NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS 31 DECEMBER 2012 AND 2011 Expressed in millions of Rupiah, unless otherwise stated Appendix 5158 60. RISK MANAGEMENT Bank Mandiri clearly segregate risk management functions from the business units functions according to the requirement of Bank Indonesia’s Regulations and international best practices in banking industry. Bank Mandiri also adopts the Enterprise Risk Management ERM concept as one of the comprehensive and integrated risk management strategies in line to the Bank’s business process and operational needs. ERM implementation give an added value to the Bank and stakeholders, especially in respect of the implementation of Strategic Business Unit SBU and Risk Based Performance. ERM is a risk management process embedded in the business strategies and operations that are integrated into daily decision making processes. It is a holistic approach that establishes a systematic and comprehensive risk management framework credit risk, market risk and operational risk by connecting the capital management and business processes to risks. In addition, ERM also applies consolidated risk management to the subsidiaries, which will be implemented gradually to maximise the effectiveness of bank’s supervision and value creation to the bank based on Bank Indonesia Regulation No. 86PBI2006 dated 30 January 2006. The Bank’s risk management framework is based on Bank Indonesia’s Regulation No. 58PBI2003 dated 19 May 2003 regarding Risk Management Implementation for Commercial Banks as amended by Bank Indonesia’s Regulation No. 1125PBI2009 dated 1 July 2009 regarding The Amendment of Bank Indonesia’s Regulations No. 58PBI2003 regarding the Implementation of Risk Management for Commercial Bank. The Bank’s risk management framework is stated in the Bank Mandiri Risk Management Policy KMRBM, which refers to the implementation plan of Basel II Accord in Indonesia. Risk management framework consists of several policies as the guideline to the business growth and as a business enabler to ensure the Bank conduct prudential principle by examining the risk management performance process identification - measurement - mitigation - monitoring at all organisation levels. Active supervision of the Board of Directors and the Board of Commissioners on the Banks risk management activities are implemented through the establishment of Risk Capital Committee RCC, Risk Monitoring Good Corporate Governance KPR GCG Committee and the Audit Committee. RCC consists of four sub-committees, which are Asset Liability Committee, Risk Management Committee, Capital Investment Committee and Operational Risk Committee. Committees under RCC are responsible to discuss and recommend policy and strategy on 8 type of risks exposed to the Bank, covering credit risk, market risk, liquidity risk, operational risk, legal risk, strategic risk, compliance risk and reputational risk. RCC also responsibles to manage assets and liabilities, evaluate investment and divestation plan of Subsidiaries shares and Strategic Business Unit SBU, and also manage strategic operational risk policy and procedure in Bank Mandiri. Risk Monitoring and GCG Committee and Audit Committee are responsible for assessing and evaluating the policies and the implementation of Bank’s risk management and it is also responsible for providing recommendations to Board of Commissioners in implementing monitoring function. The Risk Management Directorate is lead by a Director who reports to the Board of Directors which is a voting member in the Risk and Capital Committee RCC. The Bank also established a risk management working unit which under the Risk Management Directorate. Operationally, the Risk Management Directorate is divided into 2 two main functions: 1 Credit Approval as part of four-eye principle, and 2 Independent Risk Management Unit which is divided into two groups: Credit Risk and Portfolio Management Group which manages credit risk and portfolio risk and integrated risk management through ERM, and Market and Operational Risk Group which manages market risk, liquidity risk and operational risk. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS 31 DECEMBER 2012 AND 2011 Expressed in millions of Rupiah, unless otherwise stated Appendix 5159 60. RISK MANAGEMENT continued The Risk Management Directorate and each strategic business unit are responsible for maintainingcoordinating 8 eight type of risk faced by the Bank, discussing and proposing risk management policies and guidelines. All risks will be disclosed in a quarterly risk profile report to portrait all risks embedded in the Bank’s business activities, including consolidation with subsidiaries’ risk. A. Credit Risk The Bank’s credit risk management is mainly focussed to improve the balance between prudent loan expansion and loan maintenance in order to prevent asset deterioration downgrading to Non Performing Loan NPL categories and to optimise capital utilisation to achieve optimum Return On Risk Adjusted Capital RORAC. To support this objective, the Bank periodically reviews and updates its policies and procedures. These policies and procedures are intended to provide a comprehensive credit risk management guideline for identification, measurement and mitigation of credit risks in the end-to-end loan acceptance process, from market targeting, loan analysis, approval, documentation, disbursement, monitoring and settlement process for troubledrestructured loans. To improve the Bank’s social role and concern to the environmental risk and as an implementation of Good Corporate Governance GCG, the Bank has set up a Guideline for Technical Analysis of Environmental and Social in Lending which is used as a reference in analysing environmental risk in a credit analysis. The Guideline codifies internal credit policy and procedure related to environmental