Regulatory AlertsRegulation on the Management of Information Technology by Rural Banks and Sharia Rural Banks
The Financial Services Authority (OJK) issued Regulation No. 43/PADK.03/2025 to refine the implementation of Information Technology management for Rural Banks (BPR) and Sharia Rural Banks (BPRS) in alignment with higher legislation. This regulation establishes detailed requirements for IT governance, risk management, cyber resilience, data protection, and reporting formats, serving as the operational framework for POJK No. 34 of 2025. It officially revokes the previous OJK Circular No. 15/SEOJK.03/2017 regarding IT standards for these institutions upon its effective date.
Regulation of the Members of the Board of Commissioners of the Financial Services Authority Number 43/PADK.03/2025 concerning the Management of Information Technology by Rural Banks and Sharia Rural Banks
Abstract: As a follow-up to the issuance of POJK Number 34 of 2025 concerning the Management of Information Technology by Rural Banks and Sharia Rural Banks, it is necessary to refine the implementation regulations to align with existing legislation.
The legal basis for this Regulation of the Members of the Board of Commissioners of the Financial Services Authority is: Law Number 21 of 2011 as amended by Law Number 4 of 2023 and POJK Number 34 of 2025.
This Regulation of the Members of the Board of Commissioners of the Financial Services Authority regulates, among other things, further explanations of POJK Number 34 of 2025, the application of governance as well as policies and procedures for the management of information technology, risk management for the management of information technology, guidelines for cyber resilience and security, data management and personal data protection, and the format for reporting on the management of information technology.
Note: This Regulation of the Members of the Board of Commissioners of the Financial Services Authority shall take effect one (1) year from the date of establishment. This Regulation of the Members of the Board of Commissioners of the Financial Services Authority was established on December 17, 2025. Provisions concerning the management of information technology refer to Appendix I, which is an integral part of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority. The application of governance as well as policies and procedures for the management of information technology refers to Appendix II, which is an integral part of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority. Risk management for the management of information technology by Rural Banks and Sharia Rural Banks refers to Appendix III, which is an integral part of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority. Guidelines for cyber resilience and security refer to Appendix IV, which is an integral part of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority. Data management and personal data protection for Rural Banks and Sharia Rural Banks refer to Appendix V, which is an integral part of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority. The format for reporting on the management of information technology refers to Appendix VI, which is an integral part of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority. Upon the effective date of this Regulation of the Members of the Board of Commissioners of the Financial Services Authority, Financial Services Authority Circular Number 15/SEOJK.03/2017 concerning Standards for the Management of Information Technology for Rural Banks and Sharia People's Financing Banks is revoked and declared invalid.