Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index Reinterpretation and Development of Effective Risk Management in Indonesian Peer-to-Peer Lending Rona Almas Ramadhani1.
Reka Dewantara2.
Patricia Audrey Ruslijanto3 Universitas Brawijaya123 Ronaramadhani.
11@gmail.
ABSTRACT
This study examines the reinterpretation and development of effective risk management in IndonesiaAos peer-to-peer lending regulation under Financial Services Authority Regulation Number 40 of 2024, which replaces the previous 2022 regulatory framework.
The study aims to address the persistent ambiguity in defining Aueffective risk management,Ay which may result in inconsistent implementation among platform providers.
Using a normative juridical method and a comparative analysis of international regulatory frameworks, this study identifies key elements of risk management relevant to digital financial services.
The findings indicate that, although the updated regulation emphasizes governance and risk control, it still lacks clear technical indicators and measurable operational standards, thereby limiting its implementation effectiveness.
This study concludes that more detailed legal standards and operational guidelines are required to enhance legal certainty, strengthen consumer protection, and support financial system stability within the evolving fintech ecosystem.
DOI.
https://doi.
org/10.
56442/ijble.
Keywords: fintech peer-topeer lending.
INTRODUCTION
The Fourth Industrial Revolution, widely popularized by Klaus Schwab during the World Economic Forum in 2016, is characterized by the integration of advanced technologies such as the Internet of Things, robotics, nanotechnology, biotechnology, virtual reality, and artificial intelligence into various aspects of human life (Schwab.
This era has produced a disruptive and extensive digital transformation, creating new forms of interaction between humans and technology.
Such interactions are no longer limited by physical or geographical boundaries but have expanded into digital spaces that can be accessed anytime and anywhere.
Digital technologies enable the automation of work processes, large-scale data collection and analysis, and faster as well as more accurate decision-making through algorithms and machine learning.
In this context, efficiency, speed, and accuracy have become dominant values in modern economic and business activities.
These developments have also significantly affected the financial sector.
Digital transformation has reshaped the operation of financial services by increasing efficiency, expanding service outreach, and encouraging the emergence of innovative financial products and transaction systems.
The rapid penetration of internet access and smartphone usage has further accelerated this transformation.
One of the most concrete manifestations of this development is financial technology, or fintech, which has substantially changed the landscape of the financial services industry and has become an important pillar in promoting financial inclusion.
In the financial sector, digitalization has not only improved efficiency in data processing and service delivery but has also expanded access to financial services for communities that were previously underserved.
This development creates substantial opportunities to enhance financial inclusion, which may be understood as equitable.
Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index comprehensive, and sustainable access to financial services for all segments of Financial inclusion plays a strategic role in supporting economic growth, reducing social inequality, and improving public welfare.
The Internet of Things also contributes to the digital transformation of financial services by enabling interconnected devices and systems through internet networks, facilitating real-time data collection and analysis, and strengthening operational efficiency and risk mitigation strategies (Slama et al.
, 2.
The integration of the Internet of Things with artificial intelligence and blockchain technology further enhances transparency, security, and service speed in digital finance.
Technological modernization has also encouraged the emergence of fintech innovation in the financial industry.
Fintech, broadly understood as financial service innovation using modern technology, enables financial transactions to be conducted more efficiently and effectively (Arner et al.
, 2.
In Indonesia, fintech development has been marked by the establishment of the Asosiasi Fintech Indonesia in 2015 and is supervised by the Otoritas Jasa Keuangan (Asosiasi Fintech Indonesia [AFTECH].
Its presence is expected to support the national financial inclusion agenda.
Among various fintech sectors, peer-to-peer lending has shown particularly significant Peer-to-peer lending is a technology-based financial service that connects lenders and borrowers directly through online platforms.
This model offers faster processes and more accessible requirements than conventional financial institutions, while also providing potentially higher returns for lenders.
However, despite these advantages, peer-to-peer lending also presents substantial risks.
The primary risk lies in borrower default, which is borne by lenders because fintech platforms generally function as intermediaries rather than guarantors.
Therefore, risk management becomes an essential component of this system, both from regulatory and operational perspectives.
As of July 2024, there were 98 licensed fintech lending companies registered under the Otoritas Jasa Keuangan (Otoritas Jasa Keuangan [OJK], 2024.
This growth reflects the increasing importance of a robust regulatory framework and an effective risk mitigation system to ensure the sustainability and security of the industry.
In response to fintech development, the regulator issued a new framework through Financial Services Authority Regulation Number 40 of 2024 concerning Information Technology-Based Co-Funding Services.
However, a significant issue arises from the provision requiring providers to Auimplement effective risk managementAy without providing a clear definition or measurable parameters (OJK, 2024.
The absence of a precise definition creates several legal implications, including inconsistent interpretations among peer-to-peer lending providers, non-uniform risk management standards, and challenges in regulatory supervision.
