Over the past decade, rapid developments in financial technology have pushed the banking sector and the digital lending industry into a new era defined by innovation and increasingly complex risk. Digital transformation, driven by artificial intelligence (AI), mobile onboarding, open finance, and cross-platform data integration, has expanded financial inclusion and efficiency. At the same time, these technologies have amplified the risk of financial services being misused for money laundering, terrorism financing, and sophisticated fraud schemes. Financial institutions now face not only conventional criminal activity, but also digitally enabled actors who exploit automation, deepfake identities, and advanced data manipulation techniques.
Against this backdrop, Indonesian regulators have responded by strengthening the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF), known domestically as Anti Pencucian Uang dan Pencegahan Pendanaan Terorisme (APU-PPT)\, regulatory framework to better reflect technological realities. The latest regulations emphasize a risk-based approach, enhanced customer identification, and the adoption of systems capable of detecting anomalous transactions in real time. These changes have far-reaching implications for banks and digital lending providers, requiring adjustments to technological infrastructure, AI governance, and a more proactive compliance culture.
The Latest Legal Framework on AML/CTF in Indonesia
The AML/CTF regime in Indonesia’s financial services sector has been significantly reinforced through new regulations issued by the Financial Services Authority (Otoritas Jasa Keuangan – OJK) and Bank Indonesia (BI). These regulations do not merely update existing rules; they broaden supervisory scope to address financial innovation, particularly digital lending and the use of AI.
A central instrument is Financial Services Authority Regulation No. 8/2023 on the Implementation of Anti-Money Laundering, Counter-Terrorism Financing, and the Prevention of Proliferation Financing of Weapons of Mass Destruction in the Financial Services Sector (“OJK Regulation 8/2023”). This regulation maintains the obligation of financial institutions to implement comprehensive AML/CTF and proliferation financing prevention programs.
Article 3 of OJK Regulation 8/2023 requires the board of directors and the board of commissioners to exercise active oversight over AML/CTF implementation. This provision highlights that compliance is not merely an operational function, but an integral element of corporate governance. Article 6 further obliges financial service providers to establish adequate internal policies and procedures, including management information systems designed to support the detection of suspicious transactions.
Complementing this framework, Bank Indonesia Regulation No. 10/2024 on the Implementation of Anti-Money Laundering, Counter-Terrorism Financing, and the Prevention of Proliferation Financing of Weapons of Mass Destruction for Parties Regulated and Supervised by Bank Indonesia (“BI Regulation 10/2024”) strengthens the technical dimensions of AML/CTF compliance. The regulation places particular emphasis on the integration of digital technology in customer identification processes.
Article 8 paragraphs 1 and 2 of BI Regulation 10/2024 require regulated entities to implement AML/CTF and proliferation financing prevention measures by establishing, implementing, and continuously developing written policies and procedures to manage the risks of money laundering, terrorism financing, and proliferation financing. These written policies must, at a minimum, address customer due diligence, data and document management, and the reporting of suspicious financial transactions and other mandatory reports.
Article 50 paragraph 2 further clarifies obligations where customer due diligence is conducted through third parties. In such cases, providers must promptly obtain the due diligence results, ensure the availability of identity documents and supporting materials when requested, confirm that the third party is supervised by a competent authority for AML/CTF compliance, and verify that the third party is not located in a high-risk jurisdiction.
Article 52 reinforces the prohibition on tipping-off, defined as informing customers of an ongoing suspicious transaction investigation, as such disclosure may compromise law enforcement processes. The regulation also highlights inter-agency cooperation, requiring financial institutions to coordinate with the Financial Transaction Reports and Analysis Center (PPATK), OJK, and Bank Indonesia in reporting and investigating suspicious transactions.
Taken together, these rules confirm that managing money laundering and terrorism financing risks in the digital era can no longer rely on manual controls alone. Instead, compliance must be system-based, transparent, accountable, and technologically adaptive in order to safeguard financial integrity and support national financial stability.
Also read: Cegah Money Politics dengan Sanksi Hukum yang Tegas
Implications for Banking and Digital Lending
The impact of the latest AML/CTF regulations on banking and digital lending is extensive, affecting operational processes, technical systems, and strategic planning. For banks, the regulations necessitate a shift toward more sophisticated, technology-driven compliance systems. Manual transaction monitoring is no longer sufficient; institutions are expected to integrate machine learning and AI-based tools capable of real-time transaction pattern analysis. This shift entails substantial investment in technological infrastructure, software development, and workforce training.
Customer onboarding processes in the digital lending sector have also undergone fundamental change. Electronic Know Your Customer (e-KYC) procedures and biometric verification have become mandatory standards. In line with the customer due diligence requirements under BI Regulation 10/2024, banks and fintech providers must ensure that every customer entering the financial system has been properly identified and documented. While this enhances security, it also increases operational complexity, as providers must maintain data quality, document integrity, and safeguards against identity fraud.
From a cost perspective, the new framework significantly increases compliance expenditure. Large banks may be better positioned to absorb these costs, but mid-sized fintech companies and digital lenders may face material challenges. They must balance regulatory compliance with the need to remain competitive in a rapidly evolving market.
Technical interoperability is another key implication. Banks and fintech firms are increasingly required to exchange risk-related data securely and efficiently, enabling collaborative detection of suspicious transaction patterns across the financial ecosystem. This requirement presupposes common technological standards and sustained coordination with regulators.
Reputational risk is equally significant. Non-compliance may result in administrative sanctions, operational restrictions, or even license revocation. Beyond regulatory penalties, reputational damage can erode public and investor confidence, undermining trust in individual institutions and the national financial system as a whole. Compliance with AML/CTF regulations, therefore, functions not only as a legal obligation but also as a core business strategy for sustainability and credibility in the digital economy.
The implementation of the latest Anti-Money Laundering and Counter-Terrorism Financing regulations by OJK and Bank Indonesia marks a new phase in financial sector supervision in Indonesia. The central challenge for banks and fintech companies lies in balancing digital innovation with regulatory compliance. With appropriate adaptation strategies, the industry can preserve the integrity of the financial system while harnessing the growth potential of AI-driven solutions and digital lending in an increasingly complex risk environment..***
Also read: Money Laundering in Indonesia: Legal Framework, Enforcement, and Evolving Methods
Regulations:
- Peraturan Otoritas Jasa Keuangan Nomor 8 Tahun 2023 tentang Penerapan Program Anti Pencucian Uang, Pencegahan Pendanaan Terorisme, dan Pencegahan Pendanaan Proliferasi Senjata Pemusnah Massal di Sektor Keuangan (“POJK 8/2023”).
- Peraturan Bank Indonesia Nomor 10 Tahun 2024 tentang Penerapan Anti Pencucian Uang, Pencegahan Pendanaan Terorisme dan Pencegahan Pendanaan Proliferasi Senjata Pemusnah Massal Bagi Pihak yang Diatur dan Diawasi oleh Bank Indonesia (“PBI 10/2024”).
References:
- Begini Muatan Aturan Baru OJK Soal APU-PPT di Sektor Jasa Keuangan. HukumOnline. (Diakses pada 1 Desember 2025 pukul 11.03 WIB)
- Implementasi Artificial Intelligence (AI) untuk Digital Banking. Institute OJK. (Diakses pada 1 Desember 2025 pukul 11.29 WIB).
- Anti Pencucian Uang dan Pencegahan Pendanaan Terorisme. Bank Indonesia. (Diakses pada 1 Desember 2025 pukul 11.34 WIB).
- Apa itu KYC dan e-KYC?. Samsung. (Diakses pada 1 Desember 2025 pukul 12.04 WIB).