Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
BANK INDONESIA REGULATION
NUMBER 18/40/PBI/2016
CONCERNING
OPERATION OF PAYMENT TRANSACTION PROCESSING
BY THE GRACE OF GOD THE ALMIGHTY
GOVERNOR OF BANK INDONESIA,
Considering: a. whereas the development of technology and information
system continues to bear various innovations, especially
in relation to financial technology (fin-tech) to meet the
public needs, including in the field of payment system
services, whether in terms of instruments, providers,
mechanisms, and infrastructures of payment transaction
processing operations;
b. whereas innovations in the operation of payment
transaction processing need to keep supporting the
creation of a payment system which is smooth, safe,
efficient, and reliable, so arrangements is required
against the providers of payment system services to
complement the existing regulation by putting forward
the fulfillment of prudential principles and adequate risk
management, and with due regard to the expansion of
access, national interest and consumer protection,
including international standards and practices;
c. whereas in order to enhance the resilience and
competitiveness of the national payment system
industry, Bank Indonesia needs to motivate the roles of
the domestic players among others through ownership
structuring of the payment system service providers;
d. whereas the settings on the payment system service
operations in the current regulation needs to continue
being equipped and formulated more comprehensively to
give clearer directions and guidelines to the providers of
payment system services and the support providers of
payment transactions, as well as to the society;
e. whereas based on the consideration as referred to in
letter a up to letter d, it is deemed necessary to establish
Bank Indonesia Regulation concerning the Operation of
Payment Transaction Processing;
In view of: 1. Law Number 23 Year 1999 concerning Bank Indonesia
(State Gazette of The Republic of Indonesia Year 1999
Number 66, Supplement to the State Gazette of The
Republic of Indonesia Number 3843) as amended several
times, most recently by Law Number 6 Year 2009 on the
Enactment of the Government Regulation in Lieu of Law
Number 2 Year 2008 concerning the Second Amendment
to Law Number 23 Year 1999 concerning Bank Indonesia
to become Law (State Gazette of The Republic of
Indonesia Year 2009 Number 7, Supplement to the State
Gazette of The Republic of Indonesia Number 4962);
2. Law Number 11 Year 2008 concerning Electronic
Transaction and Information (State Gazette of the
Republic Indonesia Year 2008 Number 58, Supplement
to the State Gazette of the Republic of Indonesia Number
4843);
3. Law Number 3 of 2011 concerning Fund Transfer (State
Gazette of the Republic of Indonesia Year 2011 Number
39, Supplement to the State Gazette of the Republic of
Indonesia Number 5204);
DECIDES:
To issue: BANK INDONESIA REGULATION CONCERNING OPERATION
OF PAYMENT TRANSACTION PROCESSING.
CHAPTER I
GENERAL PROVISION
Article 1
In this Bank Indonesia Regulation what is meant by:
1. Bank is bank as referred to in law that governs banking
and sharia bank as referred to in law that governs sharia
banking.
2. Non-Bank Institution is non-bank business entities
which incorporated and established under Indonesian
law.
3. Payment System Service Provider is Bank or Non-Bank
Institution organizing payment system service activities.
4. Support Provider of Payment Transactions hereinafter
referred to as Support Provider is the parties that provide
services to the Payment System Service Provider in order
to support the operations of payment system service
activities.
5. Switching is an infrastructure that functions as the
center and/or hub for routing payment transaction data
through a network that uses card-based payment
instrument, electronic money, and/or funds transfer.
6. Payment Gateway is electronic services that allow
merchants to process payment transactions using card-
based payment instrument, electronic money, and/or
Proprietary Channel.
7. Electronic Wallet is electronic services to store data of
payment instruments among others card-based payment
instrument and/or electronic money, which can also
accommodate funds for making payments.
8. Proprietary Channel is a payment channel developed and
owned by Bank exclusively for the benefits of their own
customers which among others use technology-based of
short message service, mobile, web, subscriber identity
module tool kit, and/or unstructured supplementary
service data.
9. Switching Provider is Bank or Non-Bank Institution
operating Switching activities.
10. Payment Gateway Provider is Bank or Non-Bank
Institution operating Payment Gateway activities.
11. Electronic Wallet Provider is Bank or Non-Bank
Institution operating Electronic Wallet.
12. Principal is the principal as referred to in Bank Indonesia
regulation that governs card-based payment instrument
and Bank Indonesia regulation that governs electronic
money.
13. Issuer is the issuer as referred to in Bank Indonesia
regulation that governs card-based payment instrument
and Bank Indonesia regulation that governs electronic
money.
14. Acquirer is the acquirer as referred to in Bank Indonesia
regulation that governs card-based payment instrument
and Bank Indonesia regulation that governs electronic
money.
15. Clearing Provider is the clearing provider as referred to in
Bank Indonesia regulation that governs card-based
payment instrument and Bank Indonesia regulation that
governs electronic money.
16. Settlement Provider is the settlement provider as referred
to in Bank Indonesia regulation that governs card-based
payment instrument and Bank Indonesia regulation that
governs electronic money.
17. Fund Transfer Provider is the fund transfer provider as
referred to in Bank Indonesia regulation that governs
fund transfer.
CHAPTER II
PROVIDERS IN THE PROCESSING OF PAYMENT
TRANSACTIONS
Article 2
(1) Processing of payment transactions shall be conducted
by the Payment System Service Provider and Support
Provider.
(2) The processing of payment transactions as referred to in
paragraph (1) covers the activities of:
a. pre-transaction;
b. authorization;
c. clearing;
d. settlement; and
e. post-transaction.
Article 2
(1) Payment System Service Provider as referred to in Article
2 paragraph (1) consist of:
a. Principal;
b. Switching Provider;
c. Issuer;
d. Acquirer;
e. Payment Gateway Provider;
f. Clearing Provider;
g. Settlement Provider;
h. Fund Transfer Provider;
i. Electronic Wallet Provider; and
j. Other Providers of Payment System Services
determined by Bank Indonesia.
(2) Acquirer as referred to in paragraph (1) letter d and
Payment Gateway Provider as referred to in paragraph (1)
letter e constitute providers which belong to the category
of merchant acquiring services.
(3) Support Provider as referred to in Article paragraph (1)
constitute companies implementing activities among
others:
a. card printing;
b. payment personalization;
c. provision of data center and/or disaster recovery
center;
d. terminal provision;
e. provision of security features of payment instrument
and/or payment transaction;
f. provision of contactless transaction support
technology; and/or
g. provision of supporting data routing of payment
transaction processing.
(4) Further provision on the Payment System Service
Provider as referred to in paragraph (1) and Support
Provider as referred to in paragraph (3) shall be stipulated
in a Bank Indonesia Circular Letter.
