Ferdinand Kentjana

Translation of a govt regulation (result)

UNOFFICIAL TRANSLATION FINANCIAL SERVICES AUTHORITY (OJK) REPUBLIC OF INDONESIA COPY FINANCIAL SERVICES AUTHORITY REGULATION NUMBER 77 /POJK.01/2016 IN REGARD TO INFORMATION TECHNOLOGY-BASED LOAN AND BORROWING SERVICES BY THE GRACE OF GOD FINANCIAL SERVICES AUTHORITY REGULATION COMMISSIONER BOARD, Considering: a) that Information technology has been used to develop the financial industry which can push the growth of alternative financing for the general public; b) the need to support the growth of Information Technology-Based financial services institutions to further contribute to national economy; c) that based on points (a) and (b) above, there is a need to establish Financial Services Authority Regulation In Regard To Information Technology-Based Loan and Borrowing Services In view of: Law No. 21 Year 2011 Financial Services Authority (Statute Book Of Republic Of Indonesia Year 2011 Number 111, Additional Statute Book Of Republic Of Indonesia Number 5253); HEREBY DECREES Establish: FINANCIAL SERVICES AUTHORITY REGULATION IN REGARD TO INFORMATION TECHNOLOGYBASED LOAN AND BORROWING SERVICES pg. 1 UNOFFICIAL TRANSLATION CHAPTER I GENERAL GUIDELINES Article 1 Definitions: 1. Financial Services Authority (OJK) is an independent institution, having the function, task, and authority to regulate, monitoring, examination, and investigation as specified in Law No. 21 Year 2011 regarding Financial Services Authority. 2. Other Financial Services Institution are pawn shops (pegadaian), guaranteeing institutions, Indonesian financial export institutions, secondary housing finance companies, and mandatory public monetary management institutions, including social security program, pension and welfare as specified in the law and regulation monitored by Financial Services Authority (OJK) regarding the above institutions. 3. Information Technology-Based Loan and Borrowing Services is a monetary service to connect loan giver (lender) with loan receiver (borrower) in order to enter into a loan and borrowing agreement directly in rupiah through electronic systems using the internet. 4. Electronic Systems are a set of tools and procedures designed to prepare, collect, process, analyse, store, display, announce, send, and/or distribute electronic information in financial services. 5. Information Technology is a technique to collect, prepare, announce, analyse, and/or distribute electronic information in financial services. 6. Information Technology-Based Loan and Borrowing Services Provider, herein called Provider, is an Indonesian legal entity which provides, manages, and operates Information TechnologyBased Loan and Borrowing Services. 7. Loan Receiver (Borrower) is a person and/or legal entity having a debt in an Information Technology-Based Loan and Borrowing Services Agreement. 8. Loan Giver (Lender) is a person and/or legal entity having a receivable in an Information Technology-Based Loan and Borrowing Services Agreement. 9. Information Technology-Based Loan and Borrowing Services User, herein called User, is a Loan Giver and Receiver using Information Technology-Based Loan and Borrowing Services. 10. Board of Directors: a. for Provider in a limited liability company (perseroan terbatas) is the board of directors as specified in Law No. 40 Year 2007 regarding limited liability company (Perseroan Terbatas); or b. for Provider in a legal cooperation (koperasi) is the management team as specified in Law No. 25 Year 1992 regarding Cooperation (Perkoperasian). 11. Commissioners: a. for Provider in a limited liability company (perseroan terbatas) is the commissioners as specified in Law No. 40 Year 2007 regarding limited liability company (Perseroan Terbatas); or b. for Provider in a legal cooperation (koperasi) is the supervisor as specified in Law No. 25 Year 1992 regarding Cooperation (Perkoperasian). 12. Electronic Document is every electronic information created, forwarded, sent, or stored in analog, digital, electromagnetic, optical, or similar form, which can be seen, displayed, heard through a computer or Electronic Systems including but not limited to writings, sounds, pictures, pg. 2 UNOFFICIAL TRANSLATION blueprints, photos or the like, letters, signs, numbers, access codes, symbols, or any meaningful perforations understood by the interpreter as specified in Law No. 11 Year 2008 regarding Electronic Transactions and Information. 13. Electronic Certificate is a certificate electronic in nature which includes electronic signatures and all the legal parties’ legal statuses and identities in an electronic transaction issued by electronic service provider as specified in Law No. 11 Year 2008 regarding Electronic Transactions and Information. 