T-Bank Corporate Compliance Policy

CORPORATE COMPLIANCE POLICY

1       OVERVIEW

Turkland Bank (hereinafter referred to as “T-Bank” or “Bank”) holds a strong commitment to conducting business in conformity with the highest ethical standards and in adherence to the local laws and regulations as well as applicable international standards pertaining to Prevention of Laundering of Crime Proceeds (AML) and Terrorist Financing (CFT).

 

The Corporate Compliance Policy was established in accordance with the Law no.5549 on Prevention of Laundering Crimes Proceeds and Law No.6415 on Prevention of Terrorist Financing requirements.

 

The Bank maintains adequate measures including policies and procedures sufficient to ensure compliance of the Bank and its staff, with the obligations under the regulatory system in which the Bank operates, and for managing and addressing the financial crimes risks that the Bank may encounter.

 

1.1      Purpose

The purpose of this Compliance Corporate Policy is to establish governing principles and minimum requirements through the Compliance Program of the Bank to protect T-Bank from being used to launder money or to finance terrorism and to guide all T-Bank employees as they conduct business in accordance with applicable anti-money laundering and counter-terrorist financing (collectively AML) laws and regulations.

 

This Policy comprises of all precautions established through a risk-based approach as per the Compliance Regulation in order to ensure compliance of T-Bank with the law, as well as the regulations and decrees issued under the Law, regarding the prevention of laundering for crime proceeds and terrorist financing.

 

1.2      Scope

Compliance is a Bank wide responsibility and should be viewed as an integral part of the Bank’s every day activities. It is the responsibility of all staff in the Bank (including Directors, Senior Management, Managers and Employees) to perform their tasks at the highest standards of honesty, ethics and integrity, within the principles included in the policy that are founded on the core principles of transparency and accountability at all levels of the Bank and set to manage compliance risk to protect the Bank, its shareholders, and customers.

 

1.3      Owner

This Policy is issued by T-Bank Compliance Department and approved by the Audit Committee and the Board of Directors; hence, any material changes, amendments to the Program/ Compliance Corporate Policy must be reviewed and cleared by the Compliance Department and approved by Board of Directors.

 

1.4      Effective date

This Policy is effective upon the issuance.

 

1.5      Breaches

A breach is defined as any instance of non-compliance with this Policy which no attendant exception is on file. If a breach is identified, the matter must be immediately escalated to the Compliance Department and to the manager of the concerned branch/ business line to assess the evidence of the breach and follow up on the implementation of the necessary corrective measures.

 

As per the type and the severity of the breach, the Compliance Function shall determine whether there is a need to escalate the breach to upper Management, or to the Board Audit Committee.

 

Any failure to fulfill the requirements of this Policy may lead to disciplinary measures including termination of the employee’s agreement or termination of any other relationship with T-Bank. Moreover, as violations may also constitute a violation of law, it may lead to legal sanctions for employees, their managers and/or T-Bank.

 

1.6      Roles and Responsibilities

Board of Directors is ultimately responsible for carrying out the whole compliance program adequately and efficiently appropriate for the scope and nature of activities of the obliged party.

 

The Board of Directors has appointed an administrative-level officer provided with the necessary authorizations, as per the provisions of Article 5 of the Law No.5549 and Article 16, “appointment of a Compliance Officer”, of the Compliance Regulation, in order to ensure compliance with the liabilities imposed by the Law and relevant Regulations under the Law.

 

Head of Compliance has been appointed by the Board of Directors, as per the Article 16 of the Compliance Regulation, as T-Bank Compliance Officer, to whom the Board of Directors shall delegate the authorities specified in the said Regulation, as per the provisions of Article 6 of the Compliance Regulation, provided that the Board’s responsibilities remain reserved, and who will report, at the administrative level, to the relevant committee of Board of Directors.

The roles, authorities and responsibilities of the T-Bank Compliance Officer, as stipulated by the provisions of Article 19 of the Compliance Regulation, are as follows;

a)    To perform necessary activities in order to ensure that T-Bank complies with the Law and the relevant regulations issued under the Law and carry out the Compliance Program,

b)    To establish the necessary communication and coordination with the Financial Crimes Investigation Board(MASAK),

c)     To establish and develop Anti-Money Laundering institutional policies and procedures and to submit the policies for the approval of executive board where required,

d)    To develop compliance risk policy on AML and CTF issues and execute relevant risk management activities,

e)    To develop transaction monitoring and controlling policies where needed and to carry out the related activities,

f)     To submit studies related to training programs regarding laundering proceeds of crime and terrorist financing for the approval of executive board and to ensure the effective implementation of the approved training program,

g)    To evaluate the information and findings obtained by investigating the possible doubtful transactions notified to him/her or found out ex officio within his/her own capacity and means, and to notify MASAK on transactions which he/she considers doubtful

h)    To take necessary measures for ensuring the confidentiality of reports and other relevant issues,

i)      To regularly keep information and statistics on audit and training activities and the same to MASAK within the periods specified in the Regulation.

j)     To fulfill the liability to submit information and documents to MASAK.

