An overview of Indonesian regulatory framework on Islamic financial technology (fintech)

JEL: G28, K12, O16, P43, Z12 Abstract The advancement of technology has touched many sectors, including financial industries. The emergence of Financial Technology or Fintech has changed the way people do business transactions. Indonesia as a country with a separate regulatory model under the Central Bank of Indonesia (BI) and Financial Services Authority (OJK) has issued several regulations to regulate fintech, which includes Islamic fintech. This paper aims to analyse the existing regulatory framework of Islamic fintech in Indonesia and gives some recommendations, if any, to improve Islamic fintech development in Indonesia. It uses qualitative methodology by extracting information from works of literature and existing regulations. This research finds that both BI and OJK have significant roles in regulating Islamic fintech without issuing any provision to address it specifically. However, it is complemented by the fatwa issued by the National Shariah Board of Indonesian Ulama (DSN MUI).


Introduction
Technological developments in the financial services industry are growing rapidly. By having technological supports, the financial services will develop and can reach a wider community. Nowadays, financial services with technological assistances or financial technology (fintech) have become a trend in Indonesia. Based on the types of business, fintech consists of various kinds, ranging from payment, peer to peer lending (P2P), investment management to crowdfunding or joint venture funds. According to the types of fintech, in P2P lending, activities are carried out online through the website platform of various peer lending companies. There are multiple types of platforms, products, and technologies for analysing the credit. Borrowers and lenders do not meet physically and often do not know each other. P2P lending is not the same and cannot be categorized in the forms of traditional financial institutions such as deposits, investments, or insurance. Therefore, P2P lending is categorized as an alternative financial product.
Fintech regulatory framework initiatives began in 2009 when Central Bank of Indonesia (BI) issued a set of regulation pertaining to electronic money and card payment. Along with the various fintech products and services being offered in the market, an association to gather fintech players was established in 2015, namely, Asosiasi Fintech Indonesia -AFI (Indonesian Fintech Association). Further, BI established Fintech Office in November 2016 to formulate and issue rules that encourage the growth of innovations, especially those relating to technology and financial sector.
Financial Services Authority (OJK) continues the initiative by issuing POJK Regulation No.77/POJK01/2016 concerning the Procedures for Information Technology-based Money Lending Services. The data from OJK shown the number of loans disbursed as of January 2018 has reached Rp. 3 Trillion, with the growth of 17.11% (year to date). While the number of perpetrators reached 120 fintech which consist of 36 registered fintech, 42 are still in the process of registering, and 42 others are interested in registering. Even though the loan interest rates are quite expensive, on average above 19%, people can easily get cash from P2P lending scheme. Moreover, the rules of borrowing money are not too strict, which through the internet platform, the borrowers can come from anywhere, and it makes this more difficult to track any borrowers.
Meanwhile, BI stated that there were 15 technology-based financial service providers (fintech) providing payment systems that had been registered with the central bank. According to the 15 fintech providers, only one has been included in the regulatory sandbox and the next stage is the licensing process. Being the primary financial authority, OJK urges fintech companies to make a transparent scheme to manage customer funds. The aim is to ensure that consumers are comfortable to utilize fintech products and services without troublesome. The development of fintech has changed people's behaviour in conducting financial transactions. The presence of fintech companies threatens the traditional financial institution operations, including bank operations. Thus, OJK advises banks to establish synergy with fintech companies and to offer fintech business lines.
Concurrent with the fintech development, proper laws and regulations are required as the standard rules for each process and business of fintech. Supportive and transparent laws and regulations accommodate certainty for fintech business players and serve protection for every consumer. A lack of comprehensive law and regulation framework effects on criminal actions and loss of consumers protection. On the contrary, inflexible law and regulation decelerate the fintech industry development. Fintech experience from other countries advise valuable lesson in developing the fintech industry by providing an adequate and relevant legal and regulatory framework, for example, Malaysia with Bank Negara Malaysia (BNM) and Security Commission (SC) regulations on cryptocurrency exchanges, peer-to-peer financing, equity crowdfunding and fintech sandboxes, and Singapore government with its policies and schemes under 5 pillars of Fintech ecosystem that successfully promote Singapore as an attractive Fintech ecosystem called Asia's FinTech hotspot (Ernst & Young, 2019). However, none of them had specifically regulated on fintech for Islamic finance; hence, both countries consider to provide a similar playing field for both conventional and Islamic fintech players.
