186 2012฀Annual฀Report฀•฀ BNI Untuk mengelola potensi kerugian Risiko Pasar telah ditetapkan limit-limit sebagai berikut: a. Value at Risk Limit VaR Limit, yang merupakan maksimum potensi kerugian yang mungkin terjadi pada waktu tertentu di masa datang dengan tingkat kepercayaan tertentu. b. Loss limit yang dipergunakan untuk membatasi realisasi kerugian aktivitas bisnis. c. Limit pembelian surat berharga yang digunakan untuk membatasi konsentrasi pembelian surat berharga korporat berdasarkan rating dan jenis mata uang surat berharga. d. Asset and liability repricing gap limit untuk membatasi risiko suku bunga dalam banking book .

3. Risiko Operasional

Dengan meningkatnya keragaman dan kompleksitas produk serta aktivitas perbankan yang ditawarkan kepada nasabah, perkembangan sistem dan teknologi pendukung yang sangat cepat, serta meningkatnya ekspektasi nasabah akan pelayanan yang diberikan oleh bank, maka pengelolaan risiko operasional menjadi hal yang sangat penting. Tata Kelola Organisasi Tata kelola manajemen risiko operasional telah diimplementasikan di segenap unit bisnis dan unit pendukung sebagai Risk Owner atau Risk Taking Unit yang merupakan first line of defense . Implementasi tersebut didukung dengan pertahanan second line of defense yang dijalankan oleh Divisi Manajemen Risiko Bank serta Divisi Kepatuhan sebagai Risk Control Unit dan third line of defence yaitu Satuan Pengawas Internal sebagai Risk Assurance Unit . Kebijakan dan Prosedur Divisi Manajemen Risiko Bank telah memiliki Kebijakan Manajemen Risiko Operasional untuk mendukung implementasi manajemen risiko operasional pada segenap unit, yang dijabarkan lebih rinci dalam Standard Operating Procedure transaksi dan operasional yang prudent untuk menjalankan aktivitas bisnis sehari-hari. Manajemen Risiko Risk Management To manage the potential loss of market risk, limits have been set as follows: a. Value at Risk VaR limit, which is the maximum potential loss that may occur at a specific time in the future with a certain confidence level. b. Loss limit, which is used to limit the realization of the loss of business activity. c. Limit on the purchase of securities that is used to control the concentration of corporate securities according to bond rating and currency denomination of securities. d. Asset and liability repricing gap limit to control the interest rate risk in the banking book.

