PT BANK MANDIRI PERSERO Tbk. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS As of December 31, 2015 and for the year then ended Expressed in millions of Rupiah, unless otherwise stated 203

60. CHANNELING LOANS continued

Bank Mandiri has been appointed to administer the loans received by the Government of the Republic of Indonesia in various currencies from several bilateral and multilateral financial institutions to finance the Government’s projects through State Owned Enterprises, Region Owned Enterprises and Regional Governments, such as: Asian Development Bank, Banque Français Credit National, Barclays, BNP Paribas, BNP Paribas CAI Belgium, Calyon BNP Paribas, CDC NES, Export Finance and Insurance Corporation EFIC Australia, IDA, International Bank for Reconstruction and Development, Japan Bank for International Cooperation, Kreditanstalt Fur Wiederaufbau, Nederland Urban Sector Loan De Nederlanse Inveseringsbank voor Ontwikkelingslanden NV, Switzerland Government, RDI - KI, Spain, U.B Denmark, US Export Import Bank and Overseas Economic Cooperation Fund. However, based on the Regulation of the Ministry of Finance No 40PMK.052015 dated March 6, 2015 stated starting October 1, 2015 management administration of overseas loans are governed by the Ministry of Finance, resulting all of the loans governed by the administrative bank being taken over by the Ministry of Finance. Channeling loans are not included in the consolidated statement of financial position as the credit risk is not borne by the Bank and its Subsidiaries. Bank Mandiri’s responsibilities under the above arrangements include, among others, collections from borrowers and payments to the Government of principal, interest and other charges and the maintenance of loan documentation. As compensation, Bank Mandiri receives banking fee which varies from 0.05 - 0.50 from the average of outstanding loan balance in one year.

61. RISK MANAGEMENT

Bank Mandiri segregates independent risk management function based on the requirement of Bank Indonesias regulation and international best practices. Bank Mandiri adopts the Enterprise Risk Management ERM concept as comprehensive and integrated risk management strategy which in line with Banks business process and operational needs. ERM implementation will give value added to the Bank and stakeholders. ERM is a risk management process embedded in the business strategies and operations that are integrated into daily decision making processes with ERM, the Bank establishes a systematic and comprehensive risk management framework credit risk, market risk and operational risk by connecting the capital management and business processes to risks. In addition, ERM also applies consolidated risk management to the subsidiaries, which will be implemented gradually to maximise the effectiveness of bank’s supervision and value creation to the Bank based on Bank Indonesia Regulation No. 86PBI2006 dated January 30, 2006. The Bank’s risk management framework is based on Bank Indonesia’s Regulation No. 58PBI2003 dated May 19, 2003 regarding Risk Management Implementation for Commercial Banks as amended by Bank Indonesia’s Regulation No. 1125PBI2009 dated July 1, 2009 regarding The Amendment of Bank Indonesia’s Regulations No. 58PBI2003 regarding the Implementation of Risk Management for Commercial Bank. The Bank’s risk management framework is stated in the Bank Mandiri Risk Management Policy BMRMP, which is in line with the implementation plan of Basel II Accord in Indonesia. Risk management framework consists of several policies as the guideline to the business growth and as a business enabler to ensure the Bank conduct prudential principle by examining the risk management performance process identification - measurement – monitoring – risk mitigation for all organisation levels. Active supervision by the Board of Directors and the Board of Commissioners on risk management activities, directly and indirectly, are implemented through the establishment of committees at the level of the Board of Commissioners which are Risk Monitoring Committee, Integrated Governance Committe and Audit Committee. The Executive Committee under the supervision of the Board of Directors consists of Assets Liabilities Committee ALCO, Risk Management Committee RMC, Integrated Risk Management Committee IRC Capital Subsidiaries Committee CSC, Wholesale Business Committee WBC, Retail Business Committee RBC, Information Technology Committee ITC, Human Capital Policy Committee HCPC, Policy Procedure Committee PPC and Credit Committee. PT BANK MANDIRI PERSERO Tbk. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS As of December 31, 2015 and for the year then ended Expressed in millions of Rupiah, unless otherwise stated 204

61. RISK MANAGEMENT continued

Out of 10 Executive Committee, there are 4 committees that are directly involves in risk management, i.e RMC, IRC, ALCO and PPC, RMC is the Committee that discuss and recommends policy and procedures as well as monitoring roifk profile and managing all the Banks risks. Integrated IRC is the committee that provide recommendation on the integrated risk management policy including the application of risk management in subsidiaries. IRC is based on the application of OJK Rule No.14POJK.032014 regarding integrated risk management. IRC has members from subsidaries and discuss as well as recommends the policy and application of integrated risk management. ALCO is the committee that manages Banks asset and liability management, interest rate and liquidity and other areas that are related to the asset and liability management of the Bank. PPC is the committee that discuss and recommends the adjustment or improvement in the Banks policy and procedures. Committees under Board of Commissioners including Risk Monitoring Committee, Integrated Governance Committee and Audit Committee, which has the task and responsibility to perform review and evaluation on policy and execution of Banks risk management, as well as providing inputs and recommendation to the Board of Commissioners in their monitoring tasks. Operationally, the related Directorate with risk management is divided into 2 two big parts, that is 1 Credit Approval as part of the four-eye principles, located at the Wholesale Risk Directorate and Retail Risk Directorate and 2 Independent Risk Management that is located in the Risk Management Directorate and Risk Management Compliance Directorate. Risk Management Compliance is headed by a Director that is responsible towards the Board of Director and also a member of the Integrated Risk Management Committee, and Policy Procedure Committee. The bank has also established a Risk Management Working Unit under the Risk Management Compliance. The Risk Management Compliance Directorate is divided into 3 three groups, that is the Credit Portfolio Risk Group that is related to Credit Risk and portfolio and Risk Management integration through ERM, Market Risk Group and Operational Risk Group that is related to market risk, liquidity risk, and operational risk. The Risk Management Directorate and each strategic business unit are responsible for maintainingcoordinating 8 eight types of risk that faced by the Bank, discussing and proposing risk management policies and guidelines. All risks will be reported in quarterly risk profile report and semi-annually Bank’s soundness report in order to describe all embedded risks in the Bank’s business activities, including consolidation with subsidiaries’s risks. A. Credit Risk The Bank’s credit risk management is mainly focused to improve the balance between prudent loan expansion and maintenance in order to prevent quality deterioration downgrading to Non Performing Loan NPL category and to optimise capital utilisation to achieve optimum Return On Risk Weighted Asset RORWA. To support this objective, the Bank periodically reviews and updates its policies and procedures for credit in general, by business segment and tools risk management. These policies and procedures are intended to provide a comprehensive credit risk management guideline for identification, measurement and mitigation of credit risks in the end-to-end loan acceptance process, from market targeting, loan analysis, approval, documentation, disbursement, monitoring and settlement process for non-performingrestructuring loans. To improve the Bank’s social role and concern to the environmental risk and as an implementation of Good Corporate Governance GCG, the Bank has set up a Guideline for Technical Analysis of Environmental and Social in Lending which is used as a reference in analysing environmental risk in a credit analysis. This Guideline is in line with Bank Indonesia regulation regarding Assessing the Quality of Asset on Commercial Bank regulating that the assessment on debtor business process should also consider the debtor’s effort to maintain its environment.