There has been little discussion regarding the regulatory framework of Islamic financial technology in different countries, including in Indonesia. On the other hand, Indonesia has the most Islamic fintech start-ups with the number of 31 start-ups out of 93 identified Islamic fintech start-ups globally (DIEDC, 2018). It shows that Islamic fintech in Indonesia has a rapid and notable growth compared to other countries. Therefore, the regulatory framework of Islamic fintech in Indonesia is important and becomes a necessary topic to be discussed and explored. Batunanggar (2019) explained about the regulatory framework, opportunities, challenges and landscape of fintech in Indonesia. However, it did not discuss the regulation for Islamic fintech at all. Hidajat (2019) discussed the unethical practices of fintech in Indonesia and explained that weak regulations contribute to this problem. Moreover, Buchak et al. (2018) found that the most significant factors affecting the growth of fintech in a country are technology (30%) and regulations (60%).
This paper attempts to fill the gap of discussion related to the regulatory framework for Islamic fintech in Indonesia. The paper aims to highlight, observe and discuss current fintech regulatory framework in Indonesia, particularly in facilitating the development of Islamic finance. Furthermore, the paper also intends to draw some recommendation on the issue highlighted by industrial experts.

Methods
This paper uses a qualitative method to analyse the current fintech regulatory framework in regulating Islamic fintech in Indonesia. The information is derived from secondary data available from various sources. Secondary data are data collected earlier by other researchers or for other purposes than research which are archived and stored (Hox & Boeije, 2005). This study mainly collects information from existing regulations and related works of literature which are quite limited; especially about the regulatory framework for Islamic fintech. From related regulations and literature, we explain the regulatory framework for both fintech in general and Islamic fintech in Indonesia. Needless to say, the basic regulations for fintech also apply for Islamic fintech. This study is explanatory in nature in order to elaborate on the current regulatory framework and to provide necessary recommendations for improvement.

Financial Technology (Fintech) Development
The financial sector has an essential role in supporting the economic strength of a country. Advanced information technology encourages financial sector development in a modern and practical direction. Financial technology (fintech) is now on the rise in many jurisdictions, including in Indonesia.
Fintech is one form of application of information technology in the financial sector. Although there is no standard definition, basically fintech is a segment of the start-up world that has a focus on maximizing the use of technology to change, accelerate or sharpen various aspects of financial services which currently available. Fintech product and services are numerous, starting from the method of payment, transfer of funds, loans, fundraising, to asset management. The similar definition of fintech conveyed by Schueffel (2016), is a new financial industry that applies technology to improve financial activities. Juridically, the understanding of fintech is found in Central Bank of Indonesia Regulations (PBI). Based on Article 1 paragraph (1) BI Regulation No. 19/12/PBI/2017 concerning the Implementation of Financial Technology (from now on referred to as PBI Fintech), Financial technology is the use of technology in the financial system that produces new products, services, technology and business models and can have an impact on monetary stability, financial system stability, and or efficiency, smoothness, security and reliability of the payment system (BI Regulation, 2017).
Meanwhile, the presence of Islamic fintech has helped to enliven the realm of technology in Indonesia. Shabana (2018) argued that both fintech and Islamic fintech have the similar definition, but the main starting point is that sharia (Islamic law, especially the branches dealing with transaction in the economy) guidelines must be observed in the latter.
Furthermore, Andriawan (2018) asserted that there are three Islamic principles must be possessed by Islamic fintech, which prohibition of maysir (gambling), gharar (uncertainty) and usury (the amount of interest passing through the provisions). Using the Shariah basis, the primary reference has also been made by the National Sharia Board concerning the existence of sharia financial technology. The basis is the provision of MUI No.67/DSN-MUI/III/2008, which must be followed by the fintech companies in Indonesia. According to his finding, as of September 2018, there are only 4 Islamic finance technology companies (Ammana, Alami Sharia, Investree Syariah dan Dana Syariah) that were inaugurated by OJK. The National Sharia Board of MUI has issued a fatwa if Islamic fintech must follow the shariah rules, one of the most critical problems is usury or interest that is not in accordance with the current provisions. Nastiti and Kasri (2019) explained that in regards of branchless banking, the related regulations to stimulate this sector have not yet effective to meet the goals. Modara, Bennet, and Ribiere (2020) explained that collaboration between private sectors and regulators is required to create better innovation of financial technology in Bahrain. The government, through BI and OJK, was authorized to regulate fintech according to its category. Both OJK and BI have issued several regulations to safeguard the fintech industry and protect customer interest. The use of information technology in the fintech business is very close to data or information. In this case, the community as a fintech consumer needs to get the protection of consumer information confidentiality.
