Internal audit, internal control and risk management activities at Türkiye Finans are carried out by the Board of Auditors, the Internal Control Department, Regulatory Compliance Department and the Risk Management Center, all of whose duties and responsibilities are spelled out in published regulations and which are organizationally independent of each other. The activities of these units are coordinated by the Audit Committee acting on behalf of the Board of Directors.

Internal Audit (Board of Auditors)

The Board of Auditors reports to the Board of Directors through the Audit Committee. The Board of Auditors is responsible for performing audits, inspections and investigations on behalf of the Board of Directors in line with the schedule and instructions provided by the Chairman.

The Board’s fundamental objective is to provide independent and impartial compliance and consultancy services that safeguard the activities of the Bank and its affiliates subject to consolidation and generate added value. Operating within currently applicable laws and related external regulatory frameworks, and the Bank’s own strategies, policies, principles and targets, the board provides assurance to the Senior Management concerning the effective and sufficiency of the Bank’s internal control, risk management systems and governance processes. The board aims to help the Bank reach its targets by introducing a systemic and disciplined approach in order to evaluate and improve the related systems.

Within the scope of the 2015 audit plan, audit activities were conducted in various selected Branches and units in the Headquarters based on the risk-oriented audit approach. In addition, audits into the information systems were maintained by IS inspectors. With these audit activities, investigations and inspections regarding the board’s declaration were conducted.

As a result of the audit activities, incomplete and improper applications are reported to the Audit Committee on a quarterly basis, and their completion statuses are followed.

Detailed training programs were prepared to increase the knowledge level of inspectors as well as bringing their personal developments to highest level. Accordingly, internal and external trainings were received.

As of 31 December 2015, the staff of the Board of Auditors consisted of 38 people.

Internal Control

The Internal Control Department is responsible for overseeing all aspects of Türkiye Finans’s organization and activities so as to ensure that the bank’s business is conducted effectively, productively, and in a manner consistent with the requirements of Banking Law and regulations, the bank’s policies and rules, and ordinary banking practices and also for ensuring the reliability, integrity, and timely accessibility of the accounting and financial reporting systems and of the information contained therein. The Internal Control Department reports directly to the Board of Directors and provides information to the bank’s senior management. Another function of the Internal Control Department is to develop early warning systems capable of identifying risks in advance and taking measures accordingly.

The Internal Control Department conducts its activities through 5 main services: Central Control, On-site Control, Information Systems and Compliance Checks, Reporting and Action Tracking and Risk Monitoring Self-Assessment.

Within the scope of the 2015 control plan, risk oriented control activities were conducted in the branches. At the same time, control design and test activities as well as inquiry investigations including controls within the scope of board’s declaration were conducted in the Headquarters’ units.

As a result of control activities, any incomplete and improper applications are reported to the Audit Committee on a quarterly basis and their completion statuses are followed.

Detailed training programs were prepared to increase the level of knowledge of internal control personnel as well as bringing their personal developments to the highest level. Internal and external training was provided accordingly.

As of 31 December 2015, the staff of the Internal Control Department consisted of 39 people.

Risk Management

Risk management organization is responsible for central management of risks that are likely to be encountered through effective coordination across the Bank. The main purpose of risk management system is to allocate capital to business lines which is in line with their risks and to increase the value added by maximizing return on capital according to risk.

The aim of the risk management system is to provide identifying, measuring, reporting, monitoring and controlling following risks: consolidated or unconsolidated risks through policies that are set to monitor the qualification and level of activities in parallel with the risk-reward structure of the Bank’s future cash flows, monitoring and changing these activities when necessary; and risks stemming from transactions made with the risk group in which the Bank is involved.

As of 31.12.2015, Risk Management Center consists of 14 people. In order to increase personal and professional development of the personnel, the personnel are ensured to participate in internal and external trainings, conference and seminars. Thus, efforts are made for their practical knowledge level in the field of risk management to continually increase.

Risk management activities carried out in 2015 are summarized below.

Identification and Measurement of Risks

Risks that the Bank is exposed to due within the context of Regulation on Internal Systems of Banks and Internal Capital Adequacy Assessment Process, other related legislation and internationally accepted standards are identified, measured, reported and monitored under the main titles of Credit Risk, Market Risk, Liquidity Risk, Operational Risk and other risks by considering the best implementations

New product designs and changes in the Bank’s internal policies and procedures as well as business flows are monitored. Accordingly, the Bank conducts risk and impact assessments. Moreover, risks regarding support services which will be taken are analyzed and reported.

Türkiye Finans utilizes statistical risk measurement and rating systems which are developed individually for all customer and credit types to effectively measure and manage risks. These systems are regularly monitored and their validation activities are carried out. Remedial actions are taken if necessary.

Risk Monitoring and Reporting

The Risk Management Center seeks to understand, in advance, all changes and trends in the markets that the Bank operates in and the conditions by following economic data. In addition to legal reporting to the BRSA, the Risk Management Center reports its risk analysis and measurements to related units, the Senior Management and the Audit Committee. 

Necessary monitoring activities are conducted for all risk types identified Bank wise. Details which are categorized into risk types are provided in the “Information about Risk Management Policies on the Basis of Risk Types” section.

Regulatory Compliance

The main duties and responsibilities of Regulatory Compliance Directorate department are as follows: to fulfill compliance monitoring activities within the framework of “Regulation on Internal Systems of Banks and Internal Capital Adequacy Assessment Process”; conducting the Compliance Program in line with the law on Prevention of Money-Laundering and Financing Terrorism, ensuring that necessary precautions are taken for definition, measurement, reduction and monitoring of risks within this scope; monitoring the changes in legislation and coordinating, monitoring and reporting of compliance activities in relation to the changes in legislation; managing notifications received through Ethics Line and strengthening ethics culture in the Bank.

Regulatory Compliance Directorate consists of Products and Services Compliance Control, Fight against Money-Laundering and Foreign Legislation Coordination Services. As of 31 December 2015, the staff of the department consisted of 12 people. The department’s personnel hold CAMS, CERT (FinCrime), CIA, CCSA and CRMA certificates.

In 2015, training on “Prevention of Money-Laundering and Financing Terrorism” was provided to 10% of the personnel face to face and 90% of the personnel through distance learning. In the same period, 10% of the personnel received “Compliance and Ethical Principles Training” face to face and 6% of personnel participated in this training through distance learning.

Audit Committee

Lama Ghazzaoui Member, Audit Committee	Oğuz KAYHAN Member, Audit Committee