The Bank is currently measuring the economic capital needs both for credit risk and operational risk. This will be used as the base to implement vBM value Based Management through the measurement of RORAC Return On Risk Adjusted Capital. One of Bank Mandiri business focuses in 2012 is the micro segment; this was evident by signiicant growth of 60.4 yoy in micro segment that was justiied with high rating of RoRAc. Bank Mandiri has prepared Basel iii implementation that refers to Basel documents as well as regulations and initiatives presented by Bank indonesia. Bank Mandiri is active in the working group participation of Basel iii and Quantitative impact study Qis held by Bank indonesia. Based on June 2012 position, Qis results generally present Bank Mandiri’s stance in meeting the Basel iii guideline, with higher simulation result of capital Adequacy Ration compared with Basel ii capital adequacy calculation. This was due to Bank Mandiri capital structure that was dominated by Tier 1 common equity. Qis results also present Bank Mandiri operations at a low-risk level, by the leverage ratio adequacy and high liquidity ratio, as the result of tight risk controlling of balance sheet exposure. The position of liquidity assets and the Bank’s balance sheet composition is consistent towards Basel iii requirements. suPPoRTing uniTs RevieW RisK MAnAgeMenT THRougH oPeRATionAl AcTiviTies Risk management through operational activities was intended for the management of credit risk, market risk and operational risk on an acceptable level. Bank Mandiri implements risk appetite and risk tolerance in the form of a limit policy and limit system. This system is developed and proposed by business units to the risk management unit, and approved by the Risk capital committee. The limit was determined based on overall limits, limit per risk type and limit per certain functional activity that possess risk exposure. The limit policy function is not only for the risk controlling process but also to boost business strategy and expansion into a growth corridor with an optimum risk- reward proile. credit risk is managed through front end, middle end and back end. Market risk and liquidity management is implemented through limit systems. All working units manage the operational risk on products and activity of the Bank, while risk management units will do a bankwide review as well as measure their efectiveness assurance by an Audit internal unit. 1. credit Risk Management credit risk arises from loan activity, placement of securities at other banks, sales to customers and trading activity. ProCEss FLow oF CrEdiT and CrEdiT risK ManaGEMEnT loan Proposal Pre- screen Approval loan Analysis Booking Monitoring Review collection, loan Work out Account Portfolio strategy credit Policy Bank Mandiri KPBM, standart Procedure credit sPK, product manuals, standard operating Procedures integrated end-to-end loan processing systems loAn oRiginATion sysTeM los inTegRATeD PRocessing sysTeM iPs Front end Middle end Back end Four-eye, Portfolio guideline industry class, industry Acceptance criteria, Application Modules, credit scoringRating, spreadsheet, nota Analisa Kredit, limit, Bi checking, Appraisal, check on the spot, loan Pricing loan Monitoring, Watch list, credit Risk Proile, Portfolio Management industry limit, stress Testing, validation collection system, loan Work out, Portfolio Management Phase out, Portfolio sales stages loan Processes Methods Tools Policies integrated systems RISK MANAGEMENT PT Bank Mandiri Persero Tbk. Credit risk also arises from commitment and contingency transactions to customers and counterparties. The objectives of credit risk management are to measure, anticipate, and minimizing loss due to customer failure in debt or counterparty in fulilling their obligations. Bank Mandiri maintains an integrated credit process and credit risk management by Business unit, credit operation unit, and credit Risk Management unit. The process is supported by an integrated system and applied in an end-to-end manner. Credit Policy Bank Mandiri developed the Bank Mandiri credit Policy KPBM as the guideline in end-to-end credit management; include credit culture and credit Doctrines. The credit policy application operationally is set under credit Procedure standard sPK and in the Product Manual. The credit management process irst deines the target market then the, risk assessment and loan monitoring. Bank Mandiri applies prudent principles in loan distribution, where the independent business units and credit risk units conduct the credit analysis function. The credit approval function is implemented with the “4 eyes principle”, and an independent credit operation unit conducts the credit administration function. Credit approval credit approval and its limit for the corporate and commercial segments are measured with a credit rating system. This is followed with a business appraisal analysis through an integrated spreadsheet and credit Analysis note nAK as well as end-to-end with the integrated Processing system iPs. Meanwhile the process is measured with our credit scoring system for retail business banking micro and consumer segments. credit process and credit risk management for micro and consumer segments are done with an end-to-end process that is integrated with the loan origination system los. credit rating wholesale and credit scoring retail and consumer models are continuously developed and validated, as well as monitored through scoring Model Review and Rating reports. The results of the credit rating and credit scoring