In addition, consumer data, especially those involving users' personal information, are very vulnerable to being misused by irresponsible parties. Current regulation related to the protection of personal data in Indonesia is still scattered in several regulations. Therefore, regulation of comprehensive personal data protection is noteworthy since no legislation becomes lex-specialist regarding personal data protection, especially in fintech business.

Fintech Regulators in Indonesia
In most jurisdictions, fintech has been developed by the financial industry and has been regulated mainly by central bank, financial services authority and or Securities Commission. For instance in Dubai, the Dubai Financial Services Authority (DFSA) regulates and supervises the financial services and securities in the Dubai International Financial Centre (DIFC) free zone, which issued a regulatory framework for fintech specifically on loan and investment-based crowdfunding platforms in August 2017 (Al-Bashir, 2019). Akin to Malaysia, the fintech industry is also regulated under the Securities Commission and Bank Negara Malaysia.
Similarly to most jurisdictions, fintech in Indonesia is regulated by BI as the Central Bank, OJK as the Financial Services Authority (FSA), and also the Ministry of Communication and Information Technology (Kemenkominfo). Indonesia adopts separate financial regulatory model, where there are two independent financial regulatory bodies which regulate and supervise financial institutions in Indonesia, namely, BI and OJK. Before the establishment of OJK, BI had three main tasks under the Law No. 23 of 1999 on Central Bank of Indonesia, which are formulating and implementing monetary policy, regulating and ensuring a smooth payment system and regulating and supervising banking sector. The law was amended by the Law No.3 of 2004, which stated that banking sector regulation and supervision would be transferred to an independent financial services authority established by the law.
OJK was established in 2012 under the Law No. 21 of 2011 on Financial Services Authority. As the financial services authority, OJK is mandated to regulate and supervise any financial institutions in Indonesia, comprises banking, capital market and non-bank financial institutions, i.e., insurance, takaful, pension fund, multi-finance, and other financial institutions. Following the OJK and BI Law, BI had transferred the banking supervision to OJK in the late of 2013. While other financial institutions supervision, such as insurance, takaful, multi-finance, capital market supervision, which previously were under the supervision of Badan Pengawas Pasar Modal -Lembaga Keuangan (Bapepam-LK) and Ministry of Finance, were also transferred to OJK. Since then, all financial institutions in Indonesia become under supervision of OJK.
BI holds a task to maintain the financial system stability, which confirms BI's authority on the establishment of macroprudential policy. On the other hand, OJK as a financial services authority is mandated to establish the micro-prudential policy. While the macroprudential policy is intended to achieve financial system stability by preventing systemic risks, the micro-prudential policy is intended to achieve financial stability by maintaining financial soundness of individual financial institution (Ascarya et al., 2015) The macro-prudential and micro-prudential supervisory framework is applied for both conventional and Islamic financial institutions.
In regards to Fintech, both BI and OJK are obliged to regulate and supervise fintech companies according to their respective authorities. As mentioned above, OJK has the responsibility to regulate and supervise financial institutions, includes fintech companies who are willing to offer financial products and services. While BI with its payment system and macroprudential authority has the responsibility to ensure the technology penetration in the existing payment system could run smooth and safe. Indeed, a smooth and safe payment system will contribute to monetary stability, financial system stability and an efficient payment system in Indonesia. The dual regulatory framework and authority in Indonesia are generally applied in other jurisdictions. Hence, the fintech regulatory framework in Indonesia can be considered to follow the international standard and best practices.

Fintech Regulatory Framework
Aforementioned that BI and OJK have authorities to regulate and supervise the fintech industry. However, both regulators rule different segments of fintech services. BI's fintech regulation aims to encourage innovation in the financial sector as well as to maintain monetary stability, financial system stability, and an efficient, smooth, safe and reliable payment system. Meanwhile, OJK aims the fintech regulations to provide maximum benefits to the society as well as to accommodate digital financial innovations that are responsible, safe, prioritize consumer protection and have well-managed risks. However, both BI and OJK issued provisions of fintech that emphasizing on responsible business and customer protection. Processing. The first provision is to facilitate the fintech business when it deals with electronicmoney, while the following regulates when it comes to the card as a payment instrument. The latter provision aims to accommodate the development of technology in financial and payment services as well as to protect the public interest.