14. Electronic Service Provider is a legal entity functioning as the party that issues and audits Electronic Certificates registered at Financial Services Authority (OJK). 15. Electronic Signature is a signature composed of electronic information attached, associated, or related with other electronic information which is used as verification and authentication purposes as specified in Law No. 11 Year 2008 regarding Electronic Transactions and Information. CHAPTER II INFORMATION TECHNOLOGY-BASED LOAN AND BORROWING SERVICES PROVIDER Part One Legal Form, Ownership, and Capital Article 2 (1) Provider is stated as Other Financial Services Institution. (2) Legal entity of Provider in the form of: a. limited liability company (Perseroan Terbatas); or b. cooperation (Koperasi). Article 3 (1) Provider in the form of a limited liability company can be established and owned by a. Indonesian and/or Indonesian legal entity; and/or b. foreigner and/or foreign legal entity (2) The maximum ownership share of a foreigner and/or foreign legal entity, direct or indirectly, is 85% (eighty five percent). Article 4 (1) Provider in the form of a limited liability company must have a minimum of Rp-,00 (one billion rupiah) paid-up capital at the time of registration. (2) Provider in the form of a cooperation must have a minimum of Rp-,00 (one billion rupiah) internal capital at the time of registration. (3) Provider must have paid-up or internal capital a minimum of Rp-,00 (two billion five hundred million rupiah) at the time of permit application. pg. 3 UNOFFICIAL TRANSLATION Part Two Business Activities Article 5 (1) Provider provides, manages, and operates Information Technology-Based Loan and Borrowing Services from Loan Giver (Lender) to Loan Receiver (Borrower) whose fund originates from Loan Giver (Lender). (2) Provider may work with other information technology-based loan and borrowing provider according to the current laws and regulations. Part Three Monetary Loan Limit Article 6 (1) Provider must comply with maximum monetary loan limit to every Loan Receiver (Borrower). (2) The maximum limit of total money loaned out is Rp-,00 (two billion rupiah). (3) Financial Services Authority (OJK) may review this maximum limit. Part Four Registration and Permit Article 7 Provider must apply registration and permit to Financial Services Authority (OJK). Paragraph 1 Article 8 (1) Provider intending to do Information Technology-Based Loan and Borrowing Services applies to register to Financial Services Authority (OJK). (2) Provider which has done Information Technology-Based Loan and Borrowing Services activities prior to this law, must apply to register to Financial Services Authority (OJK) maximum 6 (six) months after this law is in effect.. (3) Application by Provider shall be registered by the Board of Directors to the Executive Chief of Insurance Monitoring, Pension Fund, Finance Institution, and Other Financial institutions (Kepala Eksekutif Pengawas Perasuransian, Dana Pensiun, Lembaga Pembiayaan, dan Lembaga Jasa Keuangan Lainnya) using Form 1 attached with this law, including these documents: a. deed of establishment including article of association (if applicable), which has been approved by or informed to authorised government institution in accordance to present laws; b. proof of personal ID and resume complete with the latest 4x6 cm colour photograph of: 1. shareholders having at least 20% (twenty percent) share; 2. board of Directors; 3. board of Commissioners; c. copy of company taxpayer ID; d. Provider’s statement of residence from authorised government institution; pg. 4 UNOFFICIAL TRANSLATION e. proof of business activity operational readiness in the form of document(s) relating to Electronic System(s) being used by Provider and operational activity data. f. proof of capital compliance as mentioned in Article 4 verse (1) or (2); g. where permit is not approved by Financial Services Authority (OJK), Provider must submit a statement regarding the Provider’s plan to comply with its rights and duties. (4) Acceptance of application shall be approved no later than 10 (ten) working days after all the required application documents have been received. (5) Financial Services Authority (OJK) approves Provider’s application by issuing a registration certificate. Article 9 (1) Registered Provider must submit a periodic report every 3 (three) month for the period ending 31 March, 30 June, 30 September, and 31 December to Financial Services Authority (OJK) with the following minimum information: a. Number of Loan Giver (Lender) and Loan Receiver (Borrower) b. The loan quality accepted by Loan Receiver (Borrower) and the quality rating metrics; and c. activities engaged in after being registered by Financial Services Authority (OJK). (2) Periodic report every 3 (three) month mentioned above must be submitted to Financial Services