 

1.6.1         Responsibilities of Board of Directors

The Board of Directors is responsible for ensuring that the Compliance Officer has the authority to decide independently within the scope of the above mentioned roles, authorities and responsibilities to request any information, and documentation related to his/her area of activity from all T-Bank units, and to gain timely access to the same.

 

Article 5/e of the Compliance Regulation notes that the risk management, monitoring and controlling activities under the scope of the compliance program shall be carried out by the compliance officer under the observation, supervision and responsibility of the executive board. Therefore the Board of Directors is ultimately responsible for carrying out the whole compliance program adequately and efficiently appropriate for the scope and nature of activities of the obliged party.

 

1.6.2         Responsibilities of T-Bank employees

Successful implementation of T-Bank Compliance Corporate Policy requires the awareness, understanding and active participation of all employees. Accordingly all T-Bank employees are responsible for understanding and complying with all principles of the Compliance policies and procedures that apply to their respective areas of responsibility in order to ensure full compliance with laws, rules and standards helping to maintain the Bank’s reputation, and meet the expectations of, its customers, the relevant regulatory bodies, the markets and society as a whole; treating customers fairly, and ensuring suitability of customer advice.

 

2       COMPLIANCE RISK

Compliance risk is defined in Article 3, Paragraph 1, sub paragraph (f) of the Compliance Regulation as the probability that T-Bank or T-Bank employees incur financial or reputational losses or be subject to legal sanctions due to reasons such as utilization of the services provided by T-Bank for the purposes of laundering of crime proceeds or terrorist financing or non-compliance by T-Bank with the liabilities imposed by the Law or the regulations or decrees issued in the Law.

 

Compliance risk is an integral part of the Bank’s overall risk. It is a risk the Bank may suffer in failure to comply with applicable laws, rules and standards including AML/CTF regulations, sanctions and embargo programs, and the Code of Ethics and Professional Conduct applicable to the Bank’s business. “Compliance risk” definition provided in the Compliance regulation is interpreted as the significant judicial and/or administrative sanctions, penalties material losses or reputation loss risk that T-Bank may incur due to the violation of;

  • Laws and other regulations issued by the legislative authorities
  • Rules imposed by regulatory or supervisory authorities (BRSA, MASAK etc) and other administrative bodies
  • Court decisions
  • T-Bank Policies
  • The ethical principles and standards included in the Code of Ethics & Professional Conduct for T-Bank A.Ş. which T-Bank (legal entity) and its employees (real persons acting on behalf of a legal entity) are required to comply with.

 

Compliance risk is also an integrity risk, because the Bank's reputation is closely connected with its adherence to principles of integrity and fair dealing.

Compliance risk must be identified, assessed, advised on, monitored and reported timely to protect the Bank from any damage or losses.

 

3       COMPLIANCE PRINCIPLES

Employees, at all levels, are required to strictly abide with the following principles, while performing their duties in the Bank:

 

3.1      Compliance with Laws, Rules & Regulations

Employees must comply with the applicable Laws, Rules, and Regulations that are relevant to the Bank business activities (including “primary legislations, rules & standards”, “the prevention of Money Laundering & Terrorist Financing”, etc.).

 

3.2      Promote and Engage in Ethical Conduct

Employees, at all levels, are required to carry out their duties acting professionally and honestly, in good faith and with integrity respecting the Code of Ethics and Professional Conduct of the Bank; perform duties as described by their job description; avoid misuse of authorities; properly use accessible information; not engage in any unethical/ illegal activities that may damage the Bank reputation; act with full transparency and in a bona fide; and report any illegal activities/ unethical behavior/ suspicion of any illegal act, as per applicable policies & procedures.

 

3.3      Avoid any Conflict of Interest

Employees should act in the best interest of the Bank without giving any preference to any 3rd party on the basis of personal considerations ensuring their private matters do not interfere with the interest of the Bank; they are forbidden from exchanging insider information and should respect the Banking secrecy and confidentiality principle ensuring strict segregation of duties/ functions and separation between their own accounts and customers of the Bank and another 3rd party.

