Indonesia Establishes its National Payment Gateway

Tags

The Indonesian central bank, Bank Indonesia (“BI“) recently issued BI Regulation No. 19/8/PBI/2017 on National Payment Gateway (“BI Regulation“) as part of its effort to actualize the independency of Indonesia’s national payment system, especially in respect of all financial transactions carried-out in Indonesia. By issuing the BI Regulation, BI started the process to establish the National Payment Gateway (“NPG“) which has two (2) key objectives. First, the interconnectivity of all existing payment channels; and second, the interoperability of various payment instruments which are currently existing and used in Indonesia. The objectives are to achieve the single overarching goal of increasing non-cash transactions in Indonesia. We understand that soon, BI will also issue a Members of Board of Governors Regulation (Peraturan Anggota Dewan Gubernur or “PADG“) to complement and further regulate the implementation of the NPG. The desire to establish the NPG is not unique to Indonesia, other countries sch as China and Singapore have also established their respective NPG.

The NPG is defined as a system which consists of standard, switching, and services functions based on a set of rules and arrangement to nationally integrate payment instruments and channels. In general, the implementation of NPG involves two parties, namely the NPG Organizers and the NPG-Connected Parties. The NPG Organizers comprise of (i) Standard Institution, (ii) Switching Institution and (iii) Services Institution, whereas the NPG-Connected Parties comprise of (i) issuers, (ii) acquirers, (iii) Payment Gateway Organizers, as well as (iv) other parties determined as such by BI.

NPG Organizers
1. Standard InstitutionThe new BI Regulation introduces Standard Institution, which main responsibility is to prepare, develop and manage standardized technical and operational specifications for the interconnectivity and interoperability of payment instruments, payment channels, switching and the overall security of the payment system (“Standard“), under the guidance and supervision of BI.
  To be appointed by BI as a Standard Institution, an entity has to submit a written request to BI evidencing fulfilment of the stipulated criteria, inter alia:
  1. having been established as an Indonesian legal entity;
  2. representing the national payment system industry (i.e., principal, issuer, acquirer, clearing organizer, and settlement organizer); and
  3. having the competence to prepare, develop and manage Standard for the interconnectivity and interoperability of various payment instruments and channels.
  Aside from the responsibilities noted above, the Standard Institution is also responsible for (a) managing and carrying out the certification process of payment instrument and/or payment channels’ compatibility with the prevailing Standard, (b) managing and administering vendors and other products related to payment instruments and/or payment channels which have met the Standard, (c) managing and carrying out key management function as the certificate authority and (d) carrying out other duties as may be required by BI. In performing the preceding obligations and responsibilities, the Standard Institution is responsible for ensuring the worthiness of security and information technology that it uses and for maintaining the confidentiality of all data and information it obtains in the course of its business.
2. Switching InstitutionThe Switching Institution is the focus of the NPG in meeting the interoperable and interconnected objectives of the domestic payment system. To carry out switching business, a prospective Switching Institution has to obtain approval from BI by submitting written request to BI and providing the following information:
  1. Whether it has a switching license from BI pursuant to the BI Regulation No. 18/40/PBI/2016 on Payment Transactions Processing (“PBI PTP“);
  2. Whether it has executed domestic payment process using its infrastructure (including system, application, data centre, and disaster recovery centre) in Indonesia;
  3. It is at least 80% owned by an Indonesian entity or national and with direct or indirect foreign ownership not exceeding 20% as proven by prevailing shareholding composition documents and statement letter;
  4. It is capable of and has the capacity to perform Switching functions in NPG, which includes having (i) an organizational structure, (ii) sufficient human resource, (iii) written policy and procedure, and (iv) reliable infrastructure; and
  5. Whether it has paid-up capital of at least IDR 50,000,000,000 (fifty billion Rupiah).
  Switching Institution has the function and task to domestically process the payment transaction data for interconnectivity and interoperability of payment system. For this purpose, all Switching Institutions are obliged to cooperate with at least two other Switching Institutions and their cooperation is subject to specific Standard set by BI. BI may approve Switching Institutions to cooperate with other switching entities outside of the NPG if such collaboration can enhance the capacity and capability of NPG operations including improvement in expansion acceptance and/or technology transfer. During the collaboration, Switching Institutions shall ensure that all domestic payment transactions are processed through the NPG.
  
  The current measures imposed by BI Regulation on Switching Institution are in line with the current blueprint of the Switching entities regulated by BI. However, the regulation of BI merely sets a new minimum threshold to support the interconnectivity of national payment system.
  
  Given the relatively high capital requirement, it would be interesting to see whether such requirement will hinder the establishment of an Indonesian majority owned Switching Institution. Or whether the high capital requirement is intended to protect existing companies and providing a barrier for new entries. Related to the capital requirement there is also restriction on foreign investment. We should note that the maximum 20% foreign ownership is very strict compared to for example investment in Indonesian conventional banks, which is open to 99% foreign ownership.
3. Services InstitutionThe third NPG Organizer under BI Regulation is the Services Institution, tasked to manage services provided to fulfil the needs of retail payment system industry (“Services“) in NPG ecosystem. The obligations of the Services Institution include:
  1. to maintain the payment transaction security and customer data through the development of security feature and the implementation of end-to-end encryption in the payment transaction processing;
  2. to conduct reconciliation, clearing, and settlement, which also includes monitoring of data and operational activities of Switching Institutions;
  3. to develop the system for fraud prevention, risk management and mitigation;
  4. to manage the life cycle of secure access module and mobile apps;
  5. to settle dispute of payment transaction as a form of customer protection;
  6. to execute other related tasks as prescribed by BI.
  In addition to the foregoing, the Services Institutions are also obliged to process the settlement through BI for inter-Switching Institutions transactions, and/or inter-issuers transactions. In the execution of their functions and performance of their obligations, the Services Institution has the authority to set its terms of service, and to obtain access to all payment transaction data and operational activities from Switching Institutions.
  