Authority (OJK) no later than 10 (ten) working days after the reporting deadline. (1) (2) (3) (4) (5) Article 10 Provider, having been registered by Financial Services Authority (OJK), must apply permit as a Provider no later than 1 (one) year from the date of registration at Financial Services Authority (OJK). The registration certificate mentioned in Article 8 verse (5) shall be deemed void if Provider has not submitted the permit application within 1 (one) year period mentioned in Article 10 verse (1). Provider whose registration certificate declared void as mentioned in verse (2), shall not be able to submit further registration to Financial Services Authority (OJK). Provider whose registration certificate declared void as mentioned in verse (2), must meet the terms in the statement regarding the Provider’s plan to comply with its rights and duties. Registered Provider which is not able to continue its operational activities, must submit an application to Financial Services Authority (OJK) stating the reason, and plans to conform to Provider’s remaining rights and duties. Paragraph 2 Article 11 (1) Permit application by Provider as mentioned in Article 10 verse (1) shall be registered by the Provider’s Board of Directors to the Executive Chief of Insurance Monitoring, Pension Fund, Finance Institution, and Other Financial institutions (Kepala Eksekutif Pengawas Perasuransian, Dana Pensiun, Lembaga Pembiayaan, dan Lembaga Jasa Keuangan Lainnya) using Form 2 attached with this law, including these documents: a. deed of establishment including article of association (if applicable) which has been approved by or informed to authorised government institution, which includes: pg. 5 UNOFFICIAL TRANSLATION 1. name and location of business entity; 2. business activities as Information Technology-Based Loan and Borrowing Services; 3. capital; 4. ownership; 5. authority, responsibility, length of Director’s duty, and Commissioner; and 6. change of last article of association (if any) with proof of approval and/or receipt of notice by authorised government institution. b. ownership list: 1. list of shareholders detailing each share for a limited liability company; 2. list of members including principal mandatory deposit and regular mandatory deposit for a cooperation; c. shareholders data: 1. for an individual, attach: a) copy of valid ID card or passport for a foreigner; b) copy of tax ID number; c) resume with latest 4x6 cm colour photograph; and d) statement with government stamp duty (meterai), stating: 1) Provider’s paid-up capital is not from loan; 2) Provider’s paid-up capital is not from money laundering and criminal activities; 3) not listed in blocked or bad credit list; 4) never been sentenced of financial and/or economic criminal act services by court decision within the last 5 (five) years; 5) never been sentenced of criminal act by court decision within the last 5 (five) years; 6) never been declared bankrupt or guilty of causing a limited liability company to file bankruptcy by court decision within the last 5 (five) years; and 7) never been a controlling majority shareholder, board of director, or board of commissioner, in a financial services company whose business license has been revoked for violation within the last 5 (five) years; 2. for a legal entity, attach: a) deed of establishment including article of association (if applicable) which has been approved by or informed to authorised government institution in accordance to present laws; b) statement letter from board of directors or of equal rank person, stating: 1) Provider’s paid-up capital is not from loan; 2) Provider’s paid-up capital is not from money laundering and criminal activities; and 3) not listed in blocked or bad credit list 3. for central government, attach government regulation regarding government capital in establishment of a corporation or limited liability company; pg. 6 UNOFFICIAL TRANSLATION 4. for local government, attach local government regulation regarding local government capital in establishment of a corporation or limited liability company; d. Board of Directors and Commissioners’’ data: 1. copy of valid ID card or passport for a foreigner; 2. resume with latest 4x6 cm colour photograph; 3. copy of tax ID number; and 4. statement with government stamp duty (meterai) from each Director and Commissioner, stating: a) not listed in blocked or bad credit list; b) never been sentenced of financial and/or economic criminal act services by court decision within the last 5 (five) years; c) never been sentenced of criminal act by court decision within the last 5 (five) years; d) never been declared bankrupt or guilty of causing a limited liability company to file bankruptcy by court decision within the last 5 (five) years; and e) never been a controlling majority