IT Examination for a Banking Company: LPS Regulation

A banking company is in an industry that is full of regulations and involves complex information technology in its business processes. Information technology is fundamental to banking business activities, improving customer experience and operational efficiency. The transformation of information technology and digital technology brings challenges in maintaining security, complying with regulations and managing risk. IT examination in the banking sector are crucial and are regulated in The Indonesia Deposit Insurance Corporation (IDIC / LPS) regulations.

The Important Role of Savings Insurance and LPS

In the realm of financial security, the role of deposit insurance institutions is now very important to build trust and maintain economic stability. LPS in Indonesia is known as the Indonesia Deposit Insurance Corporation (IDIC). LPS is an institution established based on Law Number 24 of 2004 concerning Deposit Insurance Corporation (LPS Law), which has been amended by Law Number 7 of 2009. Since its enactment on 22 September 2005, the implementation of LPS has marked a significant shift in guarantee policy. previous government between 1998 and 2005.

Although the policy initially provided confidence, it put a burden on public finances and raised concerns, which led to the policy’s discontinuation. LPS emerged as a response to ensure deposit insurance protection, maintain trust in the banking sector and manage risk.

The real impact of LPS is the transfer from general guarantees to limited guarantees. Article 11 of the LPS Law sets a maximum guarantee of IDR 100 million for each deposit in the bank by a customer. This is in line with international practice seen in 72 countries, including countries with developed economies. The transition to limited collateral balances depositor confidence and mitigates systemic risk, strengthening the banking system’s resilience to market fluctuations.

LPS’s Functions and Authorities

LPS operates with specific functions and authorities to safeguard depositors’ interests and contribute to banking system stability. Its primary role is guaranteeing customer deposit security while maintaining overall banking system stability. LPS formulates deposit insurance policies, executes the insurance process, and shapes banking system stability policies. Moreover, LPS’s authority spans various aspects, from determining insurance premiums to conducting deposit insurance awareness initiatives.

SCV Reporting: PLPS No. 5 of 2019

In the realm of banking regulations, LPS Regulation (PLPS) No. 5 of 2019 holds a significant position, specifically in relation to Article 3 and Article 10. This regulation addresses the imperative matter of customer-based deposit guarantee data reporting, referred to as Single Customer View (SCV).

Article 3 

1. Banks are required to possess and maintain:

1. Raw Data;
2. SCV Detail Data Per Customer;
3. SCV Data Per Customer; and
4. Summary Data SCV Per Bank. 

(2) The Bank is responsible for the correctness of the data as intended in paragraph (1) in accordance with provisions of laws and regulations in the field banking.

Article 10

1. Internal bank examination must conduct reviews on the quality of data and the reliability of systems used in the processing and retention of data as referred to in Article 3 paragraph (1). 
2. The review mentioned in paragraph (1) must be conducted at least once in 1 (one) year.
3. In addition to internal bank examination, reviews of the system’s reliability as referred to in paragraph (1) must also be conducted by independent external parties in accordance with the provisions of regulations, at least once every 3 (three) years.

• Raw Data

Raw data set by Bank Indonesia, The Otoritas Jasa Keuangan (OJK), and LPS that provides customer information reported through the Integrated Reporting portal, among others, is used as the basis for preparing the SCV. The Data is submitted monthly.

• SCV Data Per Customer

Data containing at least the total value of deposits categorized in accordance with Total of the LPS Guarantee Program. The Data is submitted annually for positions as of the end of the year.

• SCV Detail Data Per Customer

1. Ownership of savings, loans, or equivalent to deposits or loans; and
2. The value of Deposits categorized according to the provisions of the LPS Guarantee Program for the relevant Customer Deposits.

• Summary Data

Summary Data from SCV Per Bank is the most rarely used data to calculate the number of customers and deposits in accordance with the category of SCV Data per customer. The Data is submitted monthly for positions as of the end of the month.

This regulatory framework reveals the complexities and responsibilities associated with reporting customer-based deposit insurance data for commercial banks. This regulation introduces us to different customer categories, namely Category 1, Category 2 and Category 3. These categories determine how customer savings data is managed. Category 1 includes customers whose data is carefully recorded by the bank and does not pose a risk to its stability. In contrast, Category 2 refers to customers whose data is not recorded by the bank, and they may create an unhealthy banking environment. Category 3 includes customers outside the previous two categories.

One of the key components of this framework is the Single Customer View (SCV) concept, which is an integrated view of a customer’s financial relationship with the bank. The importance of SCV data and the reliability of the data processing system is felt in the context of IT Examination for banking companies, especially in ensuring compliance with LPS regulations. Regulations such as LPS Regulation (PLPS) no. 5 of 2019, emphasizes the importance of accurate SCV data reporting and the integrity of the data processing system.

Roles of IT Examination

An effective IT examination is pivotal in achieving these objectives. IT examination plays a vital role in ensuring a banking company’s compliance with LPS regulations, particularly regarding SCV data reporting. By rigorously reviewing and assessing operations, IT auditor verify the accuracy, confidentiality and reliability of SCV data. This compliance not only upholds legal standards but also mitigates risks tied to inaccuracies.

Furthermore, IT examination is essential for maintaining data integrity and confidentiality. Given the sensitive nature of SCV data encompassing customer information and financial details, the examination evaluates confidentiality measures throughout the data lifecycle. It also ensures data integrity from collection to reporting, aligning with LPS goals. Additionally, IT examination bolsters operational resilience by scrutinizing IT infrastructure, system robustness and security. This approach minimizes risks, enhances compliance and fosters a secure environment aligned with LPS regulations.

Through rigorous evaluation and verification, IT Examination improves compliance, confidentiality, integrity, and availability of SCV data. Ultimately increasing operational resilience and contributing to effective risk mitigation strategies for banks. The experience of CISA holders in SW Indonesia has proven the effectiveness of the IT Examination.