Navigating Corporate Governance and Risk Management Requirements in the BUMN Omnibus Regulation

Good Corporate Governance

Regulation 2/2023 introduces several new pillars of good corporate governance: (i) mediation of disputes between state-owned enterprises (“SOE”) by the Minister, (ii) responsibilities of the board of directors of an SOE, (iii) appointment of external auditor, and (iv) whistleblowing system.

Dispute mediation

Under Regulation 2/2023, the Minister, as the shareholder of a state-owned limited liability company or equity owner in a public company, has the authority to act as the mediator for disputes between SOEs that are submitted to the Minister (“SOE Mediation”).

The referral of a dispute to SOE Mediation is not mandatory, and it remains to be seen whether SOEs that have private shareholders will view SOE Mediation favourably. Moreover, Regulation 2/2023 does not specify the criteria of a dispute that can be referred to SOE Mediation, save that the settlement reached through SOE Mediation will be final and binding for the relevant SOEs.

Responsibilities of board of directors

Regulation 2/2023 maintains that the board of directors of an SOE is fully responsible for the SOE’s management in accordance with the authorities and responsibilities mandated in the SOE’s articles of association and prevailing laws. Further, Regulation 2/2023 specifically adds that the board of directors must follow-up any findings and recommendations from (i) the SOE’s internal audit committee – if such findings and recommendations relate to risk management and compliance, (ii) external auditors, (iii) the Audit Board of Indonesia (Badan Pemeriksa Keuangan or “BPK”) and Finance and Development Supervisory Board (Badan Pengawas Keuangan dan Pembangunan or “BPKP”), and/or (iv) other sources as regulated under the law.

Regulation 2/2023 also asserts that directors of a state-owned enterprise are prohibited from granting a general power of attorney transferring the responsibilities and functions of the board of directors.

Criteria for SOE’s external auditor

While an SOE has always been required to engage an external auditor for their financial audits, Regulation 2/2023 sets the criteria for external auditors that can be appointed by the Minister or the general meeting of shareholders of the SOE.

To qualify for appointment, an external auditor must be a public accountant affiliated with a public accounting firm that (i) has obtained the necessary licences from the Minister of Finance and are registered at OJK (Otoritas Jasa Keuangan or Indonesia’s Financial Services Authority), (ii) registered at the BPK, (iii) not under any sanction from the Minister of Finance or OJK, and (iv) has at least 100 active auditors or any other number as required by the risk categorisation of the SOE.

Whistleblowing

Regulation 2/2023 sets a new requirement for SOEs to implement a whistleblowing system to handle complaints about its employees, directors, commissioners, and members of its supervisory board, as well as any directors, commissioners, and members of its subsidiary companies’ boards.

As part of this whistleblowing system, SOEs must prepare a guideline to implement such system, including on protecting whistleblowers. Specifically, for SOEs classified as having a significant and systemic risk based on their risk management system (as elaborated below), they are expected to prioritise the involvement of independent parties in managing their whistleblowing system.

Risk Management

Another component being overhauled under Regulation 2/2023 is risk management. While the governance of risk management in SOEs is not new – it was first stipulated under Minister Regulation No. PER-5/MBU/09/2022 on Implementation of Risk Management in State-Owned Enterprises – Regulation 2/2023 took it further by introducing qualifications for the risk management framework.

Previously, SOEs were simply mandated to have a structured set of procedures and methodologies to identify, manage, control, and monitor risks arising from all their business activities, and to include internal control systems and integrated governance in their organisational structures. Regulation 2/2023 introduces SOE risk management framework based on size and complexity. An SOE is considered as a ‘large’ SOE if its total assets is greater than or equal to IDR100 trillion or its total capital is greater than or equal to IDR25 trillion, whereas an SOE subsidiary is considered ‘large’ if its total assets is greater than or equal to 1% of the total consolidated assets of the holding SOE or its total capital is greater than or equal to 5% of the total consolidated capital of the holding SOE.

In terms of complexity, the assessment includes (i) public service obligations, such as any subsidy provision or being in charge of national strategic projects, (ii) strategic institutional relationships with technical ministries, (iii) market share, (iv) complexity of the corporate structure, i.e., having more than five subsidiaries or foreign subsidiary, and (v) interconnectedness with other SOE or subsidiaries.

Based on the size and complexity assessments, the risk classification of an SOE and its subsidiaries may fall under one of the below quadrants:

Source: Sosialisasi Peraturan Menteri BUMN tentang Pedoman Tata Kelola dan Kegiatan Korporasi Signifikan Badan Usaha Milik Negara (Deputy for Finance and Risk Management, Ministry of SOEs, 27 March 2023)

This classification intends to provide a framework to allow SOEs and their stakeholders to identify the level of risk associated with each of them, which would allow them to prioritise risk management efforts accordingly. These efforts include implementing a whistleblowing system and other committees like an integrated corporate governance committee.

By assessing the size and complexity dimensions, Regulation 2/2023 ensures that risk mitigation strategies are tailored to the unique characteristics and challenges faced by each SOE.

