Compliance

1. Regulatory Framework

iBantu operates in compliance with the following regulatory frameworks and standards:

• Otoritas Jasa Keuangan (OJK) — We comply with financial services regulations set by Indonesia's Financial Services Authority.
• Bank Indonesia (BI) — We adhere to regulations governing digital payment systems and financial technology.
• UU PDP (Personal Data Protection Law) — We ensure compliance with Indonesia's data protection legislation.
• Anti-Money Laundering (AML) & Counter-Terrorism Financing (CTF) — We implement comprehensive AML/CTF programs in accordance with PPATK regulations.
• Shariah Compliance Standards — Our products and services are reviewed by qualified Shariah scholars to ensure adherence to Islamic financial principles.

2. Anti-Money Laundering (AML)

We maintain a robust AML program that includes:

• Know Your Customer (KYC) — Identity verification procedures for all users and partners.
• Transaction Monitoring — Continuous monitoring of transactions for suspicious activities.
• Suspicious Activity Reporting — Prompt reporting of suspicious transactions to relevant authorities (PPATK).
• Employee Training — Regular training programs for staff on AML/CTF obligations and procedures.
• Record Keeping — Maintaining comprehensive records as required by applicable regulations.

3. Shariah Governance

Our Shariah compliance framework ensures that all products and services align with Islamic financial principles:

• Shariah Advisory Board — An independent board of qualified scholars provides oversight and guidance on Shariah matters.
• Regular Shariah Reviews — Periodic audits of our products, services, and operations for Shariah compliance.
• Shariah Certification — Our blockchain solutions undergo formal Shariah review and certification processes.
• Transparency — We maintain open communication about the Shariah basis of our products and services.

4. Data Protection & Privacy

We are committed to protecting personal data in accordance with applicable regulations. Our data protection practices include robust security measures, data minimization principles, lawful processing of personal information, and regular privacy impact assessments. For detailed information, please refer to our Privacy Policy.

5. Code of Ethics

iBantu upholds a strict code of ethics that all employees, partners, and stakeholders are expected to follow:

• Integrity — We conduct business with honesty, transparency, and fairness in all dealings.
• Conflict of Interest — We identify, disclose, and manage potential conflicts of interest.
• Confidentiality — We protect proprietary and sensitive information of our clients and partners.
• Fair Dealing — We treat all stakeholders with respect and ensure equitable business practices.
• Social Responsibility — We contribute positively to the communities we serve through ethical business practices.

6. Risk Management

We implement comprehensive risk management practices to identify, assess, and mitigate potential risks across our operations:

• Operational Risk — Regular assessment and mitigation of risks in our day-to-day operations.
• Technology Risk — Cybersecurity measures, regular audits, and incident response procedures.
• Regulatory Risk — Monitoring and adapting to changes in regulatory requirements.
• Reputational Risk — Maintaining high standards of conduct to protect our brand and stakeholder trust.

7. Whistleblowing

We encourage the reporting of any suspected violations of laws, regulations, or our internal policies. We provide confidential reporting channels and ensure that whistleblowers are protected from retaliation. All reports are investigated promptly, thoroughly, and in confidence.

8. Third-Party Due Diligence

We conduct thorough due diligence on all third-party partners, vendors, and service providers to ensure they meet our compliance standards. This includes verifying their regulatory status, assessing their risk profile, and monitoring their ongoing compliance with applicable laws and our contractual obligations.

9. Compliance Reporting

We maintain transparent compliance reporting practices, including regular compliance reports to management and the board of directors, timely regulatory filings and disclosures, annual compliance reviews and assessments, and prompt reporting of compliance incidents and remediation actions.