In order to comprehend the previous legal provisions and to strengthen the existence of fintech in Indonesia, BI issued BI Regulation No.19/12/PBI/2017 on the Implementation of Financial Technology. Unlike the previous regulations which manage the technical provision in electronic-money, card payment and payment services, this provision is issued to maintain the financial system stability from an irresponsible financial business.
In this provision, BI defines fintech as the application of technology in a financial product, services, and business model which could impact on monetary stability, financial stability and efficiency, smoothness, security and reliability of the payment system. Fintech business offers various types of products and services; thus, BI categorizes into categories as a payment system provider, market support, investment management and risk management, (lending, financing/funding and capital raising, or other financial services providers. BI requires fintech businesses included in the category mandatorily register as fintech organizer and obtain a license as a payment service provider. In other words, BI regulate and supervise all fintech businesses that provide payment services. BI Regulation No.19/12/PBI/2017 provides comprehensive provisions, includes requirements for registration, regulatory sandbox, licensing and approval, and monitoring and supervision. Moreover, BI issued technical guidelines to guide fintech organizer legalizing their business activities, namely, the Governor Board Member Regulation ( Unlike BI Regulation on Fintech, the scope of OJK Regulation No.13/POJK.02/2018 is broader, involves not only registration, licensing, monitoring, and supervision, but also requirements for governance implementation within the business, establishment of fintech association, establishment of Data Centre (DC) and Data Recovery Centre (DRC), customer protection, education and data protection, compliance aspect and establishment of digital financial innovative ecosystem. Within the process of registration and licensing, OJK will also apply regulatory sandbox to ensure the fintech company fulfils the IKD criteria as mentioned above.
While OJK Regulation No.77/POJK.01/2016 strictly regulates fintech businesses which offer P2P lending activity, this provision provides a guideline on P2P lending activity since it has the opportunity to be misused as taking third party deposit activity and money laundering. Therefore, the regulation requires fintech companies to utilize virtual account and escrow account between financier, fintech company and borrower in financing disbursement and repayment transaction.
BI and OJK regulations apply to both conventional and Islamic fintech, without any differences or incentives for Islamic fintech. While both BI and OJK define almost similar types of fintech provider, the fintech company has to be clear and comprehend when defining its business under BI's or OJK's regulation. OJK regulation encompasses various fintech business types, whereby the fintech company offers payment service, it also has to obtain a license from BI. However, as mentioned in both BI Regulation and OJK Regulation, if there is any proposal which eventually under other authority's approval, both regulators will coordinate and facilitate the proposal. This provision should help fintech newcomers to get assistance in obtaining the fintech licensing and lower the confusion amongst many regulations.
Aside from BI an OJK, fintech regulatory framework also covers other related law and government regulation, among other things, Undang-Undang Perseroan Terbatas (Business Entity Law), Law Number 11 of 2008 on Electronic Information Technology Law, Government Regulation No.82/2012 on the Implementation of Electronic System and Transaction, and for foreign investor has to obtain Investment Registration from Capital Investment Coordinating Board (Badan Koordinasi Penanaman Modal -BKPM).

Fintech licensing
Recent fintech development has been unarguably disrupting the traditional ways of banking and finance. Many fintech start-ups propose new technology initiatives which offer a more convenient payment method or provide a peer-to-peer platform for financing and investments (Yasini & Yasini, 2019). However, taking into consideration that such products involve financial transactions, either taking, transferring or delivering money and its equivalents, these innovative products should only be offered to the public when it gets permission and legalization from the regulator. Thus, the high dynamics of fintech development must be promptly responded by the regulator by issuing a supportive and prudent licensing regulation.
In the case of Indonesia, both BI and OJK issued provisions regarding fintech licensing process. According to BI Regulation No.19/12/PBI/2017, a fintech company must register to BI if the business under categorization as a payment service provider, market support, investment management and risk management, lending, financing/funding and capital raising, or other financial services provider. BI applies a regulatory sandbox for the fintech industry in order to accommodate any innovations offered by the fintech industry, as other jurisdictions also prevail. The regulatory sandbox is a safe and limited environment to test the registered financial provider and their products, services, technologies and business model (Central Bank of Indonesia, 2017).
