Indonesia's Measures to prevent FinTech from abusing ML and TF
1. INDONESIAāS MEASURES TO PREVENT
FINTECH FROM ABUSING MONEY LAUNDERING
AND TERRORIST FINANCING
PUSAT PELAPORAN DAN ANALISIS TRANSAKSI KEUANGAN
(INDONESIAN FINANCIAL TRANSACTION REPORTS
AND ANALYSIS CENTRE)
2. BANK INDONESIA/BI (CENTRAL BANK)
āThe use of technology in financial systems that produce new
products, services, technologies and / or business models and
may impact on monetary stability, financial system stability,
and / or efficiency, smoothness, security and reliability of
payment systemsā
(article 1(1) BI Regulation Number 19/12/PBI/2017)
DEFINITION OF FINTECH
3. BI Regulation No.
19/12/PBI/2017 on
the
Implementation
of Financial
Technology
OJK Regulation No.
77/POJK.01/2016 on
Information
Technology-Based
Lending Services (peer-
to-peer lendingI)
REGULATION OF FINTECH
4. TYPE OF FINTECHFINTECH
PROVIDE FINANCIAL
SERVICES
AS A PRODUCT OR
SERVICE FROM FINANCIAL
INSTITUTION
BRANCHLESS BANKING
E-MONEY/E-WALLET
E-BANKING
AS A NEW OF FINANCIAL
INSTITUTION ā MOST
LIKELY AS A PLATFORM
PEER-TO-PEER LANDING
5. FINTECH
PAYMENT
15 ENTITIES
(INCLUDING 1 ENTITY
STILL IN
REGULATORY
SANDBOX)
FINTECH P2P
LENDING
120 ENTITIES (44
ENTITIES
REGISTERED & 72
ENTITIES
UNREGISTERED)
FINTECH IN NUMBERS
TIME PERIOD: PER APRIL 2018
6. PROVISION OF
PREVENTIVE MEASURE
AML/CFT REQUIREMENTS ā GENERAL
PROVISIONS UNDER AML LAW AND CFT LAW
Financial Technology Providers registered with Bank
Indonesia are required to apply anti money laundering and
terrorism financing principles in accordance with the
provisions of legislation governing anti-money laundering
and the prevention of terrorism financing (Article 8(1)(b) BI
Regulation No. 19/12/PBI/2017)
BI Regulation Number 19/10/PBI/2017 concerning
Implementation of Anti-Money Laundering and Prevention
of Terrorism Financing for Non-Bank Payment System
Service Provider and Non-Bank Money Changing Service
Provider
The Organizer of peer-to-peer lending is obliged to
implement anti-money laundering and prevention programs
of financing of terrorism in the financial services sector to
the user in accordance with the provisions of legislation
regarding the implementation of anti-money laundering and
terrorism financing programs (Article 42 OJK Regulation No.
77/POJK.01/2016)
OJK Regulation No. 12/POJK.01/2017 concerning the
Implementation of Anti-Money Laundering and Terrorism-
Financing Prevention Programs in the Financial Services