CHAPTER III
LICENSING AND APPROVAL IN THE OPERATION OF
PAYMENT TRANSACTION PROCESSING
Part One
General
Article 4
(1) Each party acts as the Payment System Service Provider
as referred to in Article 3 paragraph (1) must first obtain
license from Bank Indonesia.
(2) The party that has obtained the license as referred to in
paragraph (1) and will carry out:
a. development of payment system service activities;
b. development of products and activities of payment
system services; and/or
c. cooperate with other parties,
must first obtain approval from Bank Indonesia.
Part Two
Licensing
Article 5
(1) The party applying for license to become the Payment
System Service Provider must fulfill the following
requirements:
a. general; and
b. feasibility aspect as the Payment System Service
Provider.
(2) Other than fulfill the requirements as referred to in
paragraph (1), the party applying for license to become
the Principal, Switching Provider, Clearing Provider,
and/or Settlement Provider must be a limited liability
company with at least 80% (eighty percent) of their shares
owned by:
a. Indonesian citizens; and/or
b. Indonesian legal entities.
(3) In the event there is foreign ownership in the Principal,
Switching Provider, Clearing Provider, and/or Settlement
Provider as referred to in paragraph (2), the calculation of
the number of foreign ownership shall include the direct
ownership and indirect ownership.
(4) The party as referred to in paragraph (2) that has
obtained the license as the Principal, Switching Provider,
Clearing Provider, and/or Settlement Provider is
obligated to still fulfill the percentage of shareholding as
referred to in paragraph (2).
Article 6
(1) The Party applying for license to be the Switching
Provider or Payment Gateway Provider must be:
a. a Bank; or
b. a Non-Bank Institution.
(2) Non-Bank Institution as referred to in paragraph (1) letter
b of a limited liability company conducting business
activities in the field of information technology and/or
payment system.
Article 7
(1) The party applying for license to be the Electronic Wallet
Provider must be:
a. a Bank; or
b. a Non-Bank Institution.
(2) Non-Bank Institution as referred to in paragraph (1) letter
b shall be a limited liability company.
Article 8
The obligation to obtain license as referred to in Article 4
paragraph (1) applies for Bank or Non-Bank Institution as
referred to in Article 7 paragraph (1) implementing Electronic
Wallet services with active users already reached or planned
to reach no less than 300,000 (three hundred thousand)
users.
Article 9
(1) The party that will become the Switching Provider and/or
Payment Gateway Provider as referred to in Article 6
and/or the Electronic Wallet Provider as referred to in
Article 7, must fulfill the requirement for feasibility
aspects as the Payment System Service Provider that
consists of:
a. legality and profile of company;
b. legal;
c. operational readiness;
d. security and reliability of system;
e. business feasibility;
f. risk management adequacy; and
g. consumer protection.
(2) For parties that will apply for license to be Electronic
Wallet Provider which can also accommodate funds, the
fulfillment of requirements shall be:
a. risk management adequacy as referred to in
paragraph (1) letter f; and
b. consumer protection as referred to in paragraph (1)
letter g,
must also cover risk management and consumer
protection related to fund management accommodated in
Electronic Wallets.
(3) Further provision concerning the fulfillment of
requirements as Payment System Service Provider as
referred to in paragraph (1) and paragraph (2) shall be
stipulated in a Bank Indonesia Circular Letter.
Article 10
(1) Requirements and procedures for obtaining license to
become Principal, Issuer, Acquirer, Clearing Provider,
and Settlement Provider shall refer to Bank Indonesia
regulation that governs card-based payment instrument
or Bank Indonesia regulation that governs electronic
money.
(2) Requirements and procedures for obtaining license to
become Fund Transfer Provider shall refer to Bank
Indonesia regulation that governs transfers of funds.
Part Three
Approvals
Article 11
(1) Approvals for the development of payment system service
activities as referred to in Article 4 paragraph (2) letter a
shall include:
a. operation of Payment Gateway conducted by the
Payment System Service Provider that have obtained
the license as Issuer and/or Acquirer;
b. operation of Electronic Wallet conducted by the
Payment System Service Provider as follows:
1. Bank; or
2. Non-Bank Institution that have obtained the
license as the Issuer of electronic money;
and/or
c. operation of Proprietary Channel conducted by the
Payment System Service Provider of Banks.
(2) Approvals for the development of products and activities
of payment system services as referred to in Article 4
paragraph (2) letter b shall include the development of
features, types, services, and/or facilities from products
and/or payment system service activities already
ongoing.
(3) Approvals for performing cooperation as referred to in
Article 4 paragraph (2) letter c shall include:
a. cooperation with other Payment System Service
Provider; and/or
b. cooperation with Support Providers.
(4) The parties that have obtained the approvals as referred
to in paragraph (1) must comply with the applicable
provision for Payment Gateway Provider and Electronic
Wallet Provider.
Article12
(1) Approvals granted to the Payment System Service
Provider in the context of development of payment
system service activities as referred to in Article 4
paragraph (2) letter a and development of products and
activities of payment system services as referred to in
Article 4 paragraph (2) letter b shall consider the
fulfillment of requirements including the aspects of:
a. operational readiness;
b. security and reliability of system;
c. implementation of risk management; and
d. consumer protection.
(2) Other than the fulfillment of aspects as referred to in
paragraph (1), Bank Indonesia also consider the results
of supervision toward the performance of Payment
System Service Provider.
Article 13
The approvals granted to the Payment System Service
Provider in the context of cooperation as referred to in Article
4 paragraph (2) letter c shall consider the fulfillment of
requirements that include the aspects of:
a. legality and profile of the company;
b. competence of the party that will be invited to work with;
c. performance;
d. security and reliability of system and also infrastructure;
and
e. legal.
Article 14
(1) Payment System Service Provider shall be responsible for
ensuring the security and smoothness of payment
transaction processing, including in case conducted
through cooperation with the Support Provider.
(2) Payment System Service Provider must conduct
periodical evaluations on the performance of the Support
Provider.
Part Four
Procedures and Processing of License and Approval
Article 15
(1) Banks or Non-Bank Institution that will:
a. apply for license as the Payment System Service
Provider as referred to in Article 4 paragraph (1); or
b. apply for approval in the context of development of
payment system service activities, development of
products and activities of payment system services,
and/or cooperation as referred to in Article 4
paragraph (2),
must submit the applications in writing in Indonesian
Language to Bank Indonesia accompanied by supporting
documents for the fulfillment of aspects as referred to in
Article 9, Article 12, and Article 13.
(2) In order to process the application for license as referred
to in paragraph (1) letter a, Bank Indonesia shall
conduct the following:
a. administrative research;
b. business feasibility analysis; and
c. examination against Banks or Non-Bank
Institution.
(3) In order to process the applications for approval as
referred to in paragraph (1) letter b, Bank Indonesia shall
conduct the following:
a. administrative research;
b. analysis to the performances of Bank or Non-Bank
Institution; and
c. examination against Bank or Non-Bank Institution,
if required.