Assessment of an SOE’s Health Level

The assessment of an SOE’s health level was initially stipulated under Minister Decree No. KEP-100/MBU/2002 on State-Owned Enterprise Health Level Assessment, which categorised SOEs’ health level based on their business activities.

Regulation 2/2023 removed this categorisation and assigned the duty of categorisation to qualified national and international rating agencies. Qualified agencies must have been in operation for at least 20 years and have conducted ratings for at least 500 companies. The board of commissioners of the SOE will have the duty to appoint the rating agency. Meanwhile, the board of directors will be responsible for submitting the SOE’s health level report to the Ministry of State-Owned Enterprises, which must include the SOE’s standalone rating and final rating, by May of the current year. The health level report forms an integral part of the SOE’s annual report.

By including this assessment in the annual report, stakeholders can gain a comprehensive understanding of the company's overall health. This inclusion emphasises the importance of the health level assessment in decision-making processes and helps stakeholders make informed judgments regarding the SOE's performance.

Goods/Services Procurement

Regulation 2/2023 introduces several changes to the procurement of goods and services for SOEs, which was previously regulated under Minister Regulation No. PER-08/MBU/12/2019 on General Guidelines for the Implementation of Procurement of Goods and Services of State-Owned Enterprises. The two key changes relate to long-term procurement and the implementation of a digital platform for procurement of goods and services in SOE.

Long-term procurement

Previously, long-term procurement was applicable to projects that exceed 12 months or spanned multiple fiscal years. Regulation 2/2023 expanded the criteria for long-term procurement, making it applicable to projects that provide additional benefits when contracted for more than one fiscal year, with a maximum duration of five fiscal years.

The SOE’s board of directors will have the authority to determine the criteria of projects qualified for long-term procurement, and such projects must be approved by the SOE’s board of commissioners or supervisory board.

Digital procurement platform

Regulation 2/2023 also introduced the concept of a digital platform for procurement. This platform, referred to as "Wadah Digital", is an end-to-end system that encompasses the entire procurement process.

It consists of an e-procurement system, which includes procurement notifications, electronic tendering, electronic catalogues, e-reverse auctions, and electronic panels/framework contracts. The system also includes key supporting elements such as electronic monitoring and evaluation, vendor management systems, data analytics, complaint handling, and supplier sanctions and track records.

Furthermore, the system established an electronic marketplace (e-marketplace) to facilitate procurement activities.

Other Significant Corporate Actions: Write-off and Transfer of SOE Fixed Assets and Restructuring

Regulation 2/2023 also encompasses significant corporate activities, including the write-off and transfer of SOE fixed assets and corporate restructuring. While these matters do not constitute significant changes from previous Ministerial regulations, they are worth highlighting as they form a core aspect of most SOE transactions. Concerning the write-off and transfer of SOE fixed assets, Regulation 2/2023 underscores the role of the Indonesian Investment Authority as one of the entities through which SOEs can transfer their fixed assets via direct appointment.

Regarding SOE restructuring, Regulation 2/2023 specifies that restructuring can be undertaken to enhance company performance and increase its value, either as a preventive or repressive measure. A restructuring proposal must encompass choices, methods, and an action plan based on evaluations of the SOE's condition, including financial, legal, operational, business, social, organizational/management, procedural, and systemic aspects. The restructuring proposal is then presented to the Minister for approval.

Internal Standard Operating Procedures (SOP)

Lastly, in line with previous regulations, Regulation 2/2023 mandated all SOEs to implement an internal SOP on goods and services procurement and SOE cooperation. All SOEs are required to revise their current SOPs to align with Regulation 2/2023 by 24 September 2023 (being six months after the date of enactment of Regulation 2/2023).

Conclusion

As seen above, Regulation 2/2023 brings significant changes to how SOEs operate. Essentially, it brings SOEs to the realm of public companies, which are subject to more rigorous corporate governance requirements and close supervision by the authorities. These corporate governance requirements, which are manifested through various means, from appointment of external auditors to involving qualified rating agencies to assess SOEs’ health level, are all designed to enhance transparency and accountability, which are crucial to monitor SOE’s performance and maximising their contributions to the state’s economy and society.

Moreover, Regulation 2/2023 also gives the authorities, notably the Minister and other stakeholders, a bird’s eye view of information that will allow them for make decisions more effectively. For example, by including the health level assessment in the SOE’s annual report, stakeholders gain a comprehensive insight into the SOE’s overall health, reinforcing the stakeholder’s vital role in the decision-making process in the SOE.

Lastly, we also see the government embracing technology by digitalising and streamlining the procurement process. Nevertheless, it remains to be seen whether all SOEs will adopt this platform. Moreover, its implementation could be challenging considering that not all SOEs have the necessary resources to adopt this digital platform.

Click here to read the Bahasa Indonesia version of the Client Update

Download PDF

Andin Aditya Rahman and Dewi Santoso Yuniarti and also contributed to this alert.