Financial Technology Regulation in Malaysia and Indonesia: A Comparative Study

Introduction to The Problem: The era of innovation in information technology has emerged to ease daily commercial transactions. The innovation in financial technology has created numerous new business model to cater the customers’ need. This development needs a regulation and supervision to avoid chaos in the financial system. Particularly in Indonesia and Malaysia, which both countries were recorded by CCAF to be among the top countries in the ASEAN region by the number of fintech firms. Purpose/Objective Study: This study is aimed to analyze the financial technology regulation and supervision in Indonesia and Malaysia. Design/Methodology/Approach: The comparative study is conducted to compare the regulatory environment related to Digital payment, Equity Crowdfunding, P2P lending, Crypto Asset, Consumer protection, cybersecurity law and Islamic fintech in both countries Findings: The study found that compared to Malaysia, Indonesia has lack of jurisdiction that protecting the customer from the cyber-attack which highly threatening the fintech industry. Both countries also treat ICO differently. Malaysia treats it under RMO guidelines, while Indonesia banned it as the method of payment but still allows the trading of ICO as a commodity under Commodity Futures Regulatory Agency.


INTRODUCTION
The development of information technology has emerged to ease the daily commercial transaction in many financial sectors. The innovation in financial technology helps in creating a various business model and caters the need of customers (Salmony, 2014). Financial technology was affecting some aspect of economics such as payment services, banking industry, and financial regulations. The emergence of information technology innovation in the financial services industry is called "Fintech", the simplification of the term "Financial Technology". Fintech has opened the innovation development for applications, processes, products, and business model within the financial industry (Alt & Puschman, 2012). the developments in financial technology have arisen the new business models and revolutionized the way people interact with financial services which also attracted the attention from regulators and policymakers across jurisdictions. However, Fintech may be an opportunity for the financial institutions and advantages in term of customer's attraction and expansion of the business.
Fintech activities have waved across Southeast Asia in recent years indicated by the high rate of growth and likely to continue in the next following years. According to CCAF, ADBI, FinTechSpace (2019), internet penetration in ASEAN has grown up to 58% and 141% growth in mobile connectivity by the year 2018. This may be an indicator of potential growth in the development of financial technology. The widespread of internet penetration and mobile phone network, together with the development of big data, artificial intelligence, and biometric identification have revolutionized the modes of delivery and methodology of the financial service provider. Fintech companies in payment, P2P lending, crowdfunding, asset management or in other areas are playing essential roles in this transformation. Therefore, it is important to monitor the development of the financial technology industry to assess its potential contribution to economic and financial development.
The innovation in financial technology often involves the adoption of new technologies and merging the financial sector activities with telecommunications. Those developments require the regulatory and supervisory framework to maintain the balance of the competing needs for innovation, financial stability and consumer protection. In facing this situation, regulators need to adopt an experimental approach including setting up the regulatory sandboxes.
There are some risks that financial technology industry carries along with its operations. KPMG (2019) identified fintech risks into three categories, they are risk to the consumers and investors, the risk to the financial services firm, and risk to financial stability. Regulators must have been taking specific action in response to those risks. The regulatory and supervisory response covers a wide range of areas including technology risks, cybersecurity and operational resilience, consumer protection, data privacy, firm's and risk governance, and amendments to anti-moneylaundering requirements.
Indonesia and Malaysia are among the ASEAN countries that have a higher number of financial technology companies with a portion of 17% and 11% respectively. In the emerging economies like in Indonesia and Malaysia, the position of the financial sector is challenged by financial technology. This study is aimed to analyze the financial technology regulation and supervision in both countries. The finding of this study might be a comparison and benchmark on the efficient regulatory framework for financial technology disruption and not to mention the benefit for the development of the regulatory and supervisory framework of financial technology.

METHODOLOGY
Indonesia and Malaysia have different regulatory bodies in governing the development of financial technology. To understand the different approach in regulating financial technology in Indonesia and Malaysia, a qualitative method was employed. This study used a library research through a step by step process in acquiring and analyzing the existing data from various types of literature reviews regarding the financial technology regulation and supervision in Indonesia and Malaysia. At the end of the section of this paper, the comparative study is conducted to compare the regulatory environment related to Digital payment, Equity Crowdfunding, P2P lending, Crypto Asset, Consumer protection, cyber security law and Islamic fintech in both countries.

