PT BANK MANDIRI PERSERO TBK. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS Years Ended December 31, 2007 and 2006 Expressed in millions of Rupiah, unless otherwise stated 121

55. RISK MANAGEMENT continued

The committee is included in Risk and Capital Committee RCC that was established on October 10, 2001. RCC is responsible for establishing Bank-wide risk management policies, such as reviewing internal limits, establishing funding and loan related interest rate policies, loan policies, new product launching and monitoring the implementation of established policies and procedures to identify, measure and mitigate risk. The scope of responsibility and function of the committee has undergone several changes. The latest changes which were implemented in the first half year of 2006 were to focus the RCC into three sub committees, which are: Asset Liability Committee, Risk Management Committee and Capital Investment Committee. With the improvements, the scope of control and responsibility over each risk has become more focused and more effective. Each committee is supported by working group whose members are consisting of groups directly related to the risk problems included in the committee’s scope. The Bank has established an organizational structure that is able to support risk management in a more comprehensive, centralized, measurable and controllable way, by establishing the Risk Management Working Unit that is under Risk Management Directorate. The Risk Management Directorate is responsible for managingcoordinating all risks encountered by the Bank, such as credit risk, market risk, operational risk, liquidity risk, legal risk, reputation risk, strategic risk and compliance risk, including defining risk management guidance and policies. The Risk Management Directorate is led by a Director who reports to the Board of Directors and also a voting member in the Risk and Capital Committee. The Risk Management Directorate is divided into 2 two main functions: 1 Credit Approval as a part of the four-eye principle, and 2 Independent Risk Management which is divided into several groups in relation with credit and portfolio risk, operational risk and market risk. Risk management implementation frame work is stated in the Bank Mandiri Risk Management Policy KMRBM which is the guidance for specific risk management such as Bank Mandiri Loan Policy, Trading Policy and Asset Liability Management Policy. One of the risk management implementation is producing quarterly Bank’s risk profile that is reported to Bank Indonesia in accordance with Bank Indonesia schedule. The risk profile describes Bank’s business activities inherent risk including risk control system for each risk type. Other than quarterly report to Bank Indonesia, the Bank internally produced risk profile especially monitoring of action plan implementation with shorter period such as monthly basis in order to detect risk earlier and more accurate. For the risk management system integratation; Bank Indonesia’s regulation and Basel II compliance and action plan of Basel II Compliance Committee establishment, the Bank is developing Enterprise Risk Management ERM in alignment with the Bank’s strategic and operasional need. ERM is a comprehensive and bank-wide integrated risk management system, so that the risk management become an embedded process in the Bank’s business process and contribute a value added to the Bank and stakeholders especially related to the implementation of Strategic Business Unit SBU organization and Risk Based Performance. The ERM inisiative that was started since 2004 as the early stage of comprehensive risk management has arrived to producing the datamart and procurement ERM system stage. With ERM, it is estimated that the market, credit and operational risk management can be performed better, not only as compliance with regulation and reporting to Bank Indonesia, but becoming an integrated part of Bank’s daily business decision making.