BI Fast Diretas, OJK Hands Down to Inspect All BPDs

JAKARTA - The Financial Services Authority (OJK) has ensured that it has carried out a thorough examination of all Regional Development Banks (BPD) in Indonesia following the emergence of hacking transactions through the BI Fast system at a number of BPD.

The Head of the OJK Banking Supervisory Executive, Dian Ediana Rae, said that the examination was carried out through a crash program with a main focus on banking cyber resilience and security.

"Banks have been asked to ensure that steps to increase the resilience and security of banks are implemented," said Dian in Jakarta, quoted by Antara, Sunday, December 21.

Dian emphasized that OJK also strengthened coordination with payment system regulators to prevent the recurrence of similar incidents. According to him, the financial sector is the main foundation of the national economy so that all information technology infrastructure must be protected from cyber threats.

The threat of cyberattacks not only has the potential to disrupt bank operations, but can also damage the reputation of the financial industry and threaten the stability of the overall financial system.

In banking supervision, OJK applies a Risk Based Supervision (RBS) approach or risk-based supervision. This approach is used to assess the level of health of banks proportionally and sustainably, including evaluating the operational risk profile which includes information technology aspects.

"OJK determines the Bank's Health Level every semester based on the evaluation of the risk profile," explained Dian.

Supervision is carried out through two mechanisms, namely offsite (indirect) supervision and onsite (direct inspection). The entire supervision process is structured based on a plan that considers priorities, urgency, availability of resources, as well as the characteristics and complexity of each bank.

In terms of regulation, the OJK has issued a number of rules related to banking information technology and cyber security, including POJK Number 11/POJK.03/2022 regarding the Implementation of Information Technology by Commercial Banks and SEOJK Number 29/SEOJK.03/2022 regarding Resilience and Cyber Security for Commercial Banks.

In addition, OJK again reminded banks to strengthen risk management to prevent the misuse of the banking system in fraud crimes.

The steps requested include improving the fraud detection system, strengthening the implementation of know your customer (KYC), periodic evaluation of customer profiles and transaction limits, strengthening third-party risk management, readiness of cyber incident response teams, and regular training and socialization of cyber security.

"OJK has also sent a guidance letter, including asking banks to temporarily stop anomalous transactions for clarification before carrying out transaction orders," concluded Dian.