Financial Technology Definition and Classification
Financial technology is simplified by the term "Fintech"; this term is a combination of "finance" and technology. It is also defined by the National Digital Research Center as innovation in financial service. Financial stability board defined Fintech as "technologically enabled financial innovation that creates new business models, applications, processes, or product with an associated material effect on the financial market, institutions, and the provision of financial services.
The usage of fintech is now rapidly growing in the daily transaction ranging from the purchase of groceries to the banking transaction. The evolution of fintech has begun since the early 1950s, where it started with the credit cards and ATM to replace the tellers. Electronic trading and the use of a computerized record-keeping system started to develop in the late 1970s. followed by the progression of the internet and e-commerce business models in the 1990s (Pin, et al., 2019). until nowadays, fintech has been transforming the traditional method of handling customers to the technology-based customers.
CCAF, ADBI, FinTechSpace (2019) used some approaches in classifying the fintech activities. The most common approach to classify fintech company is by the economic function and financial products and services they provide, and also the combination of technology innovation and economic functions.   O n l i n e p l a t f o r m s f o r fi n a n c i a l a d m i n i s t r a t i o n a n d b u s i n e s s performance analytics generation

Risks Associated with Financial Technology
The emergence of fintech solution and evolution of the existing financial services provider gives a huge benefit to the consumers and investors. The wider range of financial products and services were offered with the more effective and efficient delivery model. This situation is also followed by the competitive pressures on the company to adopt a more consumer-centric approach.
Three main drivers emerge the risk for the fintech industry; first, financial services company are now becoming reliant on technology and big data. The use of technology is not something new, but the pace of change has picked up and expanded into many new areas for the company, such as data collection and analysis, automation, platforms, robo-adviser, artificial intelligence, blockchain and crypto-assets. Second, the financial sector also becoming more complex and interconnected. As a result, many fintech-related functions and services were outsourced as well as an increasing number of platform-based nature of financial services. Third, the dependence on the application of IT has been increasing, leading to a natural tendency for a highly concentrated market with few numbers of the provider. Meanwhile, the use of similar IT solutions may generate herd-like behavior.
Along with the development of fintech, the regulatory and supervisory response to fintech also evolved. At the beginning, it focused on the benefit of fintech and support the growth and adoption of the new financial technology solutions. Fintech is the disruption in the financial industry that aimed to ease access to the financial services provider and makes an effective and efficient of service delivery. However, fintech might carry some risks that are not negligible. According to KPMG (2019), the fintech industry carries three kinds of risks, namely: risks to the consumer, risks to financial services firm, and risks to financial stability.

a. Risk to the Consumers
Although fintech should bring many benefits for the customers, it also comes with risks that may disadvantaged customers. First, the lack of consumer understanding of the nature of fintech and its operation. The tech-savvy people might be easy to understand, but older people might find difficulties in understanding the services offered by fintech. Second, the adoption of fintech solution could miss-selling of product and services and expose the consumer to the fraudulent activities. When the value chain becomes more complex and the misconduct occurred, it will be a challenge to redress and remedy the responsibilities and accountabilities of the fintech provider.
Third, the increasing use of big data analytics might result in higher prices and availability discrimination. Meanwhile, the increasing of digitalization may also exclude non tech-savvy people such as an elderly, leading to financial exclusion. Fourth, data privacy, security and protection are essential for the consumers because when using the fintech solution, consumers are requested to give up their data to the fintech provider. Consumer are vulnerable to lose their data and may not know how their data is used. Fifth, although the initial influx of the new entrants on fintech has increase competition, the economy of scale in technology and data handling might be limited and resulting in some markets being dominated by a small number of large fintech firms. Some of the fintech firms might be struggling to win the market, but when they lost their market, the consumer will also be affected.

