Paradigm Shift: Indonesia’s New Regulatory Framework for Payments

Introduction

Indonesia’s payment landscape is entering a period of significant regulatory change. With Bank Indonesia’s new framework coming into force on 31 March 2026, payment businesses will need to reassess their licensing positions, governance structures, business strategies, and partnerships. Understanding what is changing, and what to do now, will be critical to staying compliant and competitive.

Regulatory Background

On 24 December 2025, Bank Indonesia (BI, Indonesia’s central bank) issued a new payments regulation – BI Regulation No. 10 of 2025 on the Regulation of the Payment System Industry (the New Umbrella Regulation).

The New Umbrella Regulation (i) introduces a new core concept known as a “TIKMI” (transaction, inter-connection, competence, risk management, and IT infrastructure) assessment, (ii) reclassifies the activities that can be carried out by front-end payment services providers (PJPs) and re-groups them into new “bundles”, (iii) reclassifies Payment Services Providers (PSPs) into Main and Non-main PSPs, and (iv) imposes new requirements on business plans and registration of supporting operators in this sector.

Also on 24 December 2025, BI issued an implementing regulation – BI Board of Governors Regulation No. 32 of 2025 on Regulation of the Payment System Industry (the New Implementing Regulation).

These two new payment industry regulations replace the existing regulations (BI Regulation No. 22 of 2020 and BI Board of Governors Regulation No. 24 of 2022) with effect from 31 March 2026. However, some of the requirements will only come into force after a transition period.

Meanwhile, BI Regulation No. 23/6/2021 covering front-end payment systems (the PJP Regulation) and BI Regulation No. 23/7/2021 covering back-end payment systems (the PIP Regulation) will continue in effect to the extent they do not conflict with this new regulatory framework, with BI expected to eventually issue replacements for the PJP Regulation and the PIP Regulation that align with the new regulatory framework.

Key Changes

Key features of the new regulatory framework include the introduction of TIKMI, new bundles of front-end payment activities, SBPs and RBSPs, double hatting restrictions, supporting operator registration, and cooperation with supporting operators. We discuss each of these changes in turn below.

Introduction of TIKMI

PSPs, which include front-end payment services providers (PJPs) and back-end payment services providers (PIPs), will need to carry out periodic self-assessment of their performance based on the TIKMI framework, which measures (among other things) transaction volumes and values, inter-connection with other parties in the payment system, human resource capability, capitalisation and how various risks are managed, and the security and resilience of information systems. The TIKMI self-assessment must be submitted to BI, with the final assessment result being subject to BI’s final determination.

To facilitate these self-assessments and BI’s final determination, BI will issue further guidelines on the variables and indicators to be taken into account, the assessment mechanisms, and the assessment thresholds. BI will finalise its first TIKMI assessments by 1 April 2027.

The TIKMI assessment results will be used by BI to determine, among other things, (i) whether a particular PSP is deemed a Primary PSP, (ii) the package/bundling of activities that can be carried out by a PJP, (iii) access to participate in the payment system infrastructure, and (iv) the type of cooperation that PSPs may enter into.

Any PSP that does not meet the threshold for TIKMI assessment set by BI will be required to prepare and submit an action plan to BI.

New bundling of front-end payment activities

The current front-end payment framework recognises Category 1, Category 2 and Category 3 PJP licences, with Category 1 being the broadest and encompassing all PJP activities.

Under the new regulatory framework, these licence categories will be replaced by bundles of front-end payment activities, as set out below.

Bundle 1 consists of the following activities:

1. administration of source of funds, covering:
   1. administration of payment accounts; and
   2. issuance and/or provision of access to source of funds; and
2. forwarding of payment transactions, including:
   1. forwarding of payment transaction data and payment instructions, which may be accompanied by facilitating the receipt of payment proceeds through sub-accounts allocated to merchants and service providers; and
   2. forwarding of fund transfer instructions through digital and non-digital channels.

Bundle 1 will be subdivided into Bundle 1A and Bundle 1B, with Bundle 1A only being assigned to PJPs categorised as “Primary PSPs.”

Bundle 2 covers the forwarding of payment transactions, including:

1. forwarding of payment transaction data and payment instructions, which may be accompanied by facilitating the receipt of payment proceeds; and
2. forwarding of fund transfer instructions through digital and non-digital channels.

