LIVE
///LATE STAGE • Sociolla • US$ 250M • Commerce///POLICY • Gold Export Duties: Progressive Reference-Price Ladder Kicks In///SERIES A • Hangry • US$ 10.5M • F&B///POLICY • Coal Export Tax 2026: Indonesia Signals a New Resource-Rent Phase///SERIES B • Honest • Undisclosed • Fintech///POLICY • Export FX Repatriation: Proceeds Routed Through State Banks From 2026///SEED • Arummi Foods • US$ 2M • F&B///POLICY • OJK POJK 4/2025: Financial Aggregators Move Into a Licensing Regime///PRE-SEED • IDRX • US$ 300k • Web3///POLICY • Finfluencer Rules: OJK Tightens Conduct Around Securities Marketing///SERIES C • Yup • US$ 32M • Fintech///POLICY • Dormant Accounts: New Standardization Changes Bank Data and Ops///LATE STAGE • Sociolla • US$ 250M • Commerce///POLICY • Gold Export Duties: Progressive Reference-Price Ladder Kicks In///SERIES A • Hangry • US$ 10.5M • F&B///POLICY • Coal Export Tax 2026: Indonesia Signals a New Resource-Rent Phase///SERIES B • Honest • Undisclosed • Fintech///POLICY • Export FX Repatriation: Proceeds Routed Through State Banks From 2026///SEED • Arummi Foods • US$ 2M • F&B///POLICY • OJK POJK 4/2025: Financial Aggregators Move Into a Licensing Regime///PRE-SEED • IDRX • US$ 300k • Web3///POLICY • Finfluencer Rules: OJK Tightens Conduct Around Securities Marketing///SERIES C • Yup • US$ 32M • Fintech///POLICY • Dormant Accounts: New Standardization Changes Bank Data and Ops
Back to Radar
PolicyHigh Impact Mar 13, 2025

OJK POJK 4/2025: Financial Aggregators Move Into a Licensing Regime

"OJK formalizes licensing and supervision for financial aggregators—data, conduct, and consumer protection become platform-grade requirements."

Intelligence Brief: OJK just formalized Indonesia's open-finance infrastructure layer. With POJK No. 4/2025, effective February 26, 2025, financial services aggregation — the business of collecting, filtering, and comparing financial data across institutions — is no longer a regulatory grey zone. It is now a licensed activity with capital, ownership, security, and governance requirements that rival traditional financial institutions.

REG: POJK 4/2025
EFFECTIVE: 26 FEB 2025
SCOPE: LICENSED AGGREGATION
Regulatory Consolidation

POJK 4/2025 consolidates four previously separate business types — aggregators, financing agents, funding agents, and wealthtech operators — into a single category: Financial Services Aggregation Organizers (PAJK). What was once a fragmented cluster under OJK's digital innovation sandbox is now a unified, bank-grade regulatory regime.

01. What Aggregation Means: The Infrastructure Layer

In practice, aggregation is the software layer that consolidates fragmented bank accounts, e-wallet balances, investment portfolios, and insurance policies into a single truth for users and businesses. OJK treats this layer as strategically sensitive infrastructure because it sits on top of account access, transaction histories, and consumer identity signals.

Common Products
  • • Personal finance dashboards (PFM)
  • • SME cashflow & reconciliation
  • • Multi-bank payment initiation
  • • Credit scoring via account signals
  • • Wealthtech portfolio aggregation
Why OJK Intervened
  • • Consent risk (data misuse potential)
  • • Security risk (credential exposure)
  • • Market conduct (misleading UX practices)
  • • Systemic concentration (single API failure point)
The Reclassification

Aggregators are no longer "fintech apps." They are regulated financial intermediaries with governance, capital, audit, and security expectations equivalent to licensed financial institutions.

02. The Compliance Stack: Capital, Ownership, Security

Minimum Paid-up Capital

IDR 500M

Approximately ~USD 30k. Acts as a filter: small "one-developer" fintechs cannot sit on top of bank accounts. Capital cannot be sourced from loans from banks or other entities.

Foreign Ownership Ceiling

85%

Direct and indirect foreign ownership capped at 85%. A quiet sovereignty lever — aggregation is treated as strategic data infrastructure, not just software.