b. Risk to the Fintech Firms
Although the nature of the risk on Fintech firm depends on their types of the solution provided and new technologies they are adopting, there are six categories of risk that the fintech firm might face. First, the business model viability of the fintech firms will be challenged by the increasing competitive pressures on many fintech firms. Fintech firms have to struggle to survive in this competition. Second, technology is not something that can be easily by everybody including the boards and senior management of the firms. They may not have sufficient knowledge of fintech and fintech-related risk. Therefore, they may be unable to identify, measure, manage and control these potential risks effectively.
Third, risk of technology and operational resilience. The increasing reliance on technology and the use of outsourcing third party providers on technology and data will heighten the risk to the operation and control over the third-party provider, also cybersecurity. Financial institutions are now becoming more vulnerable to internal and external attacks including cyber-attack and operational failures that came from inadequate business continuity planning for IT systems and process, and poor process related to IT management. Fintech company must put efforts into putting the systems and controls in place to manage the risks.
Fourth, data limitations may make the fintech firms difficult to validate outcomes, here where artificial intelligence is used to analyze the data and generate solutions. The customers' data is becoming more valuable and increase the potential of misuse and concerns about data privacy and protection. Fintech companies are challenged on how they handle the data. Fifth, fintech adoption and operational changes on the firms may result in struggling to meet the conduct of business, market dealing, and anti-money laundering requirements. Sixth, when the fintech firms extended cross-border operation, they might face the risk on different national legal and regulatory frameworks. Some fintech applications raise difficult legal questions and remain to be resolved.

c. Risk to the Financial Stability
Although the risk of fintech on financial stability is considered small, regulators are paying increasing attention to the potential risk to financial stability due to the fintech-related developments. There are some concerns about the available information to track accurately the nature of these developments. First, successful fintech firms and adopters and dominant third-party providers may become important in the system. The economy of scale on IT provider will result in affecting the financial stability due to the high reliance on technology. Second, fintech may become an alternative channel of financial intermediation. This may result in increased financial activities with not being regulated appropriately.
Third, the widespread use of machine learning and other strategies for lending or trading may lead to herding behavior. Fourth, fintech open the wider access to trade using crypto assets. The increasing use of crypto assets could lead price volatility and potential impact on the payment systems which may lead to financial instability. Fifth, financial stability will be more vulnerable due to the increasing level of operational risk and cyber risk in the financial system.

Development of Fintech in Malaysia
In recent years, Malaysia has made a significant advancement as a global fintech hub. According to Malaysia Fintech Report 2019, Malaysia has 198 Fintech operating in a variety of areas including payment (19%), wallet (19%), regtech (6%), insurtech (8%), crowdfunding (6%), marketplace (3%), lending (7%), blockchain (7%), wealthtech (7%), remittance (7%), AI/ Big Data (4%), Islamic fintech (3%) and proptech (3%). Payment and wallet were the most areas that using financial technology solution. With 95% of Malaysian are banked, and 86% penetration on internet, financial technology solution is expected to grow in the next following years. The growth is shown by the increasing transaction value of internet banking from 920.9 million in 2018, to 734.9 billion in 2019. To support this growth, Fintech Association of Malaysia (FAOM) was formed in 2016, with the aim to engage with industry players and support the development of fintech and to connect with the stakeholders locally and globally.
Internet banking in Malaysia has quadrupled in the recent years, peaking at 90% usage in the last year 2018. Mobile banking also becoming popular with the support on 4G network coverage, affordable data, and the projection of 5G technology. Malaysia has ranked in the World Economic Forum 2019 Network Readiness Index and become the first among countries in emerging and developing Asia. To support the development and improve the quality of fintech in Malaysia, The Financial Technology Enabler Group (FTEG) was established by Bank Negara Malaysia (BNM) in June 2016. Consisting of cross-functional group within BNM, the FTEG has the responsibility to formulate and enhance regulatory policies to facilitate the adoption of technological innovations in the Malaysian financial services industry.
Payment and wallet have become the most fintech solution provided to facilitate the daily transaction in Malaysia. Multiple mobile wallets have been launched by non-bank players in Malaysia, particularly FinTech startups and big technology company. According to BNM (Bank Negara Malaysia), the number of non-bank e-money issuers that provide payment solution through mobile apps has grown from 5 providers in 2016 to 35 providers in 2018. Some of the big fintech firms that provide payment solution such as GrabPay, Touch n Go (a partnership with Ant Financial) and WeChat Pay are among the most popular provider in Malaysia based on survey by Financial Times Confidential Research (IMF, 2020).
As a part of the Financial Sector Blueprint 2011-2020, BNM has committed to accelerate Malaysia's migration to e-payment. According to IMF (2020), the rise of mobile wallet has enabled non-bank payment transaction to value become MYR 1.3 billion with the volume of MYR 31.1 million in 2018 from just MYR240.3 million and 1.0 million in 2017.