  Unlike other NPG Organizers, Service Institutions are more extensively regulated. To be approved as a Services Institution, an applicant has to submit a written application to BI evidencing:
  1. the applicant is duly established as a limited liability company under Indonesian law;
  2. the applicant has the capacity to perform the Services function in NPG, including having an organizational structure, sufficient human resources, written policy and procedures, and infrastructure in Indonesia; and
  3. its shares are directly or indirectly owned by a Switching Institution and Conventional Bank based on its Business Activities (Bank Umum berdasarkan Kegiatan Usaha or BUKU) category 4 whose majority shares are owned by Indonesian nationals and/or legal entities.
  We support the attempt of the BI Regulation to simplify transaction processing and create a more secured payment system through the functions of the Services Institution. Primarily by designating the Services Institution to carry payment transaction processing functions, BI Regulation has simplified the payment processing system by consolidating the functions to be carried out by the Services Institution. Furthermore, by specifically tasking the Services Institution to mitigate risk and prevent fraud, the BI Regulation attempts to create a more secured payment transaction processing such as the use of end-to-end encryption and development of other security features. Nevertheless, in this early stage, the financial sector must wait and see how effective the measures stipulated under the BI Regulation in the establishment of an interoperable, interconnected, cost-effective and security risk-averse national payment system.
NPG-Connected Parties
1. Issuer Issuers are Bank or Non-Bank Entities which issue payment instruments, including card-based payment instruments such as credit card, debit card, and electronic money. The foregoing payment instruments are the source of fund that will be processed through the NPG.
2. Acquirer Acquirers are Bank or Non-Bank Entities which cooperate with merchants, and process the payment transaction data issued by another party. The acquirers are also responsible for the settlement of payment to the merchant.
3. Payment Gateway Organizer Payment Gateway Organizers are Bank or Non-Bank entities which organize electronic services which enable merchants to process payment transaction using payment instruments such as cards, electronic money, and/or proprietary channel.
4. Other Parties Other Parties are parties other than Issuer, Acquirer and Payment Gateway Organizer determined as NPG-Connected Party by BI.
Pricing Scheme Pursuant to BI Regulation, Parties of NPG shall comply with pricing scheme that will be determined by BI and further regulated under PADG. We understand that BI intends to set the pricing scheme to be lower than the current market price for transaction processing. By setting a lower price, BI aims to increase the acceptance and use of non-cash payment instruments, as well as to improve the efficiency, competitiveness, and innovation in respect of Indonesia’s payment system. In determining the pricing scheme, BI will also take into account recommendations from other actors in payment system industry such as principal company, issuer company, acquirer company, clearing institution and settlement institution.
National Branding All Parties of NPG will be required to comply with national branding requirement. The national branding requirement is a set of requirements in relation to national logo, expansion of national non-cash payment acceptance, and domestic processing. Correspondingly, BI will designate a national logo which shall be included in all payment instruments and channels and all NPG-Connected Parties are obliged to accept all payment instruments using such logo. Provision on national branding is expected to be further regulated under the PADG.
Reporting Obligation Under the new BI Regulation, there is a set of reporting obligation that must be fulfilled by the NPG Organizers in conducting their business activities. This reporting obligation consists of periodical report and incidental report. Timeframe and content of the report submitted by the NPG organizers differ from one another.
For Standard Institution, the periodical reports shall be submitted to BI quarterly and annually. While, incidental reports will be required for the following:
1. change of capital structure and/or shareholding composition as well as the composition of the management board;
2. change of data and information contained in the application documents submitted to BI when Standard Institution applied for BI’s approval; and
3. any other matters as may be required by BI.
Aside from annual and quarterly reports, Services Institution shall also submit annual system information audit report from an independent auditor as one of its periodical reports. For its incidental reports, Services Institution shall report to BI on the following:
1. disruption in conducting the Services and any measure that has been taken;
2. change of management board composition;
3. force majeure in carrying out the Services;
4. change of data and information in the application documents submitted to BI when Service Institution applies for BI’s approval; and
5. any other matters as may be required by BI.
For Switching Institution and NPG-connected parties, their reporting obligations are already set out under PBI PTP. Switching Institutions, however, need to also cover its operational activities in its periodical reports, in addition to the points set out under PBI PTP.

Peraturan Bank Indonesia No. 19/8/PBI/2017 tentang Gerbang Pembayaran Nasional (National Payment Gateway).
Peraturan Bank Indonesia No. 18/40/PBI/2016 tentang Penyelenggaraan Pemrosesan Transaksi Pembayaran.
Peraturan Bank Indonesia No. 14/2/PBI/2012 tentang Perubahan atas Peraturan Bank Indonesia No. 11/11/PBI/2009 tentang Penyelenggaraan Kegiatan Alat Pembayaran dengan Menggunakan Kartu.
Peraturan Pemerintah No. 29 Tahun 1999 tentang Pembelian Saham Bank Umum.

***

AHP Client Alert is a publication of Assegaf Hamzah & Partners. It brings an overview of selected Indonesian laws and regulations to the attention of clients but is not intended to be viewed or relied upon as legal advice. Clients should seek advice of qualified Indonesian legal practitioners with respect to the precise effect of the laws and regulations referred to in AHP Client Alert. Whilst care has been taken in the preparation of AHP Client Alert, no warranty is given as to the accuracy of the information it contains and no liability is accepted for any statement, opinion, error or omission.

Download

SCAM ALERT NOTICE