PT BANK MANDIRI PERSERO Tbk. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS AS AT 31 DECEMBER 2010, 2009 AND 2008 Expressed in millions of Rupiah, unless otherwise stated Appendix 5148 56. RISK MANAGEMENT continued Board of Commissioners and Directors actively monitor and involve in the Bank’s risk management activities. It is implemented through the establishment of the Risk and Capital Committee RCC and Risk Monitoring and Good Corporate Governance Committees and Audit Committees. RCC consists of four sub committees, which are: Asset Liability Committee, Risk Management Committee, Capital Investment Committee and Operational Risk Committee. RCC is responsible for the approval of risk policy and strategy that consist of market risk, credit risk, operational risk, liquidity risk, legal risk, reputation risk, strategic risk and compliance risk. Furthermore, RCC is also responsible for managing Asset Liabilities, evaluation investment and divestment plan of Subsidiaries and Strategic Business Unit SBU as well as managing strategic operational risk policy and procedures of Bank Mandiri. Risk Monitoring and GCG Committee and Audit Committee are responsible for assessing and evaluating the policies and the implementation of Bank’s risk management and it is also responsible for providing recommendations to the Board of Commissioners in the implementation of monitoring function. The Risk Management Directorate is headed by a Director who reports to the Board of Directors and is a voting member in the Risk and Capital Committee RCC. The Risk Management Directorate has also a Risk Management Unit. Operationally, the Risk Management Directorate is divided into 2 two main functions: 1 its Risk management unit as a part of Credit Approval using a four-eye principle, and 2 Independent Risk Management Unit which is divided into two groups: Credit Risk and Portfolio Management Group which manages credit risk and portfolio risk and integrated risk management through ERM, and Market and Operational Risk Group which manages market risk, liquidity risk and operational risk. The Risk Management Directorate and each strategic business unit are responsible for maintaining and coordinating overall risks that consist of credit risk, market risk, operational risk, liquidity risk, legal risk, reputation risk, strategic risk and compliance risk including discussing and proposing risk management policies and standards. All risks will be disclosed in a quarterly risk profile report to portrait all risks embedded in the Bank’s business activities, including consolidation with subsidiaries’ risk. Credit Risk The Bank’s credit risk management is mainly directed to improve the balance between prudent loan expansion and loan maintenance in order to prevent asset deterioration downgrading to Non Performing Loan NPL categories and to optimise capital utilisation to achieve optimum Return On Risk Adjusted Capital RORAC. To support this purpose, the Bank periodically reviews and updates its policies and procedures i.e. Bank Mandiri Credit Policy KPBM, Standard Credit Procedures SPK for each business segment, and Memorandum Procedure which is temporary in nature and issued to regulate the procedures which have not been accommodated in SPK. These three policies and procedures are intended to provide a comprehensive credit risk management guideline for identification, measurement and mitigation of credit risks in the end-to-end loan granting process, from market targeting, loan analysis, approval, documentation, disbursement, monitoring and settlement process for troubledrestructured loans. To improve the Bank’s social role and concern to the environmental risk and as an implementation of Good Corporate Governance GCG, the Bank has set up a Guideline for Technical Analysis of Environmental and Social in Lending which is used as a reference in analysing environmental risk in a credit analysis. The Guideline codifies internal credit policy and procedure related to environmental issues which are also included in KPBM, SPK and Standard Operating Procedures. This Guideline is in line with Bank Indonesia regulation regarding Assessing the Quality of Asset on Commercial Bank regulating that the Debtor business process should be also related with the debtor’s effort to maintain its environment. PT BANK MANDIRI PERSERO Tbk. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS AS AT 31 DECEMBER 2010, 2009 AND 2008 Expressed in millions of Rupiah, unless otherwise stated Appendix 5149 56. RISK MANAGEMENT continued Credit Risk continued In principle, credit risk management is implemented at both the transactional and portfolio levels. At the transactional level, the Bank has implemented the four-eye principle concept, whereby each loan approval involves Business Unit and Credit Risk Management Unit which work independently to make an objective credit decision. The four-eye principle is executed by Credit Committee according to the authority limit and the loan approval process is conducted through Credit Committee Meeting mechanism. As Credit Committee members, the credit authority holders must be highly competent as well as having strong capacity and integrity so that the loan granting process can be conducted comprehensively and prudently. To monitor the performance of the credit authority holders in approving and maintaining loans, the Bank has developed a database for authority-holder monitoring. By using this system, the Bank can monitor the amount and quality of the loans approved by the credit authority holders, so that the performance of the authority holders can be monitored from time to time. To identify and measure risk of each credit application processed in the transactional level, the Bank uses Rating and Scoring systems. The Rating and Scoring systems consist of Bank Mandiri Rating System BMRS, Small Medium Enterprise Scoring System SMESS, Micro Banking Scoring System MBSS and Consumer Scoring System. The Bank has also developed a Rating System for Financial InstitutionsBanks, called Bank Mandiri Financial Institution Rating BMFIR, so that the Bank, in granting Credit Line facilities, can identify and measure the risk level of Counterparty Bank which can be tolerated. As an effort to improve the transactional risk level measurement for Middle Commercial segment, the Bank had implemented BMRS for this segment in quarter I of 2010. The Bank can decide the risk level for each debtor individually according to each risk class rating. The Bank is also developing rating system for Financial Individual – Non Bank, i.e. Multifinance Companies. This is to add the risk measurement tool for multifinance debtors. For Consumer segment, in quarter II 2010 the Bank had implemented scoring models for KTA Payroll and KTA Non-Payroll products replacing the existing scoring model which has decreased function in statistical production. Meanwhile, for Mitrakarya product, in quarter IV 2010, Bank has completed the scoring model development based on industry type replacing the existing scoring model which has decreased function in statistical production. For credit card product, the Bank is still developing scoring model based on regionalRCC Regional Card Center and channel salesnon-sales which is consist of 5 scoring model to replace the existing scoring model which has decreased function in statistical production. To support the development of these tools, the Bank has issued Guideline for the Development of Credit Rating and Credit Scoring Models, which serves as a complete reference for the Bank in developing credit rating and credit scoring models. In addition, to monitor the performance of credit rating and credit scoring models, the Bank reviews the scoring and rating results conducted by Business Units. By reviewing and monitoring the rating models using validation methodology, the Bank can understand the performance of the models from time to time. At the moment, the model validation is conducted internally by Model Risk Validation unit, which is an independent unit and separated from the model development unit. This is conducted to minimise user’s mistake in measuring credit risk, particularly in determining the Probability of Default PD value and debtors’ rating. In both measuring economic capital for credit risk and complying to Basel II, the Bank has been developing Long Term PD, and also reviewing Exposure at Default EAD Lost Given Default LGD model internally. In order to monitor rating scoring gathered in the database, the Bank prepares Credit Scoring Review and Rating Outlook which are issued quarterly and semi-annually. The reports contain information concerning scoring and rating parameters presented by industrial sector. The reports are useful for Business Units particularly as a reference in determining targeted customer which are good performing, so that the quality of credit expansion process will improve.