Financial Aggregator Reclassified: Key Takeaways from OJK Reg. 4/2025

On 26 February 2025, the Financial Services Authority of the Republic of Indonesia (Otoritas Jasa Keuangan, or “OJK”) issued OJK Regulation No. 4/2025 on Financial Services Aggregation Operators (“OJK Reg. 4/2025”).

Under OJK Reg. 4/2025, the OJK reclassified existing entities operating under the Innovation of Technology in the Financial Sector (Inovasi Teknologi Sektor Keuangan, or “ITSK”) into four distinct clusters: Aggregator, Financing Agent, Funding Agent, and Wealthtech. These clusters are now collectively designated to be under the category of Financial Services Aggregation Operators (Penyelenggara Agregasi Jasa Keuangan, or “PAJK”). ¹

The detailed rules and requirements introduced under OJK Reg. 4/2025 reflect the OJK’s recognition of the PAJK business model as one of the fastest-growing segments within the ITSK ecosystem. This newsletter outlines the key provisions of OJK Reg. 4/2025 that affect both current and prospective PAJKs, including licensing and institutional requirements, operational obligations, cooperation and reporting obligations, and transitional provisions applicable to existing players engaging in Financial Aggregation business activities.

OJK Reg. 4/2025 defines a PAJK as an operator engaged in “Aggregation,” which refers to the collection, filtering, and comparison of information on financial services or products approved by OJK, provided by financial services institutions (such as banks, insurers, financing companies, derivative service providers, venture capital firms, and other financial product providers).

As explained in the Introduction, PAJKs are intended to include existing ITSK operators carrying out business activities of Aggregator, Financing Agent, Funding Agent, and Wealthtech. Accordingly, the business activities of a PAJK comprise the following:²

• displaying financial services/product information and providing consumers with options;
• forwarding prospective consumer information to the relevant financial services institutions;
• channeling financial services products/services to consumers; and/or
• administering documentation related to financial services products/services for the benefit of both consumer and financial services institutions.
   

PAJKs may provide features that assist consumers in sorting and filtering financial services/products based on their needs, personalize the needs of the consumer for financial product/services, and/or simulating potential financial benefits/obligations.³ Such features must be provided in an objective and unbiased manner.

In conducting their business activities, PAJKs are prohibited from:⁴

• engaging in activities relating to fund collection, fund channeling, raising fund, and/or managing consumer funds (except for forwarding payments through payment system providers);
• causing unfair business competition as provided under anti-trust regulatory frameworks;
• offering aggregation services in the form of a user-generated content platform without partnering with a financial service institution;
• providing false, misleading and exaggerated statements about financial services/products;
• making promises of investment returns and/or special benefits related to financial services/products;
• being granted authority by consumers to conduct transactions on their behalf; and
• misusing personal data or any other consumer-own data.
   

Parties engaged in financial aggregation services can be exempted from classification as a PAJK if the financial aggregation activities meet any of the following criteria:⁵

• the activity is conducted solely to support their core business (e.g., e-commerce marketplace which aggregates credit card information as payment options within its platform);
• the activity is conducted only for internal corporate purposes and within a group of companies (e.g., aggregation of financial products/services provided by subsidiaries, parent companies, affiliates, or intra-group entities);
• the activity is conducted by a party already supervised by the OJK in another sector (e.g., banks and online banks, financing institutions, insurance brokers, etc.);
• the activity involves only the provision of one-way information, without processing consumer data for aggregation purposes; or
• the activity is not conducted for the purposes of marketing or channeling financial products/services (e.g., personal blogs, news websites). 

Similar to other financial services institutions, PAJKs are subject to licensing, institutional, and operational compliance rules and obligations. The key rules and requirements applicable to PAJKs are summarized below:
 

• Institutional Requirements: A PAJK must be established as a limited liability company.  It must maintain a minimum paid-up capital of IDR 500 million (approximately USD 30,700) in cash, deposited in an Indonesian bank.⁷ Foreign ownership—both direct and indirect—is limited to a maximum of 85% of the PAJK’s paid-up capital. ⁸

  The controlling shareholder and members of the PAJK’s management must pass OJK’s fit and proper test (which includes assessment of integrity, financial reputation, competence, and sound financial judgement).⁹ In addition, at least one member of the board of directors must either hold a recognized certification or have a minimum of 3 years’ work experience in financing aggregation, IT, and/or financial services.¹⁰

• Licensing and Certifications Requirements: A PAJK must obtain a PAJK License from the OJK (“PAJK License”) as well as registration as a Private Scope Electronic System Operator before commencing its business activities.¹¹ It must also hold an internationally recognized certification in information security from a reputable certification body to demonstrate its operational readiness.¹²
   

• Operational Compliance: A PAJK is required to implement both technical and organizational measures to ensure adequate cybersecurity (e.g., an information security policy, an audit record trail system, and technical cybersecurity measures).¹³ A PAJK is also required to retain control and ownership of its electronic systems (e.g., website or mobile app) and ensure that both its data center and disaster recovery center are located in Indonesia. ¹⁴

  When providing financial aggregation services, a PAJK must cooperate with at least two financial services institutions licensed by the OJK in the relevant financial sector.¹⁵ The OJK requires such cooperation contract to contain several mandatory clauses (e.g., the division of responsibilities, data sharing protocols, and complaint handling mechanisms). A PAJK is allowed to partner with supporting service providers (e.g., payment gateways and credit scoring agencies).

  Considering the nature of financial aggregation services, a PAJK needs to ensure compliance with other regulatory frameworks such as those governing consumer protection, personal data protection, and electronic information and transactions. In addition, the PAJK needs to comply with OJK requirements to implement effective anti-fraud strategy. ¹⁶

Aggregator, Financing Agent, Funding Agent, and Wealth-tech entities that have passed the regulatory sandbox stage or have been registered with the OJK as financial technology innovations pursuant to the ITSK Regulation are required to obtain a PAJK License within 12 months from the issuance of OJK Reg. 4/2025 (i.e., 21 February 2026).¹⁷ Failure to do so will result in their classification as unlicensed PAJKs. However, in the meantime, such entities are allowed to continue conducting their business operations pending approval from the OJK.¹⁸ They are also temporarily exempt from the 85% cap on direct/indirect foreign ownership, but must comply with such ownership limitation within 1 year of obtaining a PAJK License.¹⁹ OJK Reg. 4/2025 entered into force on the date of its issuance.

OJK Reg. 4/2025 finally classifies PAJKs (i.e., financial services aggregators) as a distinct category within the financial services sector, following their previous classification as a cluster under the financial technology innovation ecosystem. This shift comes as no surprise, given that financial aggregators represent the majority of the financial technology innovation businesses.

Existing Aggregator, Financing Agent, Funding Agent, and Wealth-tech entities must conduct a thorough assessment on OJK Reg. 4/2025 and begin aligning their operations with the various requirements, particularly in relation to capital, governance, data protection, foreign ownership limits, and partnership arrangements with other financial services institutions. They must also start preparing the necessary documentation to apply for a PAJK License. Although a temporary exemption from the direct/indirect foreign ownership cap is currently available, foreign shareholders should begin reviewing their options and planning for any potential restructuring, especially where current ownership exceeds the permitted threshold.