OJK Introduces Enhanced IT Regulations for Rural Banks

Strengthening Digital Security Framework

The Financial Services Authority (OJK) has issued comprehensive new regulations to strengthen the digital security framework for Rural Banks (BPR) and Rural Sharia Banks (BPRS) in Indonesia. The new rules, outlined in Peraturan OJK (POJK) No. 34/2025 and Peraturan Anggota Dewan Komisioner (PADK) No. 43/2025 ¹

²

Source 2

https://keuangan.kontan.co.id/news/ojk-terbitkan-aturan-ti-perkuat-keamanan-digital-bpr-dan-bpr-syariah

, represent a significant update to the regulatory framework governing IT practices in the rural banking sector.

Key Components of the New Regulations

The new regulations introduce several critical enhancements to IT governance for BPR and BPRS:

1. Strengthened IT Governance: The rules mandate clear delineation of responsibilities between the Board of Directors and Board of Commissioners in overseeing IT operations ¹
   Source 1

   https://finansial.bisnis.com/read/20260108/90/1942716/ojk-cabut-aturan-lama-ti-bpr-standar-keamanan-digital-kini-lebih-ketat
   .
2. Comprehensive Risk Management: Banks are required to implement robust IT risk management frameworks, including specific provisions for third-party service providers.
3. Disaster Recovery Planning: Mandatory disaster recovery plans are now required to ensure business continuity in the event of system failures or cyber incidents.
4. Data Localization: The regulations require both data centers and disaster recovery centers to be located within Indonesia's territory, enhancing data sovereignty and security.
5. Cybersecurity Measures: Enhanced cybersecurity requirements have been introduced in response to growing cyber threats in the banking sector.

Implementation Timeline and Impact

The new regulations will become effective one year after their enactment, giving BPR and BPRS institutions sufficient time to comply with the enhanced requirements ¹

. OJK officials emphasize that these measures are crucial for creating a more secure digital environment while supporting the ongoing digital transformation in the rural banking sector.

Regulatory Evolution and Industry Response

The introduction of these regulations marks a significant evolution in OJK's regulatory approach, moving beyond the previous framework established under POJK No. 75/POJK.03/2016 and SEOJK No. 15/SEOJK.03/2017 ¹

. Industry stakeholders are generally supportive of the measures, recognizing the need for enhanced security protocols in light of increasing digital transactions and associated cyber risks.