 

3.4       Protect Confidentiality

Employees must maintain the confidentiality of information related to the Bank and its clients entrusted to them except when disclosure is authorized or required by law; even when they leave the Bank. Utmost attention must be paid to both for the Law no 5411 Banking Law Article 73-Confidentiality and the Law no 6698 Personal Data Protection.

 

3.5      Protect the Bank’s Assets

Employees should use the Bank’s assets for legitimate business purposes.

 

3.6      Protect the Customer’s Best Interest

Employees should provide services to the Bank’s customers with care, honesty and fairly; they should strictly avoid manipulation, or any unfair dealing. Accordingly, the Bank will ensure to review carefully customers’ complaints, process them timely and document replies according to clear written procedures.

 

3.7       “Whistle Blowing”

Employees are encouraged to report any violation to the Bank’s policies, Code of Ethics, Professional Conduct, potential violations of applicable laws and regulation, as well as other types of misconduct. The Code of Ethics & Professional Conduct for T-Bank A.Ş. documents the details regarding to whom the reporting should be done. Employees are protected against any kind of harassment from any other employee for reporting violation in good faith.

 

4       CORPORATE COMPLIANCE GOVERNANCE STRUCTURE

Implementation of the Corporate Compliance Governance Structure is possible with the below components;

  • Implementation and supervision commitment of Board of Directors and the senior managers,
  • An effectively and correctly defined organizational structure and allocation of the necessary personnel
  • Documented and recorded policies & procedures and training
  • Monitoring & supervision
  • Information and reporting to the Board of Directors and senior management
  • Communication and interaction with all relevant regulatory and supervisory authorities, such as BRSA and MASAK

 

Management committee meetings are in place in which General Manager is the natural member within the bank. Purpose of the meeting, participating members, meeting frequency, and similar information are determined by the bank according to the committee’s scope. Agenda constitutes the observations and follow up procedures, including the action plans for the issues.

 

The Audit Committee ensures the effectiveness and efficiency of the Bank’s internal control, risk management and compliance program. It also ensures that the operation of internal audit systems and the compliance of these systems are in line with the Banking Law and other applicable regulations.

 

5       COMPLIANCE FUNCTION

Compliance with the Bank policies and principles is the responsibility of every employee in the Bank. Nevertheless, a Compliance Department has been established to ensure effective management of the compliance risk and maintain the Bank’s reputation with its shareholders, customers, employees, the relevant regulatory bodies, and the markets. The Compliance Department performs its responsibilities of monitoring the business and providing advice when needed on a proactive basis or when requested; the function operates according to the written policies issued.

 

Compliance Department has an independent status through direct reporting line to the Board of Director’s Audit Committee, sufficient resources and authority to perform its duties and responsibilities and access the information required to do the job effectively.

 

Within the scope of the Corporate Compliance Policy, activities of the Compliance Department include both intra-Bank consultancy and services through the Regulatory Compliance and the AML monitoring processes performed under AML Compliance structure. In addition to the programs and activities related to the prevention of laundering of crime proceeds and terrorist financing (AML), the Compliance Department provide advice to all units and ensures implementation regarding the setting of policies in relation with many issues within the scope of the roles, authorities and responsibilities set by the Compliance Regulation, such as confidentiality of customer data, ethical principles, code of conduct, monitoring practices, activities and transactions, and determination of delays, deficiencies and related corrective action plans, and provide necessary reporting and notifications. Issues regarding to identified deficiencies and the corrective action plans are notified and escalated to the relevant platforms where more detailed in section Compliance Governance Structure.

 

Both the Head of Compliance and the Compliance department employees are strictly required to abide by the confidentiality principles stipulated by the Law and relevant regulations, especially the confidentiality of the internal suspicious activity/transaction notifications made by the Bank employees for assessment within the context of the MASAK regulations and suspicious activity/transaction notifications made to MASAK, and perform their activities in accordance with such principles. Details of the confidentiality mentioned in Section 8.2 Suspicious Transaction Reporting.

