Financial Crime World

Here is the rewritten article in Markdown format:

Compliance Best Practices for Banks in Indonesia

Indonesia’s banking industry is subject to a range of regulations and guidelines aimed at ensuring the security, resilience, and compliance of financial institutions with respect to cloud computing services. In this article, we’ll explore some key compliance best practices that banks in Indonesia should be aware of.

Overview

Alibaba Cloud offers a high degree of flexibility in designing and implementing IT architecture on the cloud, with three Availability Zones in Indonesia. This allows customers to deploy systems across multiple zones to achieve higher levels of resilience and security.

Regulator

In Indonesia, financial institutions are regulated by:

  • Bank Indonesia (BI), which oversees monetary and payment systems
  • Indonesian Financial Services Authority (OJK), which regulates and supervises all activities of the financial services sector

Compliance Guidelines

For banks in Indonesia, there are several key regulations and guidelines to consider when using cloud computing services. These include:

  • POJK No. 13/POJK.03/2020: Revision of OJK No. 38/POJK.03/2016 concerning Risk Management in the Use of Information Technologies for Commercial Banks
  • POJK No. 4/POJK.05/2021: Concerning Risk Management in the Use of Information Technologies for Non-Bank Financial Service Institutions
  • Circular Letter No. 21/SEOJK.03/2017: Concerning Application of Risk Management in the Use of Information Technology by Commercial Banks

Is Cloud Permitted?

Yes, OJK and BI permit the use of public cloud services by financial institutions. Alibaba Cloud has successfully adopted several cloud adoption cases with OJK and BI.

Licensing Requirements

Fintech activities related to financial services are regulated by OJK. Companies carrying out digital financial innovation activities must register or obtain an OJK license, unless otherwise exempted.

Offshore Outsourcing Arrangements

By default, financial institutions are required to use data centers and disaster recovery centers located in Indonesia, and carry out IT-based transaction processing in Indonesia. However, under certain specific circumstances, they may be allowed to place their electronic systems in data centers and/or disaster recovery centers outside of Indonesia with prior approval from OJK.

Conclusion

Compliance is a critical aspect of cloud computing adoption for banks in Indonesia. By understanding the key regulations and guidelines outlined above, financial institutions can ensure the security, resilience, and compliance of their operations.