Bank Indonesia Regulation Number 10 of 2025 Reorganizing the Payment System Industry

Introduction

On December 24, 2025, Bank Indonesia issued Bank Indonesia Regulation Number 10 of 2025 on the Regulation of the Payment System Industry ("BI Regulation 10/2025"), which will take effect on March 31, 2026. BI Regulation 10/2025 comprehensively governs the operation of the payment system industry, covering Payment Service Providers ("PJP"), Payment System Infrastructure Operators ("PIP"), and Supporting Providers. The regulation adopts an integrated and risk-based regulatory approach to support national financial system stability.

BI Regulation 10/2025 was formulated to adjust the regulatory framework of the payment system industry in response to developments in economic digitalization. In the recitals, Bank Indonesia emphasizes the need to strengthen the industry structure through enhanced risk management capabilities and improved payment system infrastructure. The regulation forms part of the implementation of the Indonesia Payment System Blueprint to support the integration of the digital economy and finance. Within this framework, Bank Indonesia establishes assessment criteria consisting of Transaction, Interconnection, Competence, Risk Management, and Information Technology Infrastructure ("TIKMI") as the basis for assessing payment system providers.

Comparison

BI Regulation 10/2025 repeals Bank Indonesia Regulation Number 22/23/BI Regulation/2020 on the Payment System ("BI Regulation 22/2020"). The following is a comparison between BI Regulation 10/2025 and BI Regulation 22/2020:

Key Provisions

New Payment System Ecosystem Map

BI Regulation 10/2025 governs the division of roles within the payment system industry. As governed in Article 49 of BI Regulation 10/2025, payment system operations involve payment system infrastructure operated by Bank Indonesia and payment system infrastructure operated by the industry, divided into:

1. Public Infrastructure (Bank Indonesia): Handles systemic systems and large-value transactions, encompassing BI-FAST (real-time retail payment), BI-RTGS System (large-value settlement), and SKNBI (clearing).

2. Industry Infrastructure (PIP): Managed by private parties for retail payment systems, such as Fast Payment or Switching infrastructure operators.

3. Payment Service Providers (PJP): Parties dealing directly with consumers, including Banks and Non-Bank Institutions ("LSB"/Fintech), providing electronic wallet, acquiring (QRIS), and payment gateway services.

Risk-Based Classification (TIKMI)

Bank Indonesia applies a risk-based supervision approach. As governed in Article 22 and Article 32, every PSP is assessed based on five TIKMI aspects, which include:

1. Transaction (volume/value);

2. Interconnection (complexity);

3. Competence (human resources/institutional);

4. Risk Management; and

5. Information Technology Infrastructure.

Based on the assessment results, Bank Indonesia establishes the classification of Main PSP or Non-Main PSP. The Main PSP classification serves as the basis for determining the activity packages that may be operated by the PSP.

Integrated Licensing Structure (Bundling Activity)

BI Regulation 10/2025 groups business licenses into activity packages. As governed in Article 34 and Article 35, the license package structure includes:

1. Package 1: Covers source of fund administration (such as electronic money/e-wallet issuance) and transaction routing. This package is divided into Package 1A and Package 1B, where Package 1A (most comprehensive) may only be operated by Main PSPs.

2. Package 2: Covers payment transaction routing activities (such as acquiring or payment gateway) and fund transfers.

3. Package 3: Specifically for remittance or fund transfer services only.

Dynamic Capital Obligations and Risk Surcharge

BI Regulation 10/2025 governs capital obligations for payment system providers. As governed in Article 44 and Article 105, Businesses are required to fulfill Minimum Paid-up Capital (initial capital) and Ongoing Capital. For the ongoing capital component, Bank Indonesia imposes an additional capital requirement (surcharge) calculated as a percentage of risk-weighted transactions. The surcharge amount is set at 1.5% to 2.5% for PJP and 2.5% to 5% for PIP.

Institutional and Corporate Governance

Provisions regarding institutional and corporate governance are specifically governed in BI Regulation 10/2025. Based on Article 42 and Article 103, every prospective member of the Board of Directors, Board of Commissioners, and controlling shareholder is required to take and pass the Fit and Proper Test organized by Bank Indonesia. Providers are also required to establish work units handling risk management, information systems, and legal functions, as well as ensure that human resources in certain positions hold competency certifications in the payment system field.