 

6       AML Policies & Regulations         

T-Bank employees are required to comply with the following as they are reflected in the relevant policies and procedures:

  • Turkish Legislations – regulations published by the legislative body and/or the regulatory authorities with respect to AML and CTF
  • Applicable international standards and best practices, to the extent that they apply to T-Bank operations and do not conflict with the local regulatory requirements
  • T-Bank Policies & Procedures

 

Accordingly AML Policies of the Bank primarily include:

Laws

  • Law No. 5549 on Prevention of Laundering Proceeds of Crime
  • Law No. 6415 on the Prevention of the Financing of Terrorism

 

Regulations

  • Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism
  • Regulation on Program of Compliance with Obligations of Anti-Money Laundering and Combating the Financing of Terrorism
  • Regulation on the Procedures and Principles Regarding the Implementation of Law on the Prevention of the Financing of Terrorism

 

AML Policies are part of the Bank’s Compliance Corporate Policy, and explain the precautions to be taken by T-Bank. The objective of the Policies is to set the strategies, bank internal controls and precautions(measures), operational rules and responsibilities and in order to ensure compliance with liabilities(responsibilities) regarding prevention of laundering of crime proceeds and terrorist financing, assessment of customers, their transactions, and services on a risk based approach and minimization of potential risk exposure, as well as create awareness within the bank and among its  employees on such matters. T-Bank employees should fulfill their duties in compliance with the AML Policies and all other related policy and procedures. All employees should aim to prevent T-Bank from being used for laundering of crime proceeds and terrorist financing; such suspicious activities should be reported immediately. T-Bank employees should not provide any advice or assistance on any matter to persons or entities who act in violation with the AML Policies, and such situations should not be intentionally neglected. No relationships may be initiated with the types of persons or entities prohibited by the Bank policies.

 

6.1      Regulations Regarding Laundering of Crime Proceeds, Terrorist financing and Embargoes

There are several Laws and legislations issued on Laundering of Crime Proceeds, Terrorist financing and Embargoes in Turkey. Details are mentioned in Annex 1.

 

6.2      Brief Explanation for AML & CTF Related Policies & Procedures

In order to manage the risks related to AML & CTF processes and for effective, comprehensive and detailed implementation of the Compliance Program, T-Bank documented different policies & procedures. Policies are the high level documents; details are captured through the procedures, manuals and work-flows linked to subject Policies. Such policies & procedures may be amended as necessary, and communicated to the related employees thereafter;

 

In accordance with the Bank's “Know Your Customer” principle, necessary measures in line with the local regulations and bank policies are applied for below;

  • Customer identification and verification,
  • Identification of beneficial owner,
  • Obtaining sufficient information about the purpose and the nature of the requested transaction,
  • Monitoring the client's status and transactions during the customer relationship and
  • Taking necessary measures for customers, activities and operations that require special attention.

T-Bank requires the customer identification and verification prior to the establishment of a business relationship or a transaction. The Law on Prevention of Laundering Proceeds of Crime and Financing of Terrorism is essential for identification and verification. In cases where the identification cannot be done or if there is no sufficient information about the purpose of the business relationship; business relationship does not established or requested transaction does not executed. In this context, the Bank does not open an account with anonymous or fictitious name.

 

The Bank put up required notices in the branches, in a way that all customers can easily see, in order to remind the persons, who act in their own name but for the benefit of others, of their responsibilities. Additionally, the written declaration of the customer indicating whether the act is carried out for the benefit of someone else is received. In cases where there is a suspicion that the person is acting in his/her own name but for the benefit of someone else although he/she has declared that he/she is not acting for the benefit of someone else, the bank conducts reasonable research to identify the exact beneficial owner.

 

In addition to the identification and verification process determined in accordance with the local legislation within the scope of the Know Your Customer Policy, in order to detect the sanctioned persons, companies, countries or to detect the Politically Exposed Persons (PEPs), name of the customer or the persons associated with the account are screened against the lists provided by the reputable sources (i.e. Dow Jones, Worldcheck), account opening and / or tightened measures are considered according to the screening result.

 

Within the scope of continuous business relationship and to know the customer; information about customers' profession, business activities, information about major customers or suppliers, source of income and total assets, purpose of account opening and usage, and other relevant information are obtained and considered for the customer AML/CTF risk assessment.

 

Risk assessment is conducted for customers in terms of money laundering and financing of terrorism during the customer acceptance stage and during the customer relationship and the customers are rated as “low”, “medium”, and “high”. With the risk based approach, enhanced measures such as seeking high level approvals, reviewing customer profile in more frequent manner, obtaining information about the source of the funds or transaction are applied for the high-risk customers.

 

The client's political influence (PEP) or being close to a political person (PEP), having a high-risk geography connection, operating in cash-intensive or high-cash-generating business lines, the initiation of a permanent business relationship by a proxy authorized by the authorized person, non-profit civil society such as association foundation are some of the criteria that are considered to be treated as high-risk in terms of our bank's policies.

 

Following the acceptance of the customer, with the risk based approach; customers’ information is reviewed periodically in T-Bank to keep the customers’ information, documents and records up-to-date and valid.