This ambiguity may lead to regulatory uncertainty and weaken the effectiveness of supervisory Moreover, inadequate risk management regulation may result in serious consequences, such as platform bankruptcy, investor losses caused by borrower default, data privacy violations, and digital fraud.
In the long term, repeated systemic failures may erode public trust and undermine the legitimacy of fintech as an inclusive financial solution.
Without clear technical guidelines, each platform may adopt different standards and mechanisms, creating imbalances in consumer protection and industry Given the complexity of fintech risks, which include operational, technological.
Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index legal, and reputational risks, risk management should not merely be treated as a formal administrative obligation but as a strategic instrument to ensure business sustainability, financial stability, and consumer trust.
Based on these issues, this study argues that there is an urgent need to reinterpret and develop the concept of Aueffective risk managementAy within IndonesiaAos fintech peer-to-peer lending regulation.
This reinterpretation is not intended solely to criticize existing regulations but also to promote a more responsive, adaptive, and consumer-oriented regulatory Accordingly, this study aims to identify normative gaps and implementation weaknesses in the current regulatory framework, particularly regarding the ambiguity of Aueffective risk management,Ay and to analyze the concept through a normative juridical and comparative approach in order to formulate a more comprehensive and applicable framework for risk management in peer-to-peer lending.
The novelty of this study lies in its effort to reconstruct the meaning of effective risk management by integrating the theory of legal certainty and the principles of good corporate governance with comparative insights from jurisdictions that have more established fintech regulatory systems, particularly the United Kingdom.
Ultimately, a clearer and more adaptive regulatory framework is expected to enhance supervisory effectiveness, strengthen consumer protection, and support the sustainable growth of Indonesia's fintech industry.
METHOD
This study employs a normative juridical method to examine legal rules, principles, and doctrines in order to evaluate legal ambiguity and propose regulatory improvements, particularly in relation to risk management provisions in fintech peerto-peer lending regulation.
The study adopts a statute approach by analyzing relevant laws and regulations, as well as a conceptual approach by examining legal theories such as legal certainty and good corporate governance.
The legal materials consist of primary, secondary, and tertiary sources collected through literature study.
The analysis is conducted qualitatively and descriptively to identify regulatory weaknesses systematically and to formulate recommendations for strengthening the risk management framework in IndonesiaAos fintech sector.
RESULTS AND DISCUSSION
Analysis of the Limitations in the Meaning of AuImplementing Effective Risk ManagementAy in POJK No.
40/2024 on Information Technology-Based CoFunding Services The obligation to implement Aueffective risk managementAy under POJK No.
40/2024 reflects a regulatory intention to adopt a principle-based framework.
However, its normative construction remains limited because the regulation does not provide explicit definitions, measurable indicators, or standardized benchmarks.
This absence creates normative vagueness that may conflict with the principle of legal certainty.
a normative legal system, legal provisions should provide clear guidance regarding rights, obligations, and standards of compliance.
Without such clarity, the term AueffectiveAy becomes open to multiple interpretations, allowing each fintech provider to determine its own threshold of adequacy subjectively.
This condition creates legal uncertainty not only for platform providers but also for users, who may lack assurance regarding the level of risk protection embedded in Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index the system.
Such ambiguity weakens the regulatory function as an instrument of legal control and predictability.
From a supervisory perspective, the absence of operational parameters also undermines the consistency and objectivity of regulatory Without clear evaluation criteria, the supervisory authority may rely heavily on discretionary judgment when assessing compliance, thereby increasing the risk of inconsistent enforcement.
This condition reflects the weakness of principlebased regulation when it is not supported by sufficient technical guidance.
Although flexibility is often necessary in the context of rapidly developing financial technology, excessive abstraction without measurable standards may lead to regulatory ambiguity and reduce the effectiveness of risk-based supervision.
Furthermore, the limitation in defining Aueffective risk managementAy has significant implications for the application of good corporate governance, particularly the principle of transparency.
In a properly governed financial system, transparency requires not only information disclosure but also clarity in risk management processes that can be understood, evaluated, and monitored by stakeholders.
However, the absence of standardized risk metrics and reporting obligations in POJK No.
40/2024
increases the potential for information asymmetry among platform operators, lenders, and borrowers.
This condition weakens market discipline because stakeholders are unable to accurately assess the risk profile of a platform.
In turn, the erosion of transparency may reduce public trust, which is a critical foundation for the sustainability of fintech-based financial services.
The normative ambiguity surrounding risk management effectiveness also diminishes its role as a preventive legal instrument.
Risk management in the fintech sector should function not merely as an administrative requirement but as a comprehensive mechanism to identify, measure, monitor, and control risks in a structured and continuous manner.
Without clear standards, risk management practices may become fragmented and reactive, failing to anticipate systemic vulnerabilities such as rising default rates, operational failures, or data breaches.
