Aug 04, 2023
7 min read

Crypto Regulations in Indonesia—All You Need to Know in 2023

Learn more about crypto regulations in Indonesia and how to stay compliant.

Indonesia’s crypto market is developing rapidly. Just recently, on July 20, 2023, the country’s key crypto regulator officially established a crypto exchange, clearing house, and manager of crypto asset storage. These are expected to provide legal certainty while protecting the user community from crypto-related risks.

Earlier, in June 2023, the Indonesian government expanded the number of tradable cryptocurrencies to 501, including Bitcoin, Solana, and Ethereum. This move comes as part of a broader government initiative to facilitate the use of digital currencies in the country.

At the moment, Indonesia’s crypto regulations are being transformed in light of a new law that transfers supervisory authority from Bappebti to OJK, with a transition period of 2 years. Today, cryptocurrencies can only be traded like commodities in Indonesia, as they are not considered a legal tender. However, it is expected that cryptocurrencies will be considered securities after the transition period to the new regulator.

Let’s dive into the details of Indonesia crypto regulations below. 

What are the main regulations?

In 2023, the following laws regulate the crypto industry in Indonesia:

  • Bappebti Regulation No. 8/2021 on Guidelines for Conducting Crypto Asset Physical Market Trading on Commodity Exchanges as amended by Bappebti Regulation No. 13 of 2022.
  • Bappebti Regulation of the commodities trading supervisory agency number 4 of 2023 concerning amendment to the regulation of the commodities trading supervisory agency number 11 of 2022 concerning determination of list of crypto assets traded in the physical market of crypto assets. 
  • Law No. 4 of 2023 on the Development and Strengthening of the Financial Services Sector (the Financial Omnibus Law).

Who is the regulator?

As of 2023, the key crypto regulator in Indonesia is the Commodity Futures Trading Regulatory Agency, known as Bappebti, which falls under the supervision of the Indonesian Ministry of Trade, and regulates futures trading (including crypto-asset trading). However, with the enactment of Law 4/2023,  regulatory authority over crypto-assets will be transferred to the Financial Services Authority, or OJK, by 12 January 2025.

Meanwhile, the Financial Services Authority (OJK) regulates and supervises the financial services sector.

Who is affected?

According to Bappebti Regulation No. 8 of 2021 on Implementing Guideline of Physical Market Trading of Crypto Assets in the Futures Exchange, crypto assets are defined as intangible commodities in digital form, using cryptography, information technology networks, and distributed ledgers to regulate the creation of new units, verify transactions, and secure transactions without the intervention of other parties.

Several types of crypto trading-related businesses are currently available in Indonesia:

  • Futures exchanges. These are business entities that provide systems and/or facilities for buying and selling commodities based on futures contracts, sharia derivative contracts, and/or other derivative contracts.
  • Crypto futures clearing houses. These provide systems and/or facilities for clearing and guaranteeing the settlement of futures trading transactions.
  • Crypto-asset storage managers. These obtain approval from the Head of Bappebti to carry out storage, maintenance, supervision and/or delivery of crypto assets.
  • Crypto-asset physical traders. These obtain approval from the Head of Bappebti to carry out transaction activities related to crypto assets.

The scope of crypto-asset physical trader activities includes:

  • Selling and/or purchasing crypto assets between crypto and rupiah currencies
  • Exchanging one or more types of crypto assets
  • Storage of crypto assets
  • Transfer of crypto assets between wallets

According to the law of 2023, which transfers regulatory authorities from Bappebti to OJK, crypto-related activities are referred to as “technology innovation in the financial sector” (inovasi teknologi sektor keuangan or ITSK).

In the event that there are activities other than those referred to above, they must  first obtain approval from the Head of Bappebti.

Initial Coin Offerings (ICOs) are not regulated in Indonesia yet.

Licensing requirements

Activities concerning cryptocurrency are required to obtain approval from BAPPEBTI to be conducted legally in Indonesia.

For each type of activity (futures exchange, crypto futures clearing house, crypto-asset storage managers, crypto-asset physical trader), different requirements are applied. Below are a few examples.

