139 2013 Annual Report BNI organizational units, serving as a ‘legal watch’, which provides analysislegal advice to all working unit at every level of the organization. In the case of a new productactivity launch, the Legal Division conducts a legal analysis procedure to the new productactivity in collaboration with Enterprise Risk Management Division and related divisions as the Risk Control Unit. This is done to assess the impact of such new productsactivities in terms of Legal Risk exposure and recommend risk mitigation. In addition, the Legal Division collaborates with the Enterprise Risk Management Division to periodically assess and monitor the implementation of legal risk management. Policies and Procedures Implementation of legal risk management refers to the Legal Risk Management Guidelines and other relevant policies and procedures. Periodically, the Legal Division also performs the evaluation and updating of various policies in legal andor legal risk mitigation in accordance with external andor internal developments. Process The process for legal risk management involves appraisalassessment in the form of judicial reviews on new products and activities or on additionschanges to existing product features and activities, as well as legal advice andor legal assistance related to the operational activities of the DivisionUnitProjectBranchLoan Centers. Request for legal advice andor legal representation is handled in accordance with the authority of the Legal Division as follows: a. BranchLoan Centers and other unit at Regional Area level submits request for legal advise to the Legal Unit in the Region Legal Region; b. DivisionTask Force UnitProject and other units at the same level submit the request for legal advise to the Legal Division. In implementing Legal Risk management, the Legal Division conduct periodic reviews of the contracts and agreements between the Bank and other parties, in particular for non-standard agreements or agreements that have not been codified in the Company Guidelines.

6. Strategic Risk

Governance and Organization Strategic Risk Management is conducted by the Strategic Planning Division, under the active supervision of the President Director. Strategic Risk Management involves a series of strategic planning process planning and budgeting, which includes the alignment of corporate strategy with the strategy at unit level, and the cascading of bankwide targets into unit targets. Strategic planning documents include: a. Corporate Plan, compiled every 5 five years b. Board of Directors General Policy KUD, compiled annually c. Bank Business Plan RBB, compiled annually d. Business Plan, compiled annually Formulation of the strategic planning document begins with the Corporate Plan as reference for determining targets and the KUD, which will guide the preparation of the RBB. Next, the KUD and the RBB will become the reference in the preparation of operational planning as defined in the Business Plan for Regional Areas and Divisions, and later the Business Plan for Regional Areas will guide the preparation of the Business Plan for Branch Centers. Through this mechanism, it is certain that the strategy alignment will be maintained from the corporate level to the level of branch lowest level. Policies and Procedures Implementation of strategic risk management refers to the Strategic Risk Management Guidelines and other relevant policies and procedures. Process The process of effective strategic risk management is needed to identify and respond to changes in the external and internal business environment. 140 2013 Annual Report BNI Risk Management The Corporate Plan document is reviewed annually to adjust with the changing business environment. Likewise, the Board of Directors General Policy, the Bank Business Plan at the corporate level, and Business Plan at unit levels, may be reviewed in the first semester of the year, and in the event of significant changes occurring in the environment can be reviewed in a shorter time period. The mechanism for measuring progress of the business plans involves the comparison of established targets with the actual achievements, in the following manner: a. Monthly monitoring to evaluate the performance and strategy of the company bankwide b. Quarterly monitoring of performance at Division level c. Half-yearly monitoring the performance of the Company and all business units through Business Review forum at the Head Office and Regional Offices.

7. Compliance Risk