3. Operational Risk

The management of operational risk becomes very important in line with the increasing diversity and complexity of banking products and activities offered to customers, the very rapid development of systems and technologies, and the increased expectation of customers regarding services provided by the bank. Governance and Organization Operational risk management governance has been implemented in all business units and support units as Risk Owner or Risk Taking Unit forming the first line of defense. The implementation is supported by a second line of defense undertaken by the Enterprise Risk Management Division and the Compliance Division as the Risk Control Unit, as well as the third line of defense constituting the Internal Audit as Risk Assurance Unit. Policies and Procedures Enterprise Risk Management Division has a Policy for Operational Risk Management to support the implementation of operational risk management at all units, which is further elaborated in more details into Standard Operating Procedures for prudent transactions and operations for the day-to-day business activities. 187 Laporan฀Tahunan฀2012฀•฀ BNI Proses Proses manajemen risiko operasional BNI terdiri dari 5 lima proses utama yang berkesinambungan mengacu pada ketentuan Bank Indonesia yaitu identifikasi, penilaian, pengukuran, pemantauan dan pengendalian. a. Identifikasi Risiko Mekanisme identifikasi risiko operasional dilakukan dengan menerapkan Macro Process Mapping atas proses kerjaaktivitas masing-masing unit untuk menangkap potensi risiko operasional. b. Penilaian Risiko Dilakukan oleh masing-masing unit pemilik risiko melalui metode operational risk self assessment , mencakup penilaian atas dampak, frekuensi dan penyebab risiko serta solusinya. c. Pengukuran Risiko Sesuai dengan aturan Bank Indonesia, pengukuran risiko operasional menggunakan Pendekatan Indikator Dasar Basic Indicator Approach. Pengungkapan kuantitatif risiko operasional Bank secara individu dan konsolidasi dimuat dalam Tabel 8.1.a dan b d. Pemantauan Risiko Dilakukan oleh Divisi Manajemen Risiko Bank dengan melakukan evaluasi dan feedback atas penilaian risiko berdasarkan hasil self assessment. e. Pengendalian Risiko Mekanisme mitigasi risiko operasional tergambar pada proses pengendalian internal, yaitu dengan menerapkan 4 strategi mitigasi, yaitu hindari, kurangi, transfer dan terima. Keempat strategi mitigasi tersebut tertuang dalam prosedur mitigasi Risiko Operasional yang meliputi prosedur pengendalian, prosedur penyelesaian transaksi, prosedur akuntansi, prosedur penyimpanan aset dan kustodian, prosedur penyediaan produk dan prosedur pencegahan fraud. Perangkat dan Metode Untuk membantu proses pengelolaan risiko operasional yang dilakukan oleh setiap unit kerja bank, Bank telah mengembangkan perangkat manajemen risiko operasional Operational Risk Management tool berbasis Process Operational risk management process at BNI consists of 5 five major continuing processes as stipulated by Bank Indonesia, namely the identification, assessment, measurement, monitoring and control of risk. a. Risk Identification The mechanism for operational risk identification is done by applying Macro Process Mapping on work processes activities of each unit to capture the potential operational risks. b. Risk Assessment Performed by each risk owner unit through a method of operational risk self assessment, including an assessment of the impact, the frequency and causes of risks as well as its solutions. c. Risk Measurement In accordance with Bank Indonesia regulation, the measurement of operational risk uses the Basic Indicator Approach. Quantitative disclosure of operational risk - bank only and consolidated - is presented in Table 8.1.a and Table 8.1.b d. Risk Monitoring Enterprise Risk Management Division conducted an evaluation and feedback on risk assessment based on the results of self-assessment. e. Risk Control The mechanism for operational risk mitigation is reflected in the internal control processes through the implementation of the four strategies of mitigation, namely avoid, mitigate, transfer and accept. The four mitigation strategies are carried out in Operational Risk mitigation procedures that include control procedures, settlement procedures, accounting procedures, assets and custodial storage procedures, product delivery procedures, and fraud prevention procedures. Tools and Methods To help the process of operational risk management performed by each working unit, the Bank has developed a web-based Operational Risk Management tool known as PERISKOP Operational Risk Management 188 2012฀Annual฀Report฀•฀ BNI web web-based yang diberi nama PERISKOP Perangkat Risiko Operasional. PERISKOP mempunyai peranan yang sangat penting karena 3 tiga proses utama dalam proses pengelolaan risiko operasional menggunakan perangkat ini yaitu Self Assessment, Loss Event Database dan Key Risk Indicator. PERISKOP PERISKOP Modul Self Assessment Modul Loss Event Database Modul Key Risk Indicator Self Assessment SA merupakan suatu rangkaian kegiatan yang dilakukan sendiri oleh setiap unit risk owner dalam mengidentifikasi operational risk issue yang terdapat di unitnya, mencari penyebabnya, mengukur potensi kerugian yang mungkin timbul serta mencarikan solusi untuk mengatasinya. Hasil SA memberikan gambaran potensi risiko yang dihadapi unit untuk 3 bulan ke depan. Self Assessment SA is a series of activities conducted by each unit risk owner in identifying unit’s operational risk issue, finding the cause, measuring potential loss and finding solution to solve it. SA result provides a view on potential risk for 3 months ahead. Merupakan Database atas seluruh kerugian finansial akibat risiko operasional yang terjadi di seluruh unit di bank. Data kerugian yang terkumpul melalui modul LED, selain digunakan untuk pengelolaan risiko operasional yang lebih baik namun juga sebagai dasar untuk perhitungan kebutuhan modal untuk mengcover risiko operasional dengan menggunakan Advance Measurement Approach AMA. Database of all financial losses from operational risks occurred in all units of the bank. In addition to using it for better operational risk management, data of the losses gathered through LED Modul is also used as the basis for calculating allocated capital needed to cover operational risks, using Advance Measurement Approach AMA. Key Risk Indicators merupakan alat ukur untuk mengidentifikasi potensi risiko kerugian operasional yang melekat pada produk dan