Requirements for Futures Exchanges that can carry out physical trading of Crypto Assets

  • At the time of filing the application, a futures exchange should have paid-up capital of at least IDR 500,000,000,000.00 (five hundred billion rupiah) no later than 2 (two) months after obtaining a business license that specifically facilitates Crypto Asset trading;
  • it also should maintain equity of at least 80% (eighty percent) of paid-up capital;
  • have at least 1 (one) employee with a Certified Information Systems Auditor (CISA) certificate and 1 (one) employee with a Certified Information Systems Security Professional (CISSP) certificate, or have a partnership with an institution that has experts or works directly with experts;
  • have a monitoring and reporting system for carrying out trades in the Physical Crypto Asset Market that occur at Physical Crypto Asset Traders  (e.g. have an up to date Business Continuity Plan (BCP); have a Disaster Recovery Center (DRC), have ISO 27001 (Information Security Management System) certification in which there is a Statement of Applicability (SOA) for ISO 27017 (cloud security) and ISO 27018 (cloud privacy) when using cloud services; ISO 27017 (cloud security) and ISO 27018 (cloud privacy) must be fulfilled by the cloud service provider company.
  • have rules and regulations for the Crypto Asset Physical Market as specified in Art. 6 of the Bappebti Regulation No. 8/2021;
  • have a Crypto Asset Physical Market committee;
  • within a period of 3 (three) months after approval is given, have a paid-up capital of at least IDR 1,000,000,000,000.00 (one trillion rupiah), or at least 2% (two percent) of the transaction value facilitated or reported on Futures Exchanges;
  • have implemented Anti-Money Laundering, Prevention of the Financing of Terrorism, and Proliferation of Weapons of Mass Destruction Programs.

Requirements for Futures Clearing House

  • A futures clearing house should have paid-up capital of at least IDR 500,000,000,000.00 (five hundred billion rupiah);
  • maintain equity of at least 80% (eighty percent) of paid-up capital;
  • have a settlement system connected to Futures Exchanges, Physical Crypto Asset Traders and Crypto Asset Storage Managers as specified in Art. 11 of the Bappebti Regulation No. 8/2021 (e.g. have an up to date Business Continuity Plan (BCP); have a Disaster Recovery Center (DRC), have ISO 27001 (Information Security Management System) certification in which there is a Statement of Applicability (SOA) for ISO 27017 (cloud security) and ISO 27018 (cloud privacy) when using cloud services.; 
  • have rules and regulations for the Physical Crypto Asset Market as specified in Art. 10 of the Bappebti Regulation No. 8/2021.
  • have a server or cloud server with good technical specifications to facilitate the use of systems and/or guarantee facilities and online settlement.

Requirements for Crypto Asset Storage Managers

  • Crypto Asset storage managers should have  paid-up capital of at least IDR 250,000,000,000.00 (two hundred and fifty billion rupiah)
  • maintain equity of at least 80% (eighty percent) of paid-up capital
  • have an organizational structure consisting of at least an information technology division, a legal division, an internal control division, and a Crypto Asset storage governance and risk management division
  • have an online storage system and/or facility that is used to facilitate the storage of Crypto Assets connected to the Futures Clearing House and Physical Crypto Asset Traders as specified in Art. 18 of the Bappebti Regulation No. 8/2021
  • have a Standard Operating Procedure (SOP) (In compiling and implementing the SOP, the Manager of the Crypto Asset Depository must pay attention to the governance and storage of Crypto Assets in cold wallets and hot wallets as specified in Art. 20 of the Bappebti Regulation No. 8/2021)
  • have a minimum of one employee certified as CISA  and one employee certified as CISSP, or cooperate with an institution who has such certified employees or cooperate directly with the person having CISA and CISSP certification.

Requirements for Crypto Asset Physical Traders

  • Crypto asset physical traders should have paid-up capital of at most 100,000,000,000.00 (one hundred billion IDR);
  • maintain equity of not more than 50,000,000,000.00 (fifty billion IDR);
  • have an organizational structure, including the Division of Information Technology, Audit Division, Legal Division, Crypto Asset Customer Complaints Division, Client Support Division, Accounting Division and Finance;
  • have online trading systems and/or facilities used to facilitate maintenance of trading in the Physical Market of Crypto Assets connected with the Futures Exchange and Futures Clearing House (the online trading system and/or facilities must meet at least the following requirements: the server or cloud server used has good technical specifications to facilitate the use of online trading systems and/or facilities, ISO 27001 (Information Security Management System) certification in which there is a Statement of Applicability (SOA) for ISO 27017 (cloud security), and ISO 27018 (cloud privacy) when using cloud services, the obligation is ISO 27017 (cloud security) and ISO 27018 (cloud privacy) must be fulfilled by the cloud service provider company; has an Open Application Programming Interface (API) security that has defined procedures, such as the encryption-decryption process, Internet Protocol (IP) Whitelist, tunnel and certificate; etc.);
  • have trading procedures (trading rules);
  • have a Standard Operating Procedure (SOP);
  • have an implemented Anti-Money Laundering and Combating the Financing of Terrorism (APU-PPT) program as well as the Proliferation of Weapons of Mass Destruction.
  • have at least 1 (one) employee certified as Certified Information Systems Security Professional (CISSP) cooperation with an institution that has experts or directly has a cooperation agreement with experts certified as Certified Information Systems Security Professional (CISSP);
  • have candidates for members of the board of directors, members of the board of commissioners, shareholders, controllers and/or beneficial owners who must pass the fit and proper test conducted by Bappebti.

