With BI Regulation 10/2025 and BSPI 2030 in effect, Sumsub’s latest whitepaper defines why continuous, activity-based compliance must become the standard.
Sumsub released a new whitepaper: "From entity to activity-based regulation: What payment providers in Indonesia need to know". It arrives at a pivotal moment for Southeast Asia's largest digital economy as Bank Indonesia's BI Regulation 10/2025 restructures the regulatory framework governing payment service providers nationwide. The whitepaper serves as a reference for industry players seeking to understand Indonesia's regulatory framework for payments, and why continuous, technology-enabled compliance is becoming non-negotiable as the country moves towards the resilient, secure, and integrated payments infrastructure outlined by Blueprint Sistem Pembayaran Indonesia 2030 (BSPI 2030).
Indonesia’s payment infrastructure market was valued at US$110.69 billion in 2025 and is forecast to reach US$294.85 billion by 2031, growing at a CAGR of 17.74%. However, the sheer size and scale of its digital economy creates a wide attack surface that is attractive to fraudsters. Deep integration between payment systems and services, underpinned by super-app ecosystems, means that a single compromised identity can often result in fraudsters gaining unauthorized access to multiple services. Sumsub’s Global Fraud Index 2025 ranks Indonesia as the second least protected country against fraud out of 112 nations, underscoring why the shift to continuous, activity-based compliance is a market imperative.
“Indonesia’s payment sector is navigating a structural shift that demands more than a compliance checklist,” said Penny Chai, Vice President, APAC, Sumsub. “Point-in-time controls simply cannot keep pace with persistent levels of fraud that are increasingly being strengthened with AI. Sustained growth in the digital era is only possible when businesses stop treating verification as a hurdle and start viewing it as the foundational infrastructure for digital trust. What payment providers need to operate with confidence is a multi-layered defense that works as a continuous system, connecting identity verification, transaction monitoring, and AML screening across the entire customer lifecycle.”
“Indonesia’s fintech industry is entering a new chapter defined by integrity and scale,” adds Budi Gandasoebrata, Vice Chairman II, Asosiasi Fintech Indonesia (AFTECH). “Bank Indonesia’s shift to activity-based regulation marks an important milestone in strengthening the foundation of Indonesia’s payment ecosystem. At AFTECH, we stand ready to support and facilitate industry readiness, not only in understanding regulatory obligations, but also in strengthening the operational capabilities needed to meet them. Compliance done well remains the foundation on which a trusted and inclusive digital economy can sustainably grow.”
Moving from entity-based to activity-based regulation
Under BI Regulation 10/2025, which came into effect in March 2026, Indonesian payment regulatory requirements are now dependent on the specific activities provided, regardless of corporate structure or legacy licensing category. Providers will need to meet compliance requirements tied directly to specific activities such as issuing e-money, operating a payment gateway, or facilitating fund transfers. Licensing is now packaged by activity type, with capital requirements calculated as a risk-weighted surcharge based on specific transaction activities.
The regulatory overhaul comes as the findings from Sumsub’s Identity Fraud Report 2025-2026 paints a stark picture of Indonesia’s fraud vulnerability. The country recorded the second-highest fraud rate in APAC in 2025 and ranks among the top-10 jurisdictions globally for the proportion of approved applicants found to be involved in fraud networks (5%).
Strategic trends in Indonesia’s payment industry
The whitepaper identifies three key trends defining the next era of Indonesian payments:
- Transitioning to a continuous compliance model: Connecting identity verification, transaction monitoring, and AML screening into a single system enables Indonesian providers to move away from fragmented, point-in-time checks to an integrated verification lifecycle. This ensures that onboarding logic carries through to ongoing monitoring, providing a consistent, automatically maintained audit trail that meets Bank Indonesia and Otoritas Jasa Keuangan (OJK)’s rigorous documentation standards at all times.
- Low-friction onboarding design: With Indonesian consumers expecting near-instant onboarding, providers must address the need to balance friction and security. Activity-based verification allows for depth of checks to be calibrated to the specific risk of the payment activity. By assessing fraud signals such as device behaviour and network patterns at the point of entry and updating risk profiles dynamically, providers can fast-track low-risk users while ensuring compliance with BI Regulation 10/2025 for higher-risk activities.
- Behavioral intelligence as a shield against mule networks: Threshold-based rules are no longer sufficient as sophisticated fraud becomes the new norm. According to Sumsub research, 1 in 4 individuals in APAC have been personally targeted for mule activity. Behavioral analysis and network-based detection are essential to identify complex schemes like mule account networks and micro-transaction layering. By moving to event-driven AML re-screening and automated audit trails, compliance teams can shift their focus to high-order risk management, allowing them to stay ahead of Indonesia’s evolving fraud landscape.
Navigating the regional regulatory landscape
While Indonesia moves toward activity-based models, the broader APAC region remains comprised of economies at varied regulatory stages. Sumsub continues to advocate for increased regional cooperation to harmonize payments terminology. Streamlining definitions for digital wallets and e-money across borders will reduce friction for SMEs and enhance the effectiveness of digital trade agreements, ensuring that Indonesia’s local growth is supported by regional interoperability.
For more information, please download the whitepaper here: https://sumsub.com/blog/guides-reports/from-entity-to-activity-based-regulation-indonesia/.