issues which are also included in KPBM, SPK and Standard Operating Procedures. This Guideline is in line with Bank Indonesia regulation regarding Assessing the Quality of Asset on Commercial Bank regulating that the Debtor business process should be also related with the debtor’s effort to maintain its environment. In principle, credit risk management is implemented at both the transactional and portfolio levels. At the transactional level, the Bank has implemented the four-eye principle concept, whereby each loan approval involves Business Unit and Credit Risk Management Unit which work independently to make an objective credit decision. The four-eye principle is executed by Credit Committee according to the authority limit and the loan approval process is conducted through Credit Committee Meeting mechanism. As Credit Committee members, the credit authority holders must be highly competent as well as having strong capacity and integrity so that the loan granting process can be conducted comprehensively and prudently. To monitor the performance of the credit authority holders in approving and maintaining loans, the Bank has developed a database for authority-holder monitoring. By using this system, the Bank can monitor the amount and quality of the loans approved by the credit authority holders, so that the performance of the authority holders can be monitored from time to time. To identify and measure risk of each credit application processed in the transactional level, the Bank uses Rating and Scoring systems. The Rating and Scoring systems consist of Bank Mandiri Rating System BMRS, Small Medium Enterprise Scoring System SMESS, Micro Banking Scoring System MBSS and Consumer Scoring System application, behaviour, collection and anti-atrition. The Bank has also developed a Rating System for Financial InstitutionsBanks, called Bank Mandiri Financial Institution Rating BMFIR, so that the Bank, in granting Credit Line facilities, can identify and measure the risk level of Counterparty Bank which can be tolerated. The Bank can decide the risk level for each debtor individually according to each risk class rating. The Bank is also developing rating system for Financial Institution - Non Bank, i.e. Multifinance Companies. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS 31 DECEMBER 2012 AND 2011 Expressed in millions of Rupiah, unless otherwise stated Appendix 5160 60. RISK MANAGEMENT continued A. Credit Risk continued To improve the measurement of transactional risk in the Middle Commercial segment, the Bank has implemented BMRS. The Bank has also developed a rating system tailored for Bank Perkreditan Rakyat BPR, to enable the Bank measuring the risk for each individual debtor based on respective risk rating, furthermore the Bank has also conducted a calibration on the scoring model for Small Medium Enterprise SME therefore currently the Bank has two risk measurement models for SME segment. In quarter IV of 2012, in order to maintain consistency level of estimation model, the Bank performed calibration or model development. For the micro segment, the Bank has developed a new model for Kredit Usaha Mikro KUM using a Credit Qualitative Assessment QCA approach. For Business Banking segment, Bank is in the preparation stage of implementating a new model for limit below 1 billion. While for the Consumer Loan, the Bank has implemented a collection model for unsecured loan and Mitra Karya Mandiri MKM. For the Consumer Card, the calibration results of scoring behaviour for bucket current and x-days and card for card scoring have been implemented. To support the development of these tools, the Bank has issued Guideline for the Development of Credit Rating and Credit Scoring Models, which serves as a complete reference for the Bank in developing credit rating and credit scoring models. In addition, to monitor the performance of credit rating and credit scoring models, the Bank reviews the scoring and rating results conducted by Business Units. By reviewing and monitoring the rating models using validation methodology, the Bank can understand the performance of the models from time to time. At the moment, the model validation is conducted internally by Model Risk Validation unit, which is an independent unit and separated from the model development unit. This is conducted to minimise user’s mistake in measuring credit risk, particularly in determining the Probability of Default PD value and debtors’ rating. In both measuring economic capital for credit risk and to comply with Basel II, the Bank has been developing Long Term PD, and also reviewing Exposure at Default EAD and Lost Given Default LGD model internally. In order to monitor rating and scoring gathered in the database, the Bank prepares Credit Scoring Review and Rating Outlook which are issued quarterly and semi- annually. The reports contain information concerning scoring and rating parameters presented by industrial sector. The reports are useful for Business Units particularly as a reference in determining targeted customer which are good performing, so that the quality of credit expansion process will improve. To implement prudential banking practice for identifying, measuring and monitoring credit risk in the loan approval process, the Bank uses not only Rating and Scoring tools but also uses other tools such as financial spread sheet, a comprehensive Credit Note Analysis NAK and Loan Monitoring System which have been integrated to Integrated Loan Processing ILPLoan Origination System LOS to cover the end-to-end loan process. To mitigate credit risk per individual debtor, the Credit Committee makes decision in credit structure including determining the appropriate credit covenants relevant to the needs and conditions of the debtor, so that the loan granted will be effective and profitable for both the debtor and the Bank.