Regulatory Authorities
Two main regulatory bodies govern fintech in Malaysia. The Central Bank, Bank Negara Malaysia (BNM), regulates the country's monetary policy, financial institutions, and credit system. While the other is Securities Commission (SC) which a statutory body entrusted to regulate and develop the capital market systematically. SC was one of the first regulator in ASEAN region to introduce equity crowdfunding (ECF) guidelines.
Regulation and licensing requirements for fintech are depending on the nature of the business model of that fintech firm. There is no specific regulation or license for fintech firms in Malaysia. However, BNM, SC and the Malaysia Digital Economy Corporation (MDEC) approach was to promote a conducive environment for fintech development by developing a supportive infrastructure, reducing barriers to innovation, encouraging a fair competition, and providing a room for innovation within each sector while ensuring the financial stability and confident financial system. Additionally, MDEC, the government agency driving digital transformation, focuses on accelerating formulation of policies and coordination agencies to enable digital economy success, develop the futureproof workforce and increasing the contribution from the digital economy to GDP.
There are two main developments in regulatory aspect of financial technology in Malaysia. First, BNM through the Financial Technology Enabler Group, launched a financial technology regulatory sandbox (the Regulatory Sandbox) in 2016. FTEG was established by BNM to facilitate technological innovation and testing within the financial service sector. FTEG encourages innovation by operating the Regulatory Sandbox. The Regulatory Sandbox provides an opportunity for both financial institutions and Fintech company to operate and experiment in a real environment while containing risks. To enter the sandbox, an applicant must demonstrate its product or services has the potential to improve the efficiency, accessibility, security and quality of financial service. the Sandbox serve the safeguards to manage risks and consequences from failure in the real practice and requires the fintech firm to identify the potential risks in financial stability, consumer protection, and money laundering.
Second, based on the Capital Markets and Services Act 2007 (CMSA 2007) Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, stated that digital currencies and digital token that are not issued or guaranteed by BNM or any government body are prescribed as securities. The implication of this order is to treating digital currencies and digital tokens as securities; therefore, it will be regulated by Securities Commission.

Digital Payment
One of the key objectives of BNM Financial Sector Blueprint 2011-2020 (FSBP) is to achieve greater economic efficiency through e-payment. BNM has undertaken efforts to promote e-payment by formulating an e-payment roadmap in the FSBP also creating and enabling environment of e-payment adoption.
Digital payments are governed as a payment instrument under the Financial Services Act 2013 (FSA). BNM has prescribed e-money as Designated Payment Instruments under the Financial Services (Designated Payment Instruments) Order 2013 (DPI Order). Issuers of e-money are required to obtain approval from BNM pursuant to Section 11 of the Financial Services Act 2013 (FSA 2013). According to Division 1, Part 1, Schedule 1 of the FSA 2013, businesses that require approval includes issuance of a designated payment instrument. For those merchant businesses who accept the e-payment fall under the Schedule 1, Part 2 of FSA 2013. As such, a person must register with the BNM and comply with the requirements in Section 17 to carry on a merchant acquiring service

