II. RISK MANAGEMENT COMMITTEE (RMC)

RMC was established to ensure that the risk management framework provides adequate protection against all BCA risks.

• The progress and trends of BCA’s total risk exposure and proposes an acceptable overall risk tolerance level (risk appetite).

• Results of studies on total risk exposure faced by BCA and its impact.

• Assessment of BCA’s capital adequacy in facing the risk of losses that arise by various stress testing scenarios.

• Proposal for developing risk measurement methodologies, contingency plans in abnormal conditions (worst case scenario), and other methods which relates to BCA risk management.

• Matters requiring justification related to business decisions that deviate from normal procedures (irregularities).

• Limit of authority, exposure, and concentration of the loan portfolio as well as other parameters that are aimed at limiting risk.

C. Meeting of RMC

The provisions of the RMC Meeting are as follows:

a. RMC meetings are held as needed and at least once in 3 (three) months or 4 (four) times in 1 (one) year.

b. RMC meetings are valid if attended by at least

2/3 (two-thirds) of permanent members, or ½ (one half) of the permanent members with full approval from all permanent members.

D. Decision Making

The following are the provisions concerning decision making:

a. Decision making concerning the use of RMC authority shall only being made through the legitimate RMC meeting decision.

b. The decisions of RMC meeting are valid and binding if being approved by more than 1/2 (one-half) of members who present in the meeting.

E. Frequency of RMC Meetings in 2021

As of December 31, 2021, RMC held 4 (four) meetings with details of the attendance of RMC members as follows:

Position Number of

Meeting Attendance Percentage

President Director (Jahja Setiaatmadja) 4 4 100%

Deputy President Director (Suwignyo Budiman) 4 2 50%

Deputy President Director (Armand W. Hartono) 4 3 75%

Credit and Legal Director (Subur Tan) 4 4 100%

Commercial and SME Banking Director (John Kosasih) ¹⁾ 3 3 100%

Regional and Branch Network Director (Frengky Chandra Kusuma) ²⁾

3 1 33%

Corporate Banking Director (Rudy Susanto) 4 4 100%

Human Capital Management Director (Lianawaty Suwono) 4 3 75%

Transactions Banking Director (Santoso) 4 3 75%

Planning and Finance Director (Vera Eve Lim) 4 3 75%

Compliance and Risk Management Director (Haryanto T.

Budiman)

4 4 100%

Information Technology Director (Gregory Hendra Lembong) 4 4 100%

EVP of Credit Risk Analysis Group (GARK) 4 3 75%

Head of Compliance Work Unit 4 4 100%

Position Number of

Meeting Attendance Percentage

Head of Logistic and Building Division ³⁾ 1 1 100%

Head of Banking Transaction Product Development Division ³⁾ 1 1 100%

Head of Banking Transaction Product Development Division ³⁾ 1 1 100%

Head of Electronic Banking Services ³⁾ 1 1 100%

Head of Data Management and IT Management Office Group ³⁾

1 1 100%

Head of Legal Group ³⁾ 1 1 100%

Head of Credit Risk Analysis Group (GARK) ³⁾ 1 1 100%

Notes:

1) Served as Director since May 21, 2021.

2) Served as Director since May 3, 2021.

3) The number of meetings for non-permanent members is in accordance with the invitations for the related discussion topic.

The details of the RMC meetings implementation throughout 2021 are as follows:

No. Date Agenda

1 April 19, 2021 - Suggestion of fraud limit with significant impact - Cyber threat Trend and Mitigation

2 May 25, 2021 Resolution plan for commercial bank

3 October 1, 2021 Pilot Project – Resolution plan for commercial bank 4 December 13, 2021 - Changes in Credit Risk RWA Calculation

- Bank Product Operation

F. Accountability Reporting

Accountability and work realization of RMC are reported through:

a. Periodical written report at least once in 1 (one) year to the Board of Directors regarding the results of routine RMC meetings.

b. Written report to the Board of Directors regarding the results of special meetings held to discuss certain matters.

c. Special report or activity report (if necessary).

