Here is the converted article in Markdown format:
Compliance Regulations for Financial Institutions in Indonesia: A Regulatory Overview
In a bid to support financial institutions in Indonesia, Amazon Web Services (AWS) has put in place a robust compliance framework that enables companies to evaluate, meet, and demonstrate compliance with applicable legal and regulatory requirements.
Regulatory Framework
The Financial Authority of Indonesia (Otoritas Jasa Keuangan or OJK) regulates banks, insurance companies, peer-to-peer lenders, and other financial institutions involved in lending and financing. On the other hand, the Bank of Indonesia (BI) regulates non-bank payment providers and companies involved in the payment system.
Key Regulations for Financial Institutions Using AWS
Financial institutions using AWS services may be subject to various legal and regulatory requirements. These regulations include:
- Government Regulation No. 71 of 2019 Regarding Operation of Electronic System and Transactions
- The Application of Risk Management in The Use of Information Technology by Commercial Banks (38/POJK.03/2016), as amended in March 2020 (13/POJK.03/2020)
- Implementation of Risk Management for Commercial Banks (18/POJK.03/2016)
- Circular Letter on Implementation of Risk Management in Use of Information Technology by Bank (21/SEOJK.03/2017)
- Business Operation of Insurance, Sharia Insurance, Reinsurance and Sharia Reinsurance Companies (69/POJK.05/2016)
- Regulation on IT-Based Lending (77/POJK.01/2016)
- OJK Regulation 4/2021 on The Application of Risk Management In The Use Of Information Technology By Non-Bank Financial Services Institutions
- Equity Crowdfunding (POJK 57/POJK.04/2018)
- Payment Systems Operators (BI Regulation No. 22/23/PBI/2020)
Key Considerations for Financial Institutions in Indonesia Using AWS
To ensure compliance with these regulations, financial institutions using AWS services should consider the purpose of their workloads and relevant categories of data to anticipate which legal and regulatory requirements may apply.
- Consider the purpose of the workload(s) under consideration and the relevant categories of data
- Assess the criticality of the relevant workload(s) in light of local requirements and procure the relevant approvals or issue the appropriate notice
- Review the AWS Shared Responsibility Model and map AWS responsibilities and customer responsibilities according to each AWS service that will be used
Data Privacy and Protection Considerations for Financial Institutions in Indonesia Using AWS
Financial institutions in Indonesia using AWS services should also consider applicable privacy requirements, including the Indonesia Personal Data Protection Act. The AWS whitepaper “Using AWS in the Context of Common Privacy and Data Protection Considerations” provides useful information to customers using AWS cloud services to store or process personal data.