear. Article 87 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear.

-18 - Paragraph (4) Sufficiently clear. Paragraph (5) Point a Sufficiently clear. Point b Sufficiently clear. Point c Other documents include documents required by Bank Indonesia to support reports submitted by PJP. The example of other documents among others are explanation of business model and/or transaction flow from development of products, activities, and/or cooperation. Paragraph (6) Sufficiently clear. Article 88 Sufficiently clear. Article 89 Sufficiently clear. Article 90 Sufficiently clear. Article 91 Sufficiently clear. Article 92 Sufficiently clear. Article 93 Sufficiently clear. Article 94 Sufficiently clear.

-19 - Article 95 Sufficiently clear. Article 96 Sufficiently clear. Article 97 Sufficiently clear. Article 98 Sufficiently clear. Article 99 Sufficiently clear. Article 100 Sufficiently clear. Article 101 Sufficiently clear. Article 102 Sufficiently clear. Article 103 Sufficiently clear. Article 104 Sufficiently clear. Article 105 Sufficiently clear. Article 106 Sufficiently clear.

-20 - Article 107 Sufficiently clear. Article 108 Sufficiently clear. Article 109 Sufficiently clear. Article 110 Sufficiently clear. Article 111 Sufficiently clear. Article 112 Sufficiently clear. Article 113 Sufficiently clear. Article 114 Sufficiently clear. Article 115 Sufficiently clear. Article 116 Sufficiently clear. Article 117 Sufficiently clear. Article 118 Sufficiently clear.

-21 - Article 119 Sufficiently clear. Article 120 Sufficiently clear. Article 121 Sufficiently clear. Article 122 Sufficiently clear. Article 123 Sufficiently clear. Article 124 Sufficiently clear. Article 125 Sufficiently clear. Article 126 Sufficiently clear. Article 127 Sufficiently clear. Article 128 Sufficiently clear. Article 129 Evaluation is conducted to ensure the provision of supporting services will support execution of secure, efficient, smooth, and reliable payment transactions by observing consumer protection aspect. Article 130 Sufficiently clear.

-22 - Article 131 Sufficiently clear. Article 132 The example of Supporting Provider forwarding payment from PJP to Goods and/or Services Provider is merchant aggregator. Article 133 Sufficiently clear. Article 134 Sufficiently clear. Article 135 Sufficiently clear. Article 136 Sufficiently clear. Article 137 Sufficiently clear. Article 138 Sufficiently clear. Article 139 Sufficiently clear. Article 140 Sufficiently clear. Article 141 Sufficiently clear. Article 142 Sufficiently clear.

-23 - Article 143 Sufficiently clear. Article 144 Sufficiently clear. Article 145 Sufficiently clear. Article 146 Sufficiently clear. Article 147 Sufficiently clear. Article 148 Sufficiently clear. Article 149 Point a Sufficiently clear. Point b The example of Electronic Data Capture (EDC) machine isncludes Electronic Data Capture (EDC) machine for card-based payment instruments and electronic money reader. Point c Sufficiently clear. Point d The term“Proprietary channel” means payment canalchannel developed and owned by PJP with source of fund administration activities exclusively for customer’s own interest, which include using short message service, mobile, web, subscriber identity module tool kit, and/or unstructured supplementary service data based technology. Point e Sufficiently clear.

-24 - Article 150 Paragraph (1) Point a Point 1 Sufficiently clear. Point 2 Sufficiently clear. Point 3 The example of implementation of access to Fund Sources includesis the national standard for chip technology and quick response code for payment. Point 4 Sufficiently clear. Point 5 Sufficiently clear. Point b Sufficiently clear. Paragraph (2) Sufficiently clear. Article 151 Sufficiently clear. Article 152 Sufficiently clear. Article 153 Sufficiently clear. Article 154 Sufficiently clear. Article 155 Sufficiently clear. Article 156 Sufficiently clear.

-25 - Article 157 Sufficiently clear. Article 158 Point a The term “closed loop” means electronic money which may only be used as a payment instrument to a Goods and/or Services Providers which are PJP conducting the Source of Fund administration activities. Point b The term “Open loop” means electronic money which may be used as a payment instrument to a Goods and/or Services Providers which are not PJP conducting the Fund Source administration activities. Article 159 Point a Point 1 The term “server-based” means electronic money with storage media in the form of server. Point 2 The term “chip-based” means electronic money with storage media in the form of chip. Point b The term “electronic money user” means Service User which uses electronic money instrument. Point 1 The term “registered” means electronic money whose User’s identity data is registered and recorded at PJP conducting the Source of Fund administration activities. Point 2 The term “unregistered” means electronic money whose User’s identity data is not registered and recorded at PJP conducting the Source of Fund administration activities.

