PT BANK MANDIRI PERSERO TBK. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS Years Ended December 31, 2008 and 2007 Expressed in millions of Rupiah, unless otherwise stated 125

55. RISK MANAGEMENT continued

Risk Management Directorate together with other business unit are responsible in maintaining or coordinating all risks which are credit risk, market risk, operational risk, liquidity risk, legal risk, reputation risk, strategic risk and compliance risk including establishing risk management policies and standards. All risks will be disclosed in quarterly risk profile report to portrait all risks embedded in Bank’s business activities, including consolidation with subsidiaries’ risk. Credit Risk The Bank’s credit risk management is mainly directed to improve the balance of the performing loans expansion and prudential loans monotoring in order to prevent asset impairment or to become Non Performing Loan NPL and to optimize capital utilization allocated for optimal Risk Adjusted Return On Capital RAROC. To support this matter, Bank has established written policies and procedures which includes the Bank Mandiri Risk Management Policy KMRBM, Bank Mandiri Credit Policy KPBM, Credit Standard Procedures SPK for each business segment, and temporary Memorandum Credit Policy and Procedures which regulated the policies and procedures which have not been accommodated in KPBM and SPK. The four policies and procedures purpose are to provide a comprehensive loan risk management manual related to credit risk identification, measurement and mitigation of risks in loan granting process from target market, credit analysis, approval, documentation, loan disbursement, monitoringsupervising, also problem loan settlementloan restructuring. In order to ensure prudential loan granting process, Bank reviews and improves credit policies and procedures periodically to fit with current business development. In alignment with the Strategic Business Unit SBU implementation, the Bank prepared Credit Standard Procedures SPK for each business segment in order to have better focus in capturing business need by each business segment. In principles, credit risk management is implemented on both transactional and portfolio level. On transactional level, the Bank has implemented four-eye principle whereby every loan approval will involve Business Unit and Credit Risk Management Unit independently to obtain an objective decision. Four-eye principle process is conducted by the Credit Committee within the authority limit and loan approval process is conducted through the Credit Committee meeting process. The holder of Loan Approval Authorization as Credit Committee member has high competence, abilities and integrity. Therefore, the loan granting process becomes more comprehensive and prudent. As part of prudential banking practice, the authority holder in giving loan disbursement approval beside using the financial spread sheet and the Loan Analysis Form NAK also using Rating Tools like Bank Mandiri Rating System BMRS and Scoring Tools Micro Banking Scoring System MBSS and Small Medium Enterprise Scoring System SMESS to perform more accurate credit risk assessment and interest rate determination with risk based pricing. The Bank has Credit Rating and Credit Scoring Model, Design and Development Guidance which is a complete guidance for the Bank to create credit rating and credit scoring model. Bank has also developed Rating System for the Financial Institution - Bank which is Bank Mandiri Financial Institution Rating BMFIR, so that Bank can identify and measure the level risk of Counterparty Bank which can be tolerated in providing Credit Line facility. Furthermore, Bank has also developed scoring model for SME segment focusing on potential debtor using EBITDA approach.