25 Mar 2015

In November 2014 the newly established Financial Services Authority (OJK) issued a set of regulations governing the financial services industry:


  • Regulation 17 (POJK.03/2014) regarding the application of integrated risk management for financial conglomerates; and
  • Regulation 18 (POJK.03/2014) regarding the application of integrated governance for financial conglomerates.


The OJK noted in its preamble to the regulations that they are intended to promote sustainability, stability and competitiveness in light of the increasing complexity of transactions and interactions between financial institutions, as well as between companies within a financial conglomerate.


In addition, financial conglomerates face significant control issues due to enhanced risk exposure arising from the number of subsidiaries within their control and the wide array of financial activities in which these subsidiaries may be engaged.


In its press release following issuance of the regulations, the OJK stated that the recent global financial crises (which have been associated with extreme risk taking) have underlined the necessity of enhancing the financial regulatory framework with the aim of making the market more stable, efficient and transparent.


Regulations 17 and 18 apply to both conventional and Sharia/Islamic-based financial conglomerates.



Regulation 17, defines 'financial conglomerates' as a principal entity and subsidiary companies or related companies and their subsidiaries engaged in the banking, insurance and reinsurance, securities and finance sectors. The only exception to the term 'financial conglomerate' are Indonesian government-owned or controlled financial services providers.


Integrated risk management for financial conglomerates as required under Regulation 17 involves the following minimum measures:

  • supervision by management of the principal entity (holding company) of the financial conglomerate or a financial services company appointed by the holding company;
  • adequate integrated risk policies, procedures and restrictions;
  • adequate identification processes, measurements, monitoring mechanisms and IT systems to control integrated risks; and
  • a comprehensive internal control system for risk management.


Risks to be managed include credit, market, liquidity, operational, legal, reputational, strategic, compliance and insurance-related risks, as well as intergroup transactions. Management measures for insurance-related risks are not mandatory for financial conglomerates which include no insurance or reinsurance-related companies.


The management of the holding company is responsible for ensuring the implementation of risk management measures in accordance with the characteristics and complexities of the financial conglomerate's business. The management's responsibilities should include:

  • preparing a written comprehensive risk management policy in accordance with OJK regulations;
  • implementing and developing a culture of risk awareness; and
  • independently applying risk management procedures and periodically evaluating these procedures.

The holding company must appoint a director to implement the risk management policy.

In addition, the Board of Commissioners is responsible for guiding, approving and evaluating the implementation of the risk management plan. Regulation 17 also mandates the formation of a committee and a taskforce to assist the holding company in implementing the risk management plan.



Regulation 18 provides guidance to financial conglomerates on the establishment of good governance practices as part of the implementation of a risk management plan. This includes the principles of transparency, accountability, responsibility, independence, professionalism and fairness.

Regulation 18 stipulates that good governance should include:


  • specific duties and responsibilities for the management and the board of supervisors;
  • the preparation and implementation of integrated guidance on governance;
  • specific duties and responsibilities for the integrated governance committee and its taskforce; and
  • the application of integrated risk management policies.


Regulation 18 also provides that the board of directors and the board of supervisors of both conventional and Sharia/Islamic-based holding companies must have knowledge not only of the business of the holding company, but also that of all financial services providers within the conglomerate. This forms part of the obligation to ensure integrated governance and facilitates the follow-up of any audit findings and implementation of recommendations of the taskforce.


Regulation 18 stipulates that the holding company must comply with various criteria in preparing its good governance guidance. The guidance, to be prepared by the holding company's board of directors and approved by the board of supervisors, must include:


  • an integrated governance framework for the holding company; and
  • a governance framework for all financial services providers within the conglomerate.


Regulation 18 sets out requirements governing the eligibility of candidates for the board of directors and the board of supervisors, the structure of these boards and their powers and duties.


Regulation 18 also addresses important issues such as compliance, internal and external audits, risk management, remuneration and conflicts of interest.


Regulation 18 also provides that financial conglomerates whose holding company is a branch of a foreign entity must also comply with the provisions on integrated governance that are set out in various OJK regulations.


Regulations 17 and 18 both establish reporting requirements. (by: Hamud M. Balfas)