Business Support

I. A. Active Supervision by the Board of Commissioners and the Board of Directors

1. In carrying out its risk management

function, the Board of Commissioners has defined duties and responsibilities, including:

s !PPROVINGRISKMANAGEMENTPOLICIES including risk management strategy and frameworks, implemented in accordance with BCA’s risk appetite and risk tolerance.

s %NSURING THE EFFECTIVE implementation and integration of the overall risk management policies and processes.

s %VALUATING

− Risk management policies and strategies, at least once a year, or on a more frequent occasion if there are significant changes in factors affecting BCA’s business activities.

− The responsibility of the Board of Directors to ensure the effective management of BCA’s activities and risks and to ensure the provision of guidance by the Board of Directors on improving the implementation of risk management policies on a regular basis.

− Requests from the Board of Directors related to transactions that require the approval of the Board of Commissioners and making decisions on such requests.

defined duties and responsibilities, including:

s %STABLISHINGCOMPREHENSIVEANDFULLY documented risk management policy, strategy and frameworks, including risk limit as a whole and for each type of risk, taking into account the Bank’s risk appetite and risk tolerance according to the condition of BCA and the impact of risk to capital adequacy.

After obtaining approval from the Board of Commissioners, the Board of Directors establishes risk management policy, strategy and framework.

s /RGANIZINGASSIGNINGANDUPDATING

− Procedures and tools for identifying, measuring, monitoring, and controlling risks.

− Transaction approval

mechanisms, including those that exceed the limits and authority for each level of position.

s %VALUATINGANDORUPDATINGRISK management policies, strategies and frameworks at a minimum of once a year, or at a more frequent occasion as necessary, if there are any significant changes in factors affecting BCA’s business activities, risk exposure and/

or risk profile.

s %STABLISHING AN ORGANIZATIONAL structure, including clear authorities and responsibilities at each level of position related to the implementation of risk management.

s 2ESPONSIBLE FOR THE IMPLEMENTATION of risk management policies, strategies and frameworks approved by the Board of Commissioners; and evaluating and providing guidance based on reports submitted by the Risk Management Unit, including risk profile reports.

2018 Annual Report PT Bank Central Asia Tbk

144

Management Report

s %NSURING

− All material risks and impacts from such risks have been followed up, and have been submitted regularly to the Board of Commissioners, including reports on progresses and issues of material risk-related with corrective actions that have been, are, and will be carried out.

− Implementation of corrective actions towards problems or irregularities in BCA’s business activities identified by the Internal Audit Division.

− Adequacy of human resource support to manage and control risks.

− Independent implementation of risk management functions, which is reflected, among others, in the separation of functions between the Risk Management Unit, which identifies, measures, monitors, and control risks with work units that conduct and complete the transactions.

s $EVELOPING A RISK MANAGEMENT culture, including risk awareness across all levels of the organization, including adequate communication to all levels of the organization on the importance of effective internal control.

s %VALUATING AND DECIDING ON transactions that require the approval of the Board of Directors.

s #ONDUCTING PERIODIC REVIEWS TO ensure:

− Accuracy of risk assessment methodology.

− Adequacy of implementation of risk management information system.

− Accuracy of risk management policies and procedures and risk limits.

s $ECLARING WHEN "#! IS IN AN emergency condition, and, if necessary, the Board of Directors may request opinions from the Risk

Management Committee or the Assets and Liabilities Committee or other related committees. Under emergency conditions, control of authorities is under direct coordination of the Board of Directors.

3. Active supervision by the Board of Commissioners and the Board of Directors (Management) includes the following mechanisms:

s 3UPERVISION BY THE "OARD of Commissioners is conducted in accordance with their duties and responsibilities as stipulated in the Articles of Association and relevant regulations.

s 4HE !UDIT #OMMITTEE THE Risk Oversight Committee, the Remuneration and Nomination Committee, and the Integrated Corporate Governance assist in the supervisory duties of the Board of Commissioners.

s 4HE"OARDOF#OMMISSIONERSMAINTAINS constructive communications with the Board of Directors.

s 4HE "OARD OF #OMMISSIONERS actively provides recommendations to the Board of Directors in determining strategic actions that they believe should be implemented.

s 4HE"OARDOF$IRECTORSISASSISTED by Assets and Liabilities Committee (ALCO), Credit Policy Committee, Credit Committee, Risk Management Committee, Information Technology Steering Committee, and the Integrated Risk Management Committee.

s 4HE "OARD OF $IRECTORS ACTIVELY engages in discussion, provides input and monitors the internal conditions and the development of external factors that directly or indirectly affect the Bank’s business strategy.

2018 Annual Report PT Bank Central Asia Tbk 145 1. BCA has an adequate organizational

structure to support the implementation of sound risk management and internal control that consists of the Internal Audit Division, Risk Management Unit, Compliance Unit and Risk Management Committee and Integrated Risk Management Committee.

2. BCA’s risk management policy, as detailed in the Bank Business Plan and the Annual Budget and Work Plan, is in line with the vision, mission, business strategy, capital adequacy, human resources competencies, and risk appetite of the Bank. This policy is reviewed regularly and adjusted in line with both internal and external developments.

3. Policies, procedures, and determination of risk management limits, have been fully documented in writing and are regularly reviewed and updated.

4. In conducting its business activities, BCA has developed a Bank Business Plan and Annual Budget and Work Plan that addresses BCA’s overall strategy, including business direction. The strategy has been determined with consideration of the possible impact of the strategy on the Bank’s capital, capital projection and the Capital Adequacy Ratio (CAR).

