Money laundering, data breaches emerge as dark side of fintech. As financial technology (fintech) from e-wallet services to peer-to-peer (P2P) lending gain traction in Southeast Asia’s largest economy, security threats such as money laundering and data breaches lurk around the corner.
Coordinating Economic Minister Darmin Nasution said that while fintech could make financial services accessible to more people compared to conventional financial institutions, there were three threats related to the mushrooming of fintech services.
The threats are namely money laundering, data breaches and monopolies, he said, adding that the government together with the BI and OJK are seeking policies aimed at balancing threat mitigation and innovation development.
“We need to consider the mitigation [strategy] to data misuse and fintech’s susceptibility to money laundering,” Darmin said during his keynote speech at the Fintech Forum event held in Jakarta on Wednesday.
Online transactions rose 281 percent to Rp47.1 trillion in 2018 from Rp 12.3 trillion in 2017, according to a Bank Indonesia (BI) study. Meanwhile, P2P lending companies channeled Rp 49.7 trillion in loans in July, an increase of 119 percent year-to-date (ytd), Financial Services Authority (OJK) data shows.
With such aggressive increases in transactions and loans, Darmin called for stronger risk management policy and consumer protection systems to better protect the growing industry by BI, which oversees fintech payments, and the OJK that oversees fintech operations such as lending and financial market investment.
Separately, a cybersecurity analyst at nonprofit organization the Communication and Information System Security Research Center (CISSReC), Pratama Persadha, told The Jakarta Post that fintech was an easy target for money laundering without strict regulation and supervision.
“It is hard to keep track of unlisted fintech companies’ capital inflow as unlisted companies could be a result of a money-laundering scheme. Thus, without clear regulation fintech is an easy target,” said Pratama while calling for comprehensive fintech regulations.
According to OJK Regulation (POJK) No. 12/2017 on money laundering and terror financing prevention, fintech is considered part of a nonbank financial service provider. “As a consequence, fintech companies are responsible to identify, assess and understand the risk of money laundering from their customers, transactions and distribution networks,” said Pratama.
Pratama added that data breaches could even occur legally, elaborating that some fintech companies not only sell customers’ data but also utilize it to terrorize debtors. “We urgently need a data protection bill and it should be a priority for the government and the House of Representatives.”
The Communications and Information Ministry is finalizing a draft of the personal data protection bill, which it will discuss with lawmakers at the House of Representatives. The bill will affect how data is managed for a wide range of stakeholders, from big tech companies, banks and other financial institutions, to micro, small and medium enterprises operating on e-commerce platforms, as well as individual consumers.
The latest copy of the draft bill obtained by the Post stipulates that data handlers must layout information in advance when collecting personal data, such as information related to data retention, purpose, deletion and all the rights individuals have over the data.
At present, the existing OJK Regulation No. 77/2016 requires fintech firms to implement know-your-customer (KYC) principles to better understand their customers, origin of funds and the funds’ purposes. Suspicious activities would be immediately reported to the Financial Transactions Reports and Analysis Center (PPATK), said OJK Institute deputy commissioner Sukarela Batunanggar.
“Fintech companies should implement KYC principles to prevent international money laundering and terror financing,” Sukarela said, urging fintech players to comply with the existing OJK regulation.
The OJK is also developing a centralized database containing fintech P2P customer data to help fintech companies in accessing and sharing customer information, said Sukarela, adding: “Some fintech companies have already handed over their data and we are expecting that the database will be completed by next year.”
Sukarela added that the OJK was taking the initiative to prevent cyberattacks, calling for collaboration between the government and industry to improve cybersecurity management. Money laundering, data breaches emerge as dark side of fintech (awa, The Jakarta Post)