The shifting within society to utilize non-cash payments in their transactions has flourished for the past couple of years. Especially since the global COVID-19 pandemic took place, the development of digital payment systems by companies that dedicate their effort to provide payment system ecosystems has been thriving.
In Indonesia, such growth needs to be balanced with the reformation of the payment system regulations. Such reformation is required to fulfill the needs of the implementation of the payment services activities that align with the fulfillment of the principles of the payment system that are fast, easy, affordable, secure, and reliable with regards to access expansion and consumer protection.
In July 2021, Bank Indonesia issued the Regulation of Bank Indonesia No. 23/6/PBI/2021 on the Payment Services Provider ("BI Regulation 23/2021"). This regulation revokes several regulations regulating payment services in relation to payment transaction processing operations and card-based payment instruments. The Payment Services Provider ("PSP”) is a Bank or non-Bank institution that provides the services to facilitate the payment transaction to the users.
Under BI Regulation 23/2021, the focus of the scope of activities within the PSP is more on the activity-based approach rather than previously determined based on certain qualifications (e.g., issuer, acquirer, payment gateway, electronic wallet, and fund transfer). The activity-based approach aims to simplify the activity scope of the PSP and the processing and requirement of the licensing, including the integration between the licensing process and the testing space for payment system technology innovation.
A PSP carries out activities which comprise:
a. information provision of the fund source that is utilized to fulfill the obligation in payment transaction and administered in certain account for payment (“Fund Sources”);
b. payment initiation and/or acquiring services;
c. Fund Sources administration;
d. remittance services; and/or
e. any other PSP activities as determined by Bank Indonesia.
In conducting the aforementioned activities, any parties that act as a PSP must obtain a license from Bank Indonesia. The license given to a PSP to conduct PSP’s activities is given based on license categories consisting of:
1. license one category (“License One”), including the following activities:
a) Fund Sources administration;
b) Fund Sources information provision;
c) payment initiation and/or acquiring services; and
d) remittance services;
2. license two category (“License Two”), including the following activities:
a) Fund Sources information provision; and
b) payment initiation and/or acquiring services; and/or
3. license three category (“License Three”), including the following activities:
a) remittance services; and/or
b) others as determined by Bank Indonesia.
Furthermore, the party that can apply for a license as a PSP must be in the form of a Bank or Non-Bank Institution. A Non-Bank Institution PSP that applies for a License One and License Two must be in the form of a limited liability company, while for License Three, a Non-Bank Institution PSP must be in the form of a limited liability company or other Indonesian legal entity under the prevailing laws on the fund transfer, such as cooperatives.
Any party applying for the license as a PSP must fulfill the license requirements determined by Bank Indonesia, which cover the institutional, capital and finance, risks management, and information system capabilities aspects.
Under BI Regulation 23/2021, a Non-Bank Institution PSP may be owned by a foreigner up to a maximum of 85% from the paid-up capital. Moreover, the composition of the shares of a Non-Bank Institution PSP must constitute that the shares with voting rights must be owned at least 51% by an Indonesian individual or an Indonesian legal entity.
In the capital and finance aspect, a PSP is required to have an initial capital (modal disetor minimum) of: (i) License One at least IDR15 billion; (ii) License Two at least IDR5 billion; and (iii) License Three at least: (a) IDR500 million for a PSP that is not providing a system that can be utilized by other License Three PSPs; or (b) IDR1 billion for a PSP that is providing a system that can be utilized by other License Three PSPs.
For the risks management aspect, a PSP must fulfill the function to assess the legal risks, operational risks, and liquidity risks. The implementation is assessed through active supervision by the management and its supervisory board, analyzing the availability of the policy and procedure and the fulfillment of the organizational structure sufficiency, risks management and risks management function processes, human resources, and internal control.
The information system capability must be fulfilled with due assessment through the security control procedure, fraud management system, security testing and information system audit, and information systems' level of capability and availability.
The application of the PSP license must comply with the mechanism and procedure of the license application under BI Regulation 23/2021, conduct the self-assessment in the fulfillment of the required documents, and submit the required documents that Bank Indonesia requests.
The application processes are conducted through an electronic system in the following link: https://www.bi.go.id/elicensing. The application process will take six main steps: pre-consultative meeting, submission of the required documents through the electronic system, examination of the fulfillment of the administrative documents, analysis of the document (substantive examination), on-site visit, and the approval or rejection of the license application.
The existing payment system service provider, which has the license that is valid for a certain period and issued prior to the issuance of BI Regulation 23/2021, is determined as a PSP according to the license conversion result according to BI Regulation 23/2021.