Operational Mandates (Bank-Grade Requirements)
  • /// PSE registration (Private Electronic System Operator) within 30 days of licensing, PSE certificate within 60 days — cybersecurity and accountability anchor.
  • /// Security certification/standards: PAJKs must obtain recognized security certifications or meet established security standards within 3 years of licensing. While ISO 27001 is not mandated by name in POJK 4/2025, it is the de facto industry standard for information security management.
  • /// Governance structure: minimum 2 directors + 1 commissioner. At least one director must hold recognized certification or 3+ years experience in aggregation, IT, or financial services.
  • /// Fit-and-proper tests for controlling shareholders and management — assessment of integrity, financial reputation, competence, and sound financial judgment.
  • /// Data handling standards enforceable via cooperation agreements with financial institutions — consent management, disclosure obligations, and document handling become contractually binding.
  • /// Financial crime controls — PAJKs must implement anti-money laundering (AML), counter-terrorism financing (CTF), and anti-proliferation measures in line with applicable OJK regulations. Anti-fraud strategy required.
Transition Period

Existing aggregators, financing agents, funding agents, and wealthtech operators registered with OJK before POJK 4/2025 have 12 months from February 26, 2025 (until February 26, 2026) to apply for a PAJK license. Failure to do so results in unlicensed status.

Entities with pre-existing foreign ownership exceeding 85% receive temporary exemption from the ownership cap but must comply within one year of obtaining their PAJK license.

03. Market Impact: Winners, Losers, and Strategic Shifts

Segment What Changes Strategic Readthrough
PFM / Super-app dashboards Must treat consent + security as core product infrastructure, not UX copy Moats shift to compliance quality
SME finance / lending Account data becomes regulated underwriting input with audit trail requirements Better credit models, higher operational cost
Unlicensed "scrapers" Screen-scraping without license becomes existential compliance risk Shakeout inevitable
Wealthtech platforms Multi-portfolio aggregation now requires bank-grade governance and security Consolidation into licensed players
Foreign-backed startups 85% ownership cap forces local partner strategy or divestment Ownership restructuring wave
Market Data Snapshot

As of May 2025, OJK reported 19 registered PAJKs (Financial Services Aggregators). In April 2025, these PAJKs had established 960 partnerships across banks, insurers, P2P lenders, securities firms, and microfinance institutions, facilitating IDR 1.98 trillion in approved transactions and serving 796,605 users. The regulation is driving rapid formalization.

04. Exemptions: Who Doesn't Need a PAJK License

POJK 4/2025 carves out exemptions for aggregation activities that meet specific criteria. Entities conducting aggregation in the following scenarios are not required to obtain a PAJK license:

  • /// Internal corporate use: Aggregation performed internally within a company and its corporate group to support main business activities.
  • /// Already supervised entities: Banks, insurers, capital market intermediaries already supervised by OJK under other regimes (e.g., in-house marketing platforms, bank mobile apps).
  • /// One-way information delivery: Activities limited to delivering information without processing consumer data for aggregation purposes.
  • /// Non-marketing activities: Activities not intended for marketing or distributing financial institution products or services.

05. Strategic Implications: Infrastructure Pricing Ahead

From "Growth Mode" to "Trust Mode"

POJK 4/2025 doesn't force banks to open APIs overnight — it forces aggregators to become credible counterparties. The regulatory shift creates a trust layer where licensed PAJKs can negotiate with financial institutions from a position of regulatory equivalence rather than as unregulated third parties.

Expect market consolidation: fewer players, higher margins, M&A into regulated rails. If OJK begins publishing licensed aggregator lists and enforcement actions, the competitive dynamic flips from "who can grow fastest" to "who can be trusted with systemic data."

The best aggregators will start pricing like financial infrastructure — steady revenue, low churn, high switching costs for institutions that integrate them.

Enforcement Risk

Unlicensed aggregation after February 26, 2026 exposes operators to OJK administrative sanctions. For fintech players that raised capital on "regulatory arbitrage" stories — operating in grey zones with minimal oversight — this is a strategic reckoning. The path forward is binary: license up or shut down.

Analyst Outlook

"POJK 4/2025 is Indonesia's quiet Open Finance moment. It doesn't mandate open banking APIs — it mandates that aggregators become regulated financial intermediaries. This is the infrastructure play: fewer players, bank-grade compliance, institutional trust. The market reprices from growth potential to utility economics. Watch for M&A, watch for enforcement, watch for margin expansion among survivors."

Market Intelligence

The Monthly
Venture Memo

Zero fluff. Just hard data on deals, policy shocks, and sector rotations sent directly to your inbox.

Deal Ledger
Policy Watch
Macro Analysis
Subscribe for Updates

By connecting, you agree to receive the Monthly Venture Memo.
Privacy Policy applies. We respect your privacy.