(4) Based on the process results as referred to in paragraph
(2) and paragraph (3), Bank Indonesia shall determine
the decision to:
a. accept; or
b. reject,
the application for license or for approval submitted.
(5) Bank Indonesia can provide convenience to the Payment
System Service Provider that have obtained permission
for the cooperation approval process as referred to in
paragraph (1) letter b for using and expanding the use of
non-cash payment instrument for programs related to
the national policy.
(6) The convenience as referred to in paragraph (5) shall be
given by still paying attention to the risks of
implementing payment system service activities.
Part Five
Obligations for Foreign Parties
Article 16
Foreign parties conducting payment system services in the
territory of the Unitary State of The Republic of Indonesia
and/or in cooperation with the Payment System Service
Provider must comply with this Bank Indonesia Regulation
and the provisions of laws and regulations.
Part Six
Policy on Licensing and/or Approval
Article 17
(1) Bank Indonesia is authorized to establish a policy on
licensing and/or approval for the operation of payment
system services.
(2) The establishment of policy as referred to in paragraph
(1) shall be based on the considerations to:
a. maintain the national efficiency;
b. support the national policy;
c. maintain the public interest;
d. maintain the industry growth; and/or
e. maintain a healthy business competition.
CHAPTER IV
OPERATION OF PAYMENT TRANSACTION PROCESSING
Article 18
(1) In the operation of payment transaction processing, each
Payment System Service Provider must:
a. implement risk management effectively and
consistently;
b. implement standards of information system
security;
c. implement the processing of payment transactions
domestically;
d. implement consumer protection; and
e. comply with the provisions of laws and regulations.
(2) The obligations for processing payment transactions
domestically as referred to in paragraph (1) letter c shall
be implemented as follows:
a. for the Payment System Service Provider processing
transactions of card-based payment instrument,
shall subject to the provisions of Bank Indonesia
that governs card-based payment instrument; and
b. for the Payment System Service Provider processing
transactions of electronic money and/or
transactions of other payment system, shall subject
to the provisions that will be determined later by
Bank Indonesia.
Part One
Implementation of Risk Management
Article 19
(1) Implementation of risk management effectively and
consistently in the operation of payment transaction
processing shall cover:
a. active supervision of management;
b. adequacy of policies and procedures as well as
organizational structure;
c. risk management function and implementing
human resources; and
d. internal control.
(2) Implementation of risk management by the Principal,
Issuer, Acquirer, Clearing Provider, and Settlement
Provider other than refers to the implementation of risk
management as referred to in paragraph (1) also shall
refer to the provision of risk management as referred to
in Bank Indonesia Regulation that governs the operation
of card-based payment instrument activities and/or
Bank Indonesia Regulation that governs electronic
money, as well as other provisions of laws and
regulations.
(3) Implementation of risk management by the Fund
Transfer Provider other than refers to the
implementation of risk management as referred to in
paragraph (1) shall also refer to the provision of risk
management implementation as referred to in Bank
Indonesia Regulation that governs fund transfer and
other provisions of laws and regulations.
Part Two
Information System Security
Article 20
(1) Implementation of standards of information system
security by Principal, Issuer, Acquirer, Clearing
Provider, Settlement Provider, and Fund Transfer
Provider shall refer to the regulation of Bank Indonesia
that governs the operation of card-based payment
instrument activities, regulation of Bank Indonesia that
governs electronic money, and/or regulation of Bank
Indonesia that governs fund transfer.
(2) Implementation of standards of information system
security by Switching Provider, Payment Gateway
Provider, Electronic Wallet Provider, and Bank operating
Proprietary Channel at least is for:
a. fulfillment of certification and/or security
standards and system reliability generally accepted
or determined by Bank Indonesia or related
authorities/institutions;
b. maintenance and improvement of technology
security; and
c. audits implementation conducted periodically at
least once in 3 (three) years or every time there is a
significant change.
(3) The fulfillment of certification and/or standards of
security system as referred to in paragraph (2) letter a
for Switching Provider at least shall be for:
a. securing data and information related to the
processed payment transactions; and
b. securing network.
(4) The fulfillment of certification and/or standards of
security system as referred to in paragraph (2) letter a
for Payment Gateway Provider at least shall be for:
a. securing data and information related to the
processed payment transactions; and
b. securing network;
c. implementation of fraud detection system.
(5) The fulfillment of certification and/or standards of
security system as referred to in paragraph (2) letter a
for Electronic Wallet Provider at least shall be for:
a. securing data and information of users as well as
data and information of payment instrument stored
in Electronic Wallet;
b. system and procedures for activation and use of
Electronic Wallet; and
c. implementation of fraud detection system.
Part Three
Implementation of Electronic Wallet
Article 21
(1) In the event there is a request for refund on the
cancellation of payment transactions, Electronic Wallet
Provider must immediately make the refund to the users
of Electronic Wallet.
(2) Electronic Wallet Provider must own a procedure to
ensure the implementation of the refund as referred to
in paragraph (1).
(3) The fund derived from the refund as referred to in
paragraph (1) must immediately be refunded to the
origin of source of fund used for making payment
transactions.
Article 22
(1) Other than required to fulfill the provision as referred to
in Article 18, the Electronic Wallet Provider operating
Electronic Wallet that can be used to store data of
payment instrument and to accommodate funds, are
obligated to:
a. ensure that the use of funds in Electronic Wallet is
only for the purpose of payments;
b. comply with the regulation of Bank Indonesia
concerning the limit of fund value that can be
accommodated in the Electronic Wallet;
c. ensure that the funds owned by the users are
available and can be used when making
transactions;
d. place all funds stored in Electronic Wallet in the
form of safe and liquid assets to make sure the
availability of funds as referred to in letter c;
e. ensure that the use of funds is only to meet the
interests of payment transactions by the users of
Electronic Wallet; and
f. implement anti-money laundering and prevention
of terrorism funding programs according to the
provisions of laws and regulations.
(2) The limit of fund value that can be accommodated in
Electronic Wallet as referred to in paragraph (1) letter b
can only be exceeded in the event:
a. there are refunds as referred to in Article 21
paragraph (1); and
b. Electronic Wallet Provider are capable to identify the
excess of fund as a refund.
(3) Placement of all funds stored in the Electronic Wallet as
referred to in paragraph (1) letter d shall be conducted
by:
a. administering the funds stored in the Electronic
Wallet through recording in the immediate liabilities
post or various liabilities for Electronic Wallet
Provider of Bank; or
b. placing the funds stored in the Electronic Wallets
100% (one hundred percent) in commercial banks
in time deposit account, for Electronic Wallet
Provider of Non-Bank Institution.
(4) Further provision concerning the obligations of
Electronic Wallet Provider as referred to in paragraph (1)
shall be governed in a Bank Indonesia Circular Letter.