P2P Lending
Peer to peer lending is a platform that enable individuals to lend money without the use of a financial institutions as an intermediary. It is relatively new concepts in Malaysia. SC has introduced the regulatory framework for P2P under the Guidelines on Recognized Markets pursuant to section 377 of the Capital Markets and Services Act 2007 (CMSA). Currently there are 11 registered Recognized Market Operator (RMO) which operates in Peer to peer financing in Malaysia.
SC stated that all P2P operators must be locally incorporated and have minimum capital of RM 5 Million. The operators should ensure the safeguard of investors' money and be able to determine the suitability of issuer to be hosted in the platform. The operator should do a background checks on the prospective issuers to test their fit and properness. P2P operators also must ensure the compliance of its platform to the rules approved by SC and make available relevant information to the investors. Additionally, the issuer is allowed to keep any amount raised through P2P platform in a condition that the issuer must have at least raised 80% of the target amount. However, the issuer is not allowed to keep any amount which exceeds the target amount of the project.
The project issuer on P2P platform will issue an investment notes to the investor as evidence of a monetary loan. The investment notes are treated as securities by virtue of the Capital Markets and Services (Prescription of Securities and Islamic Securities) (Investment Note and Islamic Investment Note) Order 2016. Where the Islamic note is executed through P2P platform, the operator must establish the Shariah compliant trust account with licensed Islamic bank, licensed bank or licensed investment bank approved to carry on Islamic banking business, for purpose of the fund raised.

Equity Crowdfunding (ECF)
As the part of SC's effort to nurture and support the development of fintech, SC introduced the regulatory framework for equity crowdfunding (ECF) guidelines in February 2015. SC was the first regulator in ASEAN region who introduce the ECF guideline. As per 2020, there are currently 10 registered RMO in the equity crowdfunding sector.
In 21 st August 2015, SC issued Public Consultation Paper NO. 2/2014 Proposed Regulatory Framework for Equity Crowdfunding. The issuance of this paper is to collect the comments and feedback from potential crowdfunding operators, entrepreneurs, venture capital firms, financial institutions, and general public. SC also recently organized the SC Synergy & Crowdfunding Forum in order to create awareness on this market-base financing. Some of the salient features of the framework such as; an issuer can only allowed to raise up to RM3 million within a twelve month period and total maximum of RM5 million through the platform, investors will be given 6 days cooling off period which they may withdraw their settlement and if there is a change that affecting the project or issuer, investors will be given a period of 14 days to optout of investment.

ICO/ Crypto Assets
The Securities commission stated that the framework for crypto exchanges will fall under the Guidelines on Recognized Markets, being the same guideline for ECF and P2P lending players. The regulator has amended a specific section to introduce new requirements for crypto exchanges. Under the new guidelines, any person who is interested in operating is required to register to SC as recognized market operator by 1 st March 2019. The next registration is subject to the review from the SC. The revised guidelines also noted that any person operating unauthorized initial coin offering (ICOs) or digital asset exchange will subject to 10 years imprisonment and RM10 Million fine.

Development of Fintech in Indonesia
Indonesia is the second largest economy in the ASEAN with 264 million populations in 2019, 73% are adults (median age of 29) and 55% of the population are living in the urban areas which makes them more exposed to the latest digital technology. According to Indonesia Fintech Landscape Report 2018, internet penetration in Indonesia was reaching 143.2 million and expected fintech transaction value growth 16.3% annually standing at USD 176.75 Million in 2017 alone. This number could be an opportunity for fintech development in Indonesia. The limited number of ATM (0.5 terminals per 1,000 people) and POS (Point of Sale) terminals, coupled with low credit and debit card penetration shows that there is a tremendous room for fintech to disrupt the old financial system. Indonesia has a dynamic and vibrant start-up environment with the growing numbers of new startup in the recent years. It is estimated that there are more than 250 fintech startup in Indonesia. However, according to OJK (Financial Services Authority), as per February 2020 there are only 161 registered fintech company in Indonesia. The fintech players in Indonesia consists of payment (38%), P2P lending (31%), personal finance and wealth management (8%), comparison (7%), insurtech (6%), crowdfunding (4%), POS system (3%), Cryptocurrency and Blockchain (2%). This profile demonstrates that payment and P2P lending is the biggest fintech player in Indonesia. This might result in the continuous adjustment on regulator and supervisory framework in Indonesia. According to Manan (2019), although the number of new fintech firms are growing, only 15% are registered in OJK. However, still there is no specific body that supervise fintech firms in Indonesia.
The e-money apps are now becoming popular to facilitate payment activities for shopping, entertainment, and transportation. The introduction of QRIS in 2020 will play a big role in shifting Indonesia to the cashless society. OVO is one of the leading payment company in Indonesia to be the first unicorn startup coming from fintech industry. Another unicorn such as Gojek which offers various daily services from transportation, food delivery, house cleaning, and car washing also introduced their own e-wallet. A study by MDI Ventures and Mandiri Capital entitled "Mobile Payments in Indonesia: Race to Big Data Domination" predicts that the mobile payment market will reach US$30 billion in total gross transaction value by 2020, and reach a compound annual growth rate of 158% for the period between 2016 and 2020 (DS Research, 2019). The development on fintech will help the government to reach the unbanked population which is nearly half of Indonesia population and cater the financial inclusion issues.
Fintech as a lending platform has been the fastest growing sector in recent years. According to OJK (The Indonesian Financial Services Authority), the total financing channeled by fintech lending service providers was US$951 million in the first three quarters of 2018, and projects the total loan figure to grow to US$2 billion by the end of 2019. Indonesia has the potential to boost its economic growth by improving the productivity. Fintech lending is believed to become an enabler to drive the economic potential by opening access to finance and capital. Through providing equal access to financing will create multiplier effects to the Indonesian economy. Not only fintech lending services, other services offered by Fintech will help the country to boost its economy.