shareholder, board of director, or board of commissioner, in a financial services company whose business license has been revoked for violation within the last 5 (five) years; e. copy of proof of valid and legalised paid-up capital during the application period in one of Indonesian general banks with conventional activities and/or according to sharia principle; f. Provider’s organisational chart; g. standard operating procedure regarding the application of anti money laundering program and terrorism funding prevention; h. first year business plan which at least includes: 1. overall picture of the business; 2. targets and steps to achieve them; and 3. financial projection report for the next 1 (one) year; i. proof of operational readiness: 1. copy of building and office or outlet ownership of freehold title, right to build, or right of use using Provider’s name, or building/space lease agreement; and 2. office utilities and inventory list; j. copy of Provider’s tax ID number; k. statement letter regarding plans to conform to Provider’s remaining rights and duties should the Provider is not able to continue Information Technology-Based Loan and Borrowing Services; and l. proof of full payment of permit fees. (2) Financial Services Authority (OJK) shall review permit application submitted by Provider. (3) Financial Services Authority (OJK) shall approve or disapprove permit application no later than 20 (twenty) working days after all the required application documents have been received. (4) Permit application shall be automatically in effect when the deadline mentioned in verse (3) above has been passed. pg. 7 UNOFFICIAL TRANSLATION Part Five Change of Ownership Article 12 Change of Ownership must first have the approval of Financial Services Authority (OJK). Part Six Revocation of Permit by Own Request Article 13 (1) Registered Provider which has permit and is not able to continue its operational activities, must submit an application to Financial Services Authority (OJK) stating the reason, and plans to conform to Provider’s remaining rights and duties. (2) Financial Services Authority (OJK) shall revoke Provider’s permit no later than 20 (twenty) working days after the application has been received. Part Seven Human Resources Qualifications Article 14 (1) Provider must have qualified human resources and/or background in information technology. (2) Provider must have at least 1 (one) Director and 1 (one) Commissioner with at least 1 (one) year experience in the financial services industry. (3) Provider must improve the quality of human resources through education and training which support Information Technology-Based Loan and Borrowing Services. CHAPTER III INFORMATION TECHNOLOGY-BASED LOAN AND BORROWING SERVICES USER Part One Loan Receiver (Borrower) Article 15 (1) Loan Receiver (Borrower) must come from and reside in Indonesia. (2) Loan Receiver (Borrower) may be: a. an Indonesian individual; or b. Indonesian legal entity. Part Two Loan Giver (Lender) Article 16 (1) Loan Giver (Lender) may come from Indonesia and/or overseas. (2) Loan Giver (Lender) may be: a. an Indonesian individual; pg. 8 UNOFFICIAL TRANSLATION b. a foreign individual; c. Indonesian/foreign legal entity; d. Indonesian/foreign business entity; and/or e. international foundation. Article 17 (1) Provider shall give input on the interest rate offered by Loan Giver (Lender) to Loan Receiver (Borrower) by considering normal and national economic situation. (2) In the case that Loan Receiver (Borrower) receives loan from overseas, Information TechnologyBased Loan and Borrowing Services Provider shall adhere to the existing laws and regulations. CHAPTER IV INFORMATION TECHNOLOGY-BASED LOAN AND BORROWING SERVICES AGREEMENT Article 18 Information Technology-Based Loan and Borrowing Services Agreement shall cover: a. agreement between Provider and Loan Giver (Lender) b. agreement between Provider and Loan Receiver (Borrower) Part One Information Technology-Based Loan and Borrowing Services Agreement with Loan Giver (Lender) (1) Information Technology-Based Loan and Borrowing Services Agreement between Provider and Loan Giver (Lender) shall be in Electronic Document. (2) The Electronic Document shall at least consist of: a. agreement number; b. date of agreement; c. identities of the parties involved; d. guidelines regarding rights and obligations of all parties; e. loan amount; f. loan interest rate; g. commission rate; h. duration of loan; i. detail of inclusion fees; j. guidelines regarding penalties (if any); k. dispute resolution; and l. dispute resolution in the case that Provider is not able continue its operational activities. (3) Provider must give information access to Loan Giver (Lender) regarding the use of the fund. (4) Information access shall not include any information