model delivers a Probability of Default PD score. Meanwhile the Bank continuously develops loss given Default lgD and credit conversion Factors ccF models to calculate exposure at Default eAD to support Basel ii implementation and economic capital calculation. The collateral in the credit process may be set as inanced objects moving or unmoving objects, as well as non- inanced objects personal guarantee or corporate guarantee. credit collaterals have to meet several criteria such as economic value, marketability, transferability, and jurisdical value. Credit Monitoring Bank Mandiri strives to comply with Bank indonesia regulations and prudent practices in assessing and monitoring credit quality, among others, based on business prospect assessment factors, debtors’ performance and ability to pay. A Watch list is applied to monitoring the credit of debtors from corporate, commercial and business banking segments speciically for Rp2 billion limit. The Watch list is a standard method, structured, and comprehensive in monitoring the debtors’ performance. The system is used to conduct an immediate action plan to prevent decreasing credit quality of debtors. The monitoring process is done at least every quarter to identify potential non-performing debtors through the integrated loan Monitoring system with the iPs system, and to carry out early warning analysis. The Bank will determine an account strategy based on an analysis of results and conduct early action to prevent decreasing credit quality. credit monitoring for Rp2 billion limit for business banking, retail and consumer segments are implemented on the portfolio level through portfolio analysis on several aspects portfolios quality and quantity from several perspectives: industry, region, product, credit type, business unit, segment, etc., which are presented on the credit risk report. Bank Mandiri also conducts credit monitoring on credit processes and systems, as well as its supporting SUPPORTINg UNITS REvIEw tools, through credit session forums that are regularly held for every credit segment. Any issues and weaknesses on business process, credit policy as well as methodology and credit tools will be identiied and immediately actioned for improvement. The Bank holds a periodical simulation and stress testing to anticipate early warning signal the movement in the Bank’s portfolio quality per segment or per industry sector, which may arise due to changes in economic condition parameters that may occur under extraordinary circumstances extreme but plausible. The Bank will obtain guidelines from this simulation to closely monitor potential non- performing sectors and debtors and to set anticipative steps to prevent the worst possible impact. Bank Mandiri continues to conduct stress-testing simulations related to commodity price luctuations and the impact of provincial minimum wage increases. Credit Collection and recovery The Risk Management Directorate develops policies to manage credit collection and recoveries speciically for the retail and consumer segments micro and business banking credit with limits up to Rp5 billion. The employed policy was developed to be more focussed, systematic, aggressive and integrated and is based on product type and collection bucket. This policy is supported by the Automated collection system with end-to-end manner and completed with the following collection tools: a. To monitor and record billing activities through the telephone to minimize Reputational Risks and at the same time to be utilized as trainingcoaching. PorTFoLio GuidELinE ProCEss Targeted Prospective industry industry class eligible individual customer industry Acceptance criteria Maximum exposure limit industry limit b. To increase eiciency, efectiveness and productivity of the credit card collection process which is integrated with the Behavior score. To improve eiciency and efectiveness, the Bank applied in 2009 a credit card billing strategy based on the collection recovery scorecard. This strategy continues to be reined. The Bank will continue to enhance its Automated collection system for credit cards and micro credit Debt Relief Program restructurization as a commitment to comply with Bank indonesia’s regulation on limit restrictions of restructured loan collectability. Management Portfolio and Concentration risk The Bank implements capital allocation and active portfolio management principles in the portfolio level of credit risk management by referring to our Portfolio guideline Pg, which consists of industry classiication and industry Acceptance criteria and industry limit. RISK MANAGEMENT PT Bank Mandiri Persero Tbk. This guideline will be applied in all credit risk management stages. The objective of Industry Classiication and industry Acceptance criteria is to pick winners from targeted customers from priority industries that may provide added economic value. The proactive selection process has created a professional and sustainable partnership relationship between the Bank and customer. concentration risk is conducted through industry sector diversiication in line with industry class. This is done by considering several factors such as industrysector prospects, Bank internal skills, and portfolio performance. industry limit is set for every sector that stated a maximum credit allocation aligned with industry class. industry limit’s difer based on the risk and return level of each industry. Meanwhile concentration risk for debtor level is set through an in-house limit, a more conservative manner compared with Maximum limit of credit