Regulatory Authorities
The financial technology industry in Indonesia is primarily regulated by two main entities: Bank Indonesia (BI) and Otoritas Jasa Keuangan (OJK). Bank Indonesia is the central bank that regulates fintech related to monetary policies and the matters relating to payments also functions to monitor the financial stability. Whereas OJK regulates the financial services sector, particularly fintech that provides financial services, such as digital banking, P2P lending, crowd funding, insure-tech, investment, and market aggregators. OJK also incorporates to managing the registration, security and licensing of FinTech firms.
OJK published No.13/POJK.02/2018 as the legal umbrella for all types of fintech, effective from 16 September 2018. This regulation is an initiative to stimulate innovation in the digital financial services and aimed to create responsible digital finance innovation. OJK Regulation No.13/POJK.02/2018 stated that any fintech companies that are not yet regulated by other authorities must apply to OJK to go through the Regulatory Sandbox process.
BI regulates by issuing Board of Governor's Regulation (PADG) No. 19/14 / PADG / 2017 concerning Regulatory Sandboxes for Financial Technology (PADG 19). In Article 1 number (4) PBI 19, Regulatory Sandbox is a safe limited trial space for testing Financial Technology Providers and their products, services, technology and / or business models. Whereas in Article 1 number (4) POJK 13, the Regulatory Sandbox is a testing mechanism carried out by the Financial Services Authority to assess the reliability of business processes, business models, financial instruments and governance of the Provider. The purpose of Regulatory Sandbox is to ensure that the fintech services provided are safe for the community.
Both OJK and BI apply regulatory sandbox provision for fintech companies. However, the difference in authority between the two lies in the scope of supervision, OJK Regulatory Sandbox focuses on financial services such as crowdfunding and P2P lending. Whereas BI Regulatory Sandbox handles product related to payment services such as GoPay and OVO (Hapsari, et al, 2019).
The ministry of Communication and Information (MOC) also plays a role in regulating fintech system. Fintech as an electronic system that have a public interest element must be registered with the MOC. The MOC regulates the technical matters such as server location, and also data protection.

Digital Payment
The most recent regulation on e-money operation in Indonesia is BI Regulation No. 20/6/PBI/2018 enforced on 3 rd May 2018 (BI e-Money Regulation). In the new regulation classifies E-money organizers into two categories, front-end and back-end. Front-end organizers are defined as organizers providing services and/or goods and services to customers and comprise of issuers and acquirer. Back-end organizers are defined as organizers providing infrastructure of payment settlement to other organizers (non-client facing nature of services) and comprise principals, switching operators, clearing operators, and settlement operators. The rationale behind this classification id to avoid potential conflict of interest in operating front-end or back-end services.
PBI No. 20/2018 also regulates the limitation of foreign wnership of a non-bank issuer is subject to maximum 49%. The regulation stipulates the minimum issued and paid-up capital of a non-bank e-money issuer is IDR 3 billion and lock-up period of controlling shareholders in five years as of the issuance of the license (Pwc, 2018).

