This update highlights the personal data protection considerations arising from debt collection activities in Indonesia’s financial services sector. While debt collection is a lawful recovery mechanism, financial institutions must ensure that any use, disclosure, or sharing of debtor information complies with the requirements of Law No. 27 of 2022 on Personal Data Protection, particularly regarding lawful basis, purpose limitation, and the handling of data by third-party collectors.

Effective from 31 March 2026, the Payment System Regulations form the primary regulatory framework for payment system market players and introduce significant changes to the regulatory landscape. This ARMA Update outlines the key new provisions, while also briefly noting which requirements under the previous regime remain applicable and how the transition to the new framework will be implemented.

OJK, through OJK Reg 4/2025, now consolidated four business types which were previously independent: aggregator, financing agent, funding agent, and wealth tech, into a single category known as Financial Services Aggregation Operator

This ARMA update will discuss the basics of filing environmental dispute lawsuits that can be carried out by individuals, groups or use the class action mechanism.