G. Realization of Work Program in 2021

In carrying out its duties during 2021, RMC accomplished the following work programs:

a. Informing the proposed fraud limit which has a significant impact wherein OJK Regulation No. 39/POJK.03/2019 Banks are required to submit reports and/or corrections of fraud reports that have a significant impact.

b. Informing cyber threat trends such as vulnerability exploits and ransomware with mitigation carried out such as hygienic security culture, protection, detection, and response.

c. Informing LPS Regulation No. 1 Year 2021 concerning Resolution Plan for Commercial

d. Informing the results of submitting the Resolution Plan document to LPS on August 30, 2021.

e. Informing the changes in Credit Risk RWA calculation according to OJK Circular Letter No. 24/SEOJK.03/2021 dated October 7, 2021, which will be implemented on January 1, 2023, including a simulation of calculation with data period of December 2021, June 2022 and December 2022.

f. Informing the bank product operation related to the payment system in which Bank is required to have approval from both OJK and BI, therefore it shall need allocated time for the approval process.

H. Work Plan of RMC in 2022

RMC has prepared work plans for 2022 as follows:

a. Review matters relating to the topic in the RMC meeting.

b. Provide information and analysis related to the topics discussed at RMC meeting for recommendations from the Board of Directors.

c. Other matters related to risk management.

III. INTEGRATED RISK MANAGEMENT COMMITTEE (IRMC)

IRMC was established to ensure that the risk management framework provides adequate protection against all risks faced by BCA and its Subsidiaries in an integrated manner.

Guidelines of IRMC

IRMC carries out its duties and responsibilities by referring to

• the Board of Directors Decree No. 121/SK/DIR/2019 dated August 6, 2019 concerning the Structure of Integrated Risk Management Committee (IRMC);

• OJK Regulation No. 18/POJK.03/2016 concerning Implementation of Risk Management for Commercial Banks;

• OJK Regulation No. 17/POJK.03/2014 concerning The Implementation of Integrated Risk Management for Financial Conglomerates; and

• OJK Regulation No. 45/POJK.03/2020 concerning Financial Conglomerates.

The scopes regulated in the Board of Directors Decree No. 121/SK/DIR/2019 concerning the Structure of Integrated Risk Management Committee are as follows:

• Organizational Scope

- Mission, Main Function, Position, and Authority.

- Position and Composition of Committee.

• Completeness of Committee

- Committee Personnel, Main Duties, and - Decision Making and Accountability.

A. Structure, IRMC Membership, and Voting Rights Status

Based on the Board of Directors Decree No. 121/SK/DIR/2019 dated August 6, 2019, concerning the Structure of Integrated Risk Management Committee, the following are the structure, membership, and voting rights status of IRMC:

Position in the Committee Served by Voting Rights Status

Chairman (concurrently as a permanent member)

The director in charge of the integrated risk management function

Reserve Voting Rights Permanent Member¹⁾ • All members of the Board of Directors

• Head of Compliance Work Unit

• Head of Internal Audit Division³⁾ Non-permanent

member²⁾

1. Executive Officer 2. Subsidiary Director^*)

• All of Executive Vice President

• All Heads of Divisions/Groups/Work Units related to Subsidiaries, other than Permanent Members Directors who are appointed to represent Subsidiary Secretary (concurrently as

a permanent member)

Head of Risk Management Work Unit/Alternate Officer

Notes:

*) The number and composition are adjusted to the needs as well as the efficiency and effectiveness of the implementation of IRMC duties by taking into account, among others, the representation of each financial service sector.

1) If there are concurrent positions, the person concerned only has one vote.

2) According to the topics discussed.

3) Do not have voting rights.

