10 Consolidated Financial Statements 09 Cross Reference of Annual Report Award 2016 Criteria 08 Corporate Social Responsibility 07 Integrated Corporate Governance 06 Corporate Governance The four principal components supporting the application of this approach are :

1. Organization and Human Resources

Bank Mandiri’s Risk Management Unit is responsible for the management of risks encountered by the Bank, including developing supporting tools needed for business processes and risk management. In addition, there is a line unit that acts as the risk counterpart for business units in the four-eye lending process. Risk management is the common responsibility and involves all units in Bank Mandiri. Essential to the successful implementation of the risk management function are risk awareness and sufficient technical capabilities on the part of all line units in Bank Mandiri. Consequently, regular internal training is provided through the Governance, Risk Compliance GRC Academy, both for the staff of the Risk Management Directorate and of other Directorates. In addition, every year the Bank organizes risk management information campaigns, discussion forums, internships, and programs that are consistent with the internalization of the Bank Mandiri corporate culture.

2. Policies Procedures

Bank Mandiri has adopted the Bank Mandiri Risk Management Policies KMRBM to serve as the principal guideline for the application of risk management. At the more specific level, the Bank has adopted separate policies and procedures, for example, specific policies and procedures for credit, treasury and operations. All the policies and procedures that have been adopted by Bank Mandiri in this respect are based on hierarchical risk management in all of the Bank’s operations, and are reviewed as well as updated at least once a year. In the application, each Bank Risk Operational Management Unit shall be guided by technical operation direction procedureguideline, implement Operational Risk Management based on its business target, implement Operational Risk Management instrument and provided Operational Risk Profile Report.

3. System Data

The risk management system has been developed to support greater efficiency in business processes so as to speed up the decision making process while at the same time adhering to prudential principles. In order to maintain the integrity and quality of data, Bank Mandiri has established an Integrated Processing System and Loan Origination System which is designed to improve the efficiency of the lending process and maintain data quality in the corporate, commercial and retail segments. The system also includes an Integrated Collection System to improve collection productivity, particularly in the consumer and retail segments. Bank Mandiri uses the Summit System and the Sendero System to manage its trading book and banking book risks for treasury and asset liability management. To provide an accurate overview of its risk profile as parent company and as consolidated and integrated with its subsidiaries, the Bank has established the Bank Mandiri Risk Profile System RPX which refers to a web-based system designed to expedite access and simplify control. To integrate risk management bank-wide, Bank Mandiri has adopted the ERM system so as to facilitate the holistic monitoring of risk management, including calculating the capital needed to cover all types of risk. The ERM system has the capacity to calculate capital charges using the Standardized Approach and Advanced Approach, and apply operational risk management tools, active portfolio management, stress testing and value-based management.

4. MethodologyModels Analytics