aktivitas sebelum risiko tersebut terjadi dan memberikan tanda signal jika melebihi suatu range nilai tertentu yang telah ditetapkan sebelumnya. Key Risk Indicators is the measurement tool to identify potential losses from operational risk inherent in products and activities before they occur and give signal in the event of losses higher than the specified range that has been decided. Business Continuity Management Gangguan atau bencana yang diakibatkan oleh faktor alam, perbuatan manusia, maupun sistem dapat terjadi pada fungsi-fungsi usaha BNI yang kritikal sehingga menyebabkan terganggunya aktivitas bisnis dan layanan BNI. Untuk mengantisipasi kejadian tersebut maka BNI telah menerapkan Manajemen Keberlangsungan UsahaBusiness Continuity Management BCM yang diharapkan dapat meminimalisir risiko operasional pada saat terjadinya kondisi darurat atau bencana. Pengembangan perangkat tersebut sejalan dengan peraturan Bank Indonesia yang mewajibkan bank untuk melaksanakan proses pengendalian risiko untuk mengelola risiko yang dapat membahayakan kelangsungan usaha bank, serta selaras dengan persyaratan pada dokumen Basel II yang mewajibkan Bank untuk memiliki rencana keberlangsungan usaha dan rencana darurat business continuity management dan contingency management guna memastikan kemampuan Bank untuk dapat tetap beroperasi dan membatasi kerugian jika terjadi gangguan terhadap aktivitas bisnisnya. Manajemen Risiko Risk Management Tool. PERISKOP has a very important role because the 3 three main processes in operational risk management use this tool, namely Self Assessment, Loss Event Database and Key Risk Indicator. Business Continuity Management Disruption or disaster caused by natural factors, human action, and system may happen to various BNI’s critical business function, causing disruption of business activities and services by BNI. To anticipate such events, BNI has implemented a Business Continuity Management BCM system that is expected to be able to minimize operational risk in the event of an emergency or disaster situation. The development of the system is in line with Bank Indonesia regulation that requires banks to implement risk control processes to manage risks that could compromise the survival of a bank, and also in line with the requirements of the Basel II document which requires the Bank to own a business continuity management and contingency management plan to ensure the Bank’s ability to keep operating and to limit losses in the event of disruption to business activities. 189 Laporan฀Tahunan฀2012฀•฀ BNI Tata Kelola dan Organisasi Dalam kondisi bencana disaster, BNI telah menyiapkan organisasi spesifik yang terdiri dari Eksekutif Senior sebagai koordinator penanggulangan bencana yang memiliki level kewenangan dan efektif sejak Crisis Management Team CMT yang beranggotakan Direksi menyatakan kondisi status bencana. Kebijakan Prosedur Terkait dengan implementasi Business Continuity Plan BCP, BNI telah menetapkan Kebijakan Rencana Penanggulangan Bencana, Panduan Penyusunan, Panduan Pengujian dan Pemeliharaan BCP serta penyusunan standardisasi petunjuk signage keselamatan gedung. Proses Setiap langkah Recovery Strategy dan Proses Recovery yang dilaksanakan dipantau dan dilaporkan ke Crisis Management Team CMT sampai kondisi dinyatakan normal kembali. Untuk memastikan tingkat kesiapan dan evaluasi BCP Business Continuity Plan, BNI telah melakukan pengujian atas implementasi BCP di seluruh unit operasional. Hal ini dilakukan secara rutin tiap tahun untuk mengetahui tingkat kesiapan masing-masing unit, ditinjau dari segi organisasi maupun infrastruktur BCP yang dimilikinya. Hasil dari evaluasi dan pengujian rutin tersebut terlihat dari penanganan yang sistematis dan terarah dalam menghadapi bencana baik yang disebabkan oleh manusia, alam, maupun oleh sistem sehingga aktivitas operasional BNI di lokasi bencana dapat tetap berjalan pada tingkatan tertentu walaupun beberapa sarana dan prasarana penunjang aktivitas bisnis mengalami gangguan. Perangkat dan Metode Perangkat BCM dilengkapi berbagai tools analysis untuk mengevaluasi dampak, Business Impact Analysis BIA, Recovery Time Analysis RTA, Recovery Tools dan berbagai Recovery Standard Operating Procedure SOP bagi setiap unit. Selain itu, BNI telah memiliki gedung BCP yang berlokasi di tempat tertentu, sebagai alternatif kelangsungan bisnis Bank jika terjadi bencana disaster di Kantor Pusat BNI. Gedung BCP tersebut dilengkapi dengan Disaster Recovery Center, Back-up Infrastucture dan Back-up Peralatan Komputer yang dibutuhkan dalam penanggulangan bencana. Governance and Organization In a disaster situation, BNI has prepared specific organization consist of Senior Executives as disaster management coordinator who has a level of authority and effective since the Crisis Management Team CMT consist of the Board of Directors declares a disaster condition. Policies Procedures Along with the implementation of the Business Continuity Plan BCP, BNI has established Disaster Management Plan Policies, Guidelines for Developing, Testing, and Maintenance of BCP and preparation of standardized instructions signage in building safety. Process Every step of the Recovery Strategy and Recovery Process implemented are monitored and reported to the Crisis Management Team CMT until it return to normal conditions. To ascertain the level of readiness and evaluation of BCP Business Continuity Plan, BNI examined the implementation of BCP in all operational units. This is conducted routinely every year to determine the level of readiness of each unit, in terms of organization and infrastructure of its BCP. The results of the routine evaluation and examination are tested that BNI can keep running to a certain extent at disaster site although some facilities and business activity infrastructure experienced interference, because of the systematic and directed handling to face disasters caused by human, natural or system. Tools and Methods The BCM system is equipped with a variety of analysis tools to evaluate the impact, Business Impact Analysis BIA, Recovery Time Analysis RTA, Recovery Tools and other Recovery Standard Operating Procedure SOP for each unit. In addition, BNI also operates a BCP building, as an alternative to the Bank’s business continuity in case of disaster at BNI Head Office. The BCP building is equipped with Disaster Recovery Center, Back-up Infrastructure and Back-up Computer Equipment needed in disaster. 190 2012฀Annual฀Report฀•฀ BNI

4. Risiko Likuiditas