regarding the identity of the Loan Receiver (Borrower). (5) Information access regarding the use of the fund shall at least consist of: a. amount of fund loaned out to Loan Receiver (Borrower); b. purpose of fund use by the Loan Receiver (Borrower); c. interest rate; and d. duration of loan. pg. 9 UNOFFICIAL TRANSLATION Part Two Agreement between Loan Giver (Lender) and Loan Receiver (Borrower) (1) (2) (3) (4) Article 20 Information Technology-Based Loan and Borrowing Services Agreement between Loan Giver (Lender) and Loan Receiver (Borrower) shall be in Electronic Document. The Electronic Document shall at least consist of: a. agreement number; b. date of agreement; c. identities of the parties involved; d. guidelines regarding rights and obligations of all parties; e. loan amount; f. loan interest rate; g. instalment value; h. duration of loan; i. collateral (if any); j. detail of inclusion fees; k. guidelines regarding penalties (if any); and l. dispute resolution; Provider must give information access to Loan Receiver (Borrower) regarding the loan accepted. Information access shall not include any information regarding the identity of the Loan Giver (Lender). CHAPTER V RISK MITIGATION Article 21 Provider and Users must do risk mitigation. Article 22 Provider may be a member of Financial Services Authority (OJK)’s financial information system or other information system registered at Financial Services Authority (OJK) by meeting the requirements as stipulated by law. Article 23 Provider may work and have data exchange with information technology-based supporting provider to enhance the quality of Information Technology-Based Loan and Borrowing Services. Article 24 (1) Provider must use escrow and virtual accounts for Information Technology-Based Loan and Borrowing Services. (2) Provider must provide virtual account for every Loan Giver (Lender). (3) In the event of full payment, Loan Receiver (Borrower) shall pay through Provider’s escrow account to be credited to Loan Giver’s (Lender) virtual account. pg. 10 UNOFFICIAL TRANSLATION CHAPTER VI INFORMATION TECHNOLOGY-BASED LOAN AND BORROWING SERVICES MANAGEMENT Part One Data and Disaster Recovery Centres Article 25 (1) Provider must use data and disaster recovery centres. (2) Data and disaster recovery centres must be in Indonesia. (3) Provider must comply with the minimum standard of information technology system, information technology security, system malfunction and failure system durability, as well as information technology take over. Part Two Data Confidentiality Article 26 Provider must: a. secure the confidentiality, integrity, and availability of personal, transaction, and financial data being managed from its first input until it is destroyed; b. ensure the availability of authentication, verification, and validation processes which support the undeniability in accessing, processing, and executing personal, transaction, and financial data being managed; c. ensure that the procurement, use, utilisation, and disclosure of personal, transaction, and financial data obtained by Provider is based on the approval of personal, transaction, and financial data owner, unless otherwise stated by law; d. provide other communication media apart from Information Technology-Based Loan and Borrowing Services Electronic System to ensure the continuity of customer service which can be in the form of electronic mail, call centre, or other communication media; and e. inform in writing to personal, transaction, and financial data owner should there be a failure in the protection of personal, transaction, and financial data being managed. Part Three Audit Record Article 27 (1) Provider must provide audit record of its whole activities in the Information Technology-Based Loan and Borrowing Services Electronic System. (2) Provider must ensure the Information Technology system being used fully support the availability of audit record. (3) Audit record is used for monitoring, law enforcement, dispute resolution, verification, testing, and other examination purposes. pg. 11 UNOFFICIAL TRANSLATION Part Five Security System (1) (2) (3) (4) Article 28 Provider must secure all information technology system by having and operating procedures and means for Information Technology-Based Loan and Borrowing Services to avoid interference, failure, and loss. Provider must provide security system which includes procedures, prevention, and countermeasure systems to threats and attacks which may cause interference, failure, and loss. Provider must participate in information technology security breach management to support information safety in Information Technology-Based Loan and Borrowing Services industry. Provider must redisplay Electronic Document in its fullest according to the format and retention time set by law. CHAPTER