B. Main Functions, Authorities, and Responsibilities of IRMC

Main Functions of IRMC

IRMC has the main function to provide recommendations to the Board of Directors, which at least include:

Authorities of IRMC

IRMC has the authority to review and provide recommendations on matters related to integrated risk management for the Board of Director decision.

Duties and Responsibilities of IRMC

Topics that can be discussed at the IRMC meeting include:

- The direction and objectives of BCA in formulating policies, strategies, and guidelines for the implementation of integrated risk management, and changes if necessary.

- Assessment of the effectiveness of the integrated risk management framework implementation.

- The progress and trends of integrated risk exposure and purpose overall risk levels that can be taken (risk appetite) and risk tolerance.

- Results of studies on total integrated risk exposure and its impact.

- Assessment of BCA’s capital adequacy in facing the risk of losses that arise by using various stress testing scenarios.

- Proposal to develop risk measurement methods, contingency plans in abnormal condition (worst case scenario), and other methods which relates to integrated risk management.

- Matters requiring justification related to business decisions that deviate from normal procedures (irregularities).

- Limit of authority, exposure, and concentration of the loan portfolio as well as other parameters aimed at limiting risk.

- Improvements in the implementation of integrated risk management periodically or incidentally as a result of changes in internal and external conditions that affect capital adequacy, risk profile, and the ineffectiveness of integrated risk management implementation based on the evaluation results.

C. Meeting of IRMC

The provisions of IRMC meeting are as follows:

• IRMC meetings are held as needed, at least once every semester.

• IRMC meetings are valid if attended by more than ½ (one-half) of total permanent members.

D. Decision Making

The following are the provisions regarding IRMC decision making:

• Decision making concerning the use of IRMC authority shall only being made through the legitimate IRMC meeting decision.

• The decisions of IRMC meeting are valid and binding if being approved by more than ½ (one-half) of members who present in the meeting.

E. Frequency of IRMC Meetings in 2021

As of December 31, 2021, IRMC held 4 (four) meetings with the following details:

Position Number of

Meeting Attendance Percentage

President Director (Jahja Setiaatmadja) ¹⁾ 4 4 100%

Deputy President Director (Suwignyo Budiman) ¹⁾ 4 4 100%

Deputy President Director (Armand W. Hartono) ¹⁾ 4 3 75%

Credit and Legal Director (Subur Tan) ¹⁾ 4 4 100%

Commercial and SME Banking Director (Henry Koenaifi) ^{1) a)} 1 1 100%

Regional and Branch Network Director (Erwan Yuris Ang) ^{1) a)} 1 1 100%

Corporate Banking Director (Rudy Susanto) ¹⁾ 4 4 100%

Compliance and Risk Management Director (Haryanto T.

Budiman) ¹⁾ 4 2 50%

Human Capital Management Director (Lianawaty Suwono) ¹⁾ 4 4 100%

Transactions Banking Director (Santoso) ¹⁾ 4 4 100%

Planning and Finance Director (Vera Eve Lim) ¹⁾ 4 4 100%

Information Technology Director (Gregory Hendra Lembong) ¹⁾ 4 4 100%

Position Number of

Meeting Attendance Percentage EVP of Corporate Finance Division and the Corporate Secretary

and Communications Division ²⁾

1 1 100%

Head of Data Management and IT Management Office Group ²⁾

2 2 100%

Head of Enterprise Security Work Unit ²⁾ 3 3 100%

Director of PT BCA Finance ²⁾ 4 4 100%

Director of PT BCA Multi Finance ²⁾ 4 4 100%

Director of PT Bank BCA Syariah ²⁾ 4 4 100%

Director of BCA Finance Limited ²⁾ 4 4 100%

Director of PT BCA Sekuritas ²⁾ 4 0 0%

Director of PT Asuransi Umum BCA ²⁾ 4 4 100%

Director of PT Asuransi Jiwa BCA ²⁾ 4 2 50%

Director of PT Central Capital Ventura ²⁾ 4 4 100%

Director of PT Bank Digital BCA ²⁾ 4 4 100%

Notes:

a) At the AGMS on March 29, 2021, office term of the Director has ended.

b) Served as Director since May 3, 2021

c) Served as Director since May 21, 2021

1) Permanent Member.

