we use VaR as the limit, which will be reflected in trading limits such as maximum open position for each dealer, maximum loss limits and counter-party limits. In order to comply with risk-based minimum capital requirements, we have begun calculating capital reserves to cover the interest rate risk on the trading book Tier 1 and banking book Tier 2. Foreign Exchange Risk Management Foreign exchange transaction activities are centralized and managed on a daily basis by the fund management unit. The market risk management unit monitors foreign exchange risk and uses an integrated system of front office fund management unit, back office operational management unit, and middle office market risk management unit. Bank Indonesia sets the daily net reserves at a maximum of 20 of total capital. The Bank, however, prudently sets a lower internal limit of 5 of total capital.

E. Liquidity Risk

Liquidity risks that the Bank may face arise primarily from third party funding positions, asset liquidity, and liabilities to counter-parties. Meanwhile, the most significant off-balance sheet component of the Bank’s liquidity and funding is credit commitments to the Bank’s customers. The liquidity level of the Bank is measured through primary reserve and secondary reserve levels, among other liquidity ratios. The Bank maintains primary reserves in terms of the Minimum Reserve Requirement at Bank Indonesia, and cash in various branches. The Bank’s liquidity risk is measured by the liquidity gap, which is derived from projected needs or liquidity surpluses according to asset and liability maturity period as well as the future business strategy. Based on the Bank’s 2005 plan, liquidity is projected to be in a surplus position for the next 12 months. In general, the market and liquidity risk profile throughout 2004 was within the established limits.

F. Operational Risk Operational Risk Management Tools

Bank Mandiri has instituted a systematic and measured operational risk management program including the development of risk governance, Operational Risk Management Policy, risk management information systems and Operational Risk Management ORM tools. Our calculation methodology for operational risk capital charges is based on the Basic Indicator approach, which will be continuously enhanced to higher levels, i.e. the Advanced Measurement Approach AMA. Bank Mandiri also seeks to build a risk culture, focusing on the implementation of integrated operational risk management in line with the development of operational risk management procedures by adopting the following principals: 1. To establish a conducive operational risk management environment and an efficient and effective risk management platform; 2. Every group unit has the responsibility to understand and implement operational risk management processes in a measured, proactive yet efficient manner; 3. Management of the bank is conducted in a transparent manner and should demonstrate the Bank’s ability to implement sound operational risk management to all stakeholders. The implementation of operational risk management will improve Bank Mandiri’s operations, while reinforcing the accountability for operational risk management. Every group head will be equipped with operational risk management tools to identify, appraise, monitor and mitigate their respective risks effectively. In 2004, Bank Mandiri began to develop a Pro-active Risk Management mechanism, which enabled identification of the operational risks faced by each unit independently, using the Risk Self Assessment RSA. This bottom- up process involves the staff directly responsible for 63 the transactions, to ensure the primacy and relevance of the identified risks. The Bank has also developed a risk assessment and identification process for new products and services prior to their launch, in order to enhance its control function. The control function on risk identification finding must be based on minimum control standards required by each group within the Bank and will subsequently become the Key Operational Risk Controls KORC. Risk management for the additional four classes of risk - legal, reputation, strategic and compliance – is coordinated by the Risk Management Task Force through the implementation of rules, regulations and control systems, whereas operational management remains the responsibility of the business and task units in charge of legal, reputation, strategy and compliance functions.

G. The Road Ahead