OJK Circular 24/SEOJK.03/2023 on Digital Maturity Level Assessment for Commercial Banks

The Financial Services Authority (OJK) issued Circular 24/SEOJK.03/2023 to implement IT management regulations by mandating commercial banks to conduct periodic self-assessments of their digital maturity. Banks must evaluate eight key aspects, including IT governance, cybersecurity, and data, using standardized frameworks and submit their first assessment results by June 2024. This requirement applies to all conventional and Sharia commercial banks to monitor digital transformation progress and infrastructure reliability.

Indonesia

Otoritas Jasa Keuangan (Financial Services Authority)

OJK Circular 24/SEOJK.03/2023 Regarding the Assessment of Digital Maturity Levels for Commercial Banks

ABSTRACT: To implement Article 66 of Financial Services Authority Regulation Number 11/POJK.03/2022 concerning the Implementation of Information Technology by Commercial Banks, it is necessary to establish a Financial Services Authority Circular regarding the Assessment of Digital Maturity Levels for Commercial Banks.

The legal basis for this Financial Services Authority Circular is: POJK Number 11/POJK.03/2022.

The digital maturity level is a condition that reflects the fulfillment of all aspects in IT implementation in accordance with the IT Regulation (POJK PTI) and the Bank's readiness to support digital transformation. The assessment of the digital maturity level serves as a guide to determine, evaluate, and assess the level of a Bank's digitalization, thereby revealing the Bank's digitalization condition. This guide can also be used as a monitoring tool by the Bank and the Financial Services Authority regarding the progress of digital transformation carried out by the Bank. The assessment of the Bank's digital maturity level can serve as a reference for the Bank to understand the reliability of IT infrastructure and IT infrastructure management, which can be used by the Bank as a basis for consideration for developing more comprehensive products and services for consumers.

The Bank conducts self-assessments of its digital maturity level periodically, at least once (1) in one (1) year, considering changes in the Bank's internal and external conditions. The Bank's digital maturity level assessment covers the assessment of the following aspects:

IT Governance;
IT Architecture;
IT Risk Management;
Resilience and Cybersecurity;
Technology;
Data;
Collaboration; and
Consumer Protection.

In conducting the Bank's digital maturity assessment, the Bank analyzes the implementation of controls over the Bank's digital maturity aspects as listed in Appendix I of this OJK Circular.

The Bank uses the worksheet format for assessing the quality of implementation of the Bank's digital maturity aspects as listed in Appendix II of this OJK Circular. Subsequently, the Bank determines the quality level of the implementation of the digital maturity aspects and the determination of the Bank's digital maturity level in accordance with Appendix III of this OJK Circular.

The Bank submits a report of the self-assessment results of its digital maturity level as part of the report on the current condition of the Bank's IT implementation as referred to in the IT Regulation (POJK PTI). The reporting format refers to Appendix IV of this OJK Circular.

The first assessment of the Bank's digital maturity level is conducted by the Bank for the position at the end of December 2023, and the results of said assessment are submitted to the Financial Services Authority no later than the end of June 2024.

NOTES: This Financial Services Authority Circular takes effect on the date of establishment, which is December 14, 2023. This Financial Services Authority Circular applies to conventional commercial banks and Sharia commercial banks, including branches of banks located outside the country and Sharia business units.

Appendix I: 63 PAGES; Appendix II: 2 PAGES; Appendix III: 4 PAGES; Appendix IV: 1 PAGE.