P2P Lending
The guidelines for the organization of P2P lending services was provided by OJK Regulation No.77/POJK.01/2016. This regulation generally refers to the financial services which provided a lending platform where the lenders and borrowers meet through online system with the purpose of entering into a loan agreement in Indonesian rupiah currency.
There are three parties involved in P2P, they are platform operators, borrowers, and lenders. Under the lending scheme, there are two types of agreement that these parties can engage, namely agreement between lenders and borrowers and agreement between operators and lenders. This agreement must be drawn up in the form of electronic document. After the enforcement of OJK Regulation No.77/ POJK.01/2016 concerning on technology-based lending and borrowing, OJK has issued provisions regarding the implementation of information technology risk management and P2P management in Regulation No. 18/ SEOJK.02/2017 which entered into force on 18 April 2017.

Equity Crowdfunding (ECF)
The technology-based equity crowdfunding services was stipulated under OJK Regulation No.37/POJK.04/2018. The regulation is aimed to boost the economic growth Indonesia by providing access to collect the fund for the startup companies and SMEs through online platform in order to develop their business (Batunanggar, 2019). Currently there are only few players of equity crowdfunding in Indonesia. However, looking into the big market in Indonesia, it is expected by fintech stakeholders that EFC will grow exponentially in the near future.

Regulatory Authorities
Central banks in both countries play the same role in maintaining the financial stability and regulates the country's monetary policies. However, regulation and licensing requirement for fintech are depending on the nature of the business model of that firm. Both BNM and BI regulate the digital payment and e-money. Meanwhile SC and OJK regulate the other fintech sector such as crowdfunding and P2P lending. Although both countries seem to have similar role on their regulatory bodies, they have different approach in regulating the fintech.
The Regulatory Sandbox has become a popular tool facilitate and encourage the fintech innovation. It is a formal regulatory program that allow the fintech firms to test their business model in the live practice, subject to certain safeguard and oversight. Indonesia has two Regulatory Sandbox operation. First, Regulatory Sandbox that was launched by Bank Indonesia (BI) in 2017 which primarily for fintech firms within the banking and payment system. Second Regulatory Sandbox is operated by OJK which launched in 2018. It is aimed at fintech firms attempting to operate the new business model such as crowdfunding and P2P lending.

Personal Data Protection
In dealing with risks to customers, Malaysia and Indonesia have taken regulatory and supervisory steps towards fintech operations in their respective countries. Users need to be protected to prevent any form of data abuse in commercial transaction.
In Malaysia, the user protection was stipulated under the Personal Data Protection Act 2010 (PDPA). PDPA regulates the collection, use, processing and disclosure of personal data in respect of commercial transactions. The "commercial transaction" has been defined as any transaction of commercial nature including any transaction relating to supply or exchange of goods and services, agencies, investment, finance, and insurance. Therefore, PDPA would be applicable to the fintech businesses operating in Malaysia. In addition, as per Section 133 of the FSA 2013, the financial institution in Malaysia must obey the secrecy rule in relation to customer affairs or account information.
Indonesia has a National Consumer Protection Body, but this body doesn't have substantial role in protecting consumer in the fintech industry. The main regulators that involve in consumer protection in the fintech industry are OJK and BI. Pursuant to OJK Regulation No. 1/2013 that concerns on consumer protection in the financial services stated that the financial services providers are obliged to incorporate transparency, impartial treatment, trustworthiness, privacy and safety of customer data/information, and simple treatment of complaints and customer disagreement resolution into their operations, along with fast and inexpensive charges (Batunanggar, 2019). BI also has a consumer protection function which allows the customers to report complaints relating to the payment system. OJK Regulation No. 13 /2018 obliges that digital fintech firms must be responsible and secure and prioritize customer protection and governance. This issue is also addressed in With the current 143.2 Million internet active users in 2018, Indonesia's law enforcement institutions are equipped with inadequate laws and tool to combat the cyber threats (Ketchell, 2019). Indonesia only has two cyber-related regulation: Electronic Information and Transaction Law, and Government Regulation on Implementation of Electronic System and transaction. Compared to Law and Regulation related to cyber security in Malaysia, Indonesia urgently needs to have a specific law on cyber security.

