Risk Management Policy

Telkom implements risk management to ensure the realization of value creation and protection for Telkom stakeholders, including to protect assets and business activities. In addition, risk management is also a form of compliance to applicable regulations. Risk management's role and function are critical in supporting the telecommunications industry, which has a broad business area coverage, significant investment, fierce competition, rapid technological development, heavily regulated, as well as being faced with trends/life styles on how to communicate and exchange information in a dynamic society in line with trends in the digital era.

Overview of Risk Management Systems

Telkom's risk management system was implemented in compliance with Minister of State-Owned Enterprises Regulation No. PER-2/MBU/03/2023 concerning the Guidelines for Governance and Significant Corporate Activities of State-Owned Enterprises. Furthermore, as a corporation listed on the New York Stock Exchange (NYSE), Telkom is required to undertake risk management in order to comply with the Sarbanes-Oxley Act, notably paragraphs 302 and 404.

The implementation of risk management at Telkom began with the establishment of a Risk Management & Legal Compliance Unit (RMLC) in 2006 under the coordination of an official at the level of Executive Vice President (EVP). Subsequently, in 2007 the Compliance & Risk Management (CRM) Directorate was formed under the control of the CRM Director.

With increasing awareness of risk management  and increasing business demand, the function of the CRM Directorate was changed to the International Wholesale Directorate in 2013, while to carry out the Governance function, Risk Compliance was established by the Compliance Department, Risk Management General Affair ("CRMGA") under the responsibility of the Head of CRMGA who was directly in the CEO Office.

In line with the dynamics of the business and organization that continues to grow, in 2016 the Risk Management function was carried out by the Sub-Directorate of Risk & Process Management which is part of the Directorate of Finance. Telkom continues to improve the implementation of risk management by focusing more on the Revenue Assurance & Fraud Management System aspects than what previously existed.

Furthermore, in 2020, Telkom has also strengthened in the preparation of Enterprise Risk Profile Group and advisory activities to units and Subsidiaries, by implementing BCM (Business Continuity Management), Revenue Assurance & Fraud, and implementing Insurance Management.

In 2021, in accordance with the aspirations of the Ministry of SOEs, to further improve integrity and governance, including in terms of strengthening risk management, Telkom Annual General Meeting in 2021 will change the nomenclature for the position of Director of Finance to become Director of Finance and Risk Management in charge of a new organization, namely the Risk Management Department, led by an official at the level of Senior Vice President (SVP).

In 2021, Telkom's risk management function has entered a new stage with a wider management scope involving all units in Telkom and its subsidiaries and more massive programs such as making risk management one of the KPI assessment indicators of all BOD-1 officials in Telkom, conduct professional training and certification activities, carry out risk culture campaigns to foster risk awareness as part of corporate culture and improvise/develop applications and ERM dashboards that can be used to assist the risk management process within the Telkom Group.

The Risk Management Policy at Telkom has also been updated with the issuance of the Board of Directors Regulation No. PD.614.00/r.02/HK.290/COP-K0A10000/2024, dated September 3, 2024, concerning the Company's Risk Management, which refers to the Regulation of the Minister of State-Owned Enterprises of the Republic of Indonesia No. PER-2/MBU/03/2023 concernin Guidelines for Governance and Significant Corporate Activities of SOEs and the ISO 31000: 2018 standard for risk management. Furthermore, this policy is further detailed in the Finance and Risk Management Director Regulation No. PR.614.00/r.02/HK200/COP-K0000000/2024, dated September 30, 2024, concerning the Guidelines for the Implementation of Corporate Risk Management.

The journey of managing Telkom's Risk Management since 2006 s.d. 2025, which is full of dynamics, has brought the company to a level where risk has become a consideration in making strategic decision, operational, overseeing compliance, and in overseeing the reliability of financial reporting (ICOFR). It is hoped that with good risk management, Good Corporate Governance will be realized at Telkom which will certainly have an impact on increasing the confidence of investors and other stakeholders.