 

Individuals and non-individuals that are not accepted as customer are determined by T-Bank as below; 

  • Parties involved in sanctions lists (e.g. OFAC, EU, UN or local authorities lists),
  • Parties whose customer identification and verification cannot be done in line with the local regulations, parties that are unknown or has fictitious address,
  • Parties involved in the production and trade of firearms other than licensed weapons,
  • Parties that do not cooperate in providing information such as tax status, tax residence, tax number,
  • Casinos,
  • Exchange Offices,
  • Parties who are not authorized to collect donation by relevant authorities but wish to open an account for the purpose of collecting aid,
  • Shell banks and shell companies.

 

Within the framework of monitoring and control activities, in order to identify the suspicious transactions, T-Bank conducts controls and monitoring process through systemic settings (scenarios) via paying attention to below points, as those are considered as high risk. Suspicious activity reporting is done for the cases where it is considered as suspicious transaction.

 

  • Monitoring and control of transactions with risky countries,
  • Monitoring and control of complex and unusual transactions, including non-face-to-face transactions,
  • Monitoring and control of customers and transactions in high risk group,
  • Through the scenarios and thresholds determined as count and amount, monitoring and control of transactions that are not consistent with client's financial profile and business activities,
  • Monitoring and control of transactions carried out by the customer whether the customer is compatible with the information on his / her work, risk profile and sources of funds
  • Monitoring of transactions whether the financial transactions that are required to be performed in common practices are fragmented or not,
  • In case if the customers who are independent from each other providing the same address, telephone and similar contact information, or sending/receiving funds from/to same parties,
  • Through screening against special lists (such as Dow Jones or World Check) that are important from the Prevention of Money Laundering and Terrorism Financing point of view, monitoring and control of third parties involved into electronic transfers and cash transactions.

 

In order to ensure that the risk based approach is considered for the services that may become vulnerable for             misappropriation, due to newly introduced products and technological developments, principles and processes for the design and implementation of a new product or service is linked to certain approvals in T-Bank.

 

6.2.1         T-Bank Know Your Customer (KYC) Policy

T-Bank Know Your Customer (KYC) Policy and the relevant procedures or manuals include detailed explanation on the information required to be taken and verified, inspections required to be performed, forms to be filled and approvals to be taken regarding to customers with which continues business relationship established.

 

6.2.2         T-Bank AML Transaction Monitoring & Investigations Policy

T-Bank AML Transaction Monitoring & Investigations Policy and its relevant manuals or procedures describe the transaction monitoring & investigations principles, methodology adopted by T-Bank.

 

6.2.3         T-Bank AML & CTF Risk Policy

T-Bank AML & CTF Risk Policy and relevant procedures or manuals explain risk assessment process along with the proper measures required to manage and mitigate the identified risks and document the risk based approach implemented by T-Bank.

 

6.2.4         T-Bank Sanctions and Embargoes Policy

T-Bank Sanctions and Embargoes Policy and relevant procedures or manuals highlights the controls and process regarding to embargoes.

 

6.3      Record Keeping

According to the Turkish regulations on the prevention of laundering crime proceeds and terrorist financing, all information, documents and records taken from customers should be preserved in a manner that will allow easy access when needed. In order to render such information, documents and records to be easily accessible, they should be preserved electronically, in a manner that would allow re-demonstration of the transactions performed, and suitable to provide evidence in the prosecution of criminal acts.

 

Article 8 of the Law and Article 46 of the Regulation on Precautions require a preservation and submission period of 8 years for the information, documents and records within the context of the regulations and precautions regarding prevention of laundering of crime proceeds and terrorist financing.

 

The Bank shall disclose all required documentation and information upon request to its examiners and other regulatory bodies as per the legal and regulatory requirements in Turkey.

 

7       RISK MANAGEMENT

7.1      Management of Compliance Risk

The compliance risk management activities carried out by T-Bank within the context of the Bank Compliance Corporate Policy and all additional policies and procedures regarding prevention of laundering crime and terrorist financing cover its relations with the customers defined in the Regulation on Precautions as “continues business relationship”, and are of a continues nature. T-Bank does not provide service to persons or entities with who are not customers of the Bank, in other words does not have “continues business relationship”.

 

In accordance with the provisions of the Compliance Regulation, the objective of the risk management policy under the T-Bank Compliance Corporate Policy is to define, rate, monitor, assess, and mitigate the risks that T-Bank may be exposed to. T-Bank AML & CTF Risk Policy states the internal precautions and operating rules regarding the precautions provided in Section 3, “Principles regarding Knowing the Customer” of the Regulation on Precautions.

