BTN reinvents risk strategy as digital threats escalate

It has cut fraud effort by 80% using AI.

PT Bank Tabungan Negara (Persero) Tbk (BTN) is overhauling its risk management strategy as global cybercrime costs soar past $10 trillion and digital threats grow more severe.

“We’re no longer just talking about credit or operational risks,” Setiyo Wibowo, director of risk management at BTN, told the Asian Banking & Finance-Insurance Asia Summit 2025 in Jakarta in June. “Digital risk is sudden. You don’t get a warning. It hits hard, and if you’re unprepared, it’s already too late.” 

Setiyo said the bank is adopting a multi-layered risk approach that integrates infrastructure, policy, workplace culture, and automation to fight cyberattacks and artificial intelligence (AI)-powered fraud.

Global trends underscore the urgency. While 72% of organizations have experienced ransomware attacks, only 39% have embedded cybersecurity into their digital infrastructure, he pointed out.

BTN’s own digital transformation—from a mortgage-focused bank to a full-service retail and commercial lender since 2019—has expanded its risk profile.

“We built synchronized roadmaps for IT risk, cybersecurity, and data governance to ensure our risk management keeps pace with digital growth,” Setiyo said.

A key change lies in employee behaviour. “Many breaches don’t start with the system—they start with people,” he said. BTN now runs quarterly phishing simulations, and employees who fail must complete mandatory security training. “We’re normalizing vigilance.”

BTN is also targeting external threats, particularly low digital literacy among users. “That’s still a major threat in Indonesia,” Setiyo said. The bank is expanding customer education to build safer online habits.

Artificial intelligence plays a key role in BTN’s risk response. The bank uses AI to detect application fraud and transaction anomalies. As a result, it has doubled its fraud detection accuracy and reduced verification workload by 80%.

Before, 200 employees manually checked for loan fraud. Now, most of them have moved to higher-impact, customer-facing roles, Setiyo said. “It’s not just about cutting costs. It’s about unlocking real value.”

Still, he cautioned that AI isn’t a one-time fix. “AI is not plug-and-play. It needs constant oversight. Threat actors are using AI too, so we must stay ahead.”

Third-party risk is another priority. As the lender increases its use of application programming interfaces and open banking integration, vendor security becomes critical.

“Not all partners have the same level of security,” he said. “We must evaluate their risk posture as closely as we do our own.”

Internally, BTN is weaving digital risk awareness into its corporate culture. One of the bank’s five key values now focuses on digital risk. “It’s not just IT’s job anymore,” Setiyo said. “Everyone in the organization must think like a risk officer.”

Digital risk is no longer a side issue; it’s everywhere, he said. “You can’t prevent every threat. But you can build an institution that sees them coming—and is ready to respond.”