Bundle 3 covers only the forwarding of fund transfer instructions through non-digital channels.

Whether a PJP is considered a Primary PSP will depend on that entity’s TIKMI assessment results. The New Implementing Regulation states that a PJP’s assigned bundle of activities may change based on (i) the PSP’s own initiative, (ii) its TIKMI assessment results or evaluation to determine its classification, (iii) the result of BI’s supervision, and (iv) other aspects determined by BI.

Strategic Business Plan and Payment System Business Plan

Under the new regulatory framework, PSPs must put together a three-year Strategic Business Plan (SBP) and a one-year business plan called a Payment System Business Plan (RBSP).

The first SBP (covering 2026-2028) and RBSP (covering 2026) must be submitted by 30 April 2026 at the latest.

The SBP must include:

1. vision, mission, and strategic direction;
2. analysis of landscape, opportunities, and challenges;
3. management policies and strategies;
4. implementation of risk management;
5. plans for strategic business activities and developments;
6. financial projections, including projections on transactions; and
7. certain other information.

The RBSP must include:

1. results of Board of Commissioners (BOC) supervision;
2. Board of Directors (BOD) accountability;
3. changes to SBP;
4. realisation of previous RBSP;
5. plans for business activities and developments; and
6. certain other information.

BI may require PSPs to revise the SBP and RBSP they have submitted, based on its assessment and where necessary. PSPs must prepare and submit the SBP and RBSP, and obtain BI’s prior approval for the RBSP, in accordance with technical guidance issued by BI on its website or through other media.

Double hatting restrictions

Under the new regulatory framework, a director of a non-bank PJP or PIP must not be a director or commissioner of another PJP or PIP. In contrast, a commissioner of a non-bank PJP or PIP may be a commissioner in one other PJP or PIP as long as this (i) does not reduce the effective performance of their duties and responsibilities, their capability or integrity, and (ii) is in line with the laws and regulations on fair business competition.

The requirement for a non-bank PJP or PIP to have at least one director domiciled in Indonesia is retained.

Supporting operator registration

Unlike the current regulatory regime, the new framework regulates supporting operators more comprehensively, with BI classifying supporting operators into one of three categories: critical, important or standard.

In determining the category of a supporting operator, BI will consider how critical are the services provided by the supporting operator, and the scope of their services.

Critical and important supporting operators must register with BI. Either the supporting operator or the PSP with which it is cooperating may submit the registration to BI. This registration requirement will take effect by 31 March 2029.

Cooperation with supporting operators and other parties

The new regulatory framework sets out more detailed requirements on the cooperation with third parties, which is categorised into cooperation with (a) other PSPs, (b) supporting operators or (c) other parties.

Under the existing regulatory framework, the approval mechanism for cooperation is determined by a risk classification of high, medium or low. Under the new regulatory framework, this risk-based approach will no longer apply.

Instead, the applicable requirements and approval mechanisms for a cooperation will vary depending on (i) the activity bundling assigned to the PSP, (ii) the PSP’s classification and (iii) whether the PSP has satisfied the TIKMI assessment threshold.

BI will further assess whether the cooperation is complex or standard, which will determine if the cooperation requires prior approval or is subject to post-implementation reporting to BI. An example of a complex cooperation is a cooperation with a digital financial assets trader. This is important, as we are seeing increasing interplay between the payment and digital financial assets ecosystems. Any planned cooperation must be included in the RBSP.

Companies should note that during the transition period (ie pending BI’s approval of a PSP’s RBSP and BI’s TIKMI assessment results) any activity development, product development or cooperation must be approved by BI.

Conclusion

The New Umbrella Regulation and New Implementing Regulation introduce a number of key changes to Indonesia’s payment regulatory framework, and will become effective on 31 March 2026.

Given the phased implementation contemplated under the new regulations, and considering that the PJP Regulation and the PIP Regulation will remain in effect to the extent they are consistent with the new regulations, payment businesses will need to navigate any overlap between the current and future regimes during the transition period.

PSPs should closely monitor the applicable compliance timelines, plan ahead, and commence preparations to comply with the new requirements when they come into effect, starting with submission of their first SBP and RBSP by no later than 30 April 2026.

(With thanks to trainee associate Regita Maritza for her research support in preparing this article.)