137 2013 Annual Report BNI PERISKOP Self Assessment Module Loss Event Database Module Key Risk Indicator Module Self Assessment SA is a series of activities conducted by each unit risk owner in identifying operational risk issues inherent in the unit, locate the cause, measure the loss potential that may arise, and search for their solutions. The result of SA provides a view of potential risks faced by the unit in the next 3 three months period. Represents a database of all financial loss due to operational risk occurring in all units of the Bank. In addition to improving the management of operational risk, data of losses collected in LED also serve as basis for the calculation of capital needed to cover operational risk using the Advance Measurement Approach AMA. Key risk indicators are parameters to identify the loss potential from operational risks inherent in products and activities before the risk occurs, and to provide a signal if it crossed a pre- determined range of values. Business Continuity Management Disruption or disaster caused by natural factors, human action, and system may happen to various BNI’s critical business function, causing disruption of business activities and services by BNI. To anticipate such events, BNI has implemented a Business Continuity Management BCM system that is expected to be able to minimize operational risk in the event of an emergency or disaster situation. The development of the system is in line with Bank Indonesia regulation that requires banks to implement risk control processes to manage risks that could compromise the survival of a bank, and also in line with the requirements of the Basel II document which requires the Bank to have business continuity management and contingency management plan to ensure the Bank’s ability to keep operating and to limit losses in the event of disruption to business activities. a. Governance and Organization In a disaster situation, BNI has prepared a specific organization consisting of a Crisis Management Team CMT and an Emergency Task Force ETF comprising of Senior Executives as disaster management coordinator who has the highest level of authority and effective. The CMT is activated as soon as the Executive Management Team EMT, as the highest authority in CMT, declares a disaster condition. b. Policies Procedures In regard the implementation of BCM, BNI has established: - BCM policies for domestic operations - BCM policies for overseas branches - BCM procedures - Governance of BCM Building - Guidelines for visits to the BCM Building. c. Process Every step of the recovery strategy and restoration strategy implemented are monitored and reported to the CMT until the return of normal conditions. To ascertain the level of readiness and evaluation of BCM, BNI conduct disaster test simulation to examine the implementation of BCM in all operational units. This is conducted routinely every year to determine the level of readiness of each unit, in terms of organization and infrastructure of its BCM. The results of the routine evaluation and examination are evident in the systematic and purposeful handling of disaster situations, whether caused by human, nature or systems. Thus, operational activities at disaster-affected locations continue to a certain degree, even though some of its facilities and supporting infrastructure are disrupted.

4. Liquidity Risk

Liquidity risk relates to the possibility that the bank is unable to meet its short-term obligations to depositors, investors and creditors, as well as adequate levels of mandatory reserves, due among other causes to limited access to financing or the inability to liquidate assets at a reasonable price. 138 2013 Annual Report BNI Risk Management Disclosure of Rupiah and foreign exchange maturity profiles - bank only and consolidated - is presented in Table 9.1.a, Table 9.1.b, Table 9.2.a, and Table 9.2.b. The calculation of maturity profile is in accordance with Bank Indonesia regulations and does not include the maturity profile of subsidiaries in the insurance business. One of the strengths of the BNI risk monitoring process is the availability of the Bank’s liquidity profile information. The information is available in the Executive Information Management EIS application, which can provide information on the progress of funds and loans on a daily basis, giving the daily cash flow profile and the monthly maturity profile that can be used as a system for monitoring and managing liquidity risk. Early Warning Indicators Early warning indicators are outlined in the Secondary Reserve indicators in normal, and moderate or tight conditions for Rupiah and foreign currencies, such as the trend rate of market interest rates, foreign exchange reserves, and third-party funds including those of dominant depositors. Each indicator is equipped with limits as a reference for the determination of normal, moderate or tight liquidity conditions. Determination of SR in moderate or tight conditions is made by the Enterprise Risk Management Division based on established indicators. Following this, a moderate or tight Liquidity Contingency Plan LCP SR Ideal will be imposed. The above indicators are regularly reviewed in line with the development of the external and internal condition triggered by economic development at national, regional, and global levels.

5. Legal Risk

Governance and Organization Legal risk management is conducted by the Legal Division, under the active supervision of the Director of Legal and Compliance. The Legal Division collaborates with the respective Legal Unit or Legal Staff in the various DivisionsDepartmentUnitRegional Area or other Liquidity risk management aims to minimize the possibility of the Bank’s inability to obtain sources of financing of cash flow, and to build a strong structural liquidity of the Bank’s balance sheet to support long-term sustainable growth. Governance and Organization Liquidity Risk management is conducted by the Enterprise Risk Management ERM Division and the Treasury TRS Division. The ERM Division prepares the policies and procedures for liquidity risk management, which are then implemented by the TRS Division through its liquidity strategies. The ERM Division also monitors the implementation of liquidity management by the TRS Division. Policies and Procedures The Enterprise Risk Management Division prepares the Liquidity Risk Management Policy in the form of Liquidity Risk Management Guidelines, which is further described in the Standard Operating Procedure manual for liquidity risk management practices, which include: a. Liquid Instrument Availability: Statutory Reserve, Secondary Reserve, Early Warning Indicators, etc. b. Measurement of Liquidity Risk: Liquidity Ratio, Cash Flow Projection, Maturity Profile, Stress testing, etc. c. Monitoring d. Controlling e. Liquidity Limits setting Process In addition to maintaining and sustaining the Primary Reserves, BNI also keeps and maintains Secondary Reserves to ensure liquidity is at a safe level. As a backup for Secondary Reserves, BNI keeps and maintains Tertiary Reserves. Setting and monitoring of limits, namely the Secondary Reserve Ideal Ideal SR limit and on-shore loan limit is conducted periodically by the ERM Division. While the availability of the whole reserves are monitored on a daily, weekly, and monthly basis by the TRS Division and ERM Division. Tools and Methods In managing liquidity risk, BNI uses the daily cash flow projections and monthly maturity profile, both contractual and behavioral, in order to establish the appropriate and accurate strategies to anticipate liquidity conditions in the future. 139 2013 Annual Report BNI organizational units, serving as a ‘legal watch’, which provides analysislegal advice to all working unit at every level of the organization. In the case of a new productactivity launch, the Legal Division conducts a legal analysis procedure to the new productactivity in collaboration with Enterprise Risk Management Division and related divisions as the Risk Control Unit. This is done to assess the impact of such new productsactivities in terms of Legal Risk exposure and recommend risk mitigation. In addition, the Legal Division collaborates with the Enterprise Risk Management Division to periodically assess and monitor the implementation of legal risk management. Policies and Procedures Implementation of legal risk management refers to the Legal Risk Management Guidelines and other relevant policies and procedures. Periodically, the Legal Division also performs the evaluation and updating of various policies in legal andor legal risk mitigation in accordance with external andor internal developments. Process The process for legal risk management involves appraisalassessment in the form of judicial reviews on new products and activities or on additionschanges to existing product features and activities, as well as legal advice andor legal assistance related to the operational activities of the DivisionUnitProjectBranchLoan Centers. Request for legal advice andor legal representation is handled in accordance with the authority of the Legal Division as follows: a. BranchLoan Centers and other unit at Regional Area level submits request for legal advise to the Legal Unit in the Region Legal Region; b. DivisionTask Force UnitProject and other units at the same level submit the request for legal advise to the Legal Division. In implementing Legal Risk management, the Legal Division conduct periodic reviews of the contracts and agreements between the Bank and other parties, in particular for non-standard agreements or agreements that have not been codified in the Company Guidelines.

6. Strategic Risk