SP 4/GKPB/OJK/I/2026

PRESS RELEASE

OJK ISSUES REGULATION ON INFORMATION TECHNOLOGY IMPLEMENTATION FOR CONVENTIONAL RURAL BANKS AND SHARIA RURAL BANKS
DIGITAL SECURITY STRENGTHENING

 ​

Jakarta, 8 January 2026. Indonesia Financial Services Authority (OJK) issued OJK Regulation (POJK) Number 34 of 2025 on the Implementation of Information Technology of Conventional Rural Banks (BPR) and Sharia Rural Banks (BPRS) (“POJK PTI BPR/S") and its implementing regulations through the Decree of the Board of Commissioners of OJK Number 43 to accelerate BPR and BPRS digitalization in accordance with the second pillar of the Roadmap of the Development and Strengthening of BPR and BPRS Industry 2024-2027.

The regulation aims to promote BPR/S industry to thoroughly optimize information security in its IT through IT governance and risk management. Moreover, BPR/S industry must strengthen its data management and data privacy protection and become more responsive in detecting and handling cyberattacks.

“With this regulation, the mandate of Roadmap of the Development and Strengthening of BPR and BPRS Industry 2024-2027 may be implemented to create a supportive, optimum IT implementation for BPR and BPRS' IT human resources, process & technology, as well as good governance," Chief Executive of Banking Supervision of OJK Dian Ediana Rae said.

The BPR and BPRS IT Implementation regulation stipulates the following:

1. IT governance, namely determining the authorities and responsibilities of the Board of Commissioners and Board of Directors;
2. IT architecture for BPR and BPRS providing digital services;
3. IT risk management, such as information security, collaborations with Information Technology Services Providers and Disaster Recovery Plan (DRP);
4. BPR and BPRS electronic system placement in the Data Centre and Disaster Relief Centre in Indonesia; and
5. Cyber defense and Cybersecurity, as a response to BPR and BPRS IT system connectivity with third parties.

Dian further emphasized the importance of prudence, customer protection, and strong governance in IT system development.

“All BPR/S are expected to build an IT system, independently or through IT vendors, while implementing principle of prudence, preserving BPR/S health, and upholding customer protection," he stated.

The regulation is effective one year as of its promulgation date. Financial Services Authority Regulation Number 75/POJK.03/2016 and the Circular Letter of Financial Services Authority Number 15/SEOJK.03/2017 on Information Technology Implementation Standards for Conventional Rural Banks and Sharia Rural Banks will be annulled after the new regulation and degree take place.

***

Head of the Literacy, Financial Inclusion and Communication Department – M. Ismail Riyadi;

Tel. (021) 29600000; E-mail: humas@ojk.go.id