Distribution BMPK as stipulated by Bank indonesia. CrEdiT CoMPosiTion BanK Mandiri PEr EConoMiC sECTor dECEMBEr 2012 Trading others Agriculture Business services Mining Transport communication construction electricity, gas Water social services industry 1 2 3 4 5 6 7 8 9 10 5.56 3.46 3.13 1.08 22.52 18.89 14.02 13.45 11.53 6.36 Bank Mandiri does not engage in asset securitization activities as investors, original creditors, or issuers. The Bank successfully managed its credit risk capital allocation amounting to Rp26.86 trillion as of December 2012; below the limit of Rp29.86 trillion. industry 7.13 5.53 4.52 1.69 1.30 1.06 0.51 0.78 Foods Beverage chemicals others Basic Metals Textiles, clothing leather Pulp, Paper others others industry non Metal Mining others Wood Forestry Products SUPPORTINg UNITS REvIEw SENSITIvITy ANALySIS CREDIT RISK Risk Factors value Change NPL Change bps gDP 100bps 42.59 Inlation 100bps 36.53 BI Rate 100bps 36.63 Exchange Rate RpUSD Rp.100USD 30.03 Other Risk Factors Consider Fixed Credit Growth and Quality Bank Mandiri booked signiicant credit growth in 2012 and maintained its nPl level. Bank Mandiri’s credit portfolio for all segments bank only was increased by 24.1 yoy with nPl level of 1.74 gross or 0.37 net. several credit segments experienced above average growth, such as micro segment with 60.4 yoy growth, yet maintained the nPl level at 3. The achievement was attributable to the integrated and excellent end-to-end credit process, covering identiication process of potential credit sector, accurate and stringent underwriting process, continued credit-monitoring process, comprehensive management portfolio, and disciplined settlement on non- performing loans. The Bank conducts periodical stress testing to analyze the impact of macro economic trends toward the portfolio, towards its proitability and its capital resilience. The stress testing is done in two ways: sensitivity analysis and scenario analysis. Based on simulation results of sensitivity analysis in 2012, the impact on macro variables movement will afect the nPl level on the Bank’s credit portfolio in the next one year as follows: voluMe cReDiT QuAliTy BAnK MAnDiRi DeceMBeR 2012 RP billion 400 30 1200 90 2000 150 800 60 1600 120 124,474 101,622 37,509 18,397 5,119 46,880 1,785 1,082 929 608 870 699 nPl Pl nPl Pl RISK MANAGEMENT PT Bank Mandiri Persero Tbk. 2. Market Risk Management Market risk – Trading Book The trading book’s market risk was attributable to interest rate and exchange rate luctuations on the trading portfolio including derivative instruments. In the implementation of trading market risk management, the Bank applies principle of segregation of duties by separating front oice units executing trading transactions, middle-oice units implementing risk management processes, developing policies and procedures and back oice unit executing the transaction settlement process. The Bank conducts a daily valuation process on the trading book portfolio that is completed byindependent sources. The Bank uses market price sources from: i. Reuters, Bloomberg or similar agency; ii. Exchange prices or secondary market; iii. Screen prices; or iv. The most conservative quotes provided by a minimum of 2 two brokers andor an independent market maker with a good reputation. The Bank applies mark-to-model process for non-market price instruments based on a methodology approved by the board of directors and this is reviewed periodically. Market risk measurement for the capital adequacy calculation is conducted both with the standardized method as well as an internal method. The standardized method calculation is used in the monthly reporting to the regulator Bank Indonesia – bank only, VaLuE aT risK Var PEr risK FaCTor rp.billion vaR year End 2012 Maximum Minimum Average year End 2011 Fx 2.25 11.70 1.28 4.88 2.73 IR 3.66 15.00 0.67 5.43 6.20 Total 4.84 16.66 1.75 7.57 6.31 Utilisation Limit vaR 10.57 44.91 3.82 17.70 17.01 Limit vaR Total 45.80 37.10 and quarterly consolidated. whereas the Internal Method calculation is done in daily reporting to the management and utilizes the value at Risk vaR methodology. The Bank applies two vaR calculation approaches, as follows: i. variance Covariance Method, to calculate market risk on plain vanilla product transactions. This method applies the Exponential weighted Moving Average EwMA concept in the volatility calculation that provides a larger weighting for current data with a decay factor value at 0.94; ii. Historical Simulation Method, to calculate market risk of derivative transactions. The following are realization of value at Risk in 2012: whereas the realization of Minimum Capital Adequacy Requirement KPMM in 2012 with Standardized and internal method is as shown on the right bar chart. The Bank conducts market risk monitoring on treasury activities to ensure the risk is in line with the risk appetite. The process is done by comparing risk realization towards set limits. Further, the Bank also monitors treasury performance to ensure achievement on business target and revenue. The feasibility and accuracy of the value at Risk vaR internal method approach is constantly measured through a backtesting process. The backtesting process will present the existing threshold level, to measure loss estimation compared with vaR calculations in line with actual hypothetical loss and how to tolerate the threshold level. The result of backtesting as of December 2012 presented a valid vaR calculation methodology without breaching PL calculation is not exceeded daily vaR. The Bank