Indonesia’s Financial Services Authority (OJK) has issued the Cybersecurity Guidelines for Digital Financial Asset Trading Operators to enhance understanding and awareness among operators about cybersecurity, with the aim of strengthening the integrity and resilience of the increasingly dynamic digital financial asset trading ecosystem.
The guidelines were launched by Hasan Fawzi, Chief Executive Supervisor for Financial Sector Technology Innovation, Digital Financial Assets, and Crypto Assets (IAKD) at OJK, during the OJK Digination Day event in Semarang on Tuesday (12 August).
The launch was attended by the British Embassy Jakarta, which partnered in drafting the guidelines along with IAKD (ITSK and Digital Financial Asset Trading Operators), representatives from the Indonesian Blockchain Association (ABI), and operators in the sector.
“A year ago, OJK issued cybersecurity guidelines specifically for Financial Sector Technology Innovation (ITSK) operators. We are now extending these guidelines to operators in the national digital financial asset trading ecosystem. This stems from the urgency to strengthen the integrity and resilience of this increasingly dynamic ecosystem,”
Hasan said in his remarks.
Hasan added that the guidelines have been designed as a living document, adopting a “secure by design” and “resilience by architecture” approach.
“All of this is designed to build a cybersecurity system that is progressive, adaptive, and sustainable,”
he said.
The Cybersecurity Guidelines for Digital Financial Asset Trading Operators emphasise the importance of cybersecurity and the development of secure information systems with adaptive, robust, and forward-looking safeguards to maintain stability and public trust in the sector.
The guidelines form part of the implementation of Law No. 4 of 2023 on the Development and Strengthening of the Financial Sector (UUP2SK), which mandates OJK to regulate and supervise the Financial Sector Technology Innovation, Digital Financial Assets, and Crypto Assets sector (IAKD) from January 2025.
The document aims not only to strengthen consumer protection but also to improve consumer trust and enhance the global competitiveness of Indonesia’s digital financial asset industry.
OJK hopes the guidelines will serve as a strategic reference for building a secure, resilient, and sustainable digital asset trading ecosystem in the country.
It sets out, among other areas, the adoption of a zero-trust principle that eliminates implicit trust within networks and requires layered authentication, dynamic access policies, and device management.
It also outlines a cybersecurity risk management framework aligned with national and international standards such as ISO, NIST, CSMA, BSSN, and CREST, as well as data and wallet protection measures. These include the use of cold wallets for the majority of consumer assets and end-to-end encryption in line with industry cryptographic standards.
The guidelines further require incident response planning with effective coordination, rapid recovery, and integrated reporting to OJK and relevant stakeholders, alongside the continuous enhancement of technical competencies through intensive training, professional certifications, and incident simulations to strengthen operational readiness.
Through these guidelines, OJK aims to foster a balanced ecosystem where innovation, cybersecurity resilience, and consumer protection advance together in support of Indonesia’s digital financial sector.
Featured image credit: Edited by Fintech News Indonesia, based on image by rawpixel.com via Freepik