2) The number of meetings for non-permanent members is in accordance with the invitations for the related discussion topic.

The implementation of IRMC meeting throughout 2021 is as follows:

No. Date Agenda

1. March 8, 2021 - Integrated Risk Profile Report on the BCA Financial Conglomerate for Semester II 2020.

- OJK Circular Letter No. 7/SEOJK.05/2021 concerning Implementation of Risk Management for Financing Companies and Islamic Financing Companies and OJK Circular Letter No. 8/SEOJK.05/2021 concerning Implementation of Risk Management for Insurance Companies, Sharia Insurance Companies, Reinsurance Companies, and Sharia Reinsurance Companies.

- Calculation of RWA for operational risk using the standard approach for Commercial Banks.

2. July 5, 2021 - Integrated Stress Test of BCA Financial Conglomerate in 2021.

- Update case ransomware/malware.

3. September 13, 2021 - Integrated Risk Profile Report on the BCA Financial Conglomerate for Semester I 2021.

- OJK Regulation of Risk Management in the use of Information Technology by Non-Bank Financial Service Institutions.

4. December 8, 2021 Integrated IT and Security Infrastructure for Subsidiaries.

F. Accountability Reporting

Accountability and work realization of IRMC are reported through:

• Periodical written report at least once in 1 (one) year to the Board of Directors regarding the results of routine IRMC meetings.

• Written report to the Board of Directors regarding the results of special meetings held

• Informing the Integrated Risk Profile Report of BCA Financial Conglomerate for Semester II 2020.

• Informing the Integrated Risk Profile Report of BCA Financial Conglomerate for Semester I 2021.

• Informing case ransomware/malware updates.

• Informing calculation of RWA for operational risk using standard approach for Commercial Banks.

• Informing OJK Regulation of Risk Management in the use of Information Technology by Non-Bank Financial Service Institutions.

• Informing Integrated IT and Security Infrastructure for Subsidiaries.

H. Work Plan of IRMC in 2022

IRMC has prepared work plans for 2022 as follows:

a. Informing the integrated stress test results of BCA Financial Conglomerate in 2022.

b. Informing the Integrated Risk Profile Report of BCA Financial Conglomerate for Semester II 2021.

c. Informing the Integrated Risk Profile Report of BCA Financial Conglomerates for Semester I 2022.

d. Other matters related to integrated risk management.

IV. CREDIT POLICY COMMITTEE (CPC)

CPC was established to direct the credit lending through the formulation of credit policies in order to achieve prudent lending target.

Guidelines of CPC

CPC carries out its duties and responsibilities based on the Board of Directors Decree No. 175/SK/DIR/2019 dated November 5, 2019 concerning the Credit Policy Committee (CPC) Structure and OJK Regulation No.

42/POJK.03/2017 dated July 12, 2017 concerning Mandatory Preparation and Implement of Credit or Financial Policies for Commercial Banks.

The scopes stipulated in the Structure of Credit Policy Committee are as follows:

• Organizational Scope

- Mission, Main Function, Position, and Authority.

- Position and Composition of Committee.

• Completeness of Committee - Committee Personnel.

- Main Duties.

- Decision Making and Accountability.