conducts stress-testing process on extreme market conditions to evaluate capital resilience toward signiicant market movements and prepares required strategies if a crisis arises. stress-testing is done through the following stress scenario combination: suPPoRTing uniTs RevieW capital charge Market Risk 27-D ec -11 10- Jan-12 24- Jan-12 07-F eb -12 21-F eb -12 06-M ar -12 02-M ar -12 03- A pr -12 17- A pr -12 01-M ay -12 15-M ay -12 29-M ay -12 12- Jun-12 26- Jun-12 10- Jul-12 24- Jul-12 07- A ug-12 21- A ug-12 04-s ep -12 18-s ep -12 02- o ct -12 16- o ct -12 30-no v -12 12-no v -12 27-D ec -12 11-D ec -12 25-D ec -12 20.000.000.000 15.000.000.000 10.000.000.000 5.000.000.000 - 5.000.000.000 10.000.000.000 15.000.000.000 20.000.000.000 Rp.billion Proit loss vaR upper vaR lower i. Based on Bank indonesia scenario, with the Bank biggest loss potential will amount to Rp285.97 billion if the interest rate is increased by 400 basis points and the Rupiah appreciates by 20; ii. Based on the Bank’s Historical scenario, the Bank’s biggest loss potential amounts to Rp234.17 billion if the interest rate is increased by 31 – 314.5 basis points and the Rupiah appreciates by 30. RISK MANAGEMENT Jan Feb Mar Apr May Jun Jul Aug sep oct nov Dec standard Model internal Model 120.00 100.00 80.00 60.00 40.00 20.00 Rp.billion PT Bank Mandiri Persero Tbk. Market risk – Banking Book The banking book’s market risk is attributable to, interest rate and exchange rate luctuations on banking book activity. The banking book’s market risk is managed by optimizing the structure of the Bank’s statement of inancial position to obtain maximum yield at risk levels acceptable to the Bank. The controls over the Banking book’s market risk is performed by setting a limit which refers to the regulator’s requirements and the internal policies, and is monitored on a weekly and monthly basis by the Market Risk Management unit. The banking book’s interest rate risk arises from movements in market interest rates counter tothe position or transactions held by the Bank, which could afect the Bank’s proitability earnings perspective as well as the economic value of the Bank’s capital economic value perspective. The sources of the banking book’s interest rate risk are repricing risk repricing mismatch between asset and liability components, basic risk usage of diferent interest rate reference, yield curve risk changes in the shape and slope of the yield curve and the option risk loan repayment or release of deposit before maturity. The Bank utilizes the repricing gap and performs sensitivity analysis to obtain the projected net interest income nii and economic value of equity eve. Based on simulation results of sensitivity analysis as at December 31, 2012, the impact from an interest rate increase of 100 bps will lower the level of Bank nii and equity by 2.74 and 2.82 respectively for the next 12 months, from the set target. exchange rate risk is attributable to unfavourable exchange rate movements in the market when the Bank has an open position. exchange rate risk arises from foreign exchange currency transactions with customer or counterparty, which led to an open position in foreign currency or structural positions in foreign currency due to capital investment. The Bank manages exchange rate risk by monitoring and managing the net open Position noP in accordance with internal limits and the regulations of Bank indonesia.The Bank posted overall noP absolute at 0.76 from capital as of December 31, 2012. The Bank conducts stress testing on the banking book’s market risk on a regular basis to asses the impact of interest rate and exchange rate movements on extreme conditions crisis toward revenue and capital Pricing Management The Bank applies a pricing policy for loans and deposit products. The pricing policy is one of the Bank’s strategies to maximise net interest Margin niM and simultaneously support the Bank to achieve revenue and market share in the competitive market. As a market leader the Bank consistently seeks to apply strategies in terms of pricing of funding. However, taking sEnsiTiViTY anaLYsis inTErEsT raTE Description Dec 2011 Dec 2012 nii sensitivity 100bps, nii 12mo against target nii 3.07 2.74 eve sensitivity 100bps: equity 1.84 2.82 earning at Risk equity 0.40 0.26 capital at Risk equity 1.15 1.06 into account liquidity conditions and funding needs, the Bank may implement an aggressive strategy greater than major competitors or defensive equal to or smaller than major competitors. The Bank implements risk-based pricing to customers, which varies according to the level of credit risk. In order to minimize interest rate risk, the lending interest rate is adjusted with the interest rate from the cost of funds. Other than cost of funds, lending interest rates are determined by considering overhead costs, credit risk premiums and proit margins as well as taking into account the Bank’s competitiveness with its major competitors. lending rates can be either be loating or ixed rates. The Bank announces the Base lending Rate sBDK of Rupiah currency in every oice, website, and quarterly through newsmedia as per the Bank indonesia circular letter no. 135DPnP dated February 8, 2011. 