Due diligence is a fundamental rule of business which is basically a process carried out by business people to identify their business opponents. In addition to the Customer Due Diligence (CDD) or Know Your Customers (KYC) process, there is another due diligence process that is also commonly done, namely Know Your Business (KYB). KYB is a procedure that is part of the due diligence carried out on all businesses that have a relationship with company. Practicing such controls is mandatory for financial institutions, credit institutions, auditors, external accountant tax advisors, notaries, trusts, real estate agents and gambling services according to AMLD5.

KYB is not much different from the most recognized and standardized KYC processes. The difference lies in the purpose and intentionality of the process, which is focused on identifying company and suppliers first and consumers or customers in the next process.

However, there are still many business people in Indonesia who do not fully understand the importance of the KYB process. Most business people in Indonesia only know that their business has great potential and understand what products and services are needed to support their business, but do not know whether their partners who help manage their internal problems can really support their business so that it can develop optimally. This is where the importance of KYB. By practicing KYB, businesspeople can find out whether their partners are suitable to be given trust in supporting their business. In addition, KYB can also be done to find the best potential business partners who can support the business.

The process that must be carried out when conducting due diligence (KYC or KYB) must serve as the basis for both parties (information provider and information receiver). The process is carried out in a series of basic characteristics that have been standardized and regulated by good practice, as follows:

  • All information is confidential between the two parties and must be treated in accordance with established regulations (Regulation of General Protection Data (RGPD), The New Anti-Money Laundering Directive (AML5), electronic IDentification, Authentication and trust Services (eIDAS)).
  • In many negotiations, this is a legally mandatory process whereby good faith is always held by the information provider.
  • Always have clear professional goals: to identify possible parties with whom you will negotiate; and no other intention.
  • It must be administered on a timely basis and be up to date so that it is reliable and correct.

Based on this, there are several emphasized points in carrying out due diligence, namely practices carried out in accordance with the correct rules (RGPD, AML5, eIDAS), in line with applicable legal provisions (not illegal), professionalism, and manpower and time. Due to the lack of experience and understanding of business people in Indonesia in carrying out the due diligence process, it is recommended that the process be carried out by a third-party agent, namely a company that is indeed a professional company that specializes in the practice of due diligence (KYB or KYC) process.

The following is information related to regulations that must be done:

Regulation of General Protection of Data (RGPD) or in Indonesia is better known as Regulasi Umum Perlindungan Data. This is a regulation in European Union law which regulates the protection of personal data inside and outside the EU. The most recent data protection regulation adopted by the EU is the General Data Protection Regulation 2016/679 dated April 27, 2016. Meanwhile, in Indonesia the regulation is also outlined in the form of Ministerial Regulation (Permen) No. 20/2016 on Personal Data Protection (PDP) set on November 7, 2016, promulgated and effective since December 1, 2016.

The New Anti-Money Laundering Directive (AML5) is a new community regulatory standard for the prevention of money laundering and terrorist financing. AML5 or 5AMLD effective on July 9, 2018, at the community level, with effective implementation at the national level on January 10, 2020. The principle of AML legislation in Indonesia is OJK Regulation Number 12/POJK.01/2017 concerning Implementation of Anti-Money Laundering and Prevention Programs Terrorism Funding in the Financial Services Sector. The law requires institutions to make a series of AML and CFT provisions that meet the standards set by the Financial Services Authority (OJK) and the Financial Action Task Force (FATF).

electronic IDentification, Authentication and trust Services (eIDAS) is the EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. This is stipulated in European Union Directive 910/2014 dated July 23, 2014 concerning electronic identification and repeal 1999/93 / EC dated December 13, 1999. One example is electronic signatures. Indonesia also has special regulations governing electronic signatures. Electronic signature regulations in Indonesia are regulated in Law Number 11 of 2008 concerning Electronic Information and Transactions which explains in Article 11 Paragraph 1 that “Electronic Signatures have legal power and legal consequences…” as long as they meet the requirements stated in the Law, such as: electronic signature creation data only relates to the signer, and any changes to the electronic signature and to electronic information can be known. Furthermore, there is Government Regulation Number 82 of 2012 concerning the Implementation of Electronic Systems and Transactions which explains that “Electronic Signature is a signature consisting of Electronic Information that is attached, associated, or related to other Electronic Information that is used as a means of verification and authentication.”