Indonesian Banks Are Ready for AI. Their Data Infrastructure Is Not. Field Notes from IOBS 2026.
At the 2nd Indonesia Operations Banking Summit (IOBS 2026), hosted by FKDOP (Forum Komunikasi Direktur Operasional Perbankan), the room looked different from a typical technology event. FKDOP — Indonesia's professional forum for banking operations directors, chaired by Armand Wahyudi Hartono — designed this year's summit around the theme "Journey to World Class Operation." The event brings together banking operations leaders through presentations, working groups, and a competitive showcase format with judging criteria and awards, all aimed at raising the operational standard of Indonesian banking.
There were no IT procurement leads scanning vendor booths. The audience was compliance officers, risk managers, data governance leads, and a generation of younger bankers in operational units whom FKDOP actively supports. Redpumpkin attended alongside AWS Indonesia, and the conversations that unfolded over those days reshaped how we think about what "AI readiness" means for regulated industries.
The questions being asked at IOBS were not "what can AI do?" They were "how do we govern this properly once it is running?"
That distinction matters. And it is the reason this article exists.
The Governance Question Is the Real Bottleneck
Every banking operations director we spoke with at IOBS understood the potential of AI for document-heavy processes — trade finance, credit assessment, compliance reporting. The capability question has been answered. What has not been answered, for most Indonesian banks, is the governance question.
The pattern we heard repeatedly: a bank runs a successful AI proof of concept, demonstrates measurable time savings, gets enthusiastic internal support — and then stalls. The deployment does not move to production because the compliance team cannot explain to OJK how the system makes decisions. The data governance team cannot confirm where the data lives, who can access it, and whether the audit trail meets regulatory standards.
The bottleneck is infrastructure, not technology. The foundational data architecture — how documents flow, how decisions are logged, how exceptions are traced — was built for manual processes. Layering AI on top of that architecture produces a system that works in a demo but fails an audit.
One risk manager put it plainly: "We are not afraid to adopt AI. We are afraid we cannot govern it properly, because the data infrastructure was not designed for it."
Two Pain Points, One Root Cause
Across conversations with banking operations directors, two specific pain points came up more than any others.
The first is credit assessment. It remains one of the most labour-intensive, time-consuming, and error-prone processes in Indonesian banking. Documents arrive in different formats, varying quality, and massive volumes. Analysts spend hours re-keying data between systems, cross-referencing physical and digital records, and chasing approvals across departments.
The second is trade finance — specifically, the growing opportunity in AI-assisted trade operations. Banks recognise that trade finance processing is ripe for automation, but the document volumes and compliance requirements demand significant manpower to manage properly.
What became clear at IOBS is that these two challenges share the same root cause. Both revolve around documents. Both require extracting structured data from unstructured inputs. Both demand a governed audit trail that regulators can inspect. And both break down at the same point: the gap between what OCR can read and what the business actually needs to understand.
Where Traditional OCR Falls Short
Standard OCR reads text from a page. That is useful, but it is not sufficient for the regulatory reality of Indonesian banking.
A trade finance document does not just contain text. It contains relationships between data points that must be cross-verified across multiple documents — the LC terms, the invoice amounts, the shipping records, the compliance declarations. A credit assessment file does not just contain numbers. It contains handwritten notes, stamps, signatures, and annotations in mixed languages that carry legal weight.
Traditional OCR digitises the surface. It does not interpret the meaning. And when a compliance officer needs to explain to OJK why a specific document was approved, "the OCR read the text correctly" is not an adequate answer. They need to show the reasoning chain: which data was extracted, how it was validated, what rules were applied, and where a human reviewed the output.
This is the gap that kept coming up at IOBS. Banks have OCR. What they do not have is an intelligent, governed process that connects document ingestion to business decisions with a traceable audit trail.
What Agentic OCR Actually Does Differently
Redpumpkin builds Agentic OCR specifically for this problem. The distinction from traditional OCR is not just accuracy — it is the orchestration of a governed workflow around the extracted data.
Here is how the process works in practice:
Ingestion. Documents arrive in any format — scanned PDFs, photographs of handwritten forms, digital exports from legacy systems. The system accepts all of them without requiring format standardisation upfront.
Classification and extraction. AI agents classify each document by type and extract the relevant data fields. For handwritten documents, accuracy is high but not perfect — which is exactly why the next step exists.
Validation and cross-matching. Extracted data is validated against business rules and cross-matched across related documents. In trade finance, this means checking LC terms against invoices against shipping documents. In credit assessment, this means reconciling financial statements against supporting documentation.
Human review. A human-in-the-loop step is built into every workflow. The system flags uncertainties, highlights exceptions, and routes them to the right reviewer. Human review is a design decision, built in from the start. For regulated industries, full automation without human oversight creates compliance risk, not operational efficiency.
Integration. Validated data posts directly into the bank's existing ERP or core banking system. No migration required. The system connects to existing infrastructure through APIs, which means the bank does not have to replace anything to get value from the deployment.
Every step in this chain produces an audit artifact — an evidence map, a rule trace, an exception report, a review log. These artifacts are what make the system governable. When OJK asks how a decision was made, the answer is documented at every stage.
Security for Regulated Environments
The security question came up in every conversation at IOBS. Indonesian banks operate under strict data sovereignty requirements, and the regulatory environment is becoming more prescriptive, not less.