The fintech regulatory sandbox approach provides benefits for both the industry and regulator, as well as for the customer. Other jurisdictions have widely developed the approach, for instance, Malaysia introduced the BNM's Financial Technology Regulatory Sandbox Framework on 18 October 2016, to provide a conducive environment for the fintech development as well as to facilitate innovations in the financial services (Yasini & Yasini, 2019).
After the regulatory sandbox period ended, BI decides whether the registered fintech company is categorized as "Successful", "Unsuccessful", or "Other Determination". If the fintech company is categorized as "Successful", it means that its product, service, technology or business model comprised of a payment service system. However, the result is categorized as "Others", the fintech provider products, services, technology or business model might be considered as not related to the payment system or be categorized under other authority supervision. Hence, BI will proceed with a recommendation to the other authority.
OJK stipulates that every fintech product issued by an institution or a start-up company is mandatory to be registered in OJK to have legal permission. As well as BI, OJK applies a threestep licensing mechanism. Firstly, the fintech company applies for recording. Secondly, based on OJK evaluation, the fintech company might be required to enter the regulatory sandbox process. Thirdly, registration as fintech company in OJK. Again, as mentioned above, that any proposal which eventually needs both authority's approval, OJK and BI will coordinate and facilitate the proposal.
Based on the above supportive regulations, both BI and OJK regulations do not explicitly stipulate any shariah requirements for fintech applicants who are willing to offer shariahcompliant fintech products. Yasini (2019) examined that most of the sandbox regulations do not provide for any specific Shariah requirements, except that the Dubai International Financial Centre (DIFC) explicitly stipulates shariah requirements for shariah-compliant fintech. However, it does not mean that BI and OJK will not ensure the implementation of shariah principles in Islamic fintech products, since they may require any supporting documents during the licensing process including the shariah-compliant supporting documents.

Fintech monitoring and supervision
Despite the licensing provisions, BI and OJK also comprehend their regulations with monitoring and supervision clauses to ensure and strengthen the governance and oversight of fintech implementation. BI Regulation No.19/12/PBI/2017 authorized BI to perform oversight on fintech company. There are two different oversight functions held by BI, i.e., monitoring registered fintech company and supervising licensed payment service provider (fintech company). During the monitoring period, a registered fintech company is required to report periodically, consist of monthly transaction report and other yearly information, i.e., information of products, services, technology and business model, financial statement, information of management and shareholders, and other information and data as per required by BI. While BI's function to supervise licensed fintech company which hold payment service provider license, would refer to BI Regulation No.18/40/PBI/2016 on Implementation of Payment System Processing Services.
As well as BI, OJK has an authority to conduct monitoring and supervision over recorded and registered fintech companies. OJK also requires recorded and registered fintech companies to conduct a self-monitoring thoroughly and to report a self-monitoring assessment. The report at least contains the implementation of governance aspects and risk management.
In order to form a safe and reliable fintech ecosystem, OJK also requires fintech players to establish a fintech association, which will encourage market discipline. Fintech market discipline functions to set out operating rules, industry-standard, code of ethics for its members and to facilitate communication between OJK and association members. Hence, the fintech monitoring process would be considered comprehensive as it involves three levels of monitoring, i.e., by regulator, self-assessment, and association through market discipline. This mechanism comprehends the monitoring process that will increase the market confidence, however, both regulators have to ensure it would be effectively implemented.

Customer protection
The regulators are committed to boost innovation in Fintech while also mitigate the possible risks that could occur. The basic principles are consumer protection, risk management and circumspection. BI Regulation No. 19/12/PBI/2017 stated that the Central Bank regulates the implementation of Financial Technology to encourage innovation in the financial sector by applying the principles of consumer protection and risk management and prudence to maintain monetary stability, financial system stability, and an efficient, smooth, safe and reliable payment system (BI, 2017). Therefore, the regulations give certain boundaries to protect the consumer of financial technology services from possible fraudulent service providers.
