140 2013 Annual Report BNI Risk Management The Corporate Plan document is reviewed annually to adjust with the changing business environment. Likewise, the Board of Directors General Policy, the Bank Business Plan at the corporate level, and Business Plan at unit levels, may be reviewed in the first semester of the year, and in the event of significant changes occurring in the environment can be reviewed in a shorter time period. The mechanism for measuring progress of the business plans involves the comparison of established targets with the actual achievements, in the following manner: a. Monthly monitoring to evaluate the performance and strategy of the company bankwide b. Quarterly monitoring of performance at Division level c. Half-yearly monitoring the performance of the Company and all business units through Business Review forum at the Head Office and Regional Offices.

7. Compliance Risk

Governance and Organization Compliance Risk management is conducted by the Compliance Division KPN, under the active supervision of Director of Legal Compliance. Policies and Procedures Implementation of management of Compliance Risk refers to the Compliance Risk Management Guidelines and other relevant policies and procedures. Process In support of healthy and sustainable business growth at BNI, the Compliance Division engages in compliance risk management through the following activities: a. Monitoring Compliance Risk Monitoring the status of compliance to prevailing regulations, involving: 1 Monitoring the submission of mandatory reports to Bank Indonesia and other external bodies. 2 Monitoring sanctionpenalties imposed by Bank Indonesia and other supervisory authorities, and cooperating with the relevant units in improvement steps. 3 Monitoring compliance to prudential banking principle CAR, Mandatory Reserves, NOP, LLL, NPL, PKA b. To ensure that all policies, company regulations, systems and procedures as well as activities of the Bank are in compliance with the requirements of Bank Indonesia and other prevailing regulations, through: 1 Certification process, compliance opinion and compliance analysis a. Certification on new as well as existing policies and procedures. b. Providing compliance opinion. c. Conducting analysis of impact of external regulations d. Conducting reviews on the adequacy of policies. 2 Preventative reviews Conducting preventative compliance reviews on credit and procurement processes in accordance with prevailing authority and criteria, namely: a. Credit Compliance Review C2R on proposals for Credit Application Tools PAK b. Procurement Compliance Review PCR on proposals of Document of Procurement for GoodsServices c. Internal Control In order to ensure that the Bank’s operational units are in compliance with prevailing regulations, BNI conduct internal control activities through corrective reviews by the Compliance Unit at Division Regional Office BranchLoan Centers, consisting of the following activities: 1 Routine reviews 2 Compliance Testing 3 Incidental reviews, consisting of: a. Immediate reviews b. Special reviews c. Issue reviews Further details on the management of Compliance Risk are discussed in the section Corporate Governance - Implementation of Compliance Function.

8. Reputational Risk