Part Four
Implementation of Payment Gateway
Article 23
Payment Gateway Provider which in the implementation of
their activities conduct the function to settle the payments to
merchants must:
a. own and run the mechanisms and procedures
concerning:
1. merchant acquisition facilitated by the provision of
Payment Gateway; and
2. settlement of payments to the merchants; and
b. conduct evaluation to the smoothness and security of
payment transactions conducted through the
merchants.
Part Five
Consumer Protection
Article 24
(1) Implementation of consumer protection principles by the
Payment System Service Provider shall refer to Bank
Indonesia regulation that governs consumer protection
of payment system services.
(2) Implementation of consumer protection principles as
referred to in paragraph (1) shall include:
a. fairness and reliability;
b. transparency;
c. protection of consumer data and/or information;
and
d. effective handling and settlement of complaints.
Article 25
Implementation of consumer protection principles as referred
to in Article 24 by the Payment Gateway Provider among
others shall be:
a. adequate provision of information to consumers
concerning the mechanism of payment through Payment
Gateway, including on the use of data and information
of payment instrument in online transactions; and
b. ensuring the delivery of goods and/or services from
merchants to consumers after the consumers making
payments in online transactions.
Article 26
Implementation of consumer protection principles as referred
to in Article 24 by the Electronic Wallet Provider among
others shall be:
a. adequate provision of information to consumers
concerning Electronic Wallet provided including
information on the procedure of refund as referred to in
Article 21; and
b. own and implement the mechanism of handling
complaints of consumers.
Part Six
Compliance with the Provisions of Laws and Regulations
Article 27
Payment System Service Provider other than subject to this
Bank Indonesia Regulation must also comply with the
provisions of laws and regulations, among others provisions
that govern:
a. the obligation to use Rupiah for payment transactions
made in the territory of the Unitary State of the Republic
of Indonesia;
b. trading transactions through electronic system; and
c. implementation of electronic system and transactions.
CHAPTER V
REPORTS
Article 28
(1) Payment System Service Provider are obligated to submit
reports on the operation of payment transaction
processing to Bank Indonesia.
(2) The reports as referred to in paragraph (1) consists of:
a. periodical reports; and
b. incidental reports.
(3) Submission of the periodical reports as referred to in
paragraph (2) letter a consists of:
a. monthly reports;
b. quarterly reports;
c. annual reports; and/or
d. reports on the result of information system audits
from independent auditors conducted periodically
at least 1 (one) time within the period of 3 (three)
years.
(4) Incidental reports as referred to in paragraph (2) letter b
consist of:
a. reports on disruptions in the processing of payment
transactions and the follow-ups that have been
conducted.
b. reports on changes in capital and/or composition of
shareholders as well changes in composition of the
administrators of Payment System Service
Providers.
c. reports on the occurrence of force majeure upon the
implementation of payment transaction processing;
d. reports on the changes in data and information of
documents submitted at the time of application for
license to Bank Indonesia; and
e. other reports required by Bank Indonesia.
(5) Format and procedure for submitting reports as referred
to in paragraph (2) by Principal, Issuer, Acquirer,
Clearing Provider, and Settlement Provider shall refer to
Bank Indonesia regulation that governs card-based
payment instrument and Bank Indonesia regulation that
governs electronic money.
(6) Format and procedure for submitting reports as referred
to in paragraph (2) by the Fund Transfer Provider shall
refer to Bank Indonesia regulation that governs fund
transfer.
(7) Further provision on the format and procedures for
submitting reports as referred to in paragraph (2) by
Switching Provider, Payment Gateway Provider, and
Electronic Wallet Provider shall be governed in a Bank
Indonesia Circular Letter.
Article 29
(1) Electronic Wallet Provider which are not subject to
license obligation as referred to in Article 8 must submit
a report on the operation of Electronic Wallet to Bank
Indonesia.
(2) Further provision concerning the procedure for
submitting reports as referred to in paragraph (1) shall
be governed in a Bank Indonesia Circular Letter.
CHAPTER VI
TRANSFER OF LICENSE OF PAYMENT SYSTEM SERVICE
PROVIDER
Article 30
(1) Transfer of license for implementing activities as
Principal, Issuer, Acquirer, Clearing Provider, and
Settlement Provider shall refer to Bank Indonesia
regulation that governs card-based payment instrument
and Bank Indonesia regulation that governs electronic
money.
(2) Transfer of license for implementing activities as Fund
Transfer Provider shall refer to Bank Indonesia
regulation that governs fund transfer.
Article 31
(1) Transfer of license for implementing activities as
Switching Provider, Payment Gateway Provider, and/or
Electronic Wallet Provider to other parties may only be
conducted in the context of merger, consolidation, or
spin off.
(2) Transfer of license for implementing activities as
Switching Provider, Payment Gateway Provider, and/or
Electronic Wallet Provider as referred to in paragraph (1),
must first obtain permission from Bank Indonesia.
Article 32
(1) In the event the acquisition of Bank that have obtained
the license as Payment System Service Provider will be
carried out, the concerned Bank must report the
acquisition plan in writing to Bank Indonesia.
(2) In the event the acquisition of Non-Bank Institution that
have obtained the license as Payment System Service
Provider will be carried out, the concerned Non-Bank
Institution must submit application for approval in
writing to Bank Indonesia regarding the acquisition
plan.
(3) The report on the acquisition plan as referred to in
paragraph (1) or application for approval as referred to
in paragraph (2), at least includes information on the:
a. background of acquisition;
b. the party that will conduct acquisition;
c. target of execution time of the acquisition;
d. composition of owners and/or controlling
shareholders, and also composition of shareholding
after the acquisition; and
e. business plan after acquisition, especially related to
the activities of payment system services
implemented.
CHAPTER VII
SUPERVISION
Article 33
(1) Bank Indonesia shall conduct supervision to the
Payment System Service Provider which have obtained
the license from Bank Indonesia covering:
a. direct supervision; and
b. indirect supervision.
(2) In case required, Bank Indonesia shall conduct
supervision to the Support Provider cooperating with the
Payment System Service Provider, including the
Electronic Wallet Provider as referred to in Article 29.
(3) Bank Indonesia can assign other parties for and on
behalf of Bank Indonesia to undertake direct supervision
as referred to in paragraph (1) and/or paragraph (2).
CHAPTER VIII
PROHIBITION
Article 34
Payment System Service Provider are prohibited to:
a. conduct processing of payment transactions using
virtual currency;
b. misuse data and information of customers as well as
data and information of payment transactions; and/or
c. own and/or manage the comparable values with useable
money value beyond the scope of the concerned Payment
System Service Provider.
