PT Bank Mandiri Persero Tbk. RISK MANAGEMENT Risk management implementation is conducted by the guidelines of Bank Indonesia Regulation PBI concerning the Implementation of Risk Management for Commercial Banks No. 58PBI2003 dated 19 May 2003 as amended with PBI No. 1125PBI2009 and Bank Indonesia Circular Letter No. 1323DPNP dated 25 October 2011 concerning the Amendment on Circular Letter No. 521DPNP regarding the Implementation of Risk Management for Commercial Banks. The implementation was carried out through risk management processes, which are; identiication, measurement, monitoring and controlling of risk in all levels. Considering that bank’s business growth is inluenced by risk exposures both directly from its business activity as well as indirectly from the subsidiaries’ business activity, the Bank guarantees to apply prudent principles to all its business activities. The following are reports on the risk management policy of Bank Mandiri: 1. Active Supervision of the Board of Commissioners and the Directors a. The Board of Commissioners and the Directors understood the risks that are faced by the Bank and has provided clear direction, carried out active supervision and mitigation, as well as developed the Risk Management culture in the Bank. b. The Directors established the organization structure that clearly relected the limits of authority, responsibility and functions, as well as independency between business units with work units of bank risk management. c. The Board of Commissioners holds the responsibility in the approval and periodical observation of the risk strategy and policy that covers the Bank tolerance levels toward risk, the cyclic trends of domestic and international economy, as well as the design for long-term requirements. d. The Directors are responsibe in implementing the risk strategy and policy, by clearly outlining and communicating of risk strategy policy, monitoring and controlling risks and evaluating of the implementation of policy and strategy. e. The Directors monitor the internal and external conditions, to ensure the execution of the Bank strategy has taken into account the risk impacts and to ensure that the work units in the Bank have the authority and responsibility that supports the formulation and monitoring of strategy impelementation; including the corporate plan and business plan. f. The Directors established the procedure of adequate review on the accuracy of risk assessment methodology, risk SIM implementation adequacy, as well as risk limit and procedure policy. 2. The Adequacy of Policy, Limits Determination and Procedure a. The implementation of Risk Management is supported by the framework covering the Risk Management policies and procedures, and limits the risks, as clearly deined by the vision, mission and the Bank business strategy. b. The Bank has written policies and procedures that omply with the principles of transparency, improving the quality of customer service obligations to stakeholders. The policy must be in accordance with the legislation in force. c. The Bank risk management policy is developed in accordance with the Bank mission, business strategy, capital adequacy, HR capability, and risk appetite. d. The Bank conducts evaluation and renews its risk management policies by taking into the development of internal and external conditions. e. Determination of risk limits has been adequate; including limit per product transaction, per risk types and per functional activity, and the adequacy of monitoring procedures on a regular basis. CORPORATE GOVERNANCE