Due Diligence in Indonesia: What Document Review Misses Is What Creates Post-Closing Exposure

Conventional due diligence verifies what a company says it is. In Indonesia’s current regulatory environment, what matters equally is whether the company’s ownership data, licensing profile, tax position, labor obligations, and asset records are consistent across the government systems that monitor them continuously. XPND conducts due diligence that covers both the documents and the system-level reality behind them, so transactions close on a foundation that holds. 

The Situations That Make Transactions Fail or Underperform

Most due diligence failures in Indonesia are not discovered during the process. They are discovered after closing, when the acquirer attempts to operate the business and encounters the regulatory gap that the review did not identify.

You are acquiring a company and the seller’s documents look clean. The corporate deed is in order, the licenses are valid, and the financial statements have been audited. But the company’s Beneficial Ownership data in the Ministry of Law’s AHU Online system has not been updated since the last ownership change two years ago. Under Minister of Law Regulation (Peraturan Menteri Hukum or Permenkum) No. 2 of 2025, changes in beneficial ownership must be reported within three days of occurrence. A company whose AHU data does not reflect current ownership faces access blocking that prevents share transfers, capital injections, and corporate amendments from being processed. The transaction cannot close until this is resolved.

You are making a capital injection into an existing PT PMA and assuming that the company’s OSS licensing profile is current. The company has a valid NIB and a Standard Certificate, but it added a new business activity eighteen months ago that is not reflected in the KBLI codes registered in OSS. The undisclosed activity has been generating revenue under an unregistered classification. Post-closing, when you update the OSS profile as part of integration, the discrepancy triggers a licensing review and potential administrative sanctions that were never priced into the transaction.

You are acquiring a company that has been managing its foreign workforce correctly on paper, with valid KITAS and RPTKA Approvals. What the documentation does not show is that two employees have been working from a different city than the one registered in their RPTKA, and one has been performing duties outside the scope of the approved position. The Ministry of Manpower’s compliance record for the sponsoring company shows unresolved prior inspections. This affects the company’s ability to process future work permit applications and creates latent enforcement exposure.

You are performing due diligence on a target company whose financial statements show a clean tax position. But when the Coretax Taxpayer Account Management ledger is examined, it shows pre-populated transaction data from counterparties that was never reconciled against the company’s own records. The discrepancy has been accumulating silently and represents a potential SP2DK exposure that the company has not disclosed because its finance team was unaware it existed.

You are evaluating a property-holding company and the land certificates check out on their face. But one parcel carries an encumbrance that is registered in the land office database but not reflected in the corporate documents provided by the seller. Another parcel’s Environmental Approval (Analisis Mengenai Dampak Lingkungan or Amdal) lapsed six months ago and has not been renewed, which affects the legality of the operational activities conducted on the site.

Tell us about the transaction structure and timeline. We will scope the due diligence coverage you actually need.

Why Standard Due Diligence Often Misses the Risk That Matters

Indonesia’s regulatory architecture operates across interconnected government systems that cross-reference each other continuously. The AHU system for corporate and ownership data, the OSS system for licensing, the Directorate General of Taxes for tax compliance, the Ministry of Manpower for labor and work permit records, and the National Land Agency (Badan Pertanahan Nasional or BPN) for property titles are no longer isolated databases. They share data and apply automated verification against each other.

A conventional document review verifies what a company has produced for the data room. It does not verify whether that documentation is consistent with what the government’s systems actually show. The gap between the two is where most post-closing surprises originate.

Under Permenkum No. 2 of 2025, Beneficial Ownership data is subject to active risk-based verification and annual update obligations, with AHU system blocking as the sanction for non-compliance. Under PP No. 28 of 2025 and BKPM Regulation No. 5 of 2025, licensing effectiveness depends on OSS data consistency rather than document possession. Under Permenkum No. 49 of 2025 on Company Registration, any mismatch between AHU corporate data and OSS licensing records can trigger administrative complications for future corporate actions. Under the Coretax framework governed by PMK No. 81 of 2024, tax exposure accumulates in real time in a government ledger that the company may not be monitoring.

