News and developments

OJK's Anti-Fraud Regulation 12/2024: A New Standard for Financial Institutions

The Financial Services Authority of Indonesia (Otoritas Jasa Keuangan, or “OJK”), has introduced Regulation No. 12 of 2024 on the Implementation of Anti-Fraud Strategies by Financial Services Institutions (“Regulation 12/2024”), a consolidated legal framework aimed at combating fraud in the financial services industry. This regulation represents a significant shift in the anti-fraud landscape by consolidating previous regulations and expanding their scope to protect the public, and the institutions themselves ultimately.

This article delves into the specifics of Regulation 12/2024, focusing on its implications for financial institutions in Indonesia, the expanded scope of fraud, and the reporting obligations imposed on these entities. Additionally, it highlights the key reporting deadlines and timeframes that LJKs must adhere to, providing critical insights for legal practitioners and compliance officers in the financial sector.

  • Overview of Regulation 12/2024
  • Regulation 12/2024 has been enacted to streamline and enhance the anti-fraud measures within Indonesia's financial services industry. The regulation mandates that all Financial Services Institutions (Lembaga Jasa Keuangan, or “LJKs”)[1] and other Financial Services Institutions[2] develop and implement comprehensive Anti-Fraud Strategies, designed to prevent, detect, and respond to fraudulent activities. These strategies must consider past fraud incidents and the unique risks inherent to each institution.

    Regulation 12/2024 shall become effective 3 (three) months from its promulgation on July 31, 2024.

  • Scope of Fraud
  • One of the key features of Regulation 12/2024 is the expanded definition of fraud, which now encompasses a broader range of activities compared to previous regulations. The table below summarizes the acts classified as fraud under Regulation 12/2024:

    TypeDescription
    CorruptionActs such as conflicts of interest, bribery, unauthorized receipt, and extortion that harm LJKs or Consumers.
    Misuse of AssetsIncludes misuse of cash, inventory, or other assets, leading to losses for LJKs or other parties.
    Fraudulent Financial StatementDeliberate misrepresentation in financial statements to benefit fraud perpetrators or harm others.
    FraudulenceManipulation or deception related to LJK products or services to benefit oneself or others unlawfully.
    Leakage of Confidential InformationUnlawful distribution of LJK or other parties' confidential information, causing harm or benefiting unauthorized parties.

  • Anti-Fraud Strategies
  • LJKs are mandated to prepare and implement an Anti-Fraud Strategy, as outlined in Article 3 of the Regulation. The LJKs’ Board of Directors (“BOD”) and Board of Commissioners (“BOC”) are responsible for ensuring the effective implementation of this strategy. This strategy must address the four pillars of Anti-Fraud Strategies namely:

  • prevention;
  • detection;
  • investigation, reporting, and sanction; and
  • monitoring, evaluation, and follow-up of fraud incidents.
  • The regulations governing anti-fraud strategies and risk management for LJKs are primarily outlined in POJK 18/POJK.03/2016 for Commercial Banks and POJK 44/POJK.05/2020 for Non-Bank Financial Services Institutions. Both regulations assign responsibilities to the BOD, including the formulation of written, comprehensive risk management policies, oversight of their implementation, and periodic reviews. The BOD is responsible for ensuring that risk management functions operate independently and that the bank or financial institution maintains adequate resources for risk management.

    In cases where institutions outsource their Anti-Fraud Strategies to third-party companies or consultancy firms, they must adhere to POJK 9/POJK.03/2016, which stipulates that banks remain accountable for outsourced work and must ensure compliance with regulations through formal agreements. Furthermore, institutions must ensure that corrective actions and updates are made to reports on fraud incidents as mandated in Article 18 of Regulation 12/2024. Therefore, outsourcing is permitted for anti-fraud strategies, provided that institutions maintain compliance with regulatory oversight and reporting obligations.