A. Structure, CPC Membership, and Voting Rights Status

Based on the Board of Directors Decree No. 175/SK/DIR/2019 dated November 5, 2019 concerning the Structure of Credit Policy Committee (CPC), the following are the structure, membership, and voting rights status of the CPC are as follows:

Position in the Committee Served by Voting Rights Status

Chairman (concurrently as a member)

President Director Reserve Voting Rights

Permanent Member¹⁾ • Deputy President Director (WP1)

• Credit and Legal Director

• Compliance and Risk Management Director

• Corporate Banking Director ²⁾

• Commercial and SME Banking Director ²⁾

• Transaction Banking Director ²⁾

• Executive Vice President of the Credit Risk Analysis Group (EVP GARK) ²⁾

• Executive Vice President of Corporate Banking and Corporate Finance Group (EVP GBKF) ²⁾

• Executive Vice President in charge of Treasury Division and International Banking Division (EVP DTR-DPI) ²⁾

• Head of Credit Risk Analysis Group and/or Head of Commercial and SME Business Division and/or Head of the Corporate Banking and Corporate Finance Group and/or Head of Consumer Credit Business Division and/or Head of Work Units under the Directorate of Banking Transactions and/or Head of the International Banking Division or Substitute Officer ²⁾

Reserve Voting Rights

B. Main Functions, Authorities, and Responsibilities of CPC

Main Functions of CPC

The main functions of the CPC are as follows:

• Assist the Board of Directors in formulating credit policies, particularly those relates to the prudential principle of credit.

• Monitor and evaluate the implementation of credit policies in order to be implemented consistently and consequently.

• Conduct periodic reviews of the Bank Basic Credit Policy of BCA.

• Monitor the development and condition of the credit portfolio.

• Provide suggestions and corrective steps for the results of monitoring and evaluation that have been carried out.

Authorities of CPC

CPC has the authority to provide suggestions for corrective steps to the Board of Directors on matters relating to credit policy.

Duties and Responsibilities of CPC

CPC members have the following main duties:

• Provide opinions to the CPC secretary in preparing agenda and meeting materials.

• Provide opinions in the form of information and analysis at CPC meetings to make CPC decisions, regarding:

- Development of credit policies (Corporate Loans, Commercial Loans, SME Loans, Small Enterprise Loans, Consumer Loans, Credit Card, and Interbank Credit) in accordance with BCA’s mission and business plan.

- Compliance with statutory provisions in credit disbursement.

- Development and quality of the overall credit portfolio.

- The veracity of the authority implementation to decide on credit.

- The veracity of the process in disbursing, developing, and quality of credit given to related parties and certain large debtors.

- The veracity of the implementation of the legal lending limit (LLL).

- Settlement of non-performing loans in accordance with the provisions of the credit policy.

- BCA’s fulfillment of adequacy of the allowance for credit write-offs.

- Results of supervision on the application and implementation of the Bank Basic Credit Policy.

C. Meeting of CPC

The provisions of CPC Meeting are as follows:

• CPC meetings are held as needed, at least 1 (one) time in a year.

• CPC meetings are valid if attended by at least

2/3 (two thirds) of the total members.

D. Decision Making

The following are the provisions regarding CPC decision making:

• Decision making in regard to the use of the CPC’s authority can be carried out through circulation to CPC members or through legitimate CPC meetings.

• Decisions through meetings or circulations to CPC members will be considered valid and binding if being approved by more than 1/2 (one-half) of the members who present.

E. Frequency of CPC Meetings in 2021

As of December 31, 2021, CPC held 1 (one) meeting with attendance detail of CPC members as follows:

Position Number of

Meeting Attendance Percentage

President Director (Jahja Setiaatmadja) 1 1 100%

Deputy President Director 1 (Suwignyo Budiman) 1 1 100%

Position Number of

Meeting Attendance Percentage Executive Vice President in charge of Treasury Division and

International Banking Division (EVP DTR-DPI) ¹⁾ - - -

Executive Vice President of Credit Risk Analysis Group (EVP

GARK) ¹⁾ 1 1 100%

Executive Vice President of Corporate Banking and Corporate

Finance Group (EVP GBKF) ¹⁾ 1 0 0%

Head of Credit Risk Analysis Group or substitute officer ¹⁾ 1 1 100%

Head of Commercial and SME Business Division or substitute

officer ¹⁾ 1 1 100%

Head of Corporate Banking and Corporate Finance Group or

substitute officer ¹⁾ 1 1 100%

Head of Consumer Credit Business Division or substitute

officer ¹⁾ - - -

Head of Work Units under the Directorate of Banking

Transactions or substitute officer ¹⁾ - - -

Head of the International Banking Division or substitute

officer ¹⁾ - - -

Head of Internal Audit Division or substitute officer 1 1 100%

Head of Compliance Work Unit or substitute officer 1 1 100%

Head of Risk Management Work Unit or substitute officer 1 1 100%

Notes:

1) According to the topics discussed.