This limitation is particularly concerning given the interconnected nature of fintech ecosystems, where failure in one platform may trigger broader contagion effects within the financial system.
In this regard, sound credit risk management requires clear processes for identifying, measuring, monitoring, and controlling credit risk exposure (Basel Committee on Banking Supervision, 2.
A comparative perspective further highlights these limitations.
In the United Kingdom, the Financial Conduct Authority establishes a more structured and measurable approach to risk management through provisions concerning governance arrangements, internal controls, and risk reporting.
The FCA Handbook requires firms to maintain robust governance arrangements, including clear organizational structures, well-defined lines of responsibility, effective processes to identify, manage, monitor, and report risks, and internal control mechanisms (Financial Conduct Authority [FCA], n.
This model demonstrates that principle-based regulation can function effectively when supported by clear technical guidance and enforceable In contrast.
POJK No.
40/2024 remains predominantly normative and lacks sufficient instruments to translate regulatory principles into consistent operational Another critical limitation lies in the absence of a clear link between risk management obligations and accountability mechanisms.
POJK No.
40/2024 does not Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index explicitly require fintech providers to demonstrate how their risk management systems are evaluated, audited, or held accountable, either internally or externally.
As a result, the concept of AueffectivenessAy becomes detached from institutional responsibility and may be reduced to a declarative obligation rather than an enforceable standard.
In a sound governance structure, effectiveness should be reflected not only in the existence of risk management policies but also in their verifiability through audit trails, performance indicators, and regulatory reporting.
The absence of such mechanisms weakens the principle of accountability as part of good corporate governance because there is no clear basis for assessing whether management has fulfilled its fiduciary duty to manage risks prudently.
This condition may also encourage a compliance-oriented culture that prioritizes formal documentation over substantive risk control, thereby limiting the transformative role of risk management as a core element of corporate governance and financial supervision.
Ultimately, the limitations in the meaning of Auimplementing effective risk managementAy in POJK No.
40/2024 reflect a broader gap between normative formulation and operational implementation.
This gap affects legal certainty, governance quality, and financial system stability.
In the absence of clear and measurable standards, the capacity of risk management to function as a safeguard against systemic disruption becomes significantly constrained.
Therefore, reformulation of the regulatory framework is necessary, particularly through the incorporation of objective indicators, standardized risk assessment methodologies, and mandatory disclosure mechanisms.
Such improvements would enhance the clarity, enforceability, and effectiveness of risk management regulation while strengthening transparency, governance, and financial system resilience.
The Ideal Regulatory Framework through the Integration of Financial Conduct Authority Risk Management Principles into POJK No.
40/2024
The rapid development of financial technology, particularly peer-to-peer lending, requires a more robust and adaptive regulatory framework to ensure effective risk management and industry sustainability.
In Indonesia, the issuance of POJK No.
40/2024 reflects the regulatorAos effort to strengthen governance and risk control mechanisms within information technology-based co-funding services.
However, the provision requiring providers to Auimplement effective risk managementAy remains broadly formulated and lacks clear operational parameters.
This raises important questions regarding the ideal regulatory construction needed to ensure consistent implementation, legal certainty, and optimal stakeholder protection.
In this context, the integration of international best practices, particularly the risk management principles developed by the Financial Conduct Authority, is relevant as a comparative approach to formulating a more comprehensive and effective regulatory The FCA framework emphasizes a risk-based approach, proportionality, sound governance, and consumer protection, supported by clearer supervisory expectations and measurable standards (FCA, n.
By adopting these principles, the Indonesian regulatory framework can move beyond general normative formulations toward more operational and implementable guidelines, particularly in defining the scope of Aueffective risk management.
Ay Table 1 Integration of Financial Conduct Authority Risk Management Principles into POJK No.
40/2024
Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index FCA Risk Management Principle Business scale Business Nature of FCA Description Integration into POJK No.
40/2024
Risk management systems should be adjusted to the size and volume of business operations.
Strengthening minimum capital requirements, financial resilience, and restrictions related to loan ownership or Implementing comprehensive risk management, internal controls, and active oversight by the board of directors and board of commissioners.
Establishing specific regulatory provisions for technology-based funding services and their unique risk exposure.
Policies and procedures should correspond to the complexity of operational activities and business Risk management approaches should be adapted to the characteristics and types of business activities.
In financial regulation, the Financial Conduct Authority emphasizes that risk management should be proportionate to the nature, scale, and complexity of a firmAos This approach is tailored to the operational characteristics of firms and their potential impact on financial stability (FCA, n.
Such a proportional and risk-based regulatory model reflects international best practices, in which regulatory obligations are calibrated according to the size, risk profile, and systemic relevance of financial In this regard.
POJK No.