-26 - Article 160 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Included as incoming transactions among others initial placement, incoming fund transfer, and/or top up. Paragraph (4) The term “account for recording the value of electronic money” means a post which is used only by a Goods and/or Services Provider to receive payment of goods and/or services transactions provided by the Goods and/or Services Provider and may not be used for outgoing transactions. Included as Ooutgoing transactions among others, payment of purchase transactions, payment of bills, fund transfer, and/or cash withdrawals. Paragraph (5) Sufficiently clear. Paragraph (6) Sufficiently clear. Article 161 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) The term “does not omit and/or eliminate the electronic money value that has not been used” means an electronic money user still have the right to. Paragraph (4) Sufficiently clear. Article 162 Sufficiently clear.

-27 - Article 163 Sufficiently clear. Article 164 Sufficiently clear. Article 165 Sufficiently clear. Article 166 Paragraph (1) The example of usage of float fund that prohibited for other purposes is the using of float fund as guarantee to a third party or for operational interest of PJP conducting Source of Fund administration activities in the form of electronic money issuance. Paragraph (2) Sufficiently clear. Article 167 Sufficiently clear. Article 168 Sufficiently clear. Article 169 Sufficiently clear. Article 170 Sufficiently clear. Article 171 Paragraph (1) The term “Provision of public service” means provision of service for the public, such as transportation, electricity, health, and education. Paragraph (2) Sufficiently clear.

-28 - Article 172 Sufficiently clear. Article 173 Sufficiently clear. Article 174 Sufficiently clear. Article 175 Sufficiently clear. Article 176 Sufficiently clear. Article 177 Sufficiently clear. Article 178 Sufficiently clear. Article 179 Sufficiently clear. Article 180 Sufficiently clear. Article 181 Automated teller machine card means a card widely known as automated teller machine (ATM) card. Article 182 Sufficiently clear. Article 183 Sufficiently clear.

-29 - Article 184 Sufficiently clear. Article 185 Sufficiently clear. Article 186 Paragraph (1) Point a The term “credit card user” means a Service User which uses a credit card instrument. Point b The term “minimum income” means income after being deducted by liabilities, such as taxes and debt payment to an employer (take-home pay). In analyzing the limit of minimum income of prospective credit card users, PJP conducting Source of Fund administration activities by issuing credit card or an instrument in a virtual form with characteristics similar to credit card may calculate surrogate income of prospective credit card users. Point c Sufficiently clear. Point d Sufficiently clear. Point e Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear.

-30 - Article 187 Sufficiently clear. Article 188 Sufficiently clear. Article 189 Sufficiently clear. Article 190 Sufficiently clear. Article 191 Sufficiently clear. Article 192 Sufficiently clear. Article 193 The term “Automatic teller machine card user” means a Service User which uses a automatic teller machine card instrument. Article 194 Sufficiently clear. Article 195 Sufficiently clear. Article 196 Sufficiently clear. Article 197 Sufficiently clear.

-31 - Article 198 Paragraph (1) The term “active user” means user of payment instrument data storage service who conducts payment transactions using payment instrument data storage service regularly and/or conducts payment transactions using payment instrument data storage service at least once a month. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Article 199 Paragraph (1) The term “instrument data storage service user” means a Service User using instrument data storage service. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Article 200 Sufficiently clear. Article 201 Sufficiently clear. Article 202 Examples of “virtual currency” include Bitcoin, BlackCoin, Dash, Dogecoin, Litecoin, Namecoin, Nxt, Peercoin, Primecoin, Ripple, and Ven. Article 203 Sufficiently clear.

-32 - Article 204 Paragraph (1) Point a Value represented digitally or in any other media among others are credit, voucher, customer loyalty reward or point, asset in an online game. Point b Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Article 205 Sufficiently clear. Article 206 Sufficiently clear. Article 207 Sufficiently clear. Article 208 Sufficiently clear. Article 209 Sufficiently clear. Article 210 Sufficiently clear. Article 211 Sufficiently clear. Article 212 Sufficiently clear.

