08 Oct 2020
Indonesia’s FSA issues New Risk Management Rules for Non-bank Financial Institutions


A. Overview


The Indonesian Financial Services Authority (Otoritas Jasa Keuangan / “OJK”) has issued OJK Regulation No. 44/POJK.05/2020 (“POJK 44”) on Risk Management at Non-bank Financial Institutions (“NBFI”),[1] which came into effect on 2 September 2020. Broadly speaking, POJK 44/2020 builds on and expands the risk-management principles[2] set out in its antecedent regulation, OJK Regulation No. 1/POJK.05/2015 (now revoked). POJK 44 is applicable to both conventional and shariah-based insurance companies (including reinsurers, brokers and appraisers), pension funds and finance companies.


POJK 44 requires an NBFI to establish a risk management committee and a dedicated risk-management function or unit that is independent of the business / operational and internal-control functions.


The risk-management committee, which should comprise at least half of the members of the Board of Directors (“BOD”), plus relevant senior executives, is charged with advising the CEO on, at a minimum, such issues as risk-management policies, strategies and guidelines; improvements or adjustments to risk management; and business decisions that deviate from normal procedures, such as a significant divergence from the company’s business plan or a decision to accept a level of risk exposure that exceeds the set limit.


Meanwhile, the risk management function / unit is responsible for technical matters such as risk identification; designing risk-management procedures; monitoring the implementation of risk-management strategies; monitoring the overall risk position; periodically reviewing risk-management processes; and reporting periodically to the CEO or risk-management director and the risk-management committee.


B. Risk Management Duties and Responsibilities


An NBFI must implement appropriate risk management measures that are commensurate with the objectives, policies, size and complexity of its business. These include the management of strategic, operational, insurance, credit, market, liquidity, legal, compliance and reputational risks. Risk management must, at a minimum, include:


  1. active supervision by the BOD, Board of Commissioners (“BOC”) / Shariah Supervisory Board (“DPS”);
  2. the adoption of adequate risk-management policies, procedures and risk thresholds;
  3. the establishment of robust processes for risk identification, measurement, control and monitoring, and a risk-management information system; and
  4. the establishment of a comprehensive internal control system.


An NBFI is further required to identify and allocate clear duties and responsibilities in connection with risk management. At the BOD level, these duties and responsibilities include:


  1. adopting comprehensive, written policies and strategies on risk management;
  2. responsibility for the organization’s risk management and risk exposure;
  3. evaluating and determining transactions and risk thresholds that require BOD approval; and
  4. regularly reviewing risk-management policies.


The BOC / DPS is responsible for evaluating the risk management conducted and the accountability reports submitted periodically by the BOD.


C. Sanctions and Grace Period


Should an NBFI fail to comply with the key risk-management requirements established by POJK 44, it will be subject to administrative sanction in the form of written warnings. Should it subsequently fail to heed such warnings, its soundness rating may be downgraded by the OJK.


While POJK 44 entered into effect on its date of promulgation (2 September 2020), a grace period of one year has been provided during which time administrative sanctions for non-compliance will not be imposed. This is intended to allow existing NBFIs sufficient time to make the necessary adjustments so as to comply with POJK 44.


D. ABNR Commentary


Prior to the issuance of POJK 44, some risk-management responsibilities in NBFIs were shared among the business / operational and internal control functions. The problems that this could give rise to have now been recognized and addressed by the OJK through the requirement that an independent risk-management function or unit be established. Further, if an NBFI forms part of an integrated financial conglomerate, the NBFI’s risk management function may be combined with the principal entity’s risk-management function.


The OJK now needs to issue further regulations on the technical aspects of risk-management implementation, as envisaged by POJK 44, including the organizational arrangements for risk management committees and functions / units, and their relationships with the business / operational and internal-control functions.


Contact us


Should you have any queries on the above or require legal advice as to how you can best protect your interests during this time of uncertainty, please contact the persons below, call us on +6221-2505125 or email us at


Mr. Emir Nurmansyah (

Mr. Nafis Adwani (

Mr. Agus Ahadi Deradjat (


[1] Peraturan Otoritas Jasa Keuangan No. 44 /Pojk.05/2020 Tentang Penerapan Manajemen Risiko Bagi Lembaga Jasa Keuangan Nonbank

[2] POJK 44 defines “risk” as the potential for the occurrence of an event that could harm an NBFI, and “risk management” as a set of procedures and methodologies used to identify, measure, monitor, and control risks arising from the business operations of an NBFI.


This edition of ABNR News and the contents hereof are intended solely to provide a general overview, for informational purposes, of selected recent developments in Indonesian law. They do not constitute legal advice and should not be relied upon as such. Accordingly, ABNR accepts no liability of any kind in respect of any statement, opinion, view, error, or omission that may be contained herein. In all circumstances, you are strongly advised to consult a licensed Indonesian legal practitioner before taking any action that could adversely affect your rights and obligations under Indonesian law.