Financial Information and Risk Management
Financial Information and Risk Management
Information about Transactions the Company Enters into with Members of its Own Risk Group
Under article 199 of the Turkish Commercial Code (Statute 6102), which went into force on 1 July 2012, the Board of Directors of Aksigorta A.Ş. is required, within three months of the end of its fiscal year, to draw up a report about any dealings the Company had with its controlling shareholder or with any affiliates of its controlling shareholder during the fiscal year just ended and to include the conclusions of that report in its annual report. The required statements about Aksigorta A.Ş.’s related-party transactions are presented in footnote 45 to the financial statements.
The conclusion reached in the report dated February 20, 2023 prepared by the Board of Directors of Aksigorta A.Ş. is, to the best of the Board’s knowledge of the circumstances and conditions at the time that a transaction took place or a measure was taken or refrained from, in each and every transaction which Aksigorta A.Ş. entered into with its controlling shareholder or with any of the affiliates of its controlling shareholder during 2022, that an appropriate mutual performance was achieved, that there were no measures taken or refrained from which might have caused the company to suffer a loss, and that there were no such transactions or measures whose consequences need to be offset.
Financial Information and Risk Management
Financial Information and Risk Management
Financial Position, Profitability and Solvency
With a solid financial structure that included TL 1,949 million in shareholders’ equity at end-2022, Aksigorta is one of the leading companies in the Turkish insurance sector.
Continuing to grow upon sustainable profitability, Aksigorta completed the year with TL 13,563 million of premium production.
Premium Production(TL Million)
2021
6,988
13,563
2022
Increase of Premium Production (%)
2021
33
94
2022
Shareholders’ Equity (TL Million)
2021
1,049
1,949
2022
Total Assets (TL Million)
2021
7,388
12,831
2022
Retention Ratio (Non-Life)(%)
2021
54
51
2022
Written Premiums / Shareholders' Equity (%)
2021
666
696
2022
In 2022, the Company reached to TL 13,563 million premium production. A breakdown of premiums by business line during the most recent two years is shown below.
| Breakdown of Premiums by Business Line | |||||
|---|---|---|---|---|---|
| Written Premiums | Share in Total (%) | ||||
| (TL Thousand) | 2021 | 2022 | Change 21/22 (%) | 2021 | 2022 |
| Fire | 1,356,924 | 2,696,775 | 99% | 19% | 20% |
| Marine | 133,194 | 299,623 | 125% | 2% | 2% |
| Motor Own Damage | 1,276,361 | 3,479,076 | 173% | 18% | 26% |
| Motor Third Party | 2,238,232 | 3,133,723 | 40% | 32% | 23% |
| Other | 935,550 | 1,865,817 | 99% | 14% | 14% |
| General Losses | 515,522 | 981,102 | 90% | 7% | 7% |
| Health | 531,838 | 1,107,321 | 108% | 8% | 8% |
| Total | 6,987,621 | 13,563,437 | 94% | 100% | 100% |
2021 Premium Distribution Portfolio
2022 Premium Distribution Portfolio
As of end-2022, 51% of generated premiums amounting to TL 6,857 million in value were retained by the Company.
The charts below show the amounts and relative percentages of produced premiums that were retained by the Company during the most recent two years, broken down by business line.
