Indonesia: Regulation 36/2024 – Paving the way for innovation in Indonesia's insurance industry

In brief

On 23 December 2024, the Indonesian Financial Services Authority (OJK) issued Regulation No. 36 of 2024 ("Regulation 36/2024"), amending OJK Regulation No. 69/POJK.05/2016, as last amended by OJK Regulation No. 12 of 2024 on Anti-Fraud Strategy for Financial Institutions. This regulation introduces several amendments to several operational parameters for insurance companies, sharia insurance companies, reinsurance companies, and sharia reinsurance companies ("Insurance Companies").

Regulation 36/2024 will come into effect on 23 June 2025.

Some of the notable highlights from Regulation 36/2024 are as follows


Contents

Expansion of business scope

Regulation 36/2024 opens new doors for general insurance companies by allowing them to broaden their business activities to include government-assigned tasks, such as issuing micro-working capital credit guarantees (kredit usaha rakyat). To seize this opportunity, these companies must establish a guarantee business unit (unit usaha penjaminan) within six months of the regulation's effective date. It is also important to note that this business expansion opportunity is only available to be conducted until 31 December 2030.

Sharia insurance companies also benefit from increased flexibility, enabling them to extend their business scope to include credit insurance for sharia financing distribution transactions and trading transactions. For trading transactions, Sharia insurance companies must ensure that the seller or supplier bears at least 10% of the risk, a less stringent requirement compared to the 25% mandated under OJK Regulation No. 20 of 2023.

Accordingly, Regulation 36/2024 provides new growth opportunities for Insurance Companies. By allowing these companies to (temporarily) broaden their business activities, the regulation opens up avenues for diversification and potential revenue growth. There are, however, points that warrant further discussions with OJK including on (i) the specific requirements for establishing guarantee business units, (ii) the status of the expanded business post-December 2030 and (iii) how the proposed sharia credit insurance relates to the existing requirements for credit insurance under OJK Regulation No. 20 of 2023.

Digital insurance services

In response to the growing demand for digital insurance products, Chapter IIIA of Regulation 36/2024 specifically regulates digital insurance services. This chapter defines digital insurance services as the process of writing insurance products entirely through digital means, without any face-to-face interaction with the policyholder, insured, or participant.

Some key provisions regarding digital insurance service include:

  1. Requirement for OJK Approval and Business Plan Inclusion for Digital Insurance Services

Insurance companies planning to offer digital insurance services must obtain prior approval from the OJK and include such plan in their business plan. The application for approval must be accompanied by supporting documents, including proof of expertise, comprehensive policies and procedures, system ownership and control, cooperation agreements, and a detailed plan for the next three years.

Additionally, companies must apply to be registered as an electronic system provider within 30 days of receiving OJK's approval and submit proof of registration to OJK within seven days of such registration. Failure to implement the digital insurance service within 30 days of registration or obtain a registration certificate within 60 days may result in the revocation of OJK's approval.

  1. Obligations for digital insurer

Insurance Companies operating digital insurance service must adhere to several key requirements, including:

  1. Utilizing an electronic system that is owned, controlled, and managed by the company. "Owned" refers to systems independently owned by the company or in cooperation with IT service providers for the company's benefit. "Controlled" means the ability to develop, modify, and delete the electronic system. This requirement generally aligns with OJK Regulation No. 4/POJK.05/2021 on Risk Management in the use of IT by Non-Bank Financial Services Institutions (as partially revoked). In practice, this requirement may pose a significant challenge for Insurance Companies when negotiating service contracts with IT service providers, as it demands a high degree of control that large software developers may be reluctant to grant, especially for off-the-shelf products.
  2. Ensuring the reliability of the electronic system. This requirement essentially imposes liability on insurance companies for failures in the electronic systems operated by their service providers. A robust contractual protection is crucial when dealing with a third party IT providers.
  3. Providing adequate communication channels for policyholders, insureds, or participants.
  4. Complying with IT risk management regulations.
  5. Establishing a dedicated unit or function to handle digital insurance services.
  6. Employing human resources with at least three years of experience and expertise in information technology (i.e., database, network, electronic system security, and programming development and management). Further clarity from OJK need to be sought on the level at which these experts should be employed within insurance companies. It unclear at the moment on whether it is sufficient to have these experts as general staff or if they should hold more managerial roles within the dedicated unit or function handling digital insurance, as referred to in item (v) above.
  1. Cooperation with third party for certain functions

Insurance Companies are permitted to collaborate with third parties for specific functions, such as handling premium payments, enhancing IT infrastructure, and improving operational quality. However, they must not outsource their digital insurance services or transfer data processing of policyholders, insureds, or participants to these third parties.

Insurance Companies that have been providing digital insurance services prior to the enactment of Regulation 36/2024 must comply with the new requirements within six months of the regulation's effective date.

Stricter requirements for the use of insurance agents

Regulation 36/2024 introduces stricter requirements for the use of insurance agents, imposing additional obligations on insurance companies to ensure that:

  1. Agents are prohibited from using another agent's name to close insurance policies for personal gain.
  2. Agents must adhere to the code of ethics established by relevant associations and comply with all applicable insurance regulations.
  3. Agents are prohibited from holding any strategic positions within the agency structure.

Given these additional obligations, Insurance Companies are expected to establish robust oversight mechanisms to ensure their agents comply with the new requirements. However, a key question arises: will Insurance Companies face difficulties in ensuring compliance, considering that agents are not their employees? In this case, Insurance Companies can only rely on their rights under the relevant agency contracts. This highlight the importance of having a robust agency agreement with sufficient degree of control and supervision by Insurance Companies.

Mandatory portfolio transfer

To further safeguard the financial health of Insurance Companies and protect the interests of all stakeholders, the OJK may order a portfolio transfer following a thorough evaluation of the Insurance Company's condition. This evaluation may reveal deficiencies such as insufficient human resources, inadequate infrastructure, and poor risk management.

Sanctions

Regulation 36/2024 stipulates that failure to comply with certain requirements may subject the Insurance Company to OJK's reassessment of its primary party(ies), in addition to the administrative sanctions outlined in the regulation.

Remarks

Regulation 36/2024 brings new opportunities for insurance companies seeking to foster growth and innovation, but it also presents several potential challenges:

  1. While Regulation 36/2024 opens up new growth opportunities, Insurance Companies looking to seize these opportunities might need to make significant changes to their operations, policies, IT infrastructures, and procedures to comply with the new requirements.
  2. Investing in advanced technology and hiring qualified IT professionals with at least three years of experience can be costly and time-consuming, especially for companies new to the digital insurance landscape.
  3. Where deficiencies are identified by OJK, Insurance Companies might need to invest substantially to address such deficiencies, such as insufficient human resources, inadequate infrastructure, and poor risk management. Balancing these costs with the potential benefits of compliance and growth is crucial.

Overall, Insurance Companies must navigate these challenges strategically to maintain compliance and leverage the potential opportunities offered by Regulation 36/2024 in this evolving insurance landscape.

* * * * *

LOGO_Indonesia HHP Law Firm_Jakarta

© 2025 HHP Law Firm. All rights reserved. In accordance with a common terminology used in professional service organizations. reference to a "partner" means a person who is a partner, or equivalent in such a law firm. Similarly reference to an "office" means the office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome


Copyright © 2025 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.