BI Regulation No. 18/40/PBI/2016 Article 24 until Article 26 mentions about the regulations for customer protection. The principles of customer protections are a) justice and reliability, b) transparency, c) protection of customers' data and information, and d) effectively handling and resolving complaints. The Payment Gateway service providers have to provide sufficient information regarding the mechanism of payment through their Payment Gateway, including the usage of data and information in an online transaction. They also need to make sure the delivery of goods or services from the seller to the buyer after the payment through the online transaction is done. Meanwhile, the E-Wallet service providers have to provide adequate information regarding the E-Wallet, including the procedure for refund. They also have to have and perform a mechanism to handle customer's complaints.
OJK Regulation No. 77/POJK.01/2016 Article 29 until Article 40 states about the education and protection for users of money lending services based on information technology. The basic principles are similar to the regulation of Central Bank. However, the regulations are more stringent since it is related to borrowing and lending money between parties. Article 31 states that the service provider must provide information regarding acceptance, delay, or rejection of a loan service application to the customer. They have to use sentences which are simple, clear and easily understood in the Indonesian language. Article 34 mentions that the provider must pay attention to the compatibility between the needs and capabilities of the customer and the services offered to them. The provider must report every month to OJK relating to the customer's complaints and the follow-up actions taken to solve them.
These regulations imply that data protection is a crucial part of customer protection. This digital age enables people to use data for various reasons, and not all of those benefits the customers. Therefore, the service providers must protect the data and information of their customers by not giving them to another party unless it is allowed by the customers or when it is mandatory by the law. Stewart and Jürjens (2018) researched the key factors that influence the adoption of financial technology innovation in Germany. Their research found that data security and customer trust significantly influence the adoption of Fintech. The main hindrances for Fintech innovation are data security issues, poor user design interface and the absence of customers' trust (Stewart & Jürjens, 2018). The privacy and data security issues are more of a concern than the quality of the product for customers; therefore, regulation about customer protection is crucial to build trust and boost the adaption of Fintech in society.

Fintech For Islamic Finance
Fintech has the potential to bring a major change in the Islamic finance industry through costeffectiveness, processes efficiencies and financial inclusion. According to IFN Fintech in 2017, Indonesia was the third place of the leading nations with the highest number of Islamic fintech start-ups (15 start-up companies) after Malaysia (18 start-up companies) and the UK (16 start-up companies) (Cooper, 2018). However, based on DinarStandard Islamic Fintech Report 2018, Indonesia has the most Islamic fintech start-ups with 31 start-ups out of 93 identified Islamic fintech start-ups globally (DIEDC, 2018). Most of the technology is based on Peer to Peer (P2P) financing, which amounted as much as 70% and followed by blockchain, which is 14% (Bloomberg, 2019). This figure shows the rapid growth of Islamic fintech in Indonesia and gives an important signal to the regulators to facilitate it. Hui, Manaf and Shakri (2019) explained that there is an urgent need to regulate the development of the fintech industry as it has drawbacks and positive effects to the Islamic finance industry.
On the other hand, there is no regulation set by BI or OJK that specifically govern Islamic financial technology. The regulation POJK No. 13/POJK.02/2018 about Digital Financial Innovation in Financial Sector Article 3 states that digital financial innovations which are regulated in this regulation include social/eco crowdfunding, Islamic digital financing, e-zakat, robo-advise and credit scoring. Meanwhile, the Article 4 states that all of these digital financial innovations or financial technology have similar characteristics such as innovative, use information and communication technology as the main source to provide services to customers in financial sector, support inclusion and financial literation, pay attention to customer and data protection and can be integrated with the existing financial services.
The regulators of the financial services industry in Indonesia still have not issued any specific regulation to govern Islamic financial technology services. Nevertheless, the POJK No. 77/POJK.01/2016 about Peer to Peer Lending Based on Information Technology can be seen as the effort of regulators to facilitate the growth of Islamic fintech. This particular regulation established a regulatory framework for P2P platforms which is the majority of Islamic fintech services.
This lack of regulation from OJK and BI is complemented by the issuance of a fatwa from the National Shariah Board of the Indonesian Council of Ulama (DSN MUI). In 2018, DSN MUI issued fatwa related to Islamic fintech in Fatwa DSN MUI No. 117/DSN-MUI/II/2018 about Financing Services Based on Information Technology According to Shariah Principles. In this fatwa, financing services using fintech which is based on Shariah (Islamic fintech for financing) should perform their services according to Shariah principles to avoid riba (interest) or any losses that do not comply with Shariah. The underlying aqad (contracts) are ijarah (lease or service contract), bai' (sale contract), musyarakah (profit-and-loss-sharing contract), mudharabah (profit-sharing contract), qardh (loan contract) dan wakalah bil ujrah (fee-based agency). P2P lending or financing in Islamic fintech may use contract wakalah bil ujrah in which the platform is entitled for ujrah or fees. If there is additional contract related to investment, Islamic fintech may use musyarakah or mudharabah contracts depending on their agreement. The profit and loss sharing mechanism should be agreed upon the contract and with mutual consent between parties.