VII PROTECTION AND EDUCATION OF INFORMATION TECHNOLOGY-BASED LOAN AND BORROWING SERVICES USER Article 29 Provider must apply basic principles of User protection: a. transparency; b. fair treatment; c. dependability; d. security and confidentiality of data; and e. User dispute resolution in a simple, quick, and affordable fashion. Article 30 (1) Provider must provide and/or inform the latest update regarding Information Technology-Based Loan and Borrowing Services in an accurate, honest, clear, and not misleading fashion. (2) The information mentioned above shall be put into document(s) or other means which can be used as evidence. Article 31 (1) Provider must inform User regarding acceptance, deferment, or refusal of Information Technology-Based Loan and Borrowing Services application. (2) In the case where Provider informs User regarding deferment or refusal of application, Provider must state the reason of deferment or refusal unless otherwise stated by law. Article 32 (1) In every Electronic Document, Provider must use simple Indonesian terms, phrases, and/or sentences which can be easily read and understood by User. (2) Indonesian language in the document may be paired with other language as needed. pg. 12 UNOFFICIAL TRANSLATION Article 33 Provider shall support activities in conjunction with increasing financial inclusion and literacy. Article 34 Provider must oversee the balance between the need and capability of User with the services offered. Article 35 Provider must display and/or state in every proposal or service promotion: a. name and/or logo of Provider; and b. statement that Provider is registered and monitored by Financial Services Authority (OJK). Article 36 (1) in the case where Provider uses formal agreement, it must be ordered in accordance to law. (2) Formal agreement mentioned above shall not: a. state the transfer of responsibility or obligation of Provider to User; and b. state that User shall adhere to new regulations, addendums, extension, continuation, and/or one-sided changes made by Provider during the User’s use of service. Article 37 Provider shall be held responsible for User’s loss incurred by Provider’s error and/or negligence, Board of Directors, and/or its staff. Article 38 Provider shall have standard operating procedures in its service to User specified in Electronic Document. Article 39 (1) Provider is in any way prohibited, to disclose data and/or information regarding User to another third party. (2) This disclosure prohibition shall be voided if: a. User gives electronic permission; and/or b. Required by law. (3) Cancellation or changes to part of the agreement of data and/or information disclosure mentioned in verse (2) point a above shall be done by User electronically in the form of Electronic Document. Article 40 In the case of User complaint, Provider must electronically report every month with follow up settlement to Financial Services Authority (OJK). CHAPTER VIII ELECTRONIC SIGNATURE Article 41 pg. 13 UNOFFICIAL TRANSLATION (1) Agreement as mentioned in Article 18 shall be performed by electronic signature. (2) Agreement for the purpose of Information Technology-Based Loan and Borrowing Services other than verse (1) above may use electronic signature. (3) The use of electronic signature mentioned in verses (1) and (2) shall be according to the law that regulates electronic signature. CHAPTER IX FUNDAMENTAL AND PROCEDURE OF USER IDENTIFICATION Article 42 Provider must employ anti money laundering program and terrorism funding prevention in the financial services sector against User according to the law regarding anti money laundering program and terrorism funding prevention. CHAPTER X PROHIBITION Article 43 In operating the business, Provider is prohibited from: a. operating business other than Provider’s business as regulated in this Financial Services Authority (OJK) regulation; b. acting as Loan Giver (Lender) or Loan Receiver (Borrower); c. giving collateral in any form to meet other party’s obligation; d. issuing letter of debt(s); e. giving recommendation to User; f. publishing fictional and/or misleading information; g. offering service(s) to User and/or the public through personal communication without User’s consent; h. incurring any fee to User for complaint submission. CHAPTER XI REGULAR REPORT Article 44 Provider which has obtained permit, must submit regular report electronically to Financial Services Authority (OJK): a. monthly report; and b. yearly report. Article 45 (1) Provider’s monthly report must at least contain: a. financial performance report submitted in the form of physical and Electronic Documents; b. management performance report submitted in the form of physical and Electronic Documents; pg. 14 UNOFFICIAL TRANSLATION (2) (3) (4) (5) (1) (2) (3) (4) (5) c. Electronic