3. liquidity Risk Management liquidity risk arises if the Bank is not able to provide liquidity at a fair price that impacts the Bank’s proitability and capital. The Bank’s liquidity is inluenced by the funding structure, asset liquidity, liabilities to counterparty and loan commitment to debtors. The Bank’s liquidity risk indicators are measured through several indicators, which among others include minimum reserve ratio Minimum current Account-gWM ratio and cash, secondary reserve liquidity reserve and loan to deposit ratio lDR. The liquidity risk control is done in accordance with the required regulatory and internal limits. As of December 31, 2012, the Bank maintained Rupiah gWM primary reserve of 8.00 from total third party Rupiah denominated funds, whereas Rupiah gWM secondary reserve was at 24.94 from total third partyRupiah Denominated funds. Meanwhile for the foreign exchange, the Bank maintained gWM at 8.01 from the total third party fund denominated in foreign exchange in accordance with the required regulatory limit. The Bank has a liquidity reserve limit in the form of a safety level limit, which represent the Bank’s liquidity reserve projection for three months ahead. As at December 31, 2012, the liquidity reserve balance was above the safety level. As of December 31, 2012, the Bank’s lDR was 77.66, which qualiied as “very liquid” in the assessment of Bank soundness. The Bank uses a liquidity gap to project the liquidity conditions in the future.The liquidity gap was created on the basis of the maturity mismatch between the components of assets and liabilities including of-balance sheet, which is organized into time periods time buckets based on contractual maturity or behavioral maturity. As of December 31, 2012, the Bank’s liquidity forecast up to 12 months ahead is in a position of optimal surplus. To determine the impact of changes in market factors and internal factors in extreme conditions crisis on the liquidity condition, the Bank conducts stress testing of liquidity risk on a regular basis. The Bank has liquidity contingency Plan lcP, which will cover the funding strategy and pricing strategy. The funding strategy consists of money market lending, repo, bilateral loan, Fx swap, and sale of marketable securities. lcP determination, of liquidity condition and funding strategies, has considered internal and external conditions. in order to anticipate direct and indirect impact from the european crisis to the Bank’s liquidity condition and business, the Bank has activated its Business command center Bcc to intensively manage and monitor the liquidity condition and loan to Deposit Ratio lDR in foreign currencies. Bcc manages the adequacy of the Bank’s liquidity and foreign currency lDR by providing foreign currency liquidity for selective credit disbursement and monitoring the movement of foreign currency source of funds on a daily basis. Thereby, foreign currency liquidity reserves can be maintained above the minimum liquidity reserve and lDR limits. Bcc also coordinates programs to increase cheap and stable foreign currency funding sources. suPPoRTing uniTs RevieW RISK MANAGEMENT PT Bank Mandiri Persero Tbk. To increase awareness of unstable economic conditions, either from the crisis in Europe andor various domestic issues, BCC also monitors external indicators among others: USDIDR exchange rate, Indonesia’s ive year credit Default swap cDs, spread between 5 years Roi compared with 5 years usT, composite stock price index iHsg, Rupiah interest rate and usD interbank, non Delivery Forward nDF usDiDR iM and update market informations. since the activation of Bcc, the Bank foreign currency liquidity reserves can be controlled over the limit and foreign currency lDR realisation at maximum level of 85. 4. operational Risk Management operational Risk is deined as the risk resulting from inadequate or failure in internal processes, people and systems or from external factors which impact the Bank’s operations. efective operational risk management may reduce losses due to operational risk. Frameworks for operational Risk Management oRM are based on Bank indonesia regulations and Basel ii and the provisions of the Bank’s internal regulations. At this time, the Bank has an oRM risk management policy, Mandiri Risk Management Policy KMRBM, and standard operating Procedures soPs, which contains both the technical aspects of operational risk management governance, reporting systems and capital calculation. in addition, to support Bank’s innovations to meet customer needs of its product and services, the Bank has established procedures regarding risk management and mitigation measures for new Products and Activities PAB, which is standard operating Procedure soP for PAB to standardize PAB risk management in an end-to-end manner and in turn to create excellent products or activities as well as improve the Bank’s proit, corporate image, and service quality. in an efort to always implement prudent principles and good corporate governance, the Bank formulates assessment methodologies on 8 eight types of risk. Making new products and activities to meet required regulatory guidelines. In order to improve the efectiveness of operational risk management, the Bank has implemented the following initiatives: alignment of operational risk methodology with risk-based audit methodology through synchronization risk library; providing a communication tool with the President Director called “letter to ceo” and dually serving as a Whistle Blower system; and implement of operational Risk Management Tools oRM Tools. oRM Tools used for oRM implementation are as follows:

a. risk Control self assessment rCsa:

RcsA is used to identify and assess inherent risks in Bank’s activities and assessing the quality of control.

b. Mandiri Form operational risk system M-Fors:

The Bank uses MFoRs to record losses from operational risk that occur in each business unit of work.

