Bank Indonesia has responded to the increased threat of cyber crime in the financial sector by introducing new Regulation No. 2 of 2024* (the New Regulation). The New Regulation aims to stabilise Indonesia’s currency amidst digital transformation, ensure payment systems are secure and reliable, and foster economic growth through secure digital finance practices.

The New Regulation focuses on key stakeholders, such as payment system providers, payment system infrastructure providers, financial institutions, and money market support institutions—collectively known as the Organisers. Under the New Regulation, the Organisers must comply with new guidelines for governance, prevention, and response to cyber threats. The New Regulation provides that Bank Indonesia will oversee compliance to ensure information system security and cyber resilience.

Organisers must report to Bank Indonesia about how they govern, prevent, and respond to cyber threats both annually and in case of any incidents. Failure to comply on the reporting obligation can lead to administrative penalties, including warnings, fines up to Rp5,000,000 per report, temporary suspension of activities, or even the revocation of licences and approvals.

Compliance with the New Regulation by the Organisers is expected to significantly enhance the Organisers’ resilience, secure vital operations, and build trust with stakeholders.

*Regulation No. 2 of 2024 concerning Information System Security and Cyber Resilience for Payment System Providers, Money Market and Foreign Exchange Market Par- ticipants, and Other Parties Regulated and Supervised by Bank Indonesia, which took effect on 22 April 2024.