-33 - Article 213 Sufficiently clear. Article 214 Sufficiently clear. Article 215 Sufficiently clear. Article 216 Sufficiently clear. Article 217 Sufficiently clear. Article 218 Sufficiently clear. Article 219 Sufficiently clear. Article 220 The term “other parties” include among others the relevant ministries and institutions. Article 221 Sufficiently clear. Article 222 Sufficiently clear. Article 223 Sufficiently clear. Article 224 Sufficiently clear.

-34 - Article 225 Sufficiently clear. Article 226 Sufficiently clear. Article 227 Sufficiently clear. Article 228 Sufficiently clear. Article 229 Sufficiently clear. Article 230 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) The term “Bank Indonesia provisions” among others are provisions regarding the obligation to maintain data confidentiality. Article 231 Paragraph (1) Sufficiently clear. Paragraph (2) An example of inspection by other mechanism includes inspection through online communication. Paragraph (3) Sufficiently clear. Article 232 Sufficiently clear.

-35 - Article 233 Sufficiently clear. Article 234 Sufficiently clear. Article 235 Sufficiently clear. Article 236 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) An example of inspection by other mechanism includes inspection through online communication. Paragraph (6) Sufficiently clear. Paragraph (7) Sufficiently clear. Paragraph (8) Sufficiently clear. Paragraph (9) Sufficiently clear. Article 237 Sufficiently clear. Article 238 Paragraph (1) Sufficiently clear.

-36 - Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) Point a Examples of further actions to the supervision related to business performance and capital include additional capital from shareholders, corporate actions, and other fund sources. Point b An example of further actions to the supervision related to risk management and adequacy, security, and reliability of information system includes information technology. Point c Examples of further actions to the supervision related to integrity and/or competence of the management and shareholders include fitness and properness, change of management, audit or certification. Paragraph (6) Sufficiently clear. Paragraph (7) Sufficiently clear. Paragraph (8) Sufficiently clear. Article 239 Sufficiently clear. Article 240 Sufficiently clear. Article 241 Sufficiently clear.

-37 - Article 242 Sufficiently clear. Article 243 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Point a Sufficiently clear. Point b Sufficiently clear. Point c Sufficiently clear. Point d Sufficiently clear. Point e Sufficiently clear. Point f Sufficiently clear. Point g Other considerations among others are business development and sustainability of PJP. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Paragraph (6) Sufficiently clear. Article 244 Sufficiently clear. Article 245 Sufficiently clear.

-38 - Article 246 Sufficiently clear. Article 247 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Paragraph (6) The term “PJP obligations” among others are the obligation of unpaid floating fund to electronic money users. Paragraph (7) Sufficiently clear. Article 248 Sufficiently clear. Article 249 Paragraph (1) The term “termination of activities” means termination of key activities of PJP or termination of products. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear.

-39 - Paragraph (6) Sufficiently clear. Paragraph (7) Sufficiently clear. Paragraph (8) Sufficiently clear. Paragraph (9) Sufficiently clear. Paragraph (10) Sufficiently clear. Article 250 Paragraph (1) Sufficiently clear. Paragraph (2) Point a The term “data and/or information on payment transactions” at least include payment instruments, nominal amount, and channels. Point b The term “data and/or information on payment transaction information details” at least include profiles of Goods and/or Services Providers, profiles of Users, payment methods, transaction areas, and products. Point c The term “data and/or information on PJP performance” at least include financial statements, business performance reports, statements of changes in equity, and business plans of PJP. Point d The term “data and/or information on Payment System operation” at least include consumer complaints, fraud, incidents, and cyber-attack. Point e The term “data and/or information on monitoring of compliance of Payment System infrastructure participants operated by Bank Indonesia” at least include governance,

-40 - operation, infrastructure, business continuity plan in relation to cyber incident and attack, fraud, and consumer protection. Point f Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Article 251 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Point a The term “data and/or information on payment transactions” include payment instruments, nominal amount, and channels. Point b The term “data and/or information on payment transaction information details” at least include profiles of Goods and/or Services Providers, profiles of Users, payment methods, transaction areas, and products. Article 252 Sufficiently clear. Article 253 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) The term “data capturing through inter-system connection directly and real time” conducted among others through data