c. Key indicator Ki : Ki are quantitative indicators used

to provide an indication of inherent risk levels in key processes within one business unitsupporting or end-to- end processing. d . issue action Management iaM: iAM is a tool used to document issues problems related to operational risk. These issuesproblems are analyzed, to determine the root causes, as well as the action plan and execution monitoring, of the action plan of the business unit. With regard to operational risk management, Risk Management unit acts as a second line of defense and internal Audit as a third line of defense. Business unit as a risk unit owner is the irst line of defense that responsible for operational risk management of each unit of the Bank. As the output of operational Risk Management process, each Business unit produces an operational risk proile describing operational risk exposure of the respective business unit, which will be used as the basis in preparing the operational risk proile of the Bank. The Bank’s operational risk proile report bankwide is reviewed by internal Audit and presented to the Board of commissioners and reported to Bank indonesia periodically. anti Fraud strategy and Fraud Monitoring system Based on Bi circular letter no. 1328 DPnP year 2011 concerning the implementation of Anti Fraud strategy for commercial Bank, Bank Mandiri has conducted several ways to monitor and mitigate fraud risk through 4 pillars: 1. Prevention; 2. Detection; 3. investigation, Reports and sanctions; and 4. Monitors, evaluation and Follow-up 5. The implementation of this process involved all line of defenses. To support the implementation of anti fraud strategy, the Bank has developed supporting system for the retail segment micro and consumer electronic Banking debit card, credit card, merchants, internet mobile banking. early detection system has been developed to detect early anomalies in transaction, which has fraud potential. The system will alert the Bank on transactions with fraud risk; the Bank will then immediately action preventive measures. The following are Fraud control systems applied by the Bank, as follows: a. Fraud control system credit card b. Fraud control system Debit card c. Merchant Monitoring system d. internet Mobile Banking Monitoring system e. Anti Fraud Application system anti Money Laundering and Terorism Funding Prevention Bank has implemented due diligence and risk management on its customers in order to prevent and mitigate risks arising from money laundering and terrorism funding transactions. The procedure is based on Bank indonesia suPPoRTing uniTs RevieW RISK MANAGEMENT PT Bank Mandiri Persero Tbk. regulations on Anti Money Laundering and Terorsim Funding Prevention. The due diligence process and risk management is based on risk-based approach principles that identify, classify, monitor and manage risk transaction by customers on the basis of product characteristic, customer and geography country, cross-border. Business Continuity Management In order to secure Bank operations during an emergency, the Bank has a comprehensive plan that has been documented and tested. This covers steps that must be taken prior, during and after the emergency situation. The Bank’s policy to secure business operations is arranged under the Business Continuity Plan BCP. Currently, the Bank is developing the BCP into Business Continuity Management BCM covering Business Continuity Plan BCP, Disaster Recovery Plan DRP and Emergency Response Procedure ERP. An External consultant was hired to assist in the project development and to meet international standards. 5. worst Condition Simulation Stress Testing Stress testing is done to evaluate the Bank’s resilience in meeting extreme exceptional but plausible external situations; as is based in the contingency plan, as well as to fulill required regulatory measures. stress testing has the objective to estimate loss numbers and estimate capital resilience of the Bank to absorp the loss; as well as to identify steps to mitigate the risk and maintain the capital. The Bank conducted two types of stress testing, which are: sensitivitystock analysis and scenario analysis historical or hypothetic. stress testing simulation is supported by actual scenarios, comprehensive models and an automated calculating system. stress testing models cover primary risk such a, credit risk, market risk and liquidity risk. For credit risk, a stress testing model is developed with international best practices to cover the wholesale, consumer and retail segments, among others, through an econometric model connecting credit risk factor with macroeconomy factor. With the global economy forecasted to be in a perilous and uncertainty trend, low growth in developed countries and high volatility of inancial markes, Bank Mandiri conducted stress testing in 2012 and prepared contingency plans if the trends were to come to a crisis point. Besides quarterly stress testing being applied with standard shock parameters from regulators, the Bank organized some scenario analysis such as commodity price decreasing scenario coal and crude palm oil, rising fuel prices, wage increases, and regulation amendments increase in loan-to- inance limit for credit consumers. Bank Mandiri has proved its resilience in facing the global inancial crisis in 2008 and the crisis in europe in 2011 without signiicant loss or shock. nevertheless the Bank continues to maintain the Business command center’s activity in 2012 as an integrated crisis management center to anticipate crisis impact and global recession. on this strategy, Bank Mandiri received the “Asian Banker Risk Management Award” for the category of Achievement in liquidity Risk Management. 