Financial Crime World

Here is the converted article in markdown format:

OJK’s Cyber Security Requirements Extended to June 2023

The Indonesian Financial Services Authority (OJK) has extended its deadline for banks to comply with its cyber security requirements until the end of June 2023.

Background

Under the OJK’s Circular No. 19/12/DAM-PSE on Cyber Security in Banks, financial institutions are required to conduct self-assessed risk level reporting, regular cyber security testing, establish an independent cyber security unit, and report any cyber incidents to the authority.

Initially set to expire at the end of December 2022, OJK has granted a six-month extension to allow banks more time to implement the necessary measures. “We understand that implementing these requirements takes time and resources,” said an OJK spokesperson. “We want to ensure that banks have sufficient time to comply with the regulations and maintain a high level of cyber security.”

Requirements

Under the Circular, banks are required to:

  • Conduct regular vulnerability analysis
  • Perform scenario-based testing
  • Implement proactive measures to identify and address potential cyber threats
  • Establish an independent cyber security unit responsible for managing their cyber security and resilience

Additionally, banks must report any cyber incidents to OJK within 24 hours of becoming aware of the incident, followed by a detailed report within five days.

Industry Response

Market players have welcomed the extension, citing the complexity of implementing the requirements. “We appreciate the OJK’s understanding of our challenges,” said a bank spokesperson. “We are working hard to implement these measures and ensure the safety and security of our customers’ data.”

Takeaways

  • The OJK has extended its deadline for banks to comply with its cyber security requirements until the end of June 2023.
  • Banks must conduct self-assessed risk level reporting, regular cyber security testing, establish an independent cyber security unit, and report any cyber incidents to the authority.
  • Market players have welcomed the extension, citing the complexity of implementing the requirements.

Conclusion

The OJK’s cyber security requirements are seen as a model for other industries to follow in improving their own cyber security efforts. By Regina Damaris and [Your Name]