Speciic Funding Loans CaPiTaL and risK EXPosurEs and BanK risK ManaGEMEnT

PT Bank Mandiri Persero Tbk. OPERATIONAL RISK COMMITTEE RCC- ORC DUTIES AND RESPONSIBILITIES Risk and Capital Committee sub Operational Risk Committee has the following duties, authorities, and responsibilities:

1. General

a. To develop, discuss and recommend the Bank Mandiri Operations Policy KOBM, The Bank Product Transparency and Customer Personal Database Usage Policy KTPBPDPN, Bank Mandiri Corporate Secretary Policy KCSBM, Bank Mandiri Complaint Management and Dispute Settlement Policy KP3SN, Bank Mandiri Accounting Policy KABM, Bank Mandiri Internal Audit Policy KIABM, Bank Mandiri Legal and Compliance Policy KHKBM, Anti-Laundering MoneyTerrorism Funding Prevention Policy APU PPT and Bank Mandiri Internal Control System Policy KSPIBM, for further endorsement by the Directors and the Board of Commissioners. The RCC-ORC Committee Meeting Leaders set the policies endorsement proposal to the Directors done by a circular or through a Directors Meeting. b. To set the procedures under the existing policies, including amendments, for the above point 1.a. THE FREQUENCy OF MEETINgS AND THE ATTENDANCE RATE OF OPERATIONAL RISK COMMITTEE Rcc-oRC Name Total Meeting Attendance Absence Attendance Permanent Voting Members Zulkili Zaini 14 13 1 93 Riswinandi 14 14 100 Sentot A. Sentausa 14 14 100 Pahala Nugraha Mansury 14 14 100 Kresno Sediarsi 14 14 100 Non Permanent Voting Members Budi Gunadi Sadikin 5 5 100 Sunarso 2 2 100 Royke Tumilaar 2 2 100 Mansyur S. Nasution 1 1 100 Permanent Non voting Members Ogi Prastomiyono 14 14 100 Based on the quorum Total meetings for each group attendance based on the agenda discussion

4. OPERATIONAL RISK COMMITTEE RCC-ORC

PT Bank Mandiri Persero Tbk. c. To provide solutions and settlement on the Company’s operational that were unable to be resolved by the downliners. d. To establish and delegate the operational authorization to the appointed oicials. The delegation excluded the decision-making on loans and or others that will be ractiied separately. e. To discuss the policy and endorse the operational procedure with cross-Committee basis by inviting the Director of DivisionEVP Coordinator and related Group Head. f. To conduct strategic discussion, inclusive but not limited to the discussion on subsidiary under the Company’s supervision. g. To supervise the duty implementation of Risk Business Control Supervisory Team.

2. Speciic

The following are conducted in relation to the risk management that consisted of operational risk, legal risk, strategic risk, and compliance risk: a. Operational Risk 1 To determine and evaluate the measurement method and operational risk management as well as the capital adequacy of operational risk. 2 To determine and evaluate the management strategy and operational risk controll based on the operational risk proile, as well as to establish and evaluate the applicable tools to manage the operational risk ORM tools. 3 To establish the operational risk allowance by considering the risk exposures and past loss experiences due to the operational risk in accordance with the required regulatory. b. Legal Risk, Reputation Risk, Strategic Risk and Compliance Risk 1 Legal Risk: To establish the strategy and procedure to control legal risk due to the weaknesses in juridicial aspect. 2 Reputation Risk: To determine the strategy and procedure to control the reputation risk due to the decreasing trust of the stakeholders resulted from the negative perception on the Company. 3 Strategic Risk: To determine the strategy and procedure in the strategic risk management due to the faulty in the strategic decision-making andor its implementation, as well as failure in anticipating the business environment evolution. 4 Compliance Risk: To establish the strategy and procedure to manage risk due to the Company’s incompliance or negligence on the prevailing laws and regulations. The following agenda was endorsed by RCC ORC in 2012: 1. Approved and reined several Standard Operating Procedures. 2. Approved the RIC’s Organisation Alignment. 3. Approved the Anti Fraud Strategy. 4. Approved the reinement of Bank Mandiri Dili Timor Leste Policy Procedure. CORPORATE GOVERNANCE