Risk management activities cover the following, at minimum;

  1. Development of risk identification, rating classification, and assessment criteria based on client risk, service risk and country risk
  2. Rating and classification of services, transactions and clients by risks,
  3. Development of the appropriate operation and control rules to ensure that risky clients, transactions or services are monitored and controlled, reported to the related departments, realization of such transactions upon approval of superior office, and audited if necessary
  4. Follow up of the national regulations, as well recommendations, principles, standards and guidelines issued by international institutions, and conducting of the required development activities.
  5. Regular reporting of the risk monitoring and assessment process to the Board of Directors through senior committees, and establishment and follow up of action plans for the elimination of disruptions.

 

7.2      T-Bank Compliance Risk Management

Effective management of compliance risk is the personal responsibility of all T-Bank employees, and is based on the following principles;

  • Board of Directors and Senior Management supervision,
  • A well determined organizational structure and personnel employment,
  • Documented Policies and Procedures, as well as full compliance of employees with such policies and procedures,
  • Monitoring and control activities,
  • Statistics and reporting activities,
  • Training, and
  • Collaboration and cooperation between the internal audit function and other control units,

Three main defense lines are set in T-Bank for the management of the Compliance risk;

ü  Business unit and/or Department Heads, who are primarily responsible for the effective management of compliance risk

ü  Departments under Internal Systems; i.e. Internal Control and Compliance, & other Head Office Supportive Departments; Legal Advisory etc.

ü  Internal audit, regular independent inspections and assessments, and reports regarding the outcomes of the same.

 

 

T-Bank Board of Directors regularly receives information through Audit Committee regarding how compliance risk that T-Bank is exposed to is managed.

 

Accordingly, T-Bank Senior Management is responsible for the monitoring of compliance risks, establishment of the organizational structure that would ensure effective implementation, establishment of a sound internal control environment and infrastructure in a manner that would include compliance with ethical principles and code of conduct covering bank employees in every level, monitoring of disruptions, deficiencies, errors and misconduct that may occur in the program, ensuring regular information flow regarding such disruptions, and ensuring assessment of the necessary reports.

 

As specified above, Business Unit and/or Department Heads reporting to the Senior Management are primarily responsible for the management of the compliance risk. The following is required to achieve this;

ü  Establishment of a “compliance culture”, where each employee is aware of his/her personal responsibilities, including reporting of aspects that are, or that may give rise situations, against the Compliance Corporate Policy / Compliance Program to the senior management

ü  Ensuring that adequate resources are allocated for the management of compliance risk

ü  Ensuring effectiveness of controls as well as their suitableness with the compliance risk management purposes

ü  Perception by all employees that the compliance department is a function which is independent from all business units and responsibilities thereof, especially activities related to sales, marketing and audit, and all units where revenue-generating activities are performed; and supporting of the independency of the Compliance Department.

 

Business department heads should clearly communicate with their staff, the expectation of the senior management regarding management of the compliance risk and the importance of the reporting of issues against Compliance Program of the Bank or those that may cause situations against the Compliance Program to the senior management.

 

Accordingly business unit and or department heads should make notifications on the following points, or inform employees through trainings at least on an annual basis;

ü  All employees are liable to fully comply with the ethical principles, regulations, policies and procedures

ü  Compliance with the laws and other regulations is a personal responsibility of all employees. Therefore, each employee is liable to know all regulations, policies and procedures related to his/her job description and required by his/her duties. Failure to know the relevant regulations, policies and procedures and failure to apply them for the said reason will not be accepted as an excuse, and the employees will be expected to seek assistance from the Compliance Department in any matter that they do not know. Failure to comply with the laws may lead to judicial and/or administrative sanctions up to the imprisonment, and/or disciplinary action under the T-Bank Discipline Procedure. All the managers who has responsibility to perform the annual performance assessment process for their employees pay attention in a manner and also consider the success and failure factors regarding compliance risk management.

 

The T-Bank Compliance Head, with the title of MASAK Compliance Officer, be responsible for the management of compliance risks that may arise during the operations and activities of T-Bank and is also the manager of the Compliance Department within this context. Compliance Department staff report to the MASAK Compliance Officer, ensuring that policies are fully and accurately implemented and monitoring and control processes on customers and transactions as well as inspections on suspicious transactions are performed. The Compliance Department utilizes methods such as monitoring, control, supervision, reporting etc. for such purposes, and works in collaboration and coordination with the audit and internal control units.

 

A triple assessment method, comprising of Customer risk, Product Risk and Country/geography Risk is utilized in order to identify the laundering and terrorist financing risks That T-Bank may be exposed to.

