By Eko B. Supriyanto, Chief Editor of Infobank
Jakarta – Get an umbrella before a crisis. When the crisis is yet to occur, it’s crucial to take this action. In other words, once it’s occurs, the protocols are initially on set. Even tough discussing a payment system crisis is unusual. The majority of individuals usually discuss more general of financial crises.
Meanwhile, on the statement of Bank Indonesia’s (BI) website, it’s mentioned that the global financial crises, including those experienced by Indonesia, have taught global authorities the importance of a Crisis Management Protocol (CMP). The term “protocol” it’s defined as a set of rules outlining proper (or deemed proper) practices and procedures that should be followed in a formal situation.
According to BI website, the presence of a CMP in the financial system is crucial in efforts to resolve crises, aiding financial authorities in reacting and taking appropriate, swiftly coordinated measures.
Furthermore, the existence of FMD in Indonesia is regulated in Law Number 9 of 2016 concerning the Prevention and handling of financial system crises as amended by Law Number 4 of 2023 in terms of the development and strengthening of the financial sector (UU P2SK).
The Crisis Management Protocol (CMP) doesn’t mention crises in the payment system, or at least details regarding the framework for payment system crises that would be accessible to the public. Furthermore, the existing protocols primarily focus on financial resolution, all derived from lessons learned during the financial crises of 1998, 2008, 2013, and the global pandemic in 2020.
According to the records from Infobank Institute, significant progress has been made in terms of a progressive regulatory framework, international collaboration, and innovative services from industry players (both banks and non-banks). These advancements have resulted in tangible benefits for the public. First of all, the noteworthy example is the initiation of the QRIS service, a breakthrough that has consistently experienced three-digit growth during and after the pandemic. This growth not only applies to transaction numbers but also influences changes in habits and the level of societal adaptation to digital payments.
Secondly, the BI-FAST transfer service, with subsidized low prices, has been introduced to support the SME sector, adding diversity to the array of innovative payment system services. Thirdly, the growth in digital transactions and transaction values has led to a continual increase in electronic transactions per capita, returning to double digits after the pandemic. For Indonesia, as the per capita e-transaction increases, the opportunity to reduce corruption rates becomes more widely open.
The question is, will Indonesia be free from the payment system crisis? Does the National Payment System currently have a crisis plan that is suitable and up to date in the context of current advances in technology, innovations, as well as fraud and hacking techniques?
Check out some of these realities. One, cyber-attacks against massive and structured payment system industry players experienced by several banks and non-banks in 2023. From the aspect of scale and impact there is a significant increase, and the concern is the average TTR (time to recovery) is still relatively in a matter of days, weeks, even months.
Thus, if the above incident occurred in another country, in Singapore for example, the competent authority, namely the Monetary Authority of Singapore (MAS) recently gave a penalty for six months may not develop new service products until the roots of the problem are permanently resolved. It said that Monetary Authority of Singapore (MAS) is quite dissatisfied because the bank’s TTR reaches 5 hours, which for our ecosystem is considered “superfast”.
Two, the ransomware attack is not only experienced by Payment System industry players, but also affects other industry players, data center managers, and other participants who are not prompted by the media. Similarly, there is also an increase in scale and impact compared to previous years.
Three, increasing social engineering and other fraud for bank/nonbank customers who have not received a comprehensive and integrated response from regulators and industry players. Perpetrators of social engineering like mushrooms grow in the rainy season, die one grows a thousand.
Four, let’s be honest about it, there’s been a noticeable uptick in the number and duration of issues with the BI-FAST service throughout 2023, part of our national payment system alongside RTGS, SKN, and GPN. In particular, the Time to Recovery (TTR) took longer to get back on track in 2023 compared to the previous year.
Not to mention the issues affecting customer service with BI-FAST, not only may there be issues with the BI-FAST system itself, but there might also be issues with the systems of banks or non-banks, neither with the networks. It’s not only about consumer transactions, these concerns have broader implications, influencing reconciliation, the oversight of customer concerns, and the general reputation of everyone involved.
Now it’s time for all of us to think about the national interest when it comes to the Crisis Management Protocol (CMP) for the payment system, despite the successes we’ve seen. We need a more measured and forward-thinking protocol in place for those times when the payment system hits a rough patch. It’s about getting ready before the crisis hits.
Wishing you a Happy New Year 2024!