CHAPTER IX
SANCTIONS
Article 35
(1) Payment System Service Provider that violate provisions
as referred to in Article 4 paragraph (2), Article 5
paragraph (4), Article 11 paragraph (4), Article 14
paragraph (2), Article 18 paragraph (1), Article 21, Article
22 paragraph (1), Article 23, Article 27, Article 28
paragraph (1), Article 31 paragraph (2), Article 32
paragraph (1), Article 32 paragraph (2), Article 34, Article
40, and/or Article 42 shall be imposed with
administrative sanctions in the form of:
a. warnings;
b. fines;
c. temporary suspension of a part of or the entire
activities of payment system services; and/or
d. license revocation as the Payment System Service
Provider.
(2) Further provision concerning the procedure for
sanctions shall be governed in a Bank Indonesia
Circular Letter.
CHAPTER X
OTHER PROVISIONS
Article 36
In case after the passage of time as referred to in Article 39
or after this Bank Indonesia Regulation coming into force
there are parties that operate payment system services
without Bank Indonesia permission, accordingly Bank
Indonesia is authorized to:
a. convey a written warning; and/or
b. recommend to the competent authorities to:
1. terminate the business activities; and/or
2. revoke the business license granted by the
competent authorities.
Article 37
In addition to imposition of sanctions as referred to in Article
35, Bank Indonesia can ask the of Payment System Service
Provider to conduct or not to conduct anything, suspend a
part of or all activities of payment system services, cancel or
revoke the license or approval granted to the Payment System
Service Provider in case among others:
a. there are results of Bank Indonesia supervision
indicating that the Payment System Service Provider
have not been able to implement the payment system
service activities well;
b. there are written requests or recommendations from the
authorities or the competent supervisory authorities to
Bank Indonesia to suspend the activities of the Payment
System Service Provider;
c. there are legally binding court rulings ordering the
Payment System Service Provider to terminate their
activities; and/or
d. there are applications for cancellation and/or revocation
of licenses submitted by the concerned Bank or Non-
Bank Institution that have obtained the license from
Bank Indonesia.
Article 38
Provided that it has not been governed in and not in a
contravention with this Bank Indonesia Regulation:
a. the implementation of activities as Principal, Issuer,
Acquirer, Clearing Provider, and Settlement Provider
shall be conducted by referring to the regulation of Bank
Indonesia that governs card-based payment instrument
and regulation of Bank Indonesia that governs electronic
money; and
b. implementation of activities as Fund Transfer Provider
shall be conducted by referring to the regulation of Bank
Indonesia that governs fund transfer.
CHAPTER XI
TRANSITIONAL PROVISIONS
Article 39
(1) The parties that have implemented activities of:
a. Switching, Payment Gateway; and/or
b. Electronic Wallet as referred to in Article 8,
prior to this regulation coming into force and have not
obtained the license from Bank Indonesia must apply for
license to Bank Indonesia.
(2) License application as Switching Provider, Payment
Gateway Provider, and/or Electronic Wallet Provider as
referred to in paragraph (1) shall be conducted no later
than 6 (six) months since this Bank Indonesia
Regulation coming into force.
Article 40
Ownership percentage as referred to in Article 5 paragraph
(2) must be met by the parties which prior to this Bank
Indonesia Regulation coming into force:
a. have obtained the license from Bank Indonesia as
Principal, Clearing Service Provider, and/or Settlement
Service Provider; or
b. in the process of licensing and then obtaining the license
from Bank Indonesia,
if after this Bank Indonesia Regulation coming into force, will
make a change of ownership.
Article 41
Requirements and procedures of application for parties filing
for license as Principal, Clearing Provider, and/or Settlement
Provider prior to this Bank Indonesia Regulation coming into
force, shall subject to the Bank Indonesia regulation that
governs card-based payment instrument and Bank Indonesia
regulation that governs electronic money.
Article 42
(1) Bank that have operated Proprietary Channel at the time
this Bank Indonesia Regulation coming into force must
report the referred implementation of activities to Bank
Indonesia to be administered along with the supporting
documents no later than 6 (six) months since this Bank
Indonesia Regulation coming into force.
(2) Payment System Service Provider that have implemented
the development of Payment Gateway and/or Electronic
Wallet activities as referred to in Article 4 paragraph (2)
letter a at the time this Bank Indonesia Regulation
coming into force must report the referred
implementation of activities to Bank Indonesia to be
administered along with the supporting documents no
later than 6 (six) months since this Bank Indonesia
Regulation coming into force.
CHAPTER XII
CLOSING PROVISIONS
Article 43
This Bank Indonesia Regulation shall come into force on the
date of promulgation.
For the purpose of public cognizance, it is ordered that this
Bank Indonesia Regulation be promulgated in State Gazette of
the Republic of Indonesia.
Enacted in Jakarta
on November 8, 2016
GOVERNOR OF BANK INDONESIA,
AGUS D.W. MARTOWARDOJO
Promulgated in Jakarta
on November 9, 2016
MINISTER OF LAW AND HUMAN RIGHTS
REPUBLIC OF INDONESIA,
YASONNA H. LAOLY
STATE GAZETTE OF THE REPUBLIC OF INDONESIA YEAR 2016
NUMBER 236
ELUCIDATION
OF
BANK INDONESIA REGULATION
NUMBER 18/40/PBI/2016
CONCERNING
OPERATION OF PAYMENT TRANSACTION PROCESSING
I. GENERAL
The development of utilization of internet technology and
communication such as smartphone motivates the growth of electronic
commerce business (e-commerce) and financial technology (fintech)
which raises various innovations and involvement of new parties in the
implementation of payment transaction processing, such as Payment
Gateway Provider and Electronic Wallet Provider, as well as Support
Provider such as technology provider companies supporting contactless
transactions.
The existence of new parties in the payment transaction processing
operations also affects the development of infrastructure and
mechanism of payment which has not been regulated specifically in the
current regulation of Bank Indonesia. To ensure that the development
still fulfill the principles of payment system that are safe, efficient,
smooth, and reliable by paying attention to the aspect of consumer
protection, Bank Indonesia imposes license or approval obligation on the
operation of payment system services by the parties that have not been
covered in the current Bank Indonesia regulation. In order to maintain
the sovereignty of the national payment system industry and the
strengthening of consumer protection aspect, particularly in relation to
the security of data and funds of the Indonesian people, an arrangement
of ownership structure of Payment System Service Provider, i.e.
Principal, Switching Provider, Clearing Providers, and Settlement
Provider is required.
In addition to that, to support the security and smoothness of
payment system service operations, Bank Indonesia also has set
obligations to be met by the new Payment System Service Provider, both
in the form of Payment Gateway Provider, Switching Provider and
Electronic Wallet Provider. The obligations that must be met among
others are the obligations on the implementation of risk management,
consumer protection, security standards fulfillment, domestic payment
transaction processing, use of Rupiah, and compliance with other
related provisions of laws and regulations such as the provision that
governs electronic transaction and information as well as
implementation of anti-money laundering and prevention of terrorism
funding. Other than the fulfillment of the said obligations, the processing
of payment transactions needs to be conducted domestically among
others to enhance the self-reliance of the domestic Payment System
Service Provider in order to support the expansion of non-cash
instrument utilization.