 

7.2.1         Customer Risk          

Know Your Customer (KYC) is the first line of defense and it is the primary program that has been implemented in order to prevent T-bank being used as an intermediary for the laundering of crime proceeds and terrorist financing, and to prevent such transactions from being realized through our bank. KYC requirements are based on three main principles;

  1. An owner (Customer representative) will be appointed within the Bank for each customer relation who will be responsible for knowing the related customer during and after the establishment of the continuous business relationship.
  2. Customer information will be recorded in certain forms, in accordance with the procedures and principles applicable to the relevant business unit, and preserved for a period of time specified in the Preservation of Records section.
  3. Customer information will be reviewed in line with the related procedures.

 

Requirements of the Know Your Customer program include;

  • ID verification and authentication will be performed.
  • General information will be collected about the customer.
  • Risk rating (based on the customer’s profession, the country it is located in, and other relevant indicators.)
  • No products or services will be provided, and no business relationship will be established or maintained with customers, ID of which cannot be verified by T-Bank who fail to provide the required information.
  • Customer transactions/accounts will be monitored within the framework of the rules set by T-Bank.

 

Sectors and professional groups that are considered as high risk or prohibited are all documented in AML & CTF Risk Product Risk Policy.

7.2.2         Product Risk

Product and service groups that characteristically impose higher risk regarding laundering and terrorist financing include;

  • Products and services identified by the regulatory and supervisory agencies,
  • Products that support high transaction volumes,
  • Cross-border transactions,
  • Products such as cash or bearer products, that offers physical transportability,
  • Products that enable quick displacement of funds,
  • Products such as safe-deposit boxes that ensure an unlimited storage for assets or valuables,

and similar products or services.

 

Products and services that impose high risk and should be monitored within the scope of monitoring and control activities include but are not limited to the following;

  • Cash transactions,
  • Electronic transfers,
  • Foreign bank checks,
  • Non-face to face transactions (internet, mobile banking etc.)
  • Correspondent banking accounts

 

7.2.3         Country/geography risk

Consistent with its Risk Based Approach T-Bank developed its own Country/Geography risk table.

 

8       MONITORING & CONTROLING ACTIVITES

With the risk based approach, T-Bank performs monitoring and control activities in order to ensure accurate and effective implementation of the Compliance Program for the bank. The purpose of monitoring and control activities is to protect the Bank from risks related to the laundering of crime proceeds and terrorist financing. While the Compliance Department performs the monitoring activities, controlling is performed by related departments within the context of three lines of defense principle mentioned in “7.2 T-Bank Compliance Risk Management” section.

 

T-Bank implements its monitoring and control activities in line with the article 14 of the Compliance Regulation.

 

Transaction monitoring is conducted by the AML Compliance officers. In order to detect the unusual transactions, through the automated transaction monitoring tool which has complex and sophisticated scenarios, all the customer initiated transactions that breach the determined thresholds are reviewed against the customer profile.

 

As a result, an assessment whether the transaction is in line with the customer profile or not, is done by the AML Compliance officers. Depending on the outcome of the assessment, Suspicious Transaction Reporting can be considered.

 

8.1      Suspicious Transaction Reporting

Details regarding to Suspicious Transaction Reporting are provided in relevant regulations. Additionally, MASAK Suspicious Transaction Notification Guideline, including information regarding to laundering of crime proceeds and terrorist financing as well as suspicious transaction indicators in connection with laundering of crime proceeds and terrorist financing is also in place. The said guidelines aid the obliged parties in the reporting of transactions and events in connection with laundering of crime proceeds and terrorist financing to MASAK.

 

As per the provisions of the law, in case of existence of any information, suspicion or a basis for suspicion that assets subject to the transactions that are or attempted to be performed by or through T-Bank are obtained through illegal means, T-Bank is obliged to report such transactions to MASAK through the MASAK Compliance Officer.

 

Any suspicious transactions detected by the staff of T-Bank during the fulfillment of businesses, transactions, or activities as well as transactions detected during the transaction monitoring and control activities will immediately be notified to the MASAK Compliance Officer in line with the relevant procedures/workflows.

 

The MASAK Compliance Officer is liable and entitled to evaluate the information and finding obtained and to notify to MASAK the transactions which he/she deems to be doubtful.

 

8.2      Confidentiality of Suspicious Activities/Transactions

T-Bank, shall not disclose any information that the suspicious transaction has been or will be reported to anyone including the parties of the transaction, except for the information provided for the examiners assigned for supervision of obligations and for the courts during trial.

 

This obligation covers the persons and the institutions who report suspicious transactions or members of them who carry out and manage the transactions or their legal representatives and proxies, and the other personnel who knows in any way that the suspicious transactions have been reported.