    4.1 Reporting Obligations

    Regulation 12/2024 imposes stringent reporting obligations on LJKs. These obligations are categorized into three main types of reports:

  • Anti-Fraud Strategies: LJKs must submit a comprehensive document outlining their Anti-Fraud Strategies within a specified timeframe.
  • Anti-Fraud Strategy Implementation Reports: These reports, which detail the implementation of Anti-Fraud Strategies, must be submitted periodically.
  • Reports on Acts of Fraud with Significant Impact: LJKs are required to report any fraud that has a significant impact on their operations.
  • 4.2 Reporting Deadlines

    The reporting deadlines for these obligations vary depending on the type of LJK:

    LJK TypeInitial Anti-Fraud Strategy ReportAnti-Fraud Strategy Implementation Report DeadlineFraud Incident Report Deadline
    Commercial Banks and Financing Companies3 (three) months from the enactment of Regulation 12/2024.Every semester (June and December).Within 3 (three) business days of discovery.
    Other Financial Institutions6 (six) months from the enactment of Regulation 12/2024.Annually (by January 31st of the following year).Within 6 (six) business days of discovery.

     4.3 Content of Reports

    In addition to meeting specific deadlines, LJKs must ensure that the Anti-Fraud Strategy Implementation Reports and Reports on Acts of Fraud with Significant Impact must include the following details:

  • name of the LJK;
  • the identity and position of the fraud perpetrators;
  • the type and modus operandi of the fraud;
  • the affected division;
  • the time and location of the incident; andand the amount of loss incurred.

  • Sanctions for Non-Compliance
  • To ensure compliance, the regulation includes stringent penalties for LJKs that fail to implement or report on their anti-fraud strategies:

    ViolationPenalty
    Late submission of anti-fraud strategyFines ranging from IDR 50,000 to IDR 1,500,000 per day, depending on the type of LJK.
    Incorrect information in reportsFines ranging from IDR 10,000 to IDR 50,000 per incorrect entry, with maximum penalties capped.
    Repeated violationsEscalation to suspension of activities or prohibition of new products.

  • Implications for LJKs
  • The implementation of Regulation 12/2024 has significant implications for all financial services institutions in Indonesia. LJKs must invest in internal control systems and ensure that their anti-fraud strategies are not only compliant with the regulation but also effective in mitigating risks.

    Key challenges include:

  • Resource Allocation: LJKs, especially smaller institutions, may face challenges in allocating resources to develop and maintain comprehensive anti-fraud systems.
  • Training and Awareness: Ensuring that employees are adequately trained and aware of the anti-fraud policies is critical for the effectiveness of these strategies.
  • Reporting and Documentation: LJKs must establish clear processes for documenting and reporting fraud incidents to comply with OJK requirements.

  • Key Takeaways
  • For legal practitioners and compliance officers, it is essential to understand the expanded scope of fraud, the specific reporting obligations, and the strict deadlines outlined in this regulation. Ensuring that all reporting requirements are met in a timely and accurate manner will be crucial to avoiding potential sanctions and maintaining the integrity of the financial services industry.

    Regulation 12/2024 represents a critical step forward in Indonesia's efforts to combat fraud within the financial services industry. By consolidating and standardizing anti-fraud strategies across a wide range of financial institutions, the regulation not only simplifies compliance but also strengthens the industry's defences against fraud.

    Footnotes

    [1] Defined as “institutions that carry out activities in the sectors of banking, capital markets, insurance, pension funds, venture capital, microfinance institutions, financing institutions, and other financial services institutions.

    [2] Defined as “pawnshops, guarantee institutions, the Indonesian export financing institution, secondary housing financing company, organizers of information technology-based joint funding services, and institutions that organize mandatory public fund management, including organizers of social security, pension, and welfare programs, as referred to in the laws and regulations on pawnshops, guarantees, the Indonesian export financing institution, secondary housing financing company, and mandatory public fund management, as well as other financial services institutions that are declared to be supervised by the Financial Services Authority based on the provisions of laws and regulations.