Introduction

Bank Indonesia has issued Board of Governors Regulation Number 24 of 2025 on Real Time Gross Settlement via the Bank Indonesia System – Real Time Gross Settlement ("PADG 24/2025"), which was enacted and took effect on October 31, 2025. It was issued as part of Bank Indonesia's efforts to strengthen risk management, particularly cyber risk mitigation, and to enhance the speed, efficiency, and reliability of the BI-RTGS System. PADG 24/2025 also provides the legal basis for a new web-based Participant platform and streamlines a previously complex regulatory structure. By restructuring Participant obligations and reinforcing operational prudence principles, this regulation is expected to strengthen the resilience of the national payment system while ensuring safe, reliable, and easily implementable real time gross settlement for all Participants.

Comparison with Previous Regulations

PADG 24/2025 repeals and replaces PADG Number 20/15/PADG/2018 on Real Time Gross Settlement via the Bank Indonesia System - Real Time Gross Settlement (“PADG 20/15/PADG/2018”), along with all its amendments (which have been amended six times) as well as provisions regarding technology specifications in PADG Number 23/24/PADG/2021. This new regulation introduces several key changes, primarily regarding risk mitigation enhancement and the introduction of a new platform. The following compares several key aspects:

Key Provisions

The following are the key points and provisions stipulated in PADG 24/2025:

Article 1: Key Definitions

The regulation introduces a new definition, namely the Web-based BI-RTGS Payment Gateway, which is a web-based infrastructure at the Operator used by Participants to send/receive Fund Settlement instructions, access data/reports, and manage access. This complements two existing infrastructures: RTGS Payment Gateway (graphical interface application) and RTGS STP Gateway (straight through processing with Participant's internal system).

Article 5: Implementation Principles

Affirms two main principles of the BI-RTGS System:

1. Fund Settlement is performed in real time per transaction on a gross (individual) basis.

2. Fund Settlement is final and irrevocable.

The elucidation of Article 5 asserts that this finality serves as an exception to the zero hour rules principle in bankruptcy law, meaning transactions that have been settled are not voided even if the Participant is declared bankrupt on the same day.

Article 10: Parties Eligible to Become Participants

Participants of the BI-RTGS System may consist of: Banks, Clearing and/or settlement operators, Central Counterparty (CCP) institutions, Bank Indonesia, and other institutions approved by the Operator.

Article 11: Participant General Obligations

Participants are required to maintain system smoothness and security, be responsible for instruction accuracy, inform customers of fees transparently, and comply with obligations regarding information system security and cyber resilience in accordance with Bank Indonesia regulations.

Article 12 & 13: Detailed Security Obligations

Article 12 mandates Participants to conduct a series of activities to maintain security, including:

1. Formulating written policies and procedures (KPT).

2. Conducting internal checks and information system audits.

3. Possessing Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) guidelines.

4. Possessing an incident response and recovery team.

5. Implementing information system security.

Article 13 requires the KPT to be formulated no later than 6 months after becoming a Participant and must be written in the Indonesian language.

Article 15: Information System Audit Obligation

Participants are required to conduct an information system (IS) audit to ensure the security, reliability, and connectivity of their internal system interface with the BI-RTGS System. The IS Audit must be conducted at least once every 1 (one) year, either by an internal auditor (with an independent statement letter from the management) or an external auditor.

Article 21: Application of Information System Security

This is one of the core articles regarding risk mitigation. Participants are required to implement IS security which at least includes:

1. Information technology infrastructure protection.

2. Possessing an anomaly detection system at the IT infrastructure level.

3. Possessing fraud management (fraud management system).

4. Possessing operational monitoring systems and an early warning system.

Article 29 and Article 31: Operational Hours

The operational hours for the BI-RTGS System are established from 06.30 WIB to 19.00 WIB. Details of time periods for each activity (e.g., customer transactions, tax delegation, Interbank Money Market/PUAB) are further regulated in Annex IV.

Article 50 and 51: Settlement Mechanism and Priority Groups

Settlement is performed immediately if funds in the Fund Settlement Account (including ILF) are sufficient. If funds are insufficient, the instruction will be cancelled or enter the queuing mechanism.

Queuing follows the Priority Group structure in Article 51, with priority numbers set in the Transaction Code List, namely:

1. High Priority (Numbers 1-10): Enters queue if funds are insufficient.

2. Priority (Numbers 11-50): Enters queue if funds are insufficient.

3. Normal (Numbers 51-98): Immediately rejected (without queue) if funds are insufficient.

4. Settle or Reject (Number 99): Immediately rejected (without queue) if funds are insufficient.

Article 57 to 60: Error Handling (Return and Correction)

Return (Article 57-59): Refunds (e.g., due to transfer error, duplication) may be initiated by the receiving Participant or requested by the sending Participant (by including an indemnity).

Correction (Article 60): Correction of settled transactions may only be performed for beneficiary identity data (name, address, transaction description), and does not apply to fund amounts. Correction requests must also include an indemnity.

Article 69 and 73: Fees

The Operator (BI) sets various types of fees for Participants, such as instruction fees, administrative message fees, Guest Bank Facility usage fees, time extension fees, and Digital Certificate hard token replacement fees. Importantly for customers, the Operator (BI) also establishes maximum fee limits that Participants may charge their customers.

Article 76 and 77: Handling Emergency Conditions at Participants

If a Participant experiences abnormal/emergency conditions (system down), the Participant is required to:

1. Immediately report to the BI help desk (no later than 30 minutes).

2. Use the backup system (Backup RTGS Payment Gateway / Backup RTGS STP Gateway).

3. If the backup system also fails, the Participant may use the Guest Bank Facility (at BI premises).

4. If the Guest Bank Facility is not possible, as a last resort, checks/bilyet giro issued by Bank Indonesia may be used.

Article 84: Handling Fraud and Cyber Incidents (Crucial)

If an alleged/actual fraud or cyber threat/incident occurs at a Participant, the Participant must immediately notify the Operator (BI) no later than 1 (one) hour after the event is known. Upon such an event, the Operator (BI) has the authority to temporarily suspend the BI-RTGS System connection to the affected Participant or other Participants at risk.

Article 86 and 94: Reporting and Sanctions

Participants are required to submit an annual Compliance Assessment Result Report (LHPK) no later than March 31 of the following year. Late submission of the LHPK is subject to a payment obligation sanction (fine) of IDR 500,000.00 (five hundred thousand Rupiah) per working day, with a maximum limit of IDR 15,000,000.00. Errors in entering transaction codes on fund settlement instructions are subject to a fine sanction of IDR 100,000.00 (one hundred thousand Rupiah) per instruction, with a maximum limit of IDR 10,000,000.00.

Transitional Provisions

This regulation sets forth specific transitional provisions regarding the information system (IS) audit obligation regulated in Article 15. For Participants who have fulfilled the IS audit obligation before this PADG comes into force, the new annual IS audit obligation (as referred to in Article 15 paragraph (2) letter b) shall commence on January 1, 2026. However, for Participants who have not fulfilled the IS audit obligation for 2025 at the time this regulation comes into force, the implementation of the IS audit for 2025 must refer to the provisions in this new PADG.

Closing

The issuance of PADG 24/2025 marks a major change in the operational and supervisory framework of the BI-RTGS System. The three main changes introduced are:

1. Introduction of the Web-based BI-RTGS Payment Gateway as one of the official infrastructures for Participants.

2. Strengthening of risk management, particularly cyber and fraud risk, through the mandatory implementation of various security systems and incident reporting.

3. Detailing of Participant obligations in a more structured and detailed manner, including audit obligations, written policies, and information system security.