 

It is also noted by the Regulation, that legal persons, their compliance officers, legal representatives of the obliged parties, their managers and personnel complying with the obligation of reporting suspicious transaction, shall not be held responsible judicially and criminally in any way.

 

9       CONTINUOUS LEARNING PROGRAM

9.1      Training of employees

Compliance Training activities are coordinated by the Compliance Department. All employees are subject to adequate training on a regular basis and will be updated on all applicable laws, rules & regulations and internal policies and procedures relative to their job description in order to ensure compliance with laws, regulations, rules, and professional standards, including training sessions in the prevention of Laundering proceeds of crime end terrorist financing and the Code of Ethics and Professional Conduct.

 

T-Bank utilizes the web-based AML/CTF training program carried out by Turkish Banking Association. And all customer contact employees are subject to annual refresher training. It is also the requirement for the new employees to complete the same training following the 3 months of recruitment.

 

Additionally, specific trainings depending on the business line and expertise as need basis is also coordinated.

 

All the regulatory updates are also circulated to relevant employees through the notifications and announcements.

 

9.2      Training of Compliance Department

Training sessions for the compliance employees are conducted by the MASAK Compliance officer. Additionally, the bank is also supportive for the training activities and international certification programs on AML & CTF for the Compliance department employees.

 

9.3      Training records

Data regarding to attendance and completion for AML & CTF training is kept. Training statistics are submitted to MASAK within the first quarter of each year.

 

10   INDEPENDENT TESTING

In addition to the self- testing made by each line of business, and the assessment conducted by the Compliance Function, the Internal Audit Function is responsible, in addition to its regular tasks, to assess the quality and appropriateness of the compliance process established and the methodology  applied by the independent Compliance Function to ensure compliance with laws, regulations, policies & procedures, and the ability to identify breaches (if any); and report findings to the board and senior management with correctives measures when necessary.

 

Internal Audit Department conducts the audit for the adequately and efficiently implementation of this program throughout the Compliance Department audits and audits conducted in other departments i.e. branches, operations.

 

Corrective action plans are done for the findings identified by the Internal Audit Department and tracked through the reasonable target dates. Material findings are escalated to the senior management.

 

 This Policy approved through BOD Resolution 26.08.2019 dated, Nr.587.

 
 
TURKLAND BANK A.Ş. PRIVACY PROMISE

Your privacy is important for us. This is why we are committed to the Turkland Bank A.Ş. Privacy Promise for our customers, which is as follows:

In addition to the information that is legally required, only the information that is considered as necessary to offer the best products and services to our customers is requested by Turkland Bank A.Ş.

The privacy and the security of the information that is received from the customers are the most important criteria that are adopted.

In order to protect the privacy of the customer information, Turkland Bank A.Ş. adopts the rules described below:

Customer information is kept in the security system created by Turkland Bank A.Ş. and only authorized employees who are well-trained on the privacy and proper use of customer information have access to customer information.

Turkland Bank A.Ş. implements the tight security system in order to ensure that no access is given to unauthorized people including employees.

Except requirements related to the applicable legislations and regulations, customer information will not disclosed to 3rd parties without the customer’s consent.

Customer information that might be requested by Administrative authorities and judicial bodies will be disclosed in line with the scope of the regulatory request. Turkland Bank A.Ş. requires the third parties and its employees who provide service to the Bank to comply with the privacy and confidentiality requirements determined by the Bank when handling customers’ data.

Correctness / accuracy of the Information

It is important to ensure that your information is correct and up-to-date.. In case you notice that related information on the account statements or accessed through the internet banking is not correct or up-to-date, please inform your branch, following the guidelines under “Protection of Privacy” below; so that we can correct or update your information on a timely manner.

Protection of Privacy

Regarding the protection of your confidential information, we suggest you to:

  • Check your account balance and bank statements regularly and inform your branch in case of discrepancies,
  • If you suspect that your credentials, passwords or other confidential information is lost; or, stolen by the third party, please immediately inform your branch.
  • In all cases, we recommend not to disclose any of your information if you do not verify the credentials of the counterparty during phone calls or e-mailing, use a secure browser for online banking and close the online applications when not in use.

Turkland Bank A.Ş. will respect your trust and will work to keep the continuity of your trust through fulfilling its commitment specified in the guidelines above. Additionally, we believe that our clients will also demonstrate the required sensitivity for the privacy of the information that they provided to us.

The privacy promise will be updated timely with any changes in the applicable regulations or the internal policy, and will be always checked on the bank website.