40/2024 has substantively adopted similar principles, although further refinement is still required to optimize risk management policies and procedures within IndonesiaAos fintech peer-to-peer lending sector.
The principle of business scale requires firms to assess the adequacy of their financial resources in relation to their risk exposure and operational scale.
This principle is reflected in POJK No.
40/2024 through provisions concerning minimum capital, financial resilience, and business feasibility planning (OJK, 2024.
From a regulatory perspective, adequate capitalization is essential to absorb potential losses and ensure operational continuity, particularly in high-risk digital lending environments.
Supervisory mechanisms should therefore be directed toward a risk-based supervision model that combines proactive supervision for large-scale entities, reactive supervision based on incidents, and thematic risk-based assessments.
This approach aligns with global regulatory trends that prioritize forward-looking supervision and early risk detection.
With regard to business complexity, the FCA underlines the importance of aligning risk management systems with operational and technological complexity (FCA, n.
This principle may be integrated into POJK No.
40/2024 through the requirement for comprehensive risk management frameworks, including internal control systems, governance structures, and integrated risk assessment procedures.
In the fintech context, complexity is not only derived from business processes but also from technological infrastructures, such as algorithmic credit scoring, big data analytics, and platform-based financial intermediation.
Therefore, effective risk management must incorporate advanced data governance, cybersecurity measures, and continuous system monitoring to mitigate both financial and non-financial risks.
Meanwhile, the principle concerning the nature of business emphasizes integrity, competence, and prudence in conducting financial activities.
POJK No.
40/2024 reflects this principle by requiring fintech providers to implement risk management policies that correspond to the specific characteristics of their services, including borrower profiling, creditworthiness assessment, and consumer protection Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index mechanisms (OJK, 2024.
This principle is particularly relevant in peer-to-peer lending, where the platform acts as an intermediary without directly assuming credit risk, thereby requiring stronger due diligence and transparency obligations to protect Based on the analysis of FCA principles, the refinement of regulatory provisions concerning Aueffective risk managementAy under POJK No.
40/2024 should incorporate three main standards: business scale, business complexity, and the type of business activity.
In the context of peer-to-peer lending, business scale relates to transaction volume, platform growth, and user base, all of which influence the magnitude of risk exposure.
Business complexity involves the use of advanced data analytics, predictive modeling, and automated risk assessment tools, which are increasingly important in digital financial services.
The type of business activity includes the development of borrower risk profiling systems, credit scoring mechanisms, and portfolio diversification strategies to reduce concentration risk.
Furthermore, the integration of these three standards should be implemented holistically and adaptively.
Contemporary developments in digital technology show that effective risk management requires not only regulatory compliance but also continuous innovation in risk assessment methodologies, including the use of artificial intelligence and machine learning to improve predictive accuracy (Brynjolfsson & McAfee, 2.
Periodic evaluation and regulatory updates are also necessary to respond to the rapidly changing nature of digital financial markets.
By adopting a structured and principle-based approach inspired by FCA standards.
POJK No.
40/2024 can provide clearer operational guidance, enhance legal certainty, and strengthen the resilience and sustainability of IndonesiaAos peer-to-peer lending CONCLUSION The analysis demonstrates that the formulation of Auimplementing effective risk managementAy in POJK No.
40/2024 remains normatively inadequate because it lacks clear definitions, measurable indicators, and operational standards necessary to ensure consistent implementation.
This condition creates interpretive ambiguity, weakens legal certainty, and limits supervisory effectiveness within the fintech cofunding sector.
Furthermore, the absence of structured parameters diminishes the role of risk management as an integral component of good corporate governance, particularly in ensuring transparency, accountability, and stakeholder protection.
As a result, risk management may function merely as a formal obligation rather than as a substantive mechanism for mitigating financial and operational risks.
In practical terms, these findings indicate that the current regulatory framework has not fully optimized its role as a preventive and stabilizing instrument within the digital financial ecosystem.
The lack of standardization in risk assessment and reporting mechanisms reduces the ability of both regulators and market participants to evaluate the resilience of fintech platforms.
This condition may hinder the development of a trustworthy and sustainable fintech industry, particularly in the context of increasing systemic interconnectedness and technological complexity.
Therefore, this study recommends the refinement of POJK No.
40/2024
through the development of more detailed implementing regulations or technical guidelines that incorporate objective risk indicators, standardized risk management Volume 7.
Number 1, 2026 https://ijble.
com/index.
php/journal/index frameworks, and mandatory disclosure requirements.
In addition, strengthening supervisory mechanisms through measurable evaluation tools and periodic audits is essential to ensure consistent enforcement.
Such regulatory improvements are expected to enhance legal certainty, promote good corporate governance practices, and reinforce the resilience and stability of the financial system.
Ultimately, a more precise and operational risk management framework will contribute to building public trust and supporting the sustainable growth of information technology-based cofunding services in Indonesia.
Reference