Money laundering, data breaches

emerge as dark side of fintech

 News Desk

The Jakarta Post

PREMIUM
Jakarta / Mon, September 9, 2019 / 09:59 am

Illustration of financial technology (fintech).(Shutterstock/File)

As financial technology (fintech) from e-wallet services to peer-to-peer (P2P) lending
gain traction in Southeast Asia’s largest economy, security threats such as money
laundering and data breaches lurk around the corner.

Coordinating Economic Minister Darmin Nasution said that while fintech could make
financial services accessible to more people compared to conventional financial
institutions, there were three threats related to the mushrooming of fintech services.

The threats are namely money laundering, data breaches and monopolies, he said,
adding that the government together with the BI and OJK are seeking policies aimed
at balancing threat mitigation and innovation development.

“We need to consider the mitigation [strategy] to data misuse and fintech’s
susceptibility to money laundering,” Darmin said during his keynote speech at the
Fintech Forum event held in Jakarta on Wednesday.

Online transactions rose 281 percent to Rp 47.1 trillion in 2018 from Rp 12.3 trillion
in 2017, according to a Bank Indonesia (BI) study. Meanwhile, P2P lending
companies channeled Rp 49.7 trillion in loans in July, an increase of 119 percent
year-to-date (ytd), Financial Services Authority (OJK) data shows.

With such aggressive increases in transactions and loans, Darmin called for
stronger risk management policy and consumer protection systems to better protect
the growing industry by BI, which oversees fintech payments, and the OJK that
oversees fintech operations such as lending and financial market investment.

Separately, a cybersecurity analyst at nonprofit organization the Communication and

Information System Security Research Center (CISSReC), Pratama Persadha,
told The Jakarta Post that fintech was an easy target for money laundering without
strict regulation and supervision.
“It is hard to keep track of unlisted fintech companies’ capital inflow as unlisted
companies could be a result of a money-laundering scheme. Thus, without clear
regulation fintech is an easy target,” said Pratama while calling for comprehensive
fintech regulations.

According to OJK Regulation (POJK) No. 12/2017 on money laundering and terror
financing prevention, fintech is considered part of a nonbank financial service
provider. “As a consequence, fintech companies are responsible to identify, assess
and understand the risk of money laundering from their customers, transactions and
distribution networks,” said Pratama.

Pratama added that data breaches could even occur legally, elaborating that some
fintech companies not only sell customers’ data but also utilize it to terrorize debtors.
“We urgently need a data protection bill and it should be a priority for the
government and the House of Representatives.”

The Communications and Information Ministry is finalizing a draft of the personal

data protection bill, which it will discuss with lawmakers at the House of
Representatives. The bill will affect how data is managed for a wide range of
stakeholders, from big tech companies, banks and other financial institutions, to
micro, small and medium enterprises operating on e-commerce platforms, as well as
individual consumers.

The latest copy of the draft bill obtained by the Post stipulates that data handlers
must layout information in advance when collecting personal data, such as
information related to data retention, purpose, deletion and all the rights individuals
have over the data.

At present, the existing OJK Regulation No. 77/2016 requires fintech firms to
implement know-your-customer (KYC) principles to better understand their
customers, origin of funds and the funds’ purposes. Suspicious activities would be
immediately reported to the Financial Transactions Reports and Analysis Center
(PPATK), said OJK Institute deputy commissioner Sukarela Batunanggar.

“Fintech companies should implement KYC principles to prevent international money

laundering and terror financing,” Sukarela said, urging fintech players to comply with
the existing OJK regulation.

The OJK is also developing a centralized database containing fintech P2P customer
data to help fintech companies in accessing and sharing customer information, said
Sukarela, adding: “Some fintech companies have already handed over their data
and we are expecting that the database will be completed by next year."
Sukarela added that the OJK was taking the initiative to prevent cyberattacks, calling
for collaboration between the government and industry to improve cybersecurity
management. (awa)