Redpumpkin addresses this at the architecture level, not as an afterthought. Depending on the organisation's requirements, deployment options include token-based access with configurable guardrails for standard use cases, and private GPU environments or on-premise deployment for banks that require full data sovereignty. Sensitive data never leaves the bank's security perimeter.
This is a non-negotiable requirement for production-grade AI in Indonesian banking. A system that processes trade finance documents in a shared cloud environment, with data transiting through third-party infrastructure, will not pass a compliance review at most Indonesian banks. The system is cloud-agnostic and deploys inside the client's own trust boundary — AWS, Azure, GCP, or private infrastructure.
The AI Agent Can Be Tailored to Your Workflow
One of the most practical questions at IOBS was about integration with existing processes. Banks do not want to redesign their operations around a vendor's product. They want the product to fit into the operations they already run.
The AI agents are configurable to match the bank's specific workflow — the document types they process, the validation rules they apply, the approval chains they follow, the systems they connect to. This is what makes the system "agentic" in a meaningful sense: it orchestrates tasks across the full document processing chain, reducing manual effort while keeping humans involved at the decision points that matter.
Banks that have deployed this approach have reduced document processing time from hours to minutes. The cycle time reduction on trade finance verification — from days to minutes — is documented in our published BFSI case studies.
What IOBS Taught Redpumpkin
The most valuable outcome of IOBS was not a sales pipeline. It was a reality check.
Some of the concerns raised by compliance officers and risk managers forced an honest reflection: are the solutions we build addressing their regulatory reality, or are we still presenting the ideal state? Technology adoption in Indonesian banking is not about capability. It is about readiness. And readiness looks different depending on whether you are talking to a CTO or a Chief Risk Officer.
The CTO asks: "Can the system handle our document volumes?"
The Chief Risk Officer asks: "Can I explain to OJK how the system reached its conclusion?"
Both questions have to be answered before a deployment moves to production. Redpumpkin builds for both — but the conversations at IOBS made clear that the governance answer is the one that determines whether a project ships or stalls.
That is the kind of feedback that makes a vendor better at what it does. FKDOP's theme for this year — "Journey to World Class Operation" — is a reminder that world-class does not mean adopting the latest technology first. It means building the governance, data architecture, and operational discipline to adopt technology responsibly. Building infrastructure for regulated industries means building for the regulatory reality on the ground — not the ideal state in a whitepaper.
FAQ
Can Agentic OCR handle handwritten documents in Indonesian banking workflows?
Yes. Redpumpkin's Agentic OCR reads handwritten text, including mixed-language annotations common in Indonesian banking documents. Accuracy is high but not absolute, which is why every workflow includes a human-in-the-loop review step. For regulated industries, this design is intentional — full automation without human verification is a compliance risk, not a feature.
How does Agentic OCR differ from traditional OCR for trade finance?
Traditional OCR digitises text from a page. Agentic OCR orchestrates an entire governed workflow — ingestion, classification, extraction, cross-document validation, human review, and integration into existing systems. Every step produces an audit artifact (evidence map, rule trace, exception report, review log) that satisfies regulatory requirements for decision traceability.
What security options does Redpumpkin offer for Indonesian banks?
Redpumpkin deploys inside the bank's security perimeter. Options range from token-based access with guardrails for standard use cases to private GPU environments and on-premise deployment for banks requiring full data sovereignty. The system is cloud-agnostic — it runs on AWS, Azure, GCP, or private infrastructure without requiring data to leave the bank's trust boundary.
Can Redpumpkin's Agentic OCR integrate with existing core banking systems?
Yes. Integration is where the real operational value is realised. Redpumpkin connects OCR outputs directly into downstream systems — ERP, core banking, compliance platforms — through APIs. No migration is required. The system works with existing infrastructure, which means the bank does not need to replace legacy systems to deploy Agentic AI.
What is FKDOP and what is IOBS?
FKDOP (Forum Komunikasi Direktur Operasional Perbankan) is the professional forum for banking operations directors in Indonesia, chaired by Armand Wahyudi Hartono. Its tagline — "From Nusantara to the World" — reflects its mission to elevate Indonesian banking operations to global standards. IOBS (Indonesia Operations Banking Summit) is FKDOP's flagship annual event. The 2nd IOBS in 2026 carries the theme "Journey to World Class Operation" and features presentations, working groups, a competitive showcase with judging criteria and awards, and a focus on developing younger bankers in operational units.
How does Redpumpkin ensure AI governance compliance with OJK requirements?
Every Redpumpkin deployment produces human-auditable reasoning chains at each processing stage. This includes evidence maps that show which data informed a decision, rule traces that document which validation logic was applied, exception reports that flag anomalies, and review logs that record human oversight actions. These artifacts are designed to meet OJK's digital resilience and AI transparency standards.
About Redpumpkin.ai
At Redpumpkin.AI, we build a GenAI & agentic AI business platform that helps teams adopt generative AI in a way that’s practical, secure, and actually deployable without getting stuck in data complexity, privacy concerns, or painful integration work. Our mission is to make GenAI & agentic ai accessible for both SMEs and large enterprises, so we focus on solutions that are simple to use, scalable in production, and customizable to real business needs, backed by strong security and compliance.