6. other Risks Aside from primary risks, the Bank understands and managed other risks, such as compliance risk, legal, reputation, strategic, information technology, competitors, human resources and business interruption risk. every year, the Bank carries out a top-down assessment and measurement of all risks including other primary risks by the management. A bottom-up process is also measured through the Risk Proile at every quarter. The management of other risks is completed through the operational Risk committee and directly implemented by supporting work units, such as compliance unit, legal unit, corporate secretary and iT operations unit. on legal risk, the Bank continues to increase the control of legal risk, among others, with the placement of legal oicers at work Units in Head Oice and Regional Oices. The oicers are obliged to ensure all activities transactions have been reviewed from the legal perspective. On strategic risk, the Bank carried out a performance review and evaluated the Business Target Development policy as well as the Improve Strategy Plan by considering both internal and external conditions, whenever required. The Bank continues to enhance the implementation of the Financial Performance Management Support program through the development of automated budgeting, PMS enhancement, and Executive Information System EIS development. On compliance risk, the Bank has established a Code of Conduct as a part of corporate culture as well as to provide guidlines. In the strategic planning stage, the Bank constantly assesses the compliance adequacy on the applicable regulations. The Bank also implements consistent and comprehensive rotation and mutation systems to some of its employees and oicers in strategic positions. On reputation risk, the Bank has customer service standards, which is monitored on a regular basis and is set as part of Branch’s KPI. The customer SUPPORTINg UNITS REvIEw may submit complaints and inquiries on products and services of the Bank through a Contact Center. The Bank has also actively organized a Corporate Social Responsibility program in education, healthcare, culture, sports, environment, religious facilities and assistance to natural disaster victims. 7. Model validation Bank Mandiri has an independent validation work Unit in the Risk Management Directorate. This unit is part of internal control of the Bank, which helps to simultaneously provide quality assurance on model development, as well as to fulill required regulatory measures of Bank indonesia. The work unit validates all risk models that already applied and those to be developed by the Risk Management Directorate. The validation unit is actively involved in the advisory process on the development and improvement of risk models. The Bank has carried out validation on 22 credit and market risk models in 2012 which covered scoring and rating models among others; scoring for micro, consumer, credit card segments, and corporate rating, as well as collectionrecovery scoring; macroeconomy stress testing model; risk parameter model of Basel ii probability of default as well as measurement model on market risk exposure delator factor and potential future exposure. The Bank provides advisory services that include models of credit risk, economic capital for corporate and retail segments, qualitative scoring model, and advisory on probability of default, model simulation for project inance segment using Monte carlo. validation process of risk models is also veriied by Audit internal Directorate to ens that good corporate governance principles are aligned with the process.

E. suBsidiarY risK ManaGEMEnT

consolidated risk management has been implemented in stages since 2008 in line with the Bi regulation no. 86PBi2006 concerning The implementation of consolidated Risk Management For Banks controlling subsidiaries remains a strategic initiative of the Bank Mandiri risk management work unit and is communicated on a regular basis to Bi on risk proile or Risk Based Bank Rating forum discussion. This is viewed as an important matter; Bank Mandiri understands its business may be directly or indirectly inluenced by risk exposure from its subsidiary business activities. Bank Mandiri implements consolidated risk management with subsidiaries operating in indonesia and elsewhere by maintaining risk management principles and adjusting it with jurisdicial local authorities, as well as RISK MANAGEMENT PT Bank Mandiri Persero Tbk. taking into consideration the business characteristic of each Subsidiary. Bank Mandiri consolidated risk management concept with subsidiaries is generally divided into two parts, as follows: 1. First Line, related to BI Regulation No. 86PBI2006 regarding The Implementation of Consolidated Risk Management for Bank’s with a Controlling stake in Subsidiaries. 2. Second Line, an internal requirement approach of the Bank as a whole that covers tools, risk awareness, corporate governance, and risk management information system. Consolidated risk management aims to provide added value to stakeholders as it is indirectly shaping a progressive and safe business environment. This works by fulilling Bi regulations on consolidated risk management processes with its reporting, and monitoring of risk exposure on subsidiary business activies. This enables mitigation steps to be immediately taken when necessary. Bank Mandiri implements consolidated risk management in stages with subsidiaries that are engaged in inance Bank syariah Mandiri, Bank Mandiri europe, Bank sinar Harapan Bali, Mandiri sekuritas, AxA Mandiri Financial services, Mandiri Tunas Finance, Mandiri international Remittance, and Mandiri AxA general insurance. This provides the framework of the consolidated risk management process and the policy alignment and regulation between Bank as holding company and its subsidiaries. in order to increase understanding on risk management at the Bank and subsidiaries, Bank Mandiri held an enterprise Risk Management Forum FeRMA every quarter in 2012. Also, Annual Risk consolidation Forum ARcc, Risk Awareness survey RAWs, risk management tools training, and sharing as well as risk management training in accordance with subsidiary requirements. The Bank has also developed RPx system with a comprehensive platform for online access by subsidiaries and added other facilities to reach a consolidated and improved Risk Proile report.

