INDONESIANTALK.COM – “I still remember 25 years ago, when I had just begun my duty of ‘guarding’ capital market news,” recalled Deden Wahyudiyanto, MM, CSA, CRP, CIB, CPIA, GRCP, IRMP, President Director of PT TAP Kapital Indonesia.
“Almost every day I felt like an employee of the Exchange and securities firms, working at the Indonesia Stock Exchange Building—then still known as the Jakarta Stock Exchange.”
Back then, the daily grind meant mingling with brokers, analysts, and investment bankers, where the risks of investment—from investors, companies, the exchange itself, to securities firms—were deeply palpable.
Every afternoon, before returning to the newsroom to write, Deden would still hear the sound of dozens of printers rattling in unison across the trading floor. Today, that sound has all but vanished.
The once-restricted and almost sacred trading floor has dissolved into digital silence, replaced by stock and securities trading conducted entirely via desktops, laptops, tablets, and even smartphones.
With this technological leap, transactions have become faster, cheaper, and more accessible. Yet, the ease has come with a hefty price: greater risks requiring tighter control and stronger governance.
The OJK’s Twin Mandates
Indonesia’s Financial Services Authority (OJK), under the mandate of Capital Market Law No. 8/1995 and Financial Sector Development and Strengthening Law (P2SK) No. 4/2023, recognized that the evolution of securities companies—acting as Brokers (PPE) and Underwriters (PEE)—needed stricter safeguards.
- As Brokers (PPE): They act as the bridge between investors and the market, ensuring every trade is executed properly.
- As Underwriters (PEE): They assist issuers in going public, from pricing offerings to guaranteeing the sale of shares in the primary market.
But behind the market’s glitter lies volatility and risk: extreme price swings, input errors, settlement failures, and potential price manipulation.
To address this, OJK introduced two regulations as complementary “navigation charts”:
- POJK No. 06/POJK.04/2021 – on risk management.
- POJK No. 13/POJK.04/2025 – on internal controls.
GRC: The Foundation, the Engineer, and the Watchdog
Think of Governance, Risk, and Compliance (GRC) as building a house:
- Governance is the design, ensuring every room has a purpose and structure.
- Risk Management is the engineer, making sure the house stands strong even during earthquakes.
- Compliance is the inspector, ensuring the house is built safely and by the rules.
In practice, POJK 06/2021 guides firms in anticipating eight categories of risks—including market and credit risks. Meanwhile, POJK 13/2025 ensures internal controls prevent errors, fund misuse, and manipulation.
Three Lines of Defense
Securities companies apply the “Three Lines of Defense” model, familiar from both the Institute of Internal Auditors (IIA) and SNI 8849:2019. Far from theory, this framework is the lifeblood of daily operations:
- First Line – Business & Operations
- Brokers must validate every order.
- Investment bankers must verify issuers’ data before publishing a prospectus.
- Safeguards include order validation, the four-eyes principle, and pre-trade compliance checks.
- Second Line – Risk Management & Compliance
- Risk managers monitor exposure to market swings.
- Compliance officers review IPO documents and deliver continuous staff training.
- Third Line – Internal Audit
- Internal auditors independently test systems, review processes, and report directly to directors and commissioners, ensuring no cracks go unnoticed.
Human Capital: The Decisive Factor
Behind systems and structures, people remain the deciding factor. Competency frameworks now hinge on licensing and certification:
- First Line: WPPE, WPEE, WMI, or WAPERD licenses, plus basic risk management.
- Second Line: Risk managers and compliance officers with CRP, ISO 37301, or capital market regulatory training.
- Third Line: Internal auditors equipped with risk-based audit training or internal audit certifications.
OJK has mapped this through SKKNI No. 20/2024 and KKNI No. KEP-11/D.02/2024, though implementation awaits readiness from certification bodies and training institutions.
Beyond Compliance: A Survival Roadmap
For securities firms, POJK 06/2021 and POJK 13/2025 are more than regulatory checklists. They are roadmaps for survival and growth in Indonesia’s capital market.
Strong risk management and internal control systems not only prevent sanctions but also build investor trust—a critical currency in volatile markets.
In the end, the difference between firms that merely survive and those that thrive lies in how deeply they embed GRC into the very pulse of their operations.