Documents in database format with database element structure; d. User complaint with follow up settlement as mentioned in Article 40; in accordance to Form 3 attached Financial Services Authority (OJK) may request additional information and/or data to Provider where deemed necessary. Monthly report shall be submitted in the form of physical and Electronic Documents. Monthly report shall be submitted to Executive Chief of Insurance Monitoring, Pension Fund, Finance Institution, and Other Financial institutions (Kepala Eksekutif Pengawas Perasuransian, Dana Pensiun, Lembaga Pembiayaan, dan Lembaga Jasa Keuangan Lainnya) no later than 10 (ten) working days in the following month. Submission of monthly report mentioned in verse (1) point d shall be forwarded to the Commissioner Board of Consumer Education and Protection (Dewan Komisioner Bidang Edukasi dan Perlindungan Konsumen). Article 46 Provider must submit yearly report to Financial Services Authority (OJK) for the reporting period of 1 January to 31 December. Yearly report consists of: a. financial report; and b. management activities report of Information Technology-Based Loan and Borrowing Services; in accordance to Form 4 attached. Financial Services Authority (OJK) may request additional information and/or data to Provider where deemed necessary. Yearly report shall be submitted in the form of physical and Electronic Documents. Yearly report shall be submitted to Executive Chief of Insurance Monitoring, Pension Fund, Finance Institution, and Other Financial institutions (Kepala Eksekutif Pengawas Perasuransian, Dana Pensiun, Lembaga Pembiayaan, dan Lembaga Jasa Keuangan Lainnya) no later than 20 (twenty) working days after the end of the reporting period. CHAPTER XII SANCTIONS Article 47 (1) In the event of violation of this regulation, Financial Services Authority (OJK) is authorised to impose administrative sanction to Provider in the form of: a. written notice; b. fine, an obligation to pay a certain amount of money; c. restriction of business activities; and d. revocation of permit. (2) Administrative sanctions as mentioned in verse (1) points b to d, may be levied with or without prior administrative sanction mentioned in verse (1) point a. (3) Administrative sanction in the form of fine as mentioned in verse (1) point b may be levied alone or together with administrative sanctions mentioned in verse (1) points c and d. pg. 15 UNOFFICIAL TRANSLATION pg. 16 UNOFFICIAL TRANSLATION CHAPTER XIII OTHER CONDITIONS Article 48 Provider must be registered as a member in the association appointed by Financial Services Authority (OJK). CHAPTER XIV TRANSFER REGULATION Article 49 Implementation of cooperation between Provider and information technology-based supporting provider registered at Financial Services Authority (OJK) as mentioned in Article 23, is valid 2 (two) years after this Financial Services Authority (OJK) regulation is in effect. Article 50 At the time of this regulation is in effect, any Information Technology-Based Loan and Borrowing Services agreements which are still running and have loan values more than the maximum total loan limit loaned out as mentioned in Chapter 6, may continue until the end of the agreement duration. CHAPTER XV CLOSING CONDITIONS Article 51 Other conditions regarding Information Technology-Based Loan and Borrowing Services on matters such as the maximum limit of total money loaned out, loan mechanism, cooperation between Provider and information technology-based supporting provider, data center placement and minimum standard of information technology system, information technology risk management, system malfunction and failure system durability as well as information technology take over, security system, data confidentiality, Provider’s transaction failure system, information technology security system, information technology security breach management, information retention and/or Electronic Document, and Electronic Signature use management in Information Technology-Based Loan and Borrowing Services, shall be arranged in Financial Services Authority’s (OJK) circulars. Article 52 This Financial Services Authority (OJK) regulation shall be in effect on this date below. For public knowledge, this Financial Services Authority (OJK) regulation is filed in the Statute Book of Republic of Indonesia. pg. 17 UNOFFICIAL TRANSLATION Set in Jakarta on the 28th of December 2016 HEAD OF BOARD OF COMMISSIONER FINANCIAL SERVICES AUTHORITY (OJK) signed MULIAMAN D. HADAD Made law in Jakarta on the 29th of December 2016 MINISTRY OF LAW AND HUMAN RIGHTS REPUBLIC OF INDONESIA signed YASONNA H. LAOLY STATUTE BOOK OF REPUBLIC OF INDONESIA YEAR 2016 NUMBER 324 Exact copy of the original Director of Law 1 Law Department Departemen Hukum signed Yuliana pg. 18

Scheduled maintenance