PT BANK MANDIRI PERSERO Tbk. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS
As of December 31, 2016 and for the year then ended Expressed in millions of Rupiah, unless otherwise stated
217
61. RISK MANAGEMENT
Bank Mandiri segregates independent risk management function based on the requirement of Bank Indonesias regulation and international best practices. Bank Mandiri adopts the Enterprise Risk
Management ERM concept as comprehensive and integrated risk management strategy which in line with Banks business process and operational needs. ERM implementation will give value added to the
Bank and stakeholders. ERM is a risk management process embedded in the business strategies and operations that are
integrated into daily decision making processes. With ERM, the Bank establishes a systematic and comprehensive risk management framework credit risk, market risk and operational risk by connecting
the capital management and business processes to risks. In addition, ERM also applies consolidated risk management to the subsidiaries, which will be implemented gradually to maximise the effectiveness
of bank’s supervision and value creation to the Bank based on Bank Indonesia Regulation No. 86PBI2006 dated January 30, 2006 and Financial Services Authority FSA Regulation
No. 17POJK.032014 regarding implementation of risk management integrated for financial conglomerates which coverage throughout the financial industry.
The Bank’s risk management framework is based on FSA Regulation No. 18POJK.032016 regarding Risk Management Implementation for Commercial Banks. The Bank’s risk management framework is
stated in the Bank Mandiri Risk Management Policy BMRMP, which consists of several policies as the guideline to the business growth and as a business enabler to ensure the Bank conduct prudential
principle by examining the risk management performance process identification - measurement - monitoring - risk mitigation for all organisation levels.
Active supervision by the Board of Directors and the Board of Commissioners on risk management activities, directly and indirectly, are implemented through the establishment of committees at the level
of the Board of Commissioners which are Risk Monitoring Committee, Integrated Governance Committee, Renumeration and Nomination Committee and Audit Committee. The Executive Committee
under the supervision of the Board of Directors consists of Asset Liability Committee ALCO, Risk Management Committee RMC, Integrated Risk Management Committee IRC, Capital Subsidiaries
Committee CSC, Business Committee, Information Technology Committee ITC, Human Capital Policy Committee HCPC, Policy Procedure Committee PPC dan Credit Committee.
From 9 Executive Committees, there are 4 committees that are directly involves in risk management, i.e RMC, IRC, ALCO and PPC. RMC is the committee that discuss and recommends policy and procedures
as well as monitoring risks profile and managing all the Banks risks. Integrated IRC is the committee that provide recommendation on the integrated risk management policy including the application of risk
management
in subsidiaries.
IRC is
based on
the application
of FSA
Regulation No. 17POJK.032014 regarding integrated risk management. IRC has members from subsidaries and
discuss as well as recommends the policy and application of integrated risk management. ALCO is the committee that manages Banks asset and liability management, interest rate and liquidity and other
areas that are related to the asset and liability management of the Bank. PPC is the committee that discuss and recommends the adjustment or improvement in the Banks policy and procedures.
Committees under Board of Commissioners including Risk Monitoring Committee, Integrated Governance Committee and Audit Committee, which has the task and responsibility to perform review
and evaluation on policy and execution of Banks risk management, as well as providing inputs and recommendation to the Board of Commissioners in their monitoring tasks.
Operationally, the related Directorate with risk management is divided into two big parts, there are 1 credit approval as part of the four-eye principles, located at the Wholesale Risk Directorate and Retail
Risk Directorate and 2 Independent Risk Management that is located in the Risk Management Directorate and Risk Management Compliance Directorate. Risk Management Compliance is
headed by a Director that is responsible towards the Board of Director and also a member of the Integrated Risk Management Committee, and Policy Procedure Committee. The bank has also
established a Risk Management Working Unit under the Risk Management Compliance. The Risk Management Compliance Directorate is divided into 3 three groups, that is the Credit Portfolio Risk
Group that is related to Credit Risk and portfolio and Risk Management integration through ERM, Market Risk Group and Operational Risk Group that is related to market risk, liquidity risk, and operational risk.
PT BANK MANDIRI PERSERO Tbk. AND SUBSIDIARIES NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS
As of December 31, 2016 and for the year then ended Expressed in millions of Rupiah, unless otherwise stated
218
61. RISK MANAGEMENT continued
The Risk Management Directorate and each strategic business unit are responsible for maintainingcoordinating 10 ten types of risk that faced by the Bank, discussing and proposing risk
management policies and guidelines. Bank Mandiri is developing the application of ICAAP, which aims to ensure that banks have a
comprehensive risk measurement process and the calculation of capital is according to the risk profile and able to provide the capital needed. One part of the ICAAP, which is the preparation of Risk Appetite
Statement RAS, RAS is the type and degree of risk that could be taken faced by the Bank iwithin its risk capacity in order to achieve its business goals. The application of this ICAAP is to support the
implementation of Basel II Pillar 2 as the best practice. All risks will be reported in quarterly risk profile report and semi-annually Bank’s soundness report in
order to describe all embedded risks in the Bank’s business activities, including consolidation with subsidiaries’s risks.
In relations to the changes in the organizational structure of the Bank, namely the establishment of the Directorate of Distribution which is to optimize the role of the region, starting June 2016, Bank Mandiri
created Regional Risk Dashboard as a means of monitoring risk management in each region. Risk management in the region is for inherent risks, especially credit risk for the region.
A. Credit risk
The Bank’s credit risk management is mainly focused to improve the balance between prudent loan expansion and maintenance in order to prevent quality deterioration downgrading to Non
Performing Loan NPL category and to optimise capital utilisation to achieve the optimum of Return On Risk Weighted Asset RORWA.
To support this objective, the Bank periodically reviews and updates its policies and procedures for credit in general, by business segment and tools risk management. These policies and procedures
are intended to provide a comprehensive credit risk management guideline for identification, measurement and mitigation of credit risks in the end-to-end loan acceptance process, from market
targeting, loan analysis, approval, documentation, disbursement, monitoringsettlement process for non-performingrestructuring loans.
To improve the Bank’s social role and concern to the environmental risk and as an implementation of Good Corporate Governance GCG, the Bank has set up a Guideline for Technical Analysis of
Environmental and Social in Lending which is used as a reference in analysing environmental risk in a credit analysis. This Guideline is in line with Bank Indonesia Regulation regarding the Quality of
Asset Assessment on Commercial Bank regulating that the assessment on debtor business process should also consider the debtor’s effort to maintain its environment.
In principle, credit risk management is implemented to transactional and portfolio levels. At the transactional level, the Bank has implemented the four-eye principles concept, whereby each loan
approval involves Business Unit and Credit Risk Management Unit which work independently to make an objective credit decision. The four-eye principles is executed by Credit Committee
according to the authority limit and the loan approval process is conducted through Credit Committee Meeting mechanism. Executive Credit Officer as Credit Committee members, must be
highly competent as well as having strong capacity and integrity so that the loan granting process can be conducted objectively, comprehensively and prudently. To monitor the performance of the
credit authority holders in approving and maintaining loans, the Bank has developed a database for authority-holder monitoring. By using this system, the Bank can monitor the amount and quality of
the loans approved by the credit authority holders, so that the performance of the Executive Credit Officer can be monitored from time to time.
To mitigate credit risk, Credit Committee sets loan structure for every debtor through appropriate covenants that aligns with debtor needs and conditions. This is to ensure the debtor uses the loan
effectively according to original purpose so that bank and debtors interest are fulfilled. Guidelines for determining the structure of collateral in order to mitigate credit risk policy has been regulated in detail
according to the SPK Credit Standard Procedures for each segment.