In order to ensure equality of arrangements already governed in the
current regulation, such obligations must also be met by the Payment
System Service Provider such as Principal, Issuer, Acquirer, Clearing
Provider, and Settlement Provider as well as Fund Transfer Provider. To
ensure compliance with regulation on the implementation of this
payment transaction processing, Bank Indonesia shall conduct
supervision and shall require the submission of reports by the Payment
System Service Provider.
In connection with that, it is necessary to make arrangements
toward the operation of payment transaction processing in a Bank
Indonesia Regulation.
II. ARTICLE BY ARTICLE
Article 1
Self-explanatory.
Article 2
Paragraph (1)
In processing payment transaction, the Payment System Service
Provider can cooperate with Support Provider in order to support
the operation of payment transaction processing.
Paragraph (2)
Letter a
Pre-transactions are the initial activities undertaken to
start the processing of payment transactions among others
by selecting consumers, printing cards, personalizing
cards, and providing infrastructure such as terminals or
readers.
Letter b
Authorization is the approval on transactions after the
following activities being conducted, i.e. routing data and
information of payment transactions, verification of the
identities of the parties making payment transactions,
validation on instrument and payment transactions
conducted, as well as ensuring the availability of source of
funds.
Letter c
Clearing is an activity of exchanging and/or processing data
and/or information in order to calculate the rights and
obligations between parties involved in the processing of
payment transactions.
Letter d
Settlement is an activity of settlement which is final and
binding upon financial rights and obligations of each party
involved in the processing of payment transactions.
Letter e
Post-transaction is an activity after the final settlement of a
payment transaction completed such as the printing of the
billing sheet on the completed transaction, the submission
of data and information on payment transactions made by
users, and the process of disputes or consumer complaints
resolution.
Article 3
Paragraph (1)
Letter a
Self-explanatory.
Letter b
In processing payment transactions, Switching Provider
shall perform data and information routing of payment
transactions inter-Payment System Service Provider such
as Issuer and Acquirer.
Letter c
Self-explanatory.
Letter d
Provisions of terminals among others: Automated Teller
Machine (ATM), Electronic Data Capture (EDC), and/or
reader.
Letter e
In processing payment transactions, the Payment Gateway
Provider among others shall perform data and information
routing of payment transactions between merchants and
acquirers.
Letter f
Self-explanatory.
Letter g
Self-explanatory.
Letter h
Self-explanatory.
Letter i
Self-explanatory.
Letter j
What is meant by “Other Payment System Service Provider”
are the parties operating payment system services at the
stage of activities of authorization, clearing and/or
settlement besides Payment System Service Provider such
as Principal, Switching Provider, Clearing Provider,
Settlement Provider, Fund Transfer Provider, and Electronic
Wallet Provider;
Paragraph (2)
In processing payment transactions through various delivery
channels, among others, Electronic Data Capture (EDC), reader,
online point of sales, and Proprietary Channel, the Payment
Gateway Provider shall conduct:
a. routing data of payment transactions from merchants to
Acquirer or Issuer (facilitators); or
b. routing data of payment transactions from merchants to
Acquirer or Issuer and settlement of payments from
Acquirer or Issuer to merchants (merchant aggregators).
Execution of Payment Gateway operations shall be conducted
through the cooperation with:
a. merchants and Acquirer;
b. Acquirer;
c. merchants and Issuer; or
d. Issuer.
What is meant by “merchant acquiring services provider” are the
parties processing payment transaction made through
merchants in the scheme of four-party business model in the
payment transactions involving Issuer, holders/users of the
payment instrument, merchants, and Acquirer;
Paragraph (3)
Payment System Service Provider can use the services of
Support Provider on every activity of payment transaction
processing.
Letter a
Self-explanatory.
Letter b
Self-explanatory.
Letter c
Self-explanatory.
Letter d
Self-explanatory.
Letter e
Self-explanatory.
Letter f
Self-explanatory.
Letter g
Supporting data of payment transaction processing among
other data of billing value for public service payments such
as water and electricity.
Paragraph (4)
Self-explanatory.
Article 4
Self-explanatory.
Article 5
Paragraph (1)
Self-explanatory.
Paragraph (2)
Documents related to the structure and portion of shareholdings
on limited liabilities companies shall be submitted to Bank
Indonesia accompanied by a statement letter containing
confirmation of the truth of data and information submitted.
Paragraph (3)
What is meant by “foreign ownership” is ownership by foreign
citizens or foreign corporations.
Paragraph (4)
Self-explanatory.
Article 6
Paragraph (1)
Self-explanatory.
Paragraph (2)
What is meant by “conducting business activities in the field of
payment system” among others, in the event there are parties
that have not obtained licenses although they already have
readiness to operate payment system service activities.
Article 7
Self-explanatory.
Article 8
What is meant by “active users” are Electronic Wallet users making
payment transactions using Electronic Wallet regularly and/or
making payment transactions using Electronic Wallet at least once
in 1 (one) month.
Article 9
Paragraph (1)
Letter a
Legality aspect and company profile, among others,
documents of company profile, articles of association
including its amendments, business license already owned,
company registration certificate, and approvals from the
related authorities (if any).
Letter b
Legal aspect, among others, the proof of legal document
readiness in the form of a written agreement concept or
written main agreement between the Payment System
Service Provider and other parties.
Letter c
Operational readiness aspect, among others, the proof of
operational readiness in the form of an organizational
structure and human resources readiness, plans for
business facilities and equipment as well as
locations/space that will be used for the operational
activities, technical equipment related to system (hardware
and software) and network that will be used and user
acceptance test for payment system services that will be
implemented (if any).
Letter d
System reliability and security aspects, among others, the
proof of security readiness on the operation of payment
transaction processing among others reports on the result
of information system audit from independent auditors,
procedures of security control, and assessment result of
payment system services that will be implemented.
Letter e
Business feasibility aspect among others the result of
business analysis that at least include information on the
description of market potential, plan of cooperation, plan of
regional operation, cost structure applied in the operation
of payment system services, and target of revenue that will
be achieved.
Letter f
Risk management adequacy aspect among others the proof
of risk management implementation readiness that at least
include operational risk, legal risk, settlement risk, liquidity
risk, and reputation risk, proven by the availability of
policies and procedures for the implementation of
transaction processing, system maintenance and periodical
audits, disaster recovery plan and business continuity plan.
Letter g
Consumer protection aspect among others on the
transparency of payment system services provided and the
handling of consumer complaints. The fulfillment of
consumer protection aspect is intended to be implemented
by the Payment System Service Provider that provide
services to the end users. In the event the Payment System
Service Provider do not give direct services to the end users,
the Payment System Service Provider referred to still need
to provide support for the implementation of consumer
protection.
