<![CDATA[The transformation of digital banking in Indonesia is driven by technological advances and the need for efficiency, but its implementation raises issues of legal certainty and consumer protection following the issuance of POJK No. 12/POJK.03/2021. This study uses a normative juridical method with legislative, conceptual, and limited comparative approaches to assess the adequacy of regulations related to definitions, licensing, supervision, cybersecurity, and sanction regimes. The analysis is reinforced by comparisons with the European Union's Digital Operational Resilience Act (DORA) and the Monetary Authority of Singapore's Technology Risk Management (TRM) Guidelines. The results show that although POJK has provided formal legitimacy and established risk management prerequisites, the regulations are still declarative in nature in terms of data protection and have not set minimum technical standards such as encryption, multi-factor authentication, security audits, penetration testing, and incident reporting deadlines. The absence of technical compliance indicators and lines of legal accountability creates the potential for irregularities in the implementation of data protection. The discussion highlights the limitations of supervision, the potential for a digital divide, and the weak deterrent effect of administrative sanctions. It is concluded that strengthening regulations through integration with the Personal Data Protection Law, establishing prescriptive technical standards, regulating third-party risks, and inter-agency coordination are necessary to create a more adaptive and accountable digital banking ecosystem.]]>
Copyrights © 2025