Due diligence that does not verify the target’s position in each of these systems is due diligence that leaves the buyer exposed to risk that was always there but was never examined.

Not sure whether your due diligence scope covers system-level verification? We can review the gap.

Beneficial Ownership Verification: The AHU System Risk in Every Transaction

Under Permenkum No. 2 of 2025, effective 4 February 2025, every Indonesian company is required to report its Beneficial Ownership (BO) data through the AHU Online system, update it annually, and report any changes within three days of occurrence. The regulation replaced Permenkumham No. 21 of 2019 and introduced a risk-based verification process that cross-references BO declarations against tax data, shareholder records, and other government databases.

The administrative sanction for non-compliance is AHU system blocking. A company that is blocked cannot process share transfers, capital injections, director changes, or corporate amendments through the AHU system. In a transaction context, this is a deal-stopping event. The transaction cannot proceed until the AHU block is lifted, which requires the company to first bring its BO data into full compliance.

The most common BO compliance gaps in transaction targets include beneficial ownership data that has not been updated following a prior ownership change, group structures where the ultimate beneficial owner is not correctly identified through intermediate holding entities, and nominee arrangements that obscure the actual controlling party.

XPND traces beneficial ownership through multi-layer corporate structures, verifies the target’s current AHU compliance status, and identifies any BO gaps that would prevent the transaction from proceeding as planned. Where remediation is required, XPND manages the correction process within the AHU Online system before the transaction timeline is affected.

Licensing Reality Check: When the License Exists but the Profile Does Not Match

A valid NIB is not the same as a clean licensing profile. Under the Risk-Based Approach governed by PP No. 28 of 2025 and BKPM Regulation No. 5 of 2025, a company’s licensing status depends on whether its KBLI registrations, risk classifications, and OSS data are consistent with what the company actually does.

A target company may have been operating in a business activity for years without registering the corresponding KBLI code, or may have continued using a pre-2025 licensing structure that has not been migrated to the current OSS framework. Either creates a licensing gap that will surface during integration when the acquirer updates the company’s OSS profile, applies for new licenses, or undergoes post-approval supervision.

XPND reviews the target’s OSS profile against its actual operational activities, identifies any unregistered KBLI codes or risk classification mismatches, and assesses whether any legacy licenses require migration or renewal under the current regulatory framework. The licensing review also covers whether the target has met its LKPM filing obligations, since missed filings and the four-consecutive-quarter non-realization trigger can result in automatic administrative sanctions.

Planning an acquisition and need to verify the target’s licensing position? XPND can scope a focused licensing review.

Tax Exposure Assessment: What the Financial Statements Do Not Show

A clean audit opinion on a company’s financial statements does not mean the company has no unrecognized tax exposure. Under the Coretax framework, the government maintains a Taxpayer Account Management ledger that records all tax invoices, withholding certificates, and payments in real time, cross-referenced against counterparty data.

A company that has not been reconciling its own records against the Coretax ledger may have accumulated discrepancies between what it has reported and what the government’s system shows. These discrepancies are a source of latent SP2DK exposure that becomes the acquirer’s problem after closing.

XPND’s tax due diligence focuses on three areas that document-based review typically misses: reconciliation of the target’s bookkeeping records against the Coretax Taxpayer Account Management ledger, assessment of NPWP and NIK master data accuracy for employees, vendors, and counterparties, and identification of any deferred tax positions that should have been recognized under SAK EP but were not.

The objective is to quantify the tax exposure that exists in the government’s system but has not been reflected in the target’s financial records, so it can be priced into the transaction or addressed through representations and warranties.

Labor and Employment Compliance: The Liabilities That Aggregate Over Time

Employment compliance issues in Indonesian target companies tend to accumulate over years rather than arising from a single event. By the time a transaction occurs, the aggregate liability can be material and is often not visible from the financial statements alone.