A detailed list of requirements can be found in Bappebti Regulation No. 8/2021 on Guidelines for Conducting Crypto Asset Physical Market Trading on Commodity Exchanges as amended by Bappebti Regulation No. 13 of 2022.

Since the regulator will soon change, so may the approval rules. In accordance with the Act of 2023, crypto companies will be included in the concept of ITSK, or Inovasi Teknologi Sektor Keuanga (Financial Sector Technological Innovation).

AML requirements

Activity concerning cryptocurrency must implement Anti-Money Laundering/Prevention of Terrorism Financing/Proliferation of Weapons of Mass Destruction (APU PPT) Programs.

The AML requirements crypto businesses in the country must follow are:

  • Appointing a money laundering reporting officer (MLRO)
  • Conducting risk assessment
  • Development and implementation of internal AML policies
  • Conducting Customer Due Diligence (including Simplified Due Diligence and Enhanced Due Diligence, where applicable)
  • Conducting sanctions screening 
  • Carrying out transaction monitoring
  • Complying with the Travel Rule
  • Keeping records
  • Reporting suspicious activity and transactions

Customer Due Diligence

Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding and assessing risks associated with it. This includes the customer’s name, address, and other personal data. In Indonesia, the following documents are required during the CDD process.

For natural persons:

  • full name including alias (if any)
  • identity document number
  • residential address according to the identity document and other residential address (if any)
  • place and date of birth
  • citizenship
  • employment details
  • gender
  • signature or biometric data

For legal entities:

  • name
  • license number
  • line of business or activity
  • domicile address
  • telephone number
  • place and date of incorporation
  • form of legal entity or business entity
  • names of members of board directors, commissioners, shareholders
  • information and data of a natural person authorized to act on behalf of the corporation.

Check out the detailed AML requirements for Indonesia in our Compliance Guidelines: Indonesia

Penalties

Administrative sanctions (fines and imprisonment) can be imposed for breaching crypto regulations in Indonesia (e.g. providing services without approval, violating AML/CFT provisions, etc.) .

The Travel Rule

Indonesia adopted the Travel Rule, or FATF Recommendation 16, in October 2021, with a de minimis threshold amounting to USD 1,000 (Rupiah value).

If the threshold of the transaction is more than or equal to the Rupiah value equivalent to USD 1,000, the following information about the sender must be obtained:

a) Sender’s name

b) Sender’s wallet address

c) Identity card for citizens of Indonesia, or passports and identity cards issued by the country of origin of the Crypto Asset Customer (KITAP), or Limited Stay Permit Card (KITAS) for foreign nationals if it is possible to obtain them) Sender’s Address

Information about the recipient must include:

a) Recipient’s name

b) Recipient’s Wallet address (in the event the recipient or the wallet address includes cold wallet or wallet outside of the Trader)

c) Recipient’s address

If the threshold of the transaction is less than the Rupiah value USD 1,000, the following information must be obtained:

a) Sender’s name

b) Sender’s wallet address

c) Recipient’s name

d) Recipient’s wallet address.

FAQ

  • Is cryptocurrency legal in Indonesia?

    Yes, crypto is legal in Indonesia, but it can only be traded as a commodity. It is not accepted as a payment instrument. It is expected that after the transfer of authorities from Bappebti to OJK, cryptocurrencies will be considered securities.

  • Is there a crypto tax in Indonesia?

    Yes, there are VAT and income taxes imposed on crypto transactions in Indonesia.

  • Is crypto regulated in Indonesia?

    Yes, cryptocurrency is regulated in Indonesia by the Commodity Futures Trading Regulatory Agency, known as Bappebti. However, by January 2025, the regulatory authority over crypto-assets will be transferred from Bappebti to the Financial Services Authority (OJK).

See Sumsub in action

Cryptoindonesia