F. CaPiTaL and risK EXPosurEs and BanK risK ManaGEMEnT

iMPLEMEnTaTion in order to provide a transparent risk management implementation Bank Mandiri referred to Bank indonesia regulatios that regulate transparency, publication, and annual reports of banks Bi Regulation no. 1414 PBi2012 concerning Transparency and Publication of Bank Reports and Bi circular letter no. 1435DPnP regarding Annual Report of commercial Banks and speciic Annual Report submitted to Bank indonesia. The stipulation is intended for exposure alignment with Pillar 3 Basel ii implementation regarding market discipline. The tables of capital and risk exposures based on the guideline of the Bi circular letter, with detailed exposures are stated on the following tables: BI CIRCULLARy LETTER MAPPINg OF ANNUAL REPORT No Title 1 Quantitative Disclosures of Commercial Bank’s Capital Structure Table 1.a Quantitative Disclosures of Commercial Bank’s Capital Structure 2 Disclosures of Net Exposure Based on Region Table 2.1.a Disclosures of Net Exposure Based on Region – Bank Only Table 2.1.b Disclosures of Net Exposure Based on Region – Consolidated 3 Disclosures of Net Exposure Based on Remaining Contract Term Table 2.2.a Disclosures of Net Exposure Based on Remaining Contract Term – Bank Only Table 2.2.b Disclosures of Net Exposure Based on Remaining Contract Term – Consolidated 4 Disclosures of Net Exposure Based on Economic Sectors Table 2.3.a Disclosures of Net Exposure Based on Economic Sectors – Bank Only Table 2.3.b Disclosures of Net Exposure Based on Economic Sectors – Consolidated 5 Disclosures of Exposure and Provisions Based on Regions Table 2.4.a Disclosures of Exposure and Provisions Based on Regions – Bank Only Table 2.4.b Disclosures of Exposure and Provisions Based on Regions – Consolidated 6 Disclosures of Exposure and Provisions Based on Economic Sectors Table 2.5.a Disclosures of Exposure and Provisions Based on Economic Sectors –Bank Only Table 2.5.b Disclosures of Exposure and Provisions Based on Economic Sectors – Consolidated 7 Disclosures of Movements of Allowance for Impairment Losses Details Table 2.6.a Disclosures of Movements of Allowance for Impairment Losses Details – Bank Only Table 2.6.b Disclosures of Movements of Allowance for Impairment Losses Details – Consolidated 8 Net Exposure Based on Portfolio Category and Rating Scale Table 3.1.a Net Exposure Based on Portfolio Category and Rating Scale – Bank only Table 3.1.b Net Exposure Based on Portfolio Category and Rating Scale – Consolidated 9 Disclosures of Counterparty Credit Risk Table 3.2.a Disclosures of Counterparty Credit Risk: Derivative Transactions Table 3.2.b.1 Disclosures of Counterparty Credit Risk: Repo Transactions – Bank Only Table 3.2.b.2 Disclosures of Counterparty Credit Risk: Repo Transactions – Consolidated Table 3.2.c.1 Disclosures of Counterparty Credit Risk: Reverse Repo Transactions – Bank Only Table 3.2.c.2 Disclosures of Counterparty Credit Risk: Reverse Repo Transactions – Consolidated SUPPORTINg UNITS REvIEw RISK MANAGEMENT PT Bank Mandiri Persero Tbk. BI CIRCULLARy LETTER MAPPINg OF ANNUAL REPORT No Title 10 Disclosures of Net Exposure Based on Risk Weight After Credit Risk Mitigation Table 4.1.a Disclosures of Net Exposure Based on Risk weight After Credit Risk Mitigation – Bank Only Table 4.1.b Disclosures of Net Exposure Based on Risk weight After Credit Risk Mitigation – Consolidated 11 Disclosures of Net Exposure and Credit Risk Mitigation Technique Table 4.2.a Disclosures of Net Exposure and Credit Risk Mitigation Technique – Bank Only Table 4.2.b Disclosures of Net Exposure and Credit Risk Mitigation Technique – Consolidated 12 Disclosures of Securitization Transactions Table 5.1.a Disclosures of Securitization Transactions – Bank Only Table 5.1.b Disclosures of Securitization Transactions – Consolidated 13 Disclosures of Securitization Transaction Activity Summary Bank As Originator Table 5.2.a Disclosures of Securitization Transaction Activity Summary Bank As Originator – Bank Only Table 5.2.b Disclosures of Securitization Transaction Activity Summary Bank As Originator – Consolidated 14 Calculation of Credit Risk RWA Standardized Approach 14.a Calculation of Credit Risk RwA Standardized Approach – Bank Only Table 6.1.1 Disclosures of Asset Exposure in Balance Sheet Table 6.1.2 Disclosures of CommitmentContingency Exposure in Of Balance sheet Table 6.1.3 Disclosures of counterparty credit Risk exposure Table 6.1.4 Disclosures of settlement Risk exposure Table 6.1.5 Disclosures of securitization exposure Table 6.1.6 Disclosures of exposure in sharia Business unit Table 6.1.7 Disclosures of Total credit Risk Measurement 14.b calculation of credit Risk RWA standardized Approach– consolidated Table 6.2.1 Disclosures of Asset exposure in Balance sheet Table 6.2.2 Disclosures of commitmentcontingency exposure in of Balance sheet Table 6.2.3 Disclosures of counterparty credit Risk exposure Table 6.2.4 Disclosures of settlement Risk exposure Table 6.2.5 Disclosures of securitization exposure Table 6.2.6 Disclosures of exposure in sharia Business unit andor subsidiary that engaged in sharia Principle-based Business unit if any Table 6.2.7 Disclosures of Total credit Risk Measurement