STRUCTURE AND MECHANISM OF CORPORATE GOVERNANCE

4. Establish control activities over the technology acquisition, development, and maintenance process Management establishes and develops control activities related to the acquisition, development, and maintenance of technology and infrastructure, to achieve the Company's objectives. In detail, general control and application control over the information system are regulated in the Company's Information System Framework.

Principle 12: Implementation through Policies and Procedures The Company carries out control activities in the form of policies which are statements of what is expected and the procedures for implementing these policies.

1. Establishment of procedural policies to support the implementation of management directives
   Management establishes control activities that are built into business processes and daily activities of workers, through policies and procedures.
2. Establish responsibility and accountability for the implementation of policies and procedures
   Management establishes responsibility and accountability for control activities through designated personnel from the business unit or function, where the relevant risk is located.
3. Implementation by competent workers
   Competent workers can carry out control activities diligently and continuously.
4. Implementation in a timely manner
   Employees carry out control activities in a timely manner as stipulated in the policies and procedures.
5. Take corrective action
   Responsible workers can investigate and respond to problems identified from the implementation of control activities.
6. Reviewing policies and procedures
   Management periodically reviews control activities to assess whether they are still relevant and can be updated if necessary.

COMPLIANCE WITH OTHER LAW REGULATIONS

In improving the Company's compliance with laws and regulations, the Company has a Committee under the Board of Directors, namely the Governance, Risk Management and Compliance Committee, which is tasked to providing opinions on the completeness and conformity of compliance with laws andregulations.Compliancewithlawsandregulationsiscarried out by taking into account risk tolerance, i.e., the management considers the acceptable level of risk related to the achievement of compliance objectives and considers external rules and laws, which are Laws and regulations that are the minimum standards and integrated into the compliance objectives.