Sector
7. ā¢ CUSTOMER DUE DILIGENCE
ā¢ RECORD KEEPING
ā¢ POLITICALLY EXPOSED PERSONS
ā¢ NEW TECHNOLOGIES
ā¢ RELIANCE ON THIRD PARTIES
ā¢ INTERNAL CONTROLS
ā¢ HIGHER-RISK COUNTRIES
PREVENTIVE MEASURES
(PPATKāS PERSPECTIVE)
8. E-KYC
ā¢BIOMETRY IDENTIFICATION AND DIRECT ACCESS TO POPULATION DATABASE
ā¢DIRECT ACCESS TO CORPORATION DATABASE TO IDENTIFY AND VERIFY BENEFICIAL OWNER OF
CORPORATION
ā¢FOR HIGH RISK CUSTOMER, STILL REQUIRE AN EDD PROCESS AND AN APPROVAL FROM THE SENIOR
MANAGEMENT
THE ABILITY OF ARTIFICIAL INTELLIGENCE TO REFUSE OR TO REJECT BUSINESS
RELATIONSHIP IF THE CUSTOMER FAILURE TO SATISFACTORILY COMPLETE CDD
FACE-TO-FACE MEETING
ā¢FACE-TO-FACE MEETING HELD THROUGH VIDEO ONLINE
ā¢ALLOW NOT TO HELD FACE-TO-FACE MEETING WITH THE CUSTOMER BASED ON RISK ASSESSMENT (E.G
THE CUSTOMER THAT IDENTIFIED AS PEPS OR HIGH RISK CUSTOMER)
CUSTOMER DUE DILIGENCE
9. ALL ELECTRONIC DOCUMENTS REQUIRE TO MAINTAIN AND KEEP
FOR AT LEAST 5 (FIVE YEARS) FOLLOWING COMPLETION OF THE
TRANSACTION OR THE TERMINATION OF THE BUSINESS
RELATIONSHIP
TRANSACTION RECORDS SHOULD BE SUFFICIENT TO PERMIT
RECONSTRUCTION OF INDIVIDUAL TRANSACTIONS SO AS TO
PROVIDE, IF NECESSARY, EVIDENCE FOR PROSECUTION OF
CRIMINAL ACTIVITY
THE PROVIDERS/ORGANIZERS OF FINTECH SHOULD BE REQUIRED
TO ENSURE THAT ALL CDD INFORMATION AND TRANSACTION
RECORDS ARE AVAILABLE SWIFTLY TO DOMESTIC COMPETENT
AUTHORITIES UPON APPROPRIATE AUTHORITY
RECORD KEEPING
10. THE PROVIDERS/ORGANIZERS OF FINTECH
SHOULD BE PROVIDED WITH DATABASE
POLITICALLY EXPOSED PERSON (PEPS)
POLITICALLY EXPOSED PERSON (PEPS)
SHOULD BE IDENTIFIED AS A HIGH RISK
CUSTOMERS AND CANāT DIRECTLY
COMMENCE BUSINESS RELATION. REQUIRE
TO HELD EDD PROCESS AND NEED AN
APROVAL FROM THE SENIOR MANAGEMENT
POLITICALLY EXPOSED PERSONS
11. THE SUPERVISORY AGENCIES
AND PROVIDERS/ORGANIZERS
OF FINTECH SHOULD
ESTABLISH RISK ASSESSMENT
OF THE EXISTING PRODUCT
AND PRIOR THE PRODUCT IS
LAUNCH
NEW FINTECH SHOULD BE PUT
IN A REGULATORY SANDBOX.
UNTIL NOW THEREāS ONLY
BANK INDONESIA AS A
COMPETENT AUTHORITY TO
HELD REGULATORY SANDBOX.
OJK WILL BE FOLLOWED
BANK INDONESIA IN THE
NEAR TIME
IN REGULATORY SANDBOX,
THE NEW FINTECH SHOULD
EXCLUDE RISK ASSESSMENT
AND RISK MITIGATION OF ML
AND TF RISK, BOTH IN
NATIONAL, REGIONAL, AND
GLOBAL RISK CONSIDERING
THERE IS POTENTIALLY
TRANSNATIONAL
TRANSACTION
NEW TECHNOLOGIES
13. IN GLOBAL PRACTICE,
THERE IS PRIVATE SECTOR
āNON FINANCIAL
INSTITUTION- THAT
PROVIDE CDD SERVICES.