2) At the AGMS on March 29, 2021, the office term of the Director has ended.

The detail of CPC meeting implementation throughout 2021 is as follows:

No. Date Agenda

1. January 12, 2021 Adjustments/Additions to the Credit Restructuring Policy for Debtors Affected by COVID-19

F. Accountability Reporting

Responsibilities and work realization of the CPC are reported through:

• Periodic written reports to the Board of Directors with a copy to the Board of Commissioners regarding the results of supervision, monitoring and evaluation of the implementation of the Bank Basic Credit Policy as well as suggestions for the necessary improvements.

• Reports in regard to data and other information related to the results of supervision, monitoring and evaluation of activities.

G. Realization of Work Program in 2021

Throughout the implementation of its duties in 2021, CPC has carried out a work program

H. Work Plan of CPC in 2022

CPC has determined work plans for 2022 as follows:

• Evaluate and recommend credit policies.

• Monitor the implementation of credit policies to ensure BCA’s compliance with applicable credit policies.

• Monitor the development and quality of the overall credit portfolio.

• Identify new regulations issued by regulators and the impact on BCA’s internal policies.

V. CREDIT COMMITTEE (CC)

CC was established to assist the Board of Directors in evaluating and/or providing credit decisions in accordance with the authority limits set by the Board of Directors, as stipulated in BCA’s Articles of Association and by taking into account business development and implementing the principle of prudence.

Guidelines of CC

The establishment of CC based on OJK Regulation No. 42/POJK.03/2017 dated 12 July 2017 concerning Mandatory Preparation and Implement of Credit or Financial Policies for Commercial Banks and was determined through the Board of Directors Decree No.

176/SK/DIR/2019 dated November 5, 2019 concerning the Structure of Credit Committee. The Decree becomes a guideline for CC in carrying out its duties and responsibilities.

The scopes stipulated in the decree concerning the Structure of Credit Committee are as follows:

• Organizational Scope

- Mission, Main Function, Position, and Authority.

- Position and Composition of Committee.

• Completeness of Committee - Committee Personnel.

- Main Duties.

- Decision Making and Accountability.

CC Level

In carrying out its duties, CC is grouped under the following credit categories:

1. Corporate CC.

2. Commercial CC.

A. Structure, CC Membership, and Voting Rights Status

The Board of Directors Decree No. 176/SK/DIR/2019 concerning the Structure of Credit Committee regulates the structure, membership, and voting rights status of the CC as follows:

Structure, Membership, and Voting Right Status of CC Corporate

Position in the Committee Served by Voting Rights Status¹⁾

Chairman (concurrently as a permanent member)

Credit and Legal Director Reserve Voting Rights

Permanent Member • President Director (PD)

• Deputy President Director (WP1)

• Corporate Banking Director (DBK)

• EVP GARK

• EVP GBKF²⁾

• EVP DTR-DPI²⁾

• Head of GBKF²⁾

• Head DPI²⁾

No Voting Rights Non-permanent Member • Other Director who have the authority to decide on credit

• Compliance and Risk Management Director (DCR)³⁾

Reserve Voting Rights Secretary (concurrently as

a permanent member)

Head of GARK No Voting Rights

Notes:

1) Decision making through meetings is done by voting machanism

2) According to the topics discussed.

3) Has voting rights in deciding credit settlement and other matters related to risk management