It should be noted that DSN MUI is a non-governmental association of Muslim scholars representing various Islamic organizations in Indonesia which its fatwas are not legally binding over the industries in Shariah banking (Hassan et al., 2013). However, in this regard of regulation for Islamic fintech, the DSN MUI fatwa must be followed by the players in the market. This fatwa is a stepping stone for Islamic fintech to develop in the fintech industry in Indonesia.
The regulatory framework shows that the process of licensing of Islamic fintech is not straightforward. Almost all of the fintech services use a payment gateway system which is regulated by BI; therefore, fintech platforms need to obtain a license from both OJK and BI. Islamic fintech also must refer and adhere to the regulations from DSN MUI. The chairman of Islamic Fintech Association of Indonesia (AFSI) stated in an interview that in the future, AFSI would be the first party to screen Islamic fintech that will apply to OJK (Septynaningsih, 2018). AFSI will then recommend OJK so that Islamic fintech can apply and obtain a license and from OJK and also BI. After going through those processes, the final step will be obtaining certification from DSN MUI. It shows that the licensing process for Islamic fintech is more complicated than the conventional one. The fintech industry is moving rapidly; meanwhile, the regulation is not flexible to facilitate it. Therefore, there is a lack of incentive for the development of financial technology for the Islamic finance industry.
Islamic fintech will continue to grow, and there will be additional questions and issues regarding its compliance to the Shariah; such as cryptocurrency, Initial Coin Offering (ICO), smart contracts. Cryptocurrency will raise several issues such as whether it is recognized as a legal tender and whether there is intrinsic value in this technology or not. ICO is a non-conventional and unregulated way of raising funds; therefore, its compliance with shariah should be carefully assessed. BI, OJK and DSN MUI have to cooperate and take these matters seriously to promote the development of Islamic fintech in Indonesia.

Conclusion
Indonesia has a high technology penetration which makes it as a major target market for technology (Frost & Sullivan, 2018). The advancement of technology development can bring many benefits to the society, especially financial technology which accommodates the needs for easy and quick access to the financial system. The market for Islamic fintech in Indonesia is huge as Indonesia is a strong economic power in Southeast Asia region, it has the largest Muslim population in the world and also high penetration of technology. It is expected that more fintech will bloom to accommodate Islamic financial services in this country. Fintech would be central to the financial inclusion agenda in which Islamic finance is a key pillar of it.
The rapid growth of Islamic fintech start-ups in Indonesia shows that many players are eager to contribute and tap the potential market as well as opportunities to bring positive outcomes to society. The regulatory framework is essential to ensure that this growth is followed with adequate regulation to mitigate risks that might harm the customers and the ecosystem of fintech itself. This paper aims to explain the regulatory framework of Islamic fintech in Indonesia. The regulators in Indonesia, namely BI and OJK, have issued several regulations which address the process for fintech licensing, fintech monitoring and supervision, customer protection and also include Islamic fintech. The regulators still have not issued any specific regulation to govern Islamic financial technology services. However, DSN MUI issued a fatwa related to Islamic fintech in 2018, which has to be followed by the fintech players.
There should be a one door solution for the licensing process of Islamic fintech in Indonesia. The current regulatory framework shows that Islamic fintech platforms need to go to different institutions which are OJK, BI and DSN MUI to obtain a license to operate in the country legally. It is a hindrance to this fast-moving industry of fintech. Therefore, it would be better if the regulators can provide a facility in which Islamic fintech may obtain their license from these three parties directly, without having to visit and go through a different process in each institution. An online platform to accommodate this need can be established, and it will lift the problem of having to go through many processes for Islamic fintech. The regulators also need to respond and provide the license in a timely manner, so that the Islamic fintech platforms are able to obtain their licenses and operate legally as soon as possible. This fintech ecosystem will not work effectively according to its potential if the regulatory framework does not support them sufficiently.