Last year, the Financial Services Authority (“OJK“) issued OJK Regulation No. 11/POJK.03/2022 on the Implementation of Information Technology by Commercial Banks. This regulation was part of the revolution by OJK of regulations on data, technology, risk management, collaboration, and institutional setting, all of which is designed to boost the acceleration of Indonesia’s digital banking transformation. To follow up the regulation, OJK issued OJK Circular Letter No. 29/SEOJK.03/2022 on Cyber Security and Resilience for Commercial Banks (“Circular“) as one of the implementing regulations to safeguard this digital banking transformation.
In the Circular, the OJK puts the onus on commercial banks (which include conventional and shariah banks) (“banks“) to identify their cyber security risk by going through a series of assessments and processes on an annual basis. Once banks completed the self-assessment, they must report their self-assessed rating to OJK. In addition, banks must also report any cyber incident to OJK and set up a new cyber security structure.
For more information, click here to read the full Legal Update.