THE UTILITY OF THIS
SERVICE IN LINE WITH
INNOVATION OF
TECHNOLOGY, BUT ALSO
POTENTIALLY HIGH RISK
OF CYBERATTACKS
THE PRIVATE SECTOR AS
ABOVE SHOULD
IMPLEMENT AML/CFT
REQUIREMENTS,
ESPECIALLY FOR CDD
PROCESS
THE
PROVIDERS/ORGANIZERS
OF FINTECH SHOULD
HELD THEIR OWN EDD IF
THEIR CUSTOMER
IDENTIFIED AS A HIGH
RISK
RELIANCE ON THIRD PARTIES
14. THE
PROVIDERS/ORGANIZERS
OF FINTECH STILL
SHOULD HAVE INTERNAL
POLICIES, PROCEDURES
AND CONTROLS:
COMPLIANCE MANAGEMENT ARRANGEMENTS (INCLUDING THE
APPOINTMENT OF A COMPLIANCE OFFICER AT THE MANAGEMENT
LEVEL)
SCREENING PROCEDURES TO ENSURE HIGH STANDARDS WHEN
HIRING EMPLOYEES
AN ONGOING EMPLOYEE TRAINING PROGRAM
AN INDEPENDENT AUDIT FUNCTION TO TEST THE SYSTEM
HELD AUDIT TECHNOLOGY TO KNOW LEVEL OF COMPLIANCE OF
THE SYSTEM THAT USED WITH AML/CFT REQUIREMENTS
INTERNAL CONTROLS
15. THE PROVIDERS/ORGANIZERS OF
FINTECH SHOULD BE PROVIDED
WITH DATABASE OF HIGHER RISK
COUNTRIES
THE PROVIDERS/ORGANIZERS OF
FINTECH SHOULD BE HELD THEIR
OWN RISK ASSESSMENT OF HIGHER
RISK COUNTRIES THAT MAY POSE
ML AND TF
THE ABILITY OF ARTIFICIAL
INTELLIGENCE TO REFUSE OR TO
REJECT BUSINESS RELATIONSHIP IF
THERE IS A RELATION WITH HIGHER
RISK COUNTRIES
HIGHER-RISK COUNTRIES
16. REQUIRE TO USE FINANCIAL
INSTUTITIONS ACCOUNTS AND NOT
ALLOWED USING CASH
TRANSACTIONS
REQUIRE TO HELD FIT AND PROPER
TEST FOR OWNER AND BENEFICIAL
OWNER OF THE
PROVIDERS/ORGANIZERS OF FINTECH
AS RISK MITIGATION IN ENTRY
MARKET
OTHER MEASURES
17. Accurate Decision-
making
Automated Customer
Support
Fraud detections and
Claims Management
Insurances
Management
POTENTIAL USE CASES OF
ARTIFICIAL INTELLIGENCE FOR FINTECH
SOURCE: https://www.marutitech.com/how-can-artificial-intelligence-help-fintech-companies/
Automated Virtual
Financial Assistants
Predictive analysis in
Financial Services
Wealth Management
for Masses
18. VERY DEPENDS ON DATABASE FOR SIMPLIFY PURPOSES MAY CAUSE LACK OF AVAILABILITY
OF SUPPORTING DOCUMENTS
POTENTIALLY HIGH RISK OF CYBERATTACKS, SUCH AS STOLEN OF CUSTOMER DATABASE
THAT MAY CAUSE VIOLATION OF SECRECY AND ANTI-TIPPING OF PROVISIONS
LACK OF ADEQUATE SYSTEM THAT MAINTAIN BIG DATA MAY CAUSE DAMAGING INTEGRITY
DATA OF TRANSACTION AND CUSTOMER PROFILE
VERY DEPENDS ON ARTIFICIAL INTELLIGENCE FOR TIMELY PURPOSES MAY CAUSE LOOSING
THE ABILITY OF HUMAN INTELLIGENCE TO DETECT SUSPICIOUS BEHAVIOR OF CUSTOMER
LACK OF KNOWLEDGE AND EXPERIENCES THAT PROVIDE INACCURATE ALGORITM MAY
CAUSE WRONG DECISION
VULNERABILITIES OF FINTECH
19. INDONESIA PROHIBIT VIRTUAL CURRENCY AS CURRENCY AND PROHIBIT THE ENTITY OF PAYMENT
SYSTEM TO USE CRYPTOCURRENCY BASED ON CURRENCY LAW, PBU 18/40/PBI/2016 ON THE PROCESSING
OF PAYMENT TRANSACTIONS AND BI REGULATION NO. 19/12/PBI/2017 ON THE IMPLEMENTATION OF
FINANCIAL TECHNOLOGY
INDONESIA STATED THAT THE VIRTUAL CURRENCY NOT FULFILL THE CRITERIA AS SECURITIES
INDONESIA STILL LOOKING THE POTENTIAL OF VIRTUAL CURRENCY AS COMODITY IN FUTURE TRADES
REGULATION OF VIRTUAL CURRENCY
IN INDONESIA