Building a Group-Wide License Management Framework for Multi-Entity Operations in Indonesia

Recent enforcement actions demonstrate Indonesian authorities' aggressive stance toward non-compliance, with 267 foreign-owned companies losing their business licenses in 2025 under Operation Wira Waspada, highlighting the critical importance of systematic license management. The introduction of Government Regulation No. 28 of 2025, which overhauled the Online Single Submission (OSS) system, further emphasises the need for sophisticated compliance frameworks that can adapt to evolving regulatory requirements.

Contributing Advisor

Hardy Salim

Manager, Business Advisory Services

This comprehensive guide provides decision-makers with practical strategies for building centralised license management frameworks that address multi-entity challenges while ensuring consistent compliance across diverse business operations in Indonesia's dynamic regulatory environment.

Why group-wide license management matters in Indonesia

Multi-entity structures: PT PMA, Subsidiaries, and JVs

Common licensing pain points and compliance risks across entities

• One of the most persistent challenges facing multi-entity operations involves an inconsistent application of Indonesian Standard Industrial Classification (KBLI) codes across related entities. Different subsidiaries may select overlapping or conflicting KBLI codes for similar activities, creating regulatory confusion and potential enforcement actions. This issue becomes particularly problematic when entities within the same group compete for similar business activities or when KBLI selections fail to align with actual operational activities.
• Multi-entity structures frequently encounter sectoral overlap challenges when different subsidiaries operate in related business areas subject to different regulatory frameworks. For example, a group operating both manufacturing and distribution entities may face conflicting requirements from the Ministry of Trade, BKPM, and sectoral regulators regarding import licenses, distribution permits, and operational approvals.
• Group entities often face misaligned license renewal timelines, creating administrative burdens and increased risk of oversight failures leading to expired permits. Different entities may have obtained similar licenses at different times, resulting in staggered renewal requirements that complicate central coordination and monitoring efforts.
• Regulatory violations by individual group entities can create cascade effects that impact other related companies, parent organisations, or joint venture partners. Indonesian authorities increasingly examine group structures to assess overall compliance patterns and may impose broader sanctions when systematic violations suggest coordinated non-compliance or inadequate group oversight. Recent regulatory developments emphasise beneficial ownership disclosure and group transparency, increasing scrutiny of multi-entity compliance frameworks.
• Indonesian regulatory authorities demonstrate enforcement approaches that examine compliance patterns across related entities. The enforcement approach extends to beneficial ownership investigations, transfer pricing examinations, and operational substance assessments that evaluate whether group structures reflect genuine business activities or primarily serve regulatory arbitrage purposes.

Regulatory framework

OSS RBA System (centralized but entity-specific)

The OSS RBA system operates as Indonesia's primary business licensing platform, integrating multiple government agencies, including BKPM, Ministry of Law, Directorate General of Taxes, and various sectoral regulators into a single digital interface.

However, while the system provides centralised access, each entity must maintain separate registrations, individual compliance tracking, and entity-specific documentation that reflects their unique business activities and ownership structures.

The platform's risk-based approach categorises business activities into Low, Medium-Low, Medium-High, and High-risk levels, each requiring different documentation standards, approval processes, and ongoing compliance obligations.

Each legal entity within a corporate group must maintain separate OSS registration accounts, NIB numbers, and individual compliance histories, even when engaged in related business activities or sharing common ownership structures.

BKPM oversight for PT PMA groups

BKPM oversees PT PMA entities through quarterly LKPM reporting, compliance monitoring, and enforcement of investment and operational requirements. LKPM filings must detail investment realization, employment, activities, and adherence to sectoral restrictions. Non-compliance can trigger sanctions, operational limits, or license revocation impacting group operations.

Oversight also covers foreign ownership limits, minimum investment thresholds, and operational commitments, including review of beneficial ownership, control, and substance. Groups must ensure transparency of ownership, investment flows, and operations, supported by documentation, regular reporting, and proactive engagement with BKPM.

Ministry of Law for corporate approvals

The Ministry of Law’s Regulation No. 2 of 2025 strengthens corporate transparency by requiring enhanced beneficial ownership disclosure, regular updates, and comprehensive governance documentation for all entities. Multi-entity groups face greater reporting, verification, and monitoring obligations, impacting nominee arrangements, holding structures, and other foreign investor vehicles.

Groups must maintain accurate ownership records, ensure consistent updates, and document compliance across entities. Corporate amendments—such as capital increases or business scope changes—require Ministry approval, demanding careful coordination to align with sectoral restrictions.

The amendment process involves detailed documentation, regulatory reviews, and potential inspections, affecting timelines and business plans. Multi-entity groups need project management systems to coordinate amendments while maintaining compliance and continuity.

Sectoral Regulators (Trade, BPOM, Halal, Financial Services)

Ministry of Trade

Multi-entity groups in trading, distribution, or imports must comply with varying requirements for import licenses, distribution permits, and product-specific approvals. Regulations cover product registration, labelling, and distribution management, requiring coordinated systems for product portfolios and compliance across entities.

