Heading size 2

Microsoft's Commitment to the Indonesian Financial Services Sector

We believe that no cloud services provider has more experience delivering compliant solutions to financial institutions in Indonesia than Microsoft. Having helped numerous financial institutions move to the cloud while working in close cooperation with OJK, Microsoft recognizes that a cloud services provider needs to facilitate compliance through full, transparent andproactive engagement with the financial institution and, as required, with OJK. Through this process of collaboration, Microsoft has developed excellent experience and a pool of practical resources to help financial institutions move to the cloud in a way that meets the highest compliance, risk and security standards.

From sharing product and service information in the initial project scoping phase through to assisting in any required consultation with OJK, Microsoft stands ready to support our financial institutions customers in Indonesia. We have developed a range of materials to help our cloud customers in the financial services sector. For example, we have developed practical checklists for our key cloud services so that financial institutions can see how the use of Microsoft's cloud services and our contractual terms map against the relevant guidelines. Our subject-matter experts are available to understand your organization's needs and provide detailed information on the technical, contractual and practical aspects of your proposed cloud project.

By providing these tools and materials, Microsoft reaffirms our commitment to make the adoption of cloud as smooth as possible for financial institutions and to empower our customers  to innovate and navigate their way to the Microsoft cloud with confidence.

 

Regulatory Overview

The Indonesian financial services sector has been at the forefront of the country's digital transformation. Financial services institutions across the country, including major banks and insurance companies, are adopting cloud services, from testing and development of data analytics solutions through to communications, CRM and business productivity applications.

From a regulatory perspective, cloud is permitted. There are, however, some important considerations regarding data transfers and OJK approval, as further outlined below.

 

Regulatory Deep Dive

|

The Financial Services Authority of Indonesia (OJK) is the Indonesian Government agency that regulates and supervises financial institutions.

Yes, cloud services are permitted for commercial banks, except for non-banking financial institutions, rural banks and guarantee agencies who can only use DCs and DRCs located in Indonesia. Significant data residency restrictions apply to insurance companies as well. Microsoft is working with OJK to address these concerns.  

 

GR 71 does not require prior approval for private organizations to store data outside of the country. However, implementing guidelines for the regulation are still under deliberation.

 

Banks  are required to request approval from OJK to store data outside the country under POJK 38/2016 and POJK 13/2020.

As part of the approvals process, OJK requires assurances it will have access to conduct audits and/or on-site inspections of the IT provider. This is achieved one of two ways:

  • Through a letter of no objection/affidavit issued by the IT service provider’s Supervisory Authority; or
  • Where no Supervisory Authority exists then the affidavit should be issued by the IT service provider stating that it allows OJK to conduct an audit at any time

OJK is increasingly providing helpful and practical guidance. It has confirmed that certain categories of electronic systems, namely front-end systems including those containing individual transaction or customer details, held by banks may be stored outside of Indonesia with OJK’s approval (OJK Reg. 38/2016 and OJK Reg. 13/2020)