Corporate Governance 2026

INDONESIA Law and Practice Contributed by: Ira A. Eddymurthy, A. Charlie R. Malessy, A. Ramadinan Saptara and Medita F. Siregar, SSEK Law Firm

• suspicious financial transactions; • suspicious financial transactions related to terror - ism financing; • cash financial transactions in the amount of at least IDR500 million or its equivalent in foreign currency, whether conducted in one transaction or in several transactions within one business day; and/or • financial transactions involving fund transfer to or from abroad. Goods and/or services providers are required to submit reports to the PPATK in the following circum - stances: • the transaction of the service user has a value equal to or exceeding IDR500 million or its equiva - lent in foreign currency; • a financial transaction is specifically requested by the PPATK to be reported as a suspicious financial transactions; • the goods and/or services provider does not proceed with the customer due diligence process because it suspects the financial transaction is related to money laundering or terrorism financing offences; or • the goods and/or services provider terminates a business relationship with a customer because the customer refuses to comply with the customer due diligence process or the provider doubts the accu - racy of the information provided by the customer. In addition to these reporting requirements, the AML Law requires implementation of the KYC principle by Reporting Parties in the course of their business activi - ties as part of efforts to prevent money laundering. The KYC principle referred to herein encompasses cus - tomer due diligence and enhanced due diligence, as set out in the recommendations of the Financial Action Task Force on Money Laundering. The AML Law also requires Reporting Parties to retain all records, notes, and documents relating to transacting parties for a minimum of five years following the cessation of the business relationship with the relevant customer. Failure to comply with the requirements under the AML Law, including the reporting requirements, may result in the imposition of administrative sanctions on Reporting Parties. The imposition of sanctions on

Reporting Parties will not extend to members of the board, as the Company Law adopts the principle of separation of liability, which draws a clear distinction between the liabilities of a company and those of its corporate organs, including the boards. 6. Audit, Risk and Internal Controls 6.1 External Auditors All companies in Indonesia are required to prepare financial statements, which are included in the BOD’s annual report and submitted to the GMS for approval. However, not all companies in Indonesia are required to have their financial statement audited by an exter - nal auditor. Only certain companies that meet the cri - teria set out under the Company Law are required to do so. These criteria are as follows: • the business activities of the company consist of collecting and/or managing public funds; • the company issues debt acknowledgement instru - ments to the public; • the company is a public company; • the company is a state-owned company; • the company has assets and/or total annual turno - ver with a value of at least IDR50 billion; or • it is required by laws and regulations. The appointment of external auditors is typically made upon the approval of the GMS. The appointed exter - nal auditor must be an independent public account - ant licensed to provide services in Indonesia. In this regard, specific requirements apply to the appoint - ment of external auditors by financial service pro - viders, which restrict the appointment of the same public auditor for a specified period, thereby requiring mandatory rotation of external auditors after a certain period. 6.2 Risk Management and Internal Controls Indonesian laws and regulations do not expressly address geopolitical risk in the context of corporate governance. Nonetheless, for the purpose of ensur - ing the company’s compliance, the BOD, as the body responsible for the day-to-day management of the company, is expected to identify, manage and miti - gate any geopolitical risk to which the company may

351 CHAMBERS.COM

Powered by