The Financial Services Authority of Indonesia (Otoritas Jasa Keuangan, or “OJK”) has introduced Regulation No. 12 of 2024 on the Implementation of Anti-Fraud Strategies by Financial Services Institutions (“Regulation 12/2024”). This regulation represents a significant shift in the anti-fraud landscape by consolidating previous regulations and expanding their scope to protect both the public and the institutions themselves.


This article delves into the specifics of Regulation 12/2024, focusing on its implications for financial institutions in Indonesia, the expanded scope of fraud, and the reporting obligations imposed on these entities. Additionally, it highlights the key reporting deadlines and timeframes that LJKs must adhere to, providing critical insights for legal practitioners and compliance officers in the financial sector.


1. Overview of Regulation 12/2024

Regulation 12/2024 aims to streamline and enhance anti-fraud measures within Indonesia's financial services industry. It mandates that all Financial Services Institutions (Lembaga Jasa Keuangan, or “LJKs”) and other Financial Services Institutions develop and implement comprehensive Anti-Fraud Strategies designed to prevent, detect, and respond to fraudulent activities. These strategies must consider past fraud incidents and the unique risks inherent to each institution.


Regulation 12/2024 shall become effective three months from its promulgation on July 31, 2024.


2. Scope of Fraud

One of the key features of Regulation 12/2024 is the expanded definition of fraud, which now encompasses a broader range of activities compared to previous regulations. The types of fraud include:

  • Corruption: Conflicts of interest, bribery, unauthorized receipt, and extortion that harm LJKs or consumers.
  • Misuse of Assets: Misuse of cash, inventory, or other assets, leading to losses for LJKs or other parties.
  • Fraudulent Financial Statements: Deliberate misrepresentation in financial statements to benefit fraud perpetrators or harm others.
  • Fraudulence: Manipulation or deception related to LJK products or services to benefit oneself or others unlawfully.
  • Leakage of Confidential Information: Unlawful distribution of LJK or other parties' confidential information, causing harm or benefiting unauthorized parties.


3. Anti-Fraud Strategies

LJKs are required to prepare and implement an Anti-Fraud Strategy, as outlined in Article 3 of the Regulation. The Board of Directors (BOD) and Board of Commissioners (BOC) are responsible for ensuring the strategy's effective implementation. This strategy must address four pillars:

  • Prevention
  • Detection
  • Investigation, Reporting, and Sanction
  • Monitoring, Evaluation, and Follow-up of Fraud Incidents


The regulations governing anti-fraud strategies and risk management for LJKs are primarily outlined in POJK 18/POJK.03/2016 for Commercial Banks and POJK 44/POJK.05/2020 for Non-Bank Financial Services Institutions. Both regulations assign responsibilities to the BOD, including the formulation of written, comprehensive risk management policies, oversight of their implementation, and periodic reviews. The BOD is responsible for ensuring that risk management functions operate independently and that the bank or financial institution maintains adequate resources for risk management.


In cases where institutions outsource their Anti-Fraud Strategies to third-party companies or consultancy firms, they must adhere to POJK 9/POJK.03/2016, which stipulates that banks remain accountable for outsourced work and must ensure compliance with regulations through formal agreements. Furthermore, institutions must ensure that corrective actions and updates are made to reports on fraud incidents as mandated in Article 18 of Regulation 12/2024. Therefore, outsourcing is permitted for anti-fraud strategies, provided that institutions maintain compliance with regulatory oversight and reporting obligations.


4.1 Reporting Obligations

Regulation 12/2024 imposes stringent reporting obligations on LJKs, categorized into three main types of reports:

  • Anti-Fraud Strategies: A comprehensive document outlining their Anti-Fraud Strategies within a specified timeframe.
  • Anti-Fraud Strategy Implementation Reports: Periodic reports detailing the implementation of the strategies.
  • Reports on Acts of Fraud with Significant Impact: Reports on any fraud with a significant impact on operations.


4.2 Reporting Deadlines

Reporting deadlines vary depending on the type of LJK:

  • Commercial Banks and Financing Companies:
  • Initial Anti-Fraud Strategy Report: Three months from enactment.
  • Implementation Reports: Every semester (June and December).
  • Fraud Incident Reports: Within three business days of discovery.
  • Other Financial Institutions:
  • Initial Anti-Fraud Strategy Report: Six months from enactment.
  • Implementation Reports: Annually (by January 31 of the following year).
  • Fraud Incident Reports: Within six business days of discovery.


4.3 Content of Reports

Reports must include the following details:

  • Name of the LJK.
  • Identity and position of the fraud perpetrators.
  • Type and modus operandi of the fraud.
  • Affected division.
  • Time and location of the incident.
  • Amount of loss incurred.


5. Sanctions for Non-Compliance

Penalties for non-compliance include:

  • Late Submission of Anti-Fraud Strategy: Fines ranging from IDR 50,000 to IDR 1,500,000 per day, depending on the type of LJK.
  • Incorrect Information in Reports: Fines ranging from IDR 10,000 to IDR 50,000 per incorrect entry, with maximum penalties capped.
  • Repeated Violations: Escalation to suspension of activities or prohibition of new products.


6. Implications for LJKs

The implementation of Regulation 12/2024 has significant implications for all financial services institutions in Indonesia. Key challenges include:

  • Resource Allocation: Smaller institutions may struggle to allocate resources for comprehensive anti-fraud systems.
  • Training and Awareness: Employee training and awareness of anti-fraud policies are critical to the effectiveness of these strategies.
  • Reporting and Documentation: Establishing clear processes for documenting and reporting fraud incidents is crucial for compliance.


7. Key Takeaways

For legal practitioners and compliance officers, it is essential to understand the expanded scope of fraud, the specific reporting obligations, and the strict deadlines outlined in this regulation. Timely and accurate reporting is crucial for avoiding potential sanctions and maintaining the integrity of the financial services industry.


Regulation 12/2024 represents a critical step forward in Indonesia's efforts to combat fraud within the financial services industry. By consolidating and standardizing anti-fraud strategies across a wide range of financial institutions, the regulation not only simplifies compliance but also strengthens the industry's defenses against fraud.