OJK’s Circular Note Nomor 29/SEOJK.03/2022 (SEOJK 29) is the first cyber security regulation that developed specifically for banks. It promotes a practice of good internal controls for cyber security, which encourages close collaboration amongst three lines of defense in a bank. As the continuous process, cyber risk management needs to be closely monitored so the relevant cyber security controls can be defined accordingly. With that in mind, cyber security should become everyone concern. An active communication and collaboration must be promoted as a company culture.

This SEOJK 29 covers the end-to-end cyber security topics that constructed thoughtfully so that each bank can understand its cyber security inherent risk and prioritise the control required to manage the risk respectively. The SEOJK 29 is more than a regulation, it is a practice reference for banks to explore during the implementation.