XPND reviews labor compliance across three dimensions. The first is employment contract structure, covering whether the target has correctly classified permanent and fixed-term employees under Government Regulation (Peraturan Pemerintah or PP) No. 35 of 2021, and whether any PKWT contracts have been used in circumstances that legally require a permanent employment relationship. Incorrect contract structures create retroactive conversion obligations and severance liability.

The second dimension is the Company Regulation or Peraturan Perusahaan, covering whether the target’s internal employment policies reflect current law including the changes introduced by Law No. 4 of 2024 on Mother and Child Welfare for maternity leave obligations, and whether the Company Regulation has been renewed within the two-year cycle required under Permenaker No. 28 of 2014.

The third dimension is the BPJS enrollment record, covering whether all employees have been correctly enrolled in both BPJS Kesehatan and BPJS Ketenagakerjaan from their employment start date, and whether any enrollment gaps have created retroactive contribution liability.

Asset and Property Verification: Beyond the Certificate

For transactions involving property-holding companies or companies with significant fixed assets, the land title review goes beyond confirming that the certificate exists. XPND verifies title status against the BPN database, identifies any encumbrances, disputes, or mortgage registrations that are reflected in the land office record but may not appear in the corporate documents, and reviews the currency of environmental approvals, building permits, and Certificate of Proper Function (Sertifikat Laik Fungsi or SLF) for all operational properties.

For transactions involving industrial operations, XPND also reviews Environmental Approval (Analisis Mengenai Dampak Lingkungan or AMDAL) status and the currency of sector-specific permits that have an expiry cycle.

How XPND Structures the Due Diligence Engagement

Beneficial Ownership and AHU compliance verification

XPND traces the target’s beneficial ownership through all intermediate entities, verifies the current AHU compliance status under Permenkum No. 2 of 2025, and identifies any BO gaps that would create an AHU system block during the transaction process. Where remediation is needed, XPND manages the correction before it affects the timeline.

Licensing and OSS profile review

XPND compares the target’s OSS profile against its actual business activities, identifies unregistered KBLI codes, risk classification mismatches, and legacy licenses requiring migration or renewal, and assesses LKPM filing compliance.

Tax position assessment against Coretax

XPND reconciles the target’s bookkeeping records against the Coretax Taxpayer Account Management ledger, identifies pre-populated data discrepancies, reviews NPWP and NIK master data accuracy, and quantifies latent SP2DK exposure.

Labor and employment compliance review

XPND reviews employment contract structures under PP No. 35 of 2021, Company Regulation currency and content under Permenaker No. 28 of 2014 and Law No. 4 of 2024, and BPJS enrollment records against employment start dates.

Asset and property verification

XPND verifies land titles against BPN records, identifies encumbrances and disputes, and reviews environmental approvals, building permits, and SLF currency for all material properties.

Data room preparation for sell-side mandates

For companies preparing for a transaction as a seller, XPND conducts a pre-sale compliance review that identifies and resolves the regulatory gaps that would surface in a buyer’s due diligence. Addressing these proactively gives the seller control over the narrative and timeline rather than responding to buyer findings under deal pressure.

Working on a transaction with a tight timeline? Talk to XPND about what a focused due diligence scope looks like.

Why Due Diligence

In Indonesia’s current regulatory environment, the risk that most transactions underestimate is not the risk of fraud or misrepresentation. It is the risk of accumulated compliance drift: the gradual accumulation of gaps between a company’s regulatory reality and its documentation, across ownership data, licensing records, tax positions, labor obligations, and asset titles.

This drift is not visible from a document review. It is only visible when you look at what the government’s systems actually show, not what the company’s files say.

Due diligence that closes this gap does not just protect the buyer from post-closing surprises. It produces the accurate picture of the target’s regulatory position that informed transaction pricing, representations and warranties, and post-closing integration planning all depend on.