03 Company at a Glance 04 Management Discussion and Analysis on Companys Performance 05 Review of Business Support Function 01 Main Highlights 02 Management Report • Accelerate in Growth Segment, comprised of three segments, namely: 1 Micro Segment, 2 Individuals Segment, and 3 SME Segment. • Integrate the Group strategy is the Group that aims to increase the synergy in every working units by optimizing all existing resources in Bank Mandiri and its subsidiaries in order to support each other through cross-selling. Steps and Plans in Anticipating Strategic Risk Here are the risk management strategies in 2017: • Slowdown of economic impact on business growth and credit quality has driven Bank Mandiris loan expansion carefully prudent, as well as made the selection sector is prospective and not vulnerable to economic turmoil, monitoring watch list, better management credit to an end to end, and so forth. • Controlling the formation of CKPN by reviewing and following up on account which potentially problematic, to anticipate the unexpected condition. • Focus on the fund retail deposits in the segment of small business, micro and consumer individual. • Conduct efficiency programoverhead cost savings and more in-depth assessment for initiatives that have an impact on overhead costs initiatives that do not have immediate impact on revenuePL, without the exclusion of aspects of service and profitability. Macroeconomic and banking conditions are expected to remain unfavorable. It will increase the external risk in which the performance of national economy this year still need to be wary, especially the economic recovery which is still running slower than expected. Reorganization and implementation of which is still in the process of improvement and repair.

8. Compliance Risk

Compliance risk is the risk arising when the Bank doesnt comply andor implement the applicable legislation and regulations. As set forth in Compliance Policy Bank Mandiri KKBM, Bank Mandiri has an organizational structure which is responsible to manage compliance risk, consisting of: • The Director in charge of Compliance Function The Director in charge of compliance function is responsible for establishing systems and procedures related to compliance risk management of the Bank in order to minimize the risk of such compliance. In addition, the Director whose in charge of compliance function also responsible for formulating strategy to increase the Banks compliance culture. • The Compliance Working Unit SKK at the Head Office SKK in the head office is responsible for formulating compliance risk management methodology and conduct surveillance on bank wide working units so that the potential compliance risks can be minimized. In addition, the SKK at the Head Office also sets the steps to support the creation of Culture of Compliance in all bank business activities at every level of the organization. • The Compliance Working Unit SKK at Working Unit SKK at Working Unit is the technical implementation of operational in every Directorate to assist the Director of the Field in implementing the compliance function, including identifying and providing historical data on the occurrence of sanctions and monitoring the implementation of compliance risk control. Compliance Risk Management Mechanism In managing compliance risk, the Bank uses the concept of Enterprise Risk Management ERM to obtain more comprehensive description about the risks. Risk management is conducted through two approaches, namely Top Down by assessment of Directors through Enterprise Risk Assessment ERA and Bottom Up by analysis of historical data trends. On the bottom-up approach, the management of compliance risk divided into several stages, i.e.:

1. Identification

The identification of compliance risks addressed in the Compliance Risk Statement CRS which covers regulations related, the causes of risk, control risk, and the action plan needed to prevent compliance risks.

2. Assessment

Compliance risks which have been identified was assessed by the respective risk owners to produce compliance risk profile in their work unit. The risk assessment conducted based on: • Likelihood of risk occuring • Impact to the Bank if risk does occur In addition, the risk owner also assessed the effectiveness of the control exercised.

3. Monitoring