Paragraph (2)
Self-explanatory.
Paragraph (3)
Self-explanatory.
Article 10
Self-explanatory.
Article 11
Paragraph (1)
Self-explanatory.
Paragraph (2)
Included in the development of products and activities of
payment system services such as:
a. changes in the mechanism of payment instrument
authentication and payment transaction authorization;
b. additional feature of auto top-up balance;
c. development of infrastructure and security standards;
d. development of products that have more than one payment
instrument functions; and/or
e. development of products and activities related to the service
innovations and payment system technology that increases
risk exposure significantly.
Paragraph (3)
Self-explanatory
Paragraph (4)
Self-explanatory
Article 12
Paragraph (1)
Letter a
Operational readiness among others proven by:
1. recommendations or approvals from the related
authorities on the development plan of payment
system service activities that will be conducted; and
2. general information concerning the development of
payment system service activities among others
containing explanations on the development of
activities that will be implemented, market potentials,
cooperation plans, regional plans of operation, cost
structure of services, and target of revenue to be
achieved.
Recommendations or approvals from related authorities
shall be applied in the event there are related authorities
authorized to supervise and provide recommendations or
approvals.
Letter b
Security and reliability of system among others is proven by
reports on the results of information system audits from
internal or external independent auditors, procedures for
security control, and assessment result of payment system
service activities that will be developed.
Letter c
Implementation of risk management among others proven
by the assessment result toward risk management that
have been implemented as well as the adjustment plan for
policy and risk management procedures of the implemented
activities.
Letter d
Self-explanatory
Paragraph (2)
Performances of Payment System Service Provider among
others:
a. compliance with laws and regulations and/or Bank
Indonesia policy in the field of payment system or which is
related to the payment system. Particularly for Bank,
among others, in relation to the participation in Bank
Indonesia Real Time Gross Settlement, Bank Indonesia
National Clearing System, and/or Bank Indonesia
Scriptless Security Settlement System;
b. implementation of risk management among others,
operational risk and settlement risk;
c. implementation of consumer protection among others the
handling and settlement of customers’ complaints;
d. financial performances; and/or
e. good governance in the operation of payment system
services.
Article 13
Letter a
Legality aspect and company profile among others proven
by documents of company profile, company’s articles of
association including its amendments, business license
already owned, company registration certificate, and
approvals from the related authorities (if any).
Letter b
Competence aspect of the parties which will be invited to
work with, among others proven by the adequacy of human
resources, track records of the management and
experiences in operating payment system services, and/or
support services.
Letter c
Performance aspects consisting of financial performance
and operational performance among others proven by
financial statements of the parties to be invited to work
with, track records of the management and experiences in
operating payment system services, and/or support
services, and/or system test result.
Letter d
Aspects of security and reliability of system as well as
infrastructure among others proven by the fulfillment of
standards related to the system security and infrastructure
used in accordance with national, international, or
generally accepted standards in the industry as well as the
security and confidentiality of data.
Letter e
Legal aspect shall be proven among others by the clarity of
the scope of cooperation as well as the rights and
obligations of each party, plan of implementation, and
period of the cooperation.
Article 14
Paragraph (1)
What is meant by “Accountable” is that the Payment System
Service Provider shall always ensure that the Support Provider
carry out their duties well.
Paragraph (2)
Evaluation shall be undertaken to ensure that the provision of
support services still supports the implementation of safe,
efficient, smooth and reliable payment transactions by paying
attention to the aspect of consumer protection.
Article 15
Paragraph (1)
Self-explanatory.
Paragraph (2)
Letter a
Administrative research shall be conducted among others
to ensure the completeness, correctness, and suitability of
the documents submitted.
Letter b
Self-explanatory.
Letter c
Examination shall be carried out by a visit to the business
location (on site visit) of the concerned Bank or Non-Bank
Institution in order to verify the correctness and suitability
of the documents submitted, as well as to ensure the
operational readiness.
Paragraph (3)
Letter a
Administrative research shall be conducted among others
to ensure the completeness, correctness, and suitability of
the documents submitted.
Letter b
Self-explanatory.
Letter c
Examination shall be carried out by a visit to the business
location (on site visit) of the concerned Bank or Non-Bank
Institution in order to verify the correctness and conformity
of the submitted documents, as well as to ensure the
operational readiness.
Paragraph (4)
Self-explanatory.
Paragraph (5)
What is meant by “national policy” are programs set by Bank
Indonesia, central government, and/or regional governments by
still taking into account their conformity with the policy
direction of Bank Indonesia, e.g. channeling social assistance
and government subsidy, non-cash (electronic) services, and
inclusive financial.
Paragraph (6)
Self-explanatory.
Article 16
What are meant by “foreign parties” are foreign citizens, foreign
corporations, and/or other foreign bodies which are not Indonesian
legal entities.
Article 17
Paragraph (1)
Including in the licensing policy of the payment system service
operations, among others:
1. closing and reopening the granted license as the Payment
System Service Provider; and/or
2. granting license for limited operation of payment system
services in the context of:
a. fulfill requirements as Payment System Service
Provider; or
b. operating payment system services that have not been
regulated by Bank Indonesia,
by fulfill the criteria set by Bank Indonesia.
License for limited operations of payment system services
shall be conducted among others by limiting the coverage
and time period, and/or region of the payment system
service operations.
Paragraph (2)
Letter a
Consideration in maintaining the national efficiency is
intended to create efficiency at the level of payment system
service industry, which in turn will lower the cost of using
payment system services by the community.
Letter b
The consideration for supporting the national policy is
intended so that the growth of payment system service
industry shall not be a barrier for the national policy
established by the government, Bank Indonesia, and/or
related authorities.
Letter c
The consideration for keeping the public interests is
intended so that the payment system service industry
constantly meets the community needs at large with the
same access and quality, as well as affordable costs.
Letter d
The consideration for keeping the industry growth is
intended so that the industry can grow optimally through
the improvement of value and volume of non-cash payment
transactions existing in the community.
Letter e
The consideration for maintaining a healthy business
competition is intended so that the operation of payment
system services can be conducted fairly, not against the
law, or not hampering business competition.
Article 18
Self-explanatory.
Article 19
Paragraph (1)
Implementation of risk management shall be conducted by
considering the characteristics and complexities of risk profile of
payment transaction processing operations.
Letter a
Active supervision of management among others shall be in
the form of determination on accountability, policy, and
control process to manage risk that might arise from the
operation of payment system services.
Letter b
The adequacy of policies and procedures as well as
organizational structure among others is in the availability
of a clear organizational structure and division of duties and
authorities.
Letter c
Self-explanatory.