BPOM

Food, beverage, pharmaceutical, and cosmetic groups must register products and facilities with BPOM, supported by documentation, inspections, and ongoing monitoring. Compliance includes safety reporting and post-market surveillance, demanding coordinated quality management across manufacturing, distribution, and marketing entities.

Halal Certification

Mandatory halal certification (Law No. 33/2014, GR No. 42/2024) requires coordinated audits, certification, and monitoring across all entities in halal supply chains. Compliance spans ingredient sourcing, manufacturing, and distribution, necessitating integrated halal management systems to maintain certification validity and consumer trust.

Building a centralized license management framework

Step 1 – Mapping all licenses across the group

• Begin with a full inventory of licenses, permits, and approvals across all entities (NIB, sectoral permits, environmental clearances, import licenses, etc.).
• Capture key details: issuing authority, validity, renewal deadlines, and interdependencies.
• Verify against regulations to uncover gaps, expired permits, or overlooked approvals.
• Analyse authorities involved—Indonesia’s multi-tiered system often assigns overlapping responsibilities by sector, geography, or scale.
• Map sequencing and interdependencies (e.g., some approvals are prerequisites for others) to identify bottlenecks and streamline applications.

Step 2 – Standardizing KBLI and business activities

• Assess business activities across entities to harmonize KBLI codes, consolidate overlapping functions, and reduce compliance duplication.
• Balance the benefits of standardization (simplified compliance, fewer licenses) with flexibility needs (diverse classifications for broader operations).
• Consider sectoral restrictions and foreign ownership limits before restructuring.
• Future-proof by reviewing KBLI codes regularly; adapt to updates such as digital economy classifications introduced in 2020.

Step 3 – Establishing a compliance calendar (Renewals, Reporting)

• Create a group-wide calendar integrating all renewals, reporting obligations, and deadlines.
• Flag convergence points where multiple obligations overlap to avoid resource strain.
• Include recurring reports such as LKPM, tax filings, employment data, and sector-specific submissions.
• Build early-warning alerts for routine renewals and critical deadlines, with clear escalation procedures and assigned responsibilities.

Step 4 – Implementing group-wide monitoring tools and dashboards

• Deploy systems that centralize compliance data from regulators, internal databases, and advisors.
• Provide customizable dashboards for different stakeholders (entity managers vs. HQ vs. executives).
• Track KPIs such as renewal rates, documentation quality, cost efficiency, and regulator relationship health.
• Use exception reporting to flag risks, delays, or regulatory changes, paired with escalation and resolution tracking.

Step 5 – Assigning accountability (HQ vs. entity-level teams)

• Establish governance defining what is managed centrally (policies, monitoring, regulatory intelligence) vs. locally (day-to-day compliance, local relationships).
• Clarify decision rights, escalation channels, and communication flows.
• Allocate resources and budgets accordingly, with regular review to adjust for business and regulatory changes.
• Measure performance at both the entity and the group level using timeliness, cost efficiency, documentation quality, and regulatory engagement as benchmarks.

Technology and tools for compliance management

Integrated data and system architecture

Modern compliance management requires database systems that integrate OSS platforms, internal compliance tools, regulatory databases, and enterprise systems. These must:

• Support multiple user roles (from operational staff to executives).
• Handle diverse data formats and update frequencies.
• Enable real-time and batch processing.
• Ensure accuracy through validation, exception handling, and reconciliation.

Real-time synchronisation and consistency management

Reliable integration depends on:

• Real-time updates with authoritative sources.
• Validation routines, conflict resolution, and exception handling.
• Backup and failover systems for resilience.
• Ongoing monitoring to maintain accuracy and performance.

Intelligent alerts and notifications

Advanced alert systems should:

• Provide timely updates on renewals, regulatory changes, and compliance risks.
• Prioritise and escalate issues appropriately.
• Integrate with enterprise communication channels (email, mobile, collaboration platforms).
• Allow role-based customisation to prevent overload.

Automated documentation and workflow management

Automation should extend to:

• Document preparation, template management, and submission tracking.
• Version control, approval workflows, and audit trails for transparency.
• Metadata management and search for efficient retrieval.
• Secure storage of both electronic and physical records with backup and disaster recovery.

Security and access controls

Compliance systems must:

• Implement encryption, access restrictions, and backup protocols.
• Address internal and external threats.
• Undergo regular assessments to maintain protection against evolving risks.
• Balance robust security with usability and performance.

Audit trail and verification

Key requirements include:

• Comprehensive, tamper-evident logs of access, modification, and processing activities.
• Support for regulatory inspections and dispute resolution.
• Regular review to identify process improvements and verify compliance.

Outsourcing and strategic partnerships

For complex, multi-entity operations:

• Outsourcing to local experts provides regulatory knowledge and operational support.
• Effective arrangements require careful vendor selection, clear SLAs, and strong oversight.
• Partnerships should balance local expertise with group-level control and scalability.

Quality control and performance management

Sustained effectiveness depends on:

• KPIs, audits, and regular performance reviews.
• Service level monitoring and structured escalation processes.
• Benchmarking and market analysis to maintain competitiveness and cost efficiency.