Regulation on Islamic Fintech
There has been little discussion on the regulation of fintech in Islamic finance industry. Financial technology in Islamic finance or Islamic fintech can be described as the application of technology in Islamic finance industry which adheres to shariah principles. According to the report by Standard (2018) there is an emerging global Islamic fintech ecosystem which is currently concentrated in peer-to-peer financing. Fintech is reshaping Islamic finance industry on its value propositions, operational efficiency, new technological services and so on. Islamic Fintech Report 2018 highlighted that the government can enhance regulation and provide direct support to create a supporting ecosystem for Islamic fintech industry (Standard, 2018).
According to statistics, Indonesia had the highest number of Islamic fintech startups in the world with 31 startups, followed by US (12 startups), UAE (11 startups), UK (10 startups), Malaysia (7 startups) and other countries in the year of 2018 (Standard, 2018). This shows that there is a growing demand and supply for Islamic fintech in Indonesia. According to Manan (2019), OJK has formed a special unit in charge of supervising, controlling, certifying, and various other vital authorities in the technology-based financial business industry (Fintech). The unit in is called as "Fintech Supervision and Certification Unit" which is its operational was supported by 5 special sub unit which consist of sub unit of audit and reporting, electronic signature standardization sub-unit, payment gateway standardization sub-unit, financial services database management sub-unit, and literacy, education and fintech business development sub-unit. However, Aulia, Yustiardhi and Permatasari (2020) explained that while BI and OJK have issued regulations for fintech licensing, monitoring and supervision as well as customer protection, they have not issued any specific regulation to govern Islamic fintech industry in Indonesia. Islamic fintech startups must follow the general regulations for fintech stipulated by the regulators. In addition, they must act in accordance with regulations from the National Shariah Council of the Indonesian Ulama Council (DSN MUI) which issued fatwa related to Islamic fintech.
Malaysia is also trying to become the global hub for Islamic fintech albeit the small number of Islamic fintech startups in the country. There is no specific regulation from BNM for Islamic fintech industry which is comparable to Indonesia. MDEC play important role in strengthen halal ecosystem by providing shariah certification as well as network and link to venture capital investor in Malaysia (Standard, 2018). Realizing the potential of rapid growth of fintech, there should be an intensive collaboration between startups and Islamic finance institutions which can be supported by the regulators in respective countries.

CONCLUSION
Malaysia and Indonesia have put their effort to develop their Fintech ecosystem. Not only improving the regulatory environment for fintech players, but also stimulate and encourage its development and innovation. The potential growth of fintech in both countries was related to many factors such as the penetration of internet and mobile phone user in Indonesia and realizing the Financial Sector Blueprint (FSB) 2011-2020 in Malaysia.
In terms of regulation, both country's central banks hold the role on regulating the monetary policy and entrusted to regulates fintech business that operate in the payment sector. There are varying approaches employed by individual regulators for various fintech sector. The table below provide a snapshot of the currently regulatory approach by Indonesia and Malaysia towards Regulatory Sandbox, Digital Payment, P2P Lending, ECF, and ICO/Crypto asset. Indonesia has to urge their regulator on regulating cyber security issues. Compared to Malaysia, Indonesia has lack of jurisdiction that protecting the customer from the cyber-attack which highly threatening the fintech industry. Although there are increasing amounts of ICO activities, Malaysia and Indonesia have different approach in regulating the ICO. The Securities Commission Malaysia regulates ICO to fall under the Recognized Market Operators guidelines, being the same as ECF and P2P. Meanwhile, Indonesian regulators has banned the use of cryptocurrencies as valid means of payment. Indonesia has chosen to wait and see how the ICO affecting their financial stability before they make the statement for the regulation.
In conclusion, there is no good or bad regulation for both countries. Both countries have different economic and fintech profile. Malaysia and Indonesia have to look at many aspects and consider the risk for the country before regulating the fintech industry. In our humble opinion, due to the different fintech environment and profile, there is a room for both countries to learn from each other's experience. Especially when it