Letter d
Internal control of payment system service operations
among others shall cover the procedures and security
measures undertaken in the provision of services for users,
audit trail of processed payment transactions, and
adequate procedures to ensure the integrity of data and
information, as well as measures to protect the
confidentiality of data and information of users.
Paragraph (2)
Self-explanatory.
Paragraph (3)
Self-explanatory.
Article 20
Paragraph (1)
What is meant by “information system” is the application of
information technology based on telecommunication network
and electronic media which serve to design, process, analyze,
display, and send or disseminate electronic information.
Paragraph (2)
Letter a
The fulfillment of certification and/or security standards
and system reliability in compliance with the principles of:
1. confidentiality of data;
2. integrity of system and data;
3. authentication of system and data;
4. prevention of repudiation of transaction made (non-
repudiation); and
5. availability of system.
Letter b
Maintenance and enhancement of technology security
among others carried out by improving or replacing the
infrastructure or technology system used in the event of
quality degradation such as its system and/or technology
proven to have been penetrated by fraudsters.
Letter c
Audit implementation conducted to the information system
by independent auditors shall be in accordance with the
provided services.
Coverage of information system audit, at least includes:
1. operational security;
2. network, application, and system security;
3. security and integrity of data or information;
4. environmental and physical security, including control
toward access to system and data;
5. management of system changes;
6. management of system implementation; and
7. written procedures related to the security of
technology.
Paragraph (3)
Letter a
Security of data and information among others conducted
through encryption to data and information of users. The
security of data and information also covers data and
information processed or stored by the third parties
working with the Switching Provider.
Letter b
Self-explanatory.
Paragraph (4)
Letter a
Security of data and information among others conducted
through encryption to data and information of users. The
security of data and information also covers data and
information processed or archived by the third parties
working with the Payment Gateway Provider.
Letter b
Self-explanatory.
Letter c
Implementation of fraud detection system shall be carried
out to detect any abuse of data and information of users.
Paragraph (5)
Letter a
Security of data and information among others conducted
through encryption to data and information of users. The
security of data and information also covers data and
information processed or stored by the third parties
working with the Electronic Wallet Provider.
Letter b
System and procedures of activation and utilization of
Electronic Wallet among others shall cover the procedures
of activation, use or change of password or Personal
Identification Number (PIN).
Letter c
Implementation of fraud detection system is conducted to
detect any abuse of data and information of users.
Article 21
Paragraph (1)
Self-explanatory.
Paragraph (2)
Self-explanatory.
Paragraph (3)
What is meant by “source of funding origin for making payment
transactions” are funds derived from payment instruments
and/or funds accommodated in Electronic Wallet.
Article 22
Paragraph (1)
Self-explanatory.
Paragraph (2)
In the event funds accommodated in Electronic Wallet exceeds
the maximum limit set by Bank Indonesia due to refund, the use
of the referred fund for payment transactions shall be carried
out by still referring to the maximum limit of Electronic Wallet
funds.
Paragraph (3)
Self-explanatory.
Paragraph (4)
Self-explanatory.
Article 23
Self-explanatory.
Article 24
Self-explanatory.
Article 25
Self-explanatory.
Article 26
Letter a
What is meant by “information” among others are costs,
benefits, risks, mechanism of opening and closing
Electronic Wallet, instruments that can be used to make
payments through Electronic Wallet, top up mechanism,
types of payment instrument that can be used to make a
top up, and mechanism to change, to add, and to delete
data of the holders as well as data of the payment
instrument.
Letter b
What is meant by “mechanism of handling of consumers’
complaints” among others is the mechanism of receipt of
complaints, handling and settlement of complaints, and
also monitoring to the handling and settlement of
consumers’ complaints.
Article 27
Self-explanatory.
Article 28
Paragraph (1)
Self-explanatory.
Paragraph (2)
Self-explanatory.
Paragraph (3)
Self-explanatory.
Paragraph (4)
Letter a
Disruption in payment transaction processing is the
disruption that shall impact significantly to the continuity
of payment transaction processing.
Letter b
Self-explanatory.
Letter c
Self-explanatory.
Letter d
Reports on the changes in data and information among
others contain changes in the name of Payment System
Service Provider, the office address, changes in the principal
business relationships, changes in the arrangement of
rights and obligations of the parties, changes in the
cooperation agreement, and changes in the cooperating
parties, as well as changes in procedures and mechanism
of dispute resolutions.
Letter e
Including in the other reports are reports for the
development of products and activities other than
development of features, types, services, or facilities of
products and/or activities of payment system services
already ongoing.
Paragraph (5)
Self-explanatory.
Paragraph (6)
Self-explanatory.
Paragraph (7)
Self-explanatory.
Article 29
Paragraph (1)
Reports on the operation of Electronic Wallet among others
containing information on company profile, general
description/information on Electronic Wallet implemented,
number of the holders, and target of revenues.
Paragraph (2)
Self-explanatory.
Article 30
Self-explanatory.
Article 31
Self-explanatory.
Article 32
Paragraph (1)
What is meant by “acquisition” is an act of law undertaken by a
legal entity or an individual to acquire the shares of a Bank or
Non-Bank Institution causing the transfer of control of the
concerned Bank or Non-Bank Institution.
Paragraph (2)
Self-explanatory.
Paragraph (3)
Self-explanatory.
Article 33
Self-explanatory.
Article 34
Letter a
What is meant by “virtual currency” is digital money issued
by parties other than monetary authorities obtained by way
of mining, purchase, or purchase transfer (reward) among
others Bitcoin, BlackCoin, Dash, Dogecoin, Litecoin,
Namecoin, Nxt, Peercoin, Primecoin, Ripple and Ven.
Not included in the understanding of virtual currency is
electronic money.
Letter b
What is meant by “abusing data and information” is the
retrieval and use of data other than for the purpose of
payment transaction processing, e.g. retrieval of card
number, card verification value, expiry date, and/or service
code in Debit/Credit Card through cash register at
merchants (double swipe).
Letter c
What is meant by “value that can be equated with the value
of money” among others credit value, bonus, voucher, or
point reward managed by certain parties.
Article 35
Self-explanatory.
Article 36
Self-explanatory.
Article 37
Self-explanatory.
Article 38
Self-explanatory.
Article 39
Self-explanatory.
Article 40
Self-explanatory.
Article 41
Self-explanatory.
Article 42
Paragraph (1)
What is meant by “supporting documents” among others
documents that contain general information concerning
Proprietary Channel operated, security and reliability of system,
and other required information.
Paragraph (2)
What is meant by “Payment System Service Provider that have
implemented the development of Payment Gateway and/or
Electronic Wallet activities” are Payment System Service
Provider that have submitted application to Bank Indonesia to
implement the development of the referred activities and have
acquired an approval or a confirmation from Bank Indonesia.
Article 43
Self-explanatory.
SUPPLEMENT TO STATE GAZETTE OF REPUBLIC OF INDONESIA
NUMBER 5945.