top of page

Anti-Fraud Strategy Rule for Banks in Indonesia

The Indonesia Financial Services Authority (Otoritas Jasa Keuangan - OJK) has released a new regulation in December 2019 (POJK No.39/POJK.03/2019). This regulation requires banks to develop and implement an effective anti-fraud strategy - and this regulation is effective 1 January 2020.

The new regulation grouped the following activities as fraud:

  1. Deceit/corruption (kecurangan)

  2. Deception (penipuan)

  3. Asset embezzlement (penggelapan aset)

  4. Unauthorized disclosure of information (pembocoran informasi)

  5. Activities that in breach of laws and regulations in the banking industry that can categorised as criminal activities (tindak pidana perbankan)

  6. Other activities that can be categorised as fraud.

The strategy to be develop need to include 4 pillars of (1) Prevention, (2) Detection, (3) Investigation, reporting and sanction, and (4) Monitoring, evaluation, and follow-up action.

It also need to be aligned with OJK's regulation on risk management.

Bank is also required to submit to OJK its anti fraud strategy and any correction thereafter, report the anti-fraud implementation status every semester at the latest on the 15th after each 6-months period have ended, and report all significant fraud case found at the latest 3 working days after the case was identified by bank with supplemental information among others on the Category of fraudster; Location; Magnitude of Fraud, Activities related to fraud incident reported such as financing, credit, abuse of power/authority, gratification, cyber, financial information misrepresentation, etc.

This requires an active supervision from both Board of Commissioners and Board of Directors, supported with policy and procedures, clear organisation structure and accountability, as well as strong controls and monitoring. It does not requires a new unit to be establish, as the function that run this is more important - however whoever leading the function should have a certificate related to fraud and or sufficient experience in the banking industry.

What if you don't comply?

When you are not in compliance to this requirement, OJK can impose sanction of:

  1. Downgrading the bank's health level;

  2. Prohibiting bank to release new product or perform new activities;

  3. Ceasing certain business activities of the bank; and or

  4. Prohibiting the bank to act as main party in financial institution (see POJK 27 of year 2016).

Is your organisation ready?

First, it is important to do a readiness assessment to ensure that gaps are identified and then start to filling those gaps.

Areas to be included in the readiness assessment are the coverage of the 4 pillars required in the anti-fraud strategy.

Prevention. This pillar covers the anti-fraud awareness, identification of fraud red-flags, and an effective human resources screening.

Detection. This pillar covers identification of fraud including the availability of an effective whistleblowing mechanism, as well as surprise audit, and monitoring system.

Investigation, Reporting and Sanction. This pillar covers investigation and the standards to conduct investigation, effective reporting mechanism within the bank and to OJK, as well as sanction policy on the result of those investigation.

Monitoring, Evaluation and Follow-Up Action. This pillar covers monitoring mechanism to ensure that the anti-fraud is consistently implemented, maintenance of fraud incidents data and evaluation of those data, evaluation on the effectiveness of prevailing anti-fraud strategy and its implementation, as well as the plan to improve the weaknesses identified from those evaluation.

Considering the extent of coverage of the anti-fraud strategy and its implementation, and that this rule is effective 1 January 2020, banks do not have time to sit back and relax. Do your readiness assessment as soon as possible and start filling those gaps or face non-compliance sanction.


bottom of page