BRI has issued internal regulations regarding customer complaints, namely the Decree on Policies and Procedures for Settlement of Customer Complaints. Through this procedure, any complaints related to breaches of customer confidentiality will be immediately acted upon. In addition, BRI emphasizes the protection of customer data and/or information as stipulated in the Circular on the Protection of Customer Data. The Circular also specifically regulates:

In the account opening process, BRI asks for consent from prospective customers regarding permission to use their customer data for the purposes of offering banking products and services by either BRI or the BRI Group. Along with the journey of the data privacy program at BRI, this consent procedure will be expanded according to the data subject set out in the data privacy management framework established by BRI.

In addition, BRI also has Guidelines for the Implementation of Bank Secrecy, Transaction Postponements and Reporting to Third Parties, which contain the following information:

1. Provisions regarding bank secrecy in general as well as procedures for stringent steps that must be taken to execute opening, transaction postponements, temporary suspensions, confiscations, blocking and reporting related to customer data which includes understanding and provisions, authorities and responsibilities, workflows and descriptions as well as flowcharts.
2. This procedure also regulates how to disclose bank secrecy in terms of:
   1. Tax Interests
   2. Judicial interest in civil cases between the Bank and its customers
   3. Banking information exchange
   4. Request, approval or authorization from the customer in writing
   5. Bank Inspections by Bank Indonesia

BRI has implemented internal regulations on the Procedures for Provision of Data Sharing for Third Party Needs. The procedure stipulates the forms that must be completed during data request while still prioritizing the principles of bank secrecy. In addition, this procedure also regulates the level of data classification owned by BRI so that the compliance mechanism for each level of data classification is clear. Request for data require authorization according to the level of data classification.

BRI also applies the principles of prudence in terms of submitting or receiving data from Third Parties to protect its data. Therefore, before exchanging data with third parties, BRI always requests them to agree to a NonDisclosure Agreement, either as data disclosers or between parties that disclose data to each other.

In improving Good Corporate Governance, the management is committed to performing the company professionally based on behavior guided by the code of conduct and corporate culture. To that end, for violations of the code of ethics, the management has prepared a reporting media which is transparently and fairly managed through the Whistleblowing System.

Existence and Purpose of the WBS

The Whistleblowing System (WBS) is a reporting tool for BRI personnels in particular, and the public to report any behavior or actions that were indicated to have violated the code of conduct, GCG principles, and both BRI internal applicable regulations and prevailing laws, by BRI personnel. The Whistleblowing System is a form of BRI management’s commitment to creating a clean work environment and BRI personel with integrity in the form of active participation to report violations occuring within BRI.

WBS Policy

BRI Whistleblowing System policy has been stipulated in Board of Directors Circular No: S.08-DIR/KPT/05/2018 which regulates the, mechanism and procedures for handling reports of indication of violations that are managed confidentially and independently.

WBS Report Filing

Whistleblowing System reporting can be done through:

1. SMS Number 0812 8200 600
2. Written Letter to PO BOX 1895 JKP 10900
3. Webmail: whistleblower@corp.bri.co.id
4. Website: www.bri.co.id/whistleblowing-system

WBS Dissemination

BRI WBS dissemination has been implemented to Internal Parties (BRI Employees) and External Parties, such as:

1. WBS policy information to all employees through BRI internal portal
2. Delivering WBS material on the BRI employee development and enhanchement program
3. WBS dissemination regularly to all Work Units
4. Poster campaign on WBS information at the Branch Offices, Sub Branch Offices and BRI Units
5. Installing the landing page on the Bristars application dashboard (BRI internal portal)
6. Implement WBS e-learning for all BRI employees
7. Submission of WBS information through the company’s website

Whistleblowers Protection

BRI provides protection to whistleblower confidentiality of personal data and reported information. The protection is also given to internal whistleblowers from pressure, postponement of promotions, discrimination, dismissal, and physical actions.

WBS Management

The WBS management is done by the WBS Management Unit under the President Director and monitored by the Board of Commissioners through the Audit Committee. The WBS Management Unit is responsible in managing and following up reports of indications of violations.

WBS Report Criteria

Information on reporting violations that can be submitted and followed up through the Whistleblowing System (WBS), namely:

1. Fraud
2. Embezzlement/Counterfeiting/Theft
3. Gratuity/Bribery/Corruption
4. Conflict of Interest
5. Violation of BRI’s accounting and financial reporting processes
6. Violation of company regulations/procedures
7. Ethical violations, including disclosing bank secrets for personal gain, insider perpetrators, immoral acts inside and outside the Company, harassment, drug use and being involved in prohibited community activities.

WBS Report

Reports on indications of violations should at least contain the following:

1. Reported Violations
   Subject of reporting of violations and amount of losses (if known)
2. Parties Involved
   BRI personnel and the parties involved indicated violations
3. Time of Violation
   The period of time the indication of the violation occurred
4. Place of Violation
   Location/place of work unit where the violation occurred
5. Chronology of Events
   Description of events/chronology of events so that there are indications of violations
6. Evidence of Violation
   Documentation of indications of violations in the form of documents, photos, videos and other supporting information.

WBS Reporting Mechanism

1. The whistleblower submits a violation indication report through the Whistleblowing System.
2. A whistleblower submitting a violation indication report receives a report code and keywords to see the follow-up process for the report on the whistleblowing system website (www.whistleblowing-system.bri.co.id).
3. If a whistleblower submits an indication of a violation through means other than the website (SMS, Whatsapp, Letter and Email), the Whistleblowering System (WBS) Officer will provide the report code and password to the Reporting Person who submits his/her identity or email.
4. Whistleblowing System Officer records all reports of indications of violations in the whistleblowing system application.
5. WBS officers conduct preliminary analysis (verification) of reports of violation indications according to the whistleblowing system report criteria.
6. If necessary, the WBS Officer can request additional information and confirmation from the whistleblower in fulfilling the information and report data.
7. The leader of the WBS Management Unit validates the results of the verification of the violation indication report and decides on the follow-up to the report, namely:
   1. Follow up for investigations; or
   2. No follow-up was taken (the report was rejected) because it did not match the criteria for the WBS report.
8. The WBS Management Unit appoints an Investigation Unit to investigate the WBS report.
9. The WBS Management Unit prepares an assignment letter and submits a letter of assignment to the Investigation Unit.
10. The Investigation Unit submits a report on the results of the investigation (including recommendations for followup improvements) if:
    1. Investigation is carried out by the Internal Audit Unit (SKAI): The investigation report is submitted in the form of an Audit Result Report to the authorized Work Unit with a copy of the WBS Management Unit. Monitoring of the follow-up corrections to the results of the investigation is carried out by the Investigation Unit.
    2. Investigation is carried out by a consultant or independent party: The investigation result report is submitted to the WBS Management Unit. Monitoring of the follow-up corrections to the results of the investigation is carried out by the WBS Management Unit.
11. Reports of follow-up improvements include:
    1. Follow-up to the perpetrator of the indication of the violation and improvement of the weaknesses that occurred as well as the risk mitigation carried out
    2. Provide information to the reported superior in order to maintain the good name of the reported party if the WBS report is not proven.
12. The work unit is authorized to carry out follow-up improvements in accordance with applicable regulations.
13. The work unit has the authority to submit a follow-up improvement report to the WBS Management Unit.

WBS Submission Flow