I.C. Adequacy of Risk Identification, Measurement, Monitoring and Mitigation Processes and Risk Management Information System

1. BCA has identified, measured, monitored and controlled risks as part of the process of implementing risk management.

2. Risk exposure is monitored regularly by SMKR by comparing the actual risk against set risk limits.

3. Reports on risk trends, including Risk Profile Reports, Credit Portfolio Reports and Business Plan Progress Reports, are submitted to the Board of Directors on a regular basis.

consists of five components:

s -ANAGEMENT SUPERVISION AND RISK control culture.

s 2ISKIDENTIlCATIONANDASSESSMENT s #ONTROL ACTIVITIES AND SEGREGATION

of duties.

s !CCOUNTING INFORMATION AND communication system.

s -ONITORING AND CORRECTIVE ACTIONS against policy deviations.

2. The internal control systems are embedded in each business or operational unit and are considered the first line of defense for risk management. These units are charged with risk monitoring by their Internal Control Units at the branches, regional offices, and headquarters.

To support the implementation of internal control, BCA has fully documented risk management policies (organization structure, segregation of duties, risk limits, and others) BCA strongly encourages a risk culture and culture of compliance with regard to the applicable regulations that are conducted and monitored by the Risk Management Unit and Compliance Unit, which together form the second line of risk management defense.

The assessment and evaluation of the adequacy and effectiveness of the internal control system is periodically reviewed by the Internal Audit Division, which is the third line of risk management defense, to ensure that internal controls have been implemented adequately.

3. All management and employees of BCA have roles and responsibilities to implement, adhere to and enhance the quality of BCA’s internal control systems to be reliable and effective.

2018 Annual Report PT Bank Central Asia Tbk

146

Corporate Profile Management Report

Financial Highlights Management Discussion and Analysis

Risk Management and Internal Control Organizational Structure

monitoring lines

Credit

Analysis Enterprise

Security Risk

Management¹ Credit

Recovery Compliance¹

Risk Oversight Committee

Enterprise Risk

Management Credit Risk

Management Market Risk Management

Operational Risk Management

Integrated Corporate Governance

Committee Audit Committee

BCA Finance BCA Finance Ltd.

Hong Kong BCA Syariah BCA Sekuritas Asuransi Umum BCA

Central Santosa Finance Asuransi Jiwa

BCA Central Capital

Ventura

communication lines reporting lines

coordination lines Anti

Fraud

Internal Audit¹

Note:

1 Oversee internal audit/risk management/ compliance function of subsidiaries in association with integrated corporate governance and integrated risk management application.

2 Deputy President Director oversees and coordinates management of subsidiaries.

3 Compliance, Legal & Risk Management Director oversees subsidiaries risks as part of integrated risk management.

Asset & Liability Committee (ALCO)

Credit Policy Committee

Risk Management Committee Integrated Risk

Management Committee Credit Committee

BOARD OF DIRECTORS

BOARD OF COMMISSIONERS GENERAL MEETING OF SHAREHOLDERS

PRESIDENT DIRECTOR

DEPUTY PRESIDENT DIRECTOR DEPUTY PRESIDENT

DIRECTOR²

CREDIT DIRECTOR

COMPLIANCE, LEGAL

& RISK MANAGEMENT

DIRECTOR³⁾

EFFECTIVENESS OF BANK RISK MANAGEMENT SYSTEMS

In evaluating the effectiveness of the BCA’s risk management system, the Board of Commissioners and the Board of Directors are assisted by committees under the Board of Commissioners and the Board of Directors.

These committees meet regularly to discuss and provide input and recommendations to the Board of Commissioners and the Board of Directors.

BCA also conducts regular evaluation on the following subjects:

• Applicable policies and methodologies for risk assessments.

• Adequacy of policies, procedures, and determination of risk limits

• Adequacy of identification, measurement, monitoring and mitigation of risks

• Effectiveness of comprehensive internal control system.

Evaluation and updates of policies, procedures, and methodologies are conducted regularly to ensure its compliance to the applicable regulations and operating environment. Evaluation of the effectiveness of risk management is also conducted through regular reports submitted to the Board of Commissioners and the Board of Directors. These reports include, among others, Risk Management Policy Reports; Risk Profile Reports; Risk Update Reports, and other related reports.

2018 Annual Report PT Bank Central Asia Tbk 147 framework on bank capital and liquidity standards. BCA

supports Basel III implementation in Indonesia by taking part in Quantitative Impact Studies (QIS) exercises that require the Bank to calculate Capital Position, Leverage Ratio, NSFR, Credit Risk, Market Risk, and Operational Risk.

In 2017, BCA has been in compliance with the Net Stable Funding Ratio (NSFR) regulation implemented by the OJK, with regard to both reporting and minimum ratio.

Risk Appetite

The Bank defines risk appetite as the level and type of risk which are willing to be taken by BCA in order to achieve its business objectives. The risk appetite set by BCA is reflected in the Bank’s business strategies and objectives.

Stress Test

BCA regularly performs stress testing for a variety of scenarios as well as for various factors and parameters that can impact risk. Stress test scenarios consider several macroeconomic variables, such as interest rates, inflation,

stress tests, in addition to using statistical models based on historical data, includes best judgment scenarios.

Stress testing is carried out in order to see the impact of changes in macroeconomic factors on various main indicators, including the NPL ratios, profitability, liquidity and capital.

BCA conducts integrated stress tests for both the main entity and its subsidiaries. The results of stress testing conducted by the Bank for credit, market and liquidity risks have been satisfactory, with the Bank’s capital and liquidity being sufficient to anticipate estimated potential losses.