Indonesia mandates activity-based licensing for payment providers under BI Regulation 10/2025

Providers adopt continuous monitoring frameworks to combat fraud, meet BI-FAST demands, and ensure regulatory audit compliance.

As Bank Indonesia’s Regulation 10/2025 took effect on 31 March 2026, the country’s payment service providers face mounting compliance pressures that mandate a shift from entity-based to activity-based licensing.

Issued in December 2025, the regulation restructures oversight for activities such as e-money issuance, payment gateways, and fund transfers, tying requirements to transaction risks rather than corporate form.

Providers in this rapidly expanding market had previously struggled with fragmented verification processes that failed to address evolving fraud in real-time ecosystems such as mobile wallets and QRIS payments. Key challenges had included point-in-time checks that missed behavioral shifts post-onboarding, such as synthetic identities or mule networks layering micro-transactions below thresholds.

Manual tools and siloed systems had created audit gaps, difficulties scaling with BI-FAST real-time rails or generating consistent documentation for Bank Indonesia and Otoritas Jasa Keuangan reviews. Fraud rates had risen, with the country rendered vulnerable due to super-app interconnections amplifying single-identity compromises.

Providers are implementing integrated digital compliance frameworks to enable continuous monitoring:

• Unified lifecycle verification linking identity checks, transaction risk assessment, and behavioral analysis
• Dynamic risk profiling that calibrates authentication depth to payment activity risk levels
• Network detection for anomalies like mule accounts and event-driven AML re-screening
• Automated audit trails spanning onboarding to ongoing monitoring for regulatory traceability

This transformation aligns with the Blueprint Sistem Pembayaran Indonesia 2030 (BSPI 2030), emphasizing resilient infrastructure amid regional disparities in payment standards.

Said Budi Gandasoebrata, Vice Chairman II, Asosiasi Fintech Indonesia (AFTECH): “Bank Indonesia’s shift to activity-based regulation marks an important milestone in strengthening the foundation of Indonesia’s payment ecosystem… Compliance done well remains the foundation on which a trusted and inclusive digital economy can sustainably grow.”

According to Penny Chai, Vice President (APAC), Sumsub, a verification technology provider whose platform supports industry compliance needs: “Point-in-time controls simply cannot keep pace with persistent levels of fraud… What payment providers need… is a multi-layered defense that works as a continuous system, connecting identity verification, transaction monitoring, and AML screening across the… lifecycle.”