-41 - infrastructures operated by Bank Indonesia, other authority, or provision of information system access to Bank Indonesia. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Article 254 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Point a An example of daily report is system availability report and daily report on floating fund managed by PJP in license category one conducting Fund Source administration activities in the form of electronic money. Point b An example of weekly report is weekly payment transaction report. Point c Examples of monthly report are monthly payment transaction report, fraud report, and report on failure and availability of technology information infrastructures. Point d An example of quarterly report is unaudited financial statement. Point e Examples of annual report include:

  1. annual report on Payment System, which includes among others business plan and realization of payment system operation activities, main data updates, and self￾assessment of information system;

-42 - 2. management report and supervision result by the board of commissioners, among others are governance including ownership and control structure, risk management and information system security standard, and supervision result by the board of commissioners. 3. audited financial statements. Point f Sufficiently clear. Paragraph (5) Point a Sufficiently clear. Point b Report on change of data and information among others contains change of PJP name, office address, main documents on business relationship, rights and obligations of parties, cooperation agreement, parties in cooperation, and procedure and mechanism of dispute resolution. Point c Disturbance in payment transaction processing is a disturbance encountered by PJP, including the efforts that have been made to mitigate it, such as:

  1. malfunction of data center and disaster recovery center;
  2. network failure in payment transactions processing; and/or
  3. fraud accompanied by information on chronology and impact of losses caused. Point d Force majeure is an event beyond the control of PJP, causing the payment transaction processing can not be carried out due to, including but not limited to, fire, riot, sabotage, and natural disasters, such as earthquake and flood declared by the local competent authorities or official, including Bank Indonesia. Point e Sufficiently clear. Point f Sufficiently clear.

-43 - Paragraph (6) Notice of force majeure occurrence is submitted to Bank Indonesia by phone, facsimile, and/or any other means of information. Article 255 Sufficiently clear. Article 256 Sufficiently clear. Article 257 Paragraph (1) Point a Sufficiently clear. Point b Data infrastructures of Bank Indonesia among others include information system and data infrastructures operated by Bank Indonesia such as Integrated Payment Interface and data hub, or operated by parties appointed by Bank Indonesia. Bank Indonesia Payment System Infrastructures among others include infrastructures used to operate or facilitate clearing and/or final settlement of payment transactions. Point c Utilization of third-party data infrastructures among others includes use of cloud computing. Point d Cyber risk management includes governance, prevention, and management. Point e Sufficiently clear. Point f Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear.

-44 - Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Article 258 Mechanism of processing of data and/or information on Payment System conducted by standardization among others includes standardization of open application programming interface (open API). Article 259 Sufficiently clear. Article 260 Point a The term “access and surveillance” means ensuring access right, audit right, and guarantee for access right and data and/or information acquisition. Point b Sufficiently clear. Point c The term “data protection principle” means ensuring confidentiality and protection of data stored or processed using third party’s data infrastructures. Point d Sufficiently clear. Point e The term “data integrity” means ensuring data processing is conducted accurately, representing actual and consistent facts or conditions and using a transparent method. Article 261 Sufficiently clear. Article 262 Sufficiently clear.

-45 - Article 263 Sufficiently clear. Article 264 Sufficiently clear. Article 265 Paragraph (1) Sufficiently clear. Paragraph (2) Sufficiently clear. Paragraph (3) The approval to be requested to Bank Indonesia by SRO among others is determination for cost or price scheme. Paragraph (4) Sufficiently clear. Paragraph (5) Sufficiently clear. Article 266 Sufficiently clear. Article 267 Sufficiently clear. Article 268 Sufficiently clear. Article 269 Paragraph (1) The term “change of foreign ownership composition” means change of foreign shareholding percentage for all shares held by a foreign party in an entity, either change to higher or lower percentage, experiencing material and/or significant changes. The term “change of control by a foreign party” means change of foreign party which controls an entity, due to change of shareholding composition (percentage) with voting rights or

-46 - special rights or the controlling subject as specified in the company’s deed. Paragraph (2) Sufficiently clear. Paragraph (3) Sufficiently clear. Paragraph (4) Sufficiently clear. Article 270 Sufficiently clear. Article 271 Sufficiently clear. Article 272 Sufficiently clear. Article 273 Sufficiently clear. Article 274 Sufficiently clear. Article 275 Sufficiently clear. Article 276 Sufficiently clear. SUPPLEMENT TO STATE GAZETTE OF THE REPUBLIC OF INDONESIA NUMBER 6692

Share