INTELLECTUAL
BUSINESS
COMMUNITY

Preview

Deskripsi

In today’s rapidly evolving digital landscape, the banking sector in Indonesia faces a multitude of complex challenges in managing digital transformation, maintaining operational integrity, and ensuring customer trust. The rise of digital banking services, third-party integrations, cloud computing, and increasingly sophisticated cyber threats has prompted the need for a robust, structured, and accountable approach to digital risk governance. In response to this need, the Financial Services Authority (Otoritas Jasa Keuangan – OJK) issued two landmark regulations: SEOJK 24/SEOJK.03/2023 on the Digital Maturity Self Assessment, and SEOJK 29/SEOJK.03/2022 on Cyber Resilience and Security. Together, these two regulations provide an integrated foundation for Indonesian banks to strengthen their digital capabilities while safeguarding against emerging digital risks.

However, we found that generally, banks tend to treat these documents merely as regulatory paperwork to be submitted to OJK, rather than embracing them as strategic frameworks that can guide and consolidate all digital risk governance efforts. This mindset significantly reduces the intended impact of the regulations. In many cases, banks perceive that they have already fulfilled the requirements through fragmented initiatives—policies scattered across departments, isolated IT security measures, or Digital Risk Governance for Indonesian Banks disconnected risk registers—without integrating them into a cohesive and auditable governance system.

The root cause often lies in a lack of strategic ownership. Institutions may believe they are compliant simply because certain controls exist in various departments, yet they fail to map these controls systematically to the expectations of SEOJK 24/SEOJK.03/2023 and SEOJK 29/SEOJK.03/2022. As a result, many banks do not see the value in treating these regulations as their primary reference point for designing, measuring, and governing digital transformation securely and sustainably. Worse still, these regulations are frequently misunderstood as purely technical checklists, relegated to middle managers in IT, information security, or compliance departments. Consequently, the documentation and assessments are often prepared in silos and submitted for sign-off by the Compliance Director and IT Director, without ever being escalated to or discussed at the Board of Directors and Board of Commissioners level. This approach undermines one of the core intentions of the regulations: to elevate digital risk governance to a strategic board-level accountability, aligning it with business risk appetite, resilience planning, and enterprise-wide risk management.
Pesan Buku

Judul Buku

Digital Risk Governance for Indonesian Banks

Penulis

Dr. dr. Bayu Prawira Hie, MBA

Dr. Restiana Ie Tjoe Linggadjaya, CIA CRMA IIAP QIA CACP QRGP

Editor

Dr. dr. Bayu Prawira Hie, MBA