Global Regulations and Requirements for KYC Onboarding
(powered by KYCC small icon KYC-Chain)

Contact us

namedate of birthpassportplace of birthphotographidentity carddriving licenseaddress
nameaddressdate of birthplace of birthidentity cardpassportdriving licensephotograph
nameregistration numberregistration office in country of incorporationtax registry numberbusiness addressidentity of personnel
Kartu Tanda Penduduk (KTP)
2002 (amended through Law of Republic of Indonesia No 8 year 2010).
Bank of Indonesia
Otoritas Jasa Keuangan (“OJK” or Indonesian Financial Services Authority)
Frequently Asked Questions (FAQ) Appendix of Bank Indonesia Regulation No 14/27/PBI/2012 (; b) Bank Indonesia Circular Letter No. 3/29/DPNP concerning Standard Guidelines for Application of KYC Principles for All Commercial Banks (; and c) Decree of Director General of Financial Institutions (Bapepam-LK) No. Kep-2833/LK/2003 on Direction of Drafting on KYC Implementation for Non-Bank Financial Services Sector.
Yes, simplified CDD is allowed for walk-in customers (“WIC”) with transactions less than or amounting to IDR100m (approx. USD7,179).
Obtain and cross reference: name, address, place and date of birth and verification documentation from a regulatory body authorized to issue documents which includes customer's full name and photograph, and either address or date of birth, for example an identity card, passport or driving license.
Obtain and cross reference: name, registration number, registration office in country of incorporation, tax registry number, business address, and identity of personnel who have the legal authority to represent the company.
All beneficial owners must be identified. Local regulation does not specify a minimum threshold of ownership as means of identifying beneficial ownership.
Enhanced due diligence (“EDD”) should be performed when: a) engaging with a high-risk Customer (as classified by considering the customer’s citizenship, occupation/industry, risk profile and relationship with Politically Exposed Person (“PEP”); b) engaging with a customer who performs transactions with high-risk countries; c) engaging with a customer who performs transactions inconsistent with its risk profiles; and d) engaging with a customer who performs transactions using high-risk products and services
PEPs are considered high-risk customers and both banks and non-bank financial institutions should always perform EDD when engaging with a PEP.
There are two conditions for correspondent banking relationships: if the correspondent bank is regulated by a territory which has the equivalent standard of KYC implementation to Indonesia, then a formal letter should be written stating that the bank has implemented KYC in relation to the customer properly; and if the correspondent bank is regulated by a territory which has lower KYC standards than Indonesia, then the bank/NBFI entering into a customer relationship with the correspondent bank shall also perform KYC procedures on the customer of that bank as well and the correspondent bank.
Face-to-face meetings should be performed at least once in the account opening process. The only exception to this requirement is for NBFIs where OJK allows the meetings the meetings to be conducted via video link.
FIU, the Pusat Pelaporan dan Transaksi Analisis Transaksi Keuangan (“PPATK”) by both banks and non-banks.
Yes, there is an obligation to make cash transaction reports (“CTR”) and international funds transfer reports (“IFTs”). The former is a requirement after a certain threshold value for transactions has been
Yes. Tipping off is a criminal offence and other penalties apply for non-compliance with AML obligations (including reporting requirements).
Authority to proceed with suspicious transaction may be obtained, on a case by case basis, from Regulator. Authority to proceed internally could form part of the escalation and governance matters within
No, reviews are conducted by AML specialists and are not a part of annual statutory audits. There is no statutory requirement for independent review but financial institutions can undertake such reviews
banking privacy is in place. This is different to broader data protection, which is still emerging. Customer financial data is “protected” under Banking Privacy legislation;
Banking Privacy act.
Different legislation and regulations govern different data restrictions. Advice should be sought on a case-by-case basis.
2013, 2014,
Cross-referencing the available documentation which may include other sources of information
face to face required
Possession of KTP is compulsory for residents whose age is 17 or older, and residents who is married before the age of 17.
IDR 100m
Notarial deeds, letters of court summons and bond certificates are excluded from the law
Yes, but only digital signatures that have been created using a digital certificate provider that has been registered Ministry of Communication and Information Technology and that has servers located in Indonesia are enforceable. Summary of law All forms of electronic signature must meet the requirements under Law of Number 11 of 2008, which includes the registration and certification of public electronic systems, registration of software for services and electronic agents and certification of all hardware,as well as the requirements that all data centers and disasters recovery centers be located in Indonesia. Any digital certificates must be issued by a certification provider approved by government agencies.
Pusat Pelaporan dan Analisa Transaksi Keuangan (“PPATK” or Indonesian Financial Transaction Reports and Analysis Center/INTRAC)
The 3 regulators require the firm to scrutinize the information provided by cross-referencing the available documentation which may include other sources of information beyond what is provided by the prospective customers that are deemed to be reliable and independent.
Refer to A29 and A30 above.
Yes. Refer to A29 above.