Ownership Restrictions: Single Ownership Policy

Article 117 governs the Single Ownership Policy in the payment system industry. Every party is prohibited from owning shares of 25% or more, or acting as a controlling shareholder, in more than one PJP with the same license category, or in both a PJP and a PIP. Furthermore, every plan for merger, consolidation, spin-off, or acquisition must be included in the Business Plan and obtain approval from Bank Indonesia.

Third-Party Risk Management (Technology Vendors)

Bank Indonesia expands the scope of supervision to technology service providers (vendors). As governed in Article 65 and Article 67, Supporting Providers such as cloud servers, data centers, or security system providers are classified into Critical, Important, and Standard categories. Vendors in the Critical and Important categories are required to register with Bank Indonesia. PJPs are prohibited from cooperating with unregistered Critical/Important vendors to mitigate cyber risks originating from third parties.

Consumer Protection, Personal Data, and Pricing

Article 15 through Article 17 govern the authority of Bank Indonesia in establishing pricing schemes in payment system operations. Furthermore, as governed in Article 135 through Article 138, providers are required to apply principles of transparency, asset security, and data protection, as well as obtain written approval from consumers before sharing data with other parties.

Data Sovereignty, Rupiah Obligation, and Crypto Asset Ban

Article 122 mandates that all domestic payment transaction processing, from initiation to settlement, be conducted within the territory of Indonesia. Regarding monetary sovereignty, Article 118 prohibits PSPs from owning or managing values other than Rupiah for payment purposes, in line with the obligation to use Rupiah currency within the territory of the Unitary State of the Republic of Indonesia. In addition, Article 119 prohibits PSPs from accepting, processing, or linking virtual currency, including crypto assets, as a source of payment funds, and prohibits facilitating crypto asset trading unless otherwise governed under prevailing laws and regulations.

Supervision, Reporting, and Sanctions

Article 140 governs the obligation of Businesses to submit data and/or information reports, including periodic reports and incidental reports, to Bank Indonesia. Violations of such obligations are subject to administrative sanctions as governed in Article 146, in the form of written reprimands, fines, temporary suspension of activities, and/or revocation of business licenses. The regulation also contains provisions concerning criminal liability in relation to the misuse of payment systems for money laundering or terrorism financing.

Transitional Provisions

Transitional provisions govern adjustments for PJP and PIP licensed prior to the effective date of BI Regulation 10/2025. Based on Article 177, PJP and PIP are required to adjust to licensing requirements, including ongoing capital obligations and TIKMI assessment results, within a maximum period of 3 (three) years from the date this regulation comes into force. Bank Indonesia may establish an extension of the adjustment period for a maximum of 2 (two) years based on certain considerations.

Regarding ownership and control, Article 183 governs that in the event there is no change in foreign ownership composition by foreign parties and/or no change in control by foreign parties, PJPs that have obtained licenses or PIPs that have obtained designations before BI Regulation 10/2025 comes into force are not required to fulfill the ownership and/or control provisions as referred to in Article 44 paragraph (1) letter a number 2 and number 3. This exception also applies if the change occurs due to Bank Indonesia's policy or supervisory follow-up.

Closing

BI Regulation 10/2025 requires payment system industry players, both Banks and Non-Bank Institutions, to adjust their business models and capital structures to the new regulatory framework. TIKMI assessment is used as the basis for determining provider classification and the types of activity packages that may be operated, including Package 1A which may only be operated by Main PSPs. In BI Regulation 10/2025, there are several compliance aspects that require management’s primary attention, namely:

1. fulfillment of Ongoing Capital obligations, including additional capital requirements (surcharge) based on transaction risk;

2. compliance with the Single Ownership Policy which limits share control in more than one entity with the same license category;

3. restriction on cooperation with Supporting Providers in the Critical and Important categories not yet registered with Bank Indonesia;

4. obligation for domestic payment transaction processing within Indonesia and prohibition on the use of crypto assets as a source of payment funds; and

5. utilization of the maximum 3 (three) year adjustment period to fulfill all licensing and capital requirements.

Non-compliance with these provisions may be subject to administrative sanctions in accordance with the regulation, including fines, business activity restrictions, or license revocation, with direct implications for the sustainability of the payment system provider's business activities.