Simplifying and Managing OJK Requirements for Your Business
  • Otoritas Jasa Keuangan (OJK) and its importance
  • Current state of data protection in Indonesia and the role of Financial Services Authority
  • Anticipated changes to the legal landscape
  • MoEngage's alignment with POJK38 and SEOJK21
  • MoEngage’s readiness to help marketers and other stakeholders meet OJK guidelines
Learn how MoEngage helps marketers and other stakeholders meet OJK guidelines
Three key Aspects of Consumer Data Protection in Indonesia

Data Privacy and Protection

The data protection landscape in Indonesia around classification, defining roles, data ownership rights, and cross-border data transfer regulations. The asset also provides high-level implications for OJK within the Asia Pacific region.

Risk Management

Pertains to the application of risk management in using information technology by banks and non-banking financial services institutions – the primary function under the purview of OJK. This part also covers the regulation checklist for enterprises and small-medium companies to find a provider of SaaS services or cloud computing vendors that are OJK compliant.

Consumer Protection

These are data protection guidelines to prevent money laundering and other illegal financial activity. It also grants the legal authority to the body to inspect financial institutions from time to time. Additionally, any cloud computing services or service provider who’s job is to supervise, build or run SaaS applications must also adhere to the regulatory guidelines established by the Financial Services Authority.

Learn more about simplifying and managing OJK requirements for your business


MoEngage's POJK38 and SEOJK21 Alignment Areas

Overall Alignment:

MoEngage's overall alignment to OJK guidelines and the incoming PDP law will replace a large part of the existing rules.

Incident Response:

Alignment to incident response guidelines as directed by the Financial Services Authority.


Performance supervision of financial business activities using MoEngage's SaaS Application Console, SDK, and APIs.

Performance Reliability:

MoEngage's ability to provide reliability and performance monitoring along with the ability to auto-scale and deliver 99.9% annual availability.

Data Protection:

Data encryption practices by MoEngage, ensuring data integrity using JSON web tokens and strict role-based access.


MoEngage's commitment to protect customer data within the data center and provide network and data security.

Data Recovery: 

Zonal data recovery strategy of MoEngage along with information and ways to addressing worst-case scenarios.


MoEngage's adherence to the "right to audit" and security audits by independent third parties from time to time.


Information to administer MoEngage's SaaS and perform customizations and integrations using the developer's guide available on the website.


Information on MoEngage's termination clauses aligned with the Financial Services Authority.

Final Takeaway

This white paper highlights MoEngage's alignment with multiple applicable frameworks from POJK38 and SEOJK 21. The financial services authority mandates that fintech companies and banks find and avail services from third-party SaaS services aligned with the relevant frameworks. With frequent amendments and a growing purview upon the macro-prudential policy, being OJK aligned is more crucial in the current times than ever before.

Frequently Asked Questions

What is Financial Services Authority (OJK)?

The Financial Services Authority of Indonesia is a government body that oversees the micro-prudential policy in the country to protect customers from financial frauds and promote overall financial well-being. It is also popularly known as OJK or Otoritas Jasa Keuangan.

Who’s this white paper for and how does it help?

While this asset is primarily for marketers, technical and security teams can also use it to evaluate MoEngage’s alignment with OJK.

What is the scope of regulation under OJK?

The OJK or Financial Services Authority covers the micro-prudential policy and all financial services institutions. Overall the body regulates the banking, capital markets, and financial services/institutions. It also ensures the application of prudential principles, practices, and financial fraud investigation. Additionally, it lays out the regulation blueprint for fintech activities such as fintech Lending and Crowdfunding. And lastly, the body also sets guidelines for cloud services by third-party SaaS or any vendor providing managed service around cloud computing to clients and companies.

What does this white paper cover?

This white paper gives a brief overview of OJK and highlights the current data security and privacy landscape in Indonesia. Additionally, it maps MoEngage’s alignment to multiple OJK frameworks.

Which OJK framework does this white paper cover?

This asset exclusively illustrates MoEngage’s alignment to article 9 of POJK38 and article 20 of SEOJK21. The alignment is mandatory for SaaS vendors who provide services to assist fintech and banks in Indonesia.  

Learn more on simplifying and managing OJK requirements for your business