| Retention Premium | Retention Ratio (%) | |||
|---|---|---|---|---|
| (TL Thousand) | 2021 | 2022 | 2021 | 2022 |
| Fire | 235,152 | 410,648 | 17% | 15% |
| Marine | 34,173 | 59,786 | 26% | 20% |
| Motor Own Damage | 1,266,211 | 3,360,727 | 99% | 97% |
| Motor Third Party | 1,811,612 | 2,427,949 | 81% | 77% |
| Other | 151,008 | 243,239 | 16% | 13% |
| General Losses | 133,663 | 204,370 | 26% | 21% |
| Health | 115,999 | 150,670 | 22% | 14% |
| Total | 3,747,818 | 6,857,389 | 54% | 51% |
Fire
2021
17
15
2022
Marine
2021
26
20
2022
Motor Own Damage
2021
99
97
2022
Motor Third Party
2021
81
77
2022
Other
2021
16
13
2022
General Losses
2021
26
21
2022
Health
2021
22
14
2022
As of end-2022, Aksigorta retained TL 4,911,861 in premiums which it had earned in the non-life branch. Meanwhile, the Company’s share of incurred non-life claims amounted to TL 5,261,510. As of the same date, the ratio of incurred non-life claims to earned premiums (net) was 107%. The charts below show the amounts and relative percentages of the Company’s incurred claims and earned premiums during the most recent two years, broken down by business line:
| Claims Incurred (Net) | Earned Premiums (Net) | Claims Incurred/Earned Premiums (Net) (%) | ||||
|---|---|---|---|---|---|---|
| (TL Thousand) | 2021 | 2022 | 2021 | 2022 | 2021 | 2022 |
| Fire | 152,056 | 207,881 | 208,644 | 287,756 | 73 | 72 |
| Marine | 9,712 | 17,775 | 32,598 | 57,012 | 30 | 31 |
| Motor Vehicles (Motor Own Damage) | 1,086,649 | 1,636,114 | 1,159,588 | 2,011,007 | 94 | 81 |
| Motor Vehicles Liability (Motor Third Party) | 1,739,718 | 3,221,421 | 1,503,422 | 2,093,164 | 116 | 154 |
| Other | 11,942 | 135,078 | 250,535 | 290,403 | 5 | 47 |
| Engineering | 15,729 | 34,089 | 25,100 | 39,200 | 63 | 85 |
| Health | 7,991 | 9,152 | 111,848 | 132,600 | 7 | 7 |
| Non-Life Total | 3,050,315 | 5,261,510 | 3,293,734 | 4,911,861 | 93 | 107 |
Claims Incurred/Earned Premiums (Net) (%)
Fire
2021
73
72
2022
Marine
2021
30
31
2022
Motor Vehicles (Motor Own Damage)
2021
94
81
2022
Motor Vehicles (Third Party Liability)
2021
116
154
2022
Other
2021
5
47
2022
Engineering
2021
63
85
2022
Health
2021
7
7
2022
Technical Profit Balance
At end-2022, Aksigorta showed a total technical profit amounting to TL -71,919 thousand. The charts below show the amounts and relative percentages of the Company’s technical profit during the most recent two years, broken down by business line.
General Technical Profit Balance
| (TL Thousand) | 2021 | 2022 |
|---|---|---|
| Fire | 58,715 | 178,320 |
| Marine | 29,331 | 58,893 |
| Motor Vehicles (Motor Own Damage) | -80,097 | 323,041 |
| Motor Vehicles Liability (Motor Third Party) | -57,542 | -1,201,106 |
| Other | 240,727 | 302,790 |
| Engineering | 17,554 | 78,046 |
| Health | 127,316 | 188,097 |
| Total | 336,004 | -71,919 |
General Technical Profit Balance/Written Premiums (%) (Non-life)
| 2021 | 2022 | |
| Fire | 4 | 7 |
| Marine | 22 | 20 |
| Motor Vehicles (Motor Own Damage) | -6 | 9 |
| Motor Vehicles Liability (Motor Third Party) | -3 | -38 |
| Other | 36 | 16 |
| Engineering | 3 | 8 |
| Health | 24 | 17 |
| Total | 80 | 39 |
General Technical Profit Balance/Written Premiums (Non-life) (%)
Motor Vehicles (Motor Own Damage)
2021
99
97
2022
Motor Vehicles (Third Party Liability)
2021
81
77
2022
Fire
2021
4
7
2022
Marine
2021
22
20
2022
Other
2021
36
16
2022
Engineering
2021
3
8
2022
Health
2021
24
17
2022
In 2022, Aksigorta earned TL 1,533,681 thousand in net investment income in addition to the earnings generated by its insurance business activities. The Company’s investment income during the most recent two years is shown below.
| Net Investment Income (TL Thousand) | 2021 | 2022 | Change (%) |
|---|---|---|---|
| Foreign Exchange Gain | 249,466 | 442,604 | 77 |
| Income from Financial Investment | 500,201 | 1,026,082 | 105 |
| Real Estate Income | - | 0 | - |
| Income from Derivatives | 126,002 | 64,995 | -48 |
| Other Income | - | 0 | - |
| Total Net Investment Income | 875,669 | 1,533,681 | 75 |
Based on all of these technical and financial results, Aksigorta booked loss before tax of TL -121 million. The Company’s shareholders’ equity amounted to TL 1,949 million at end-2022. The breakdown of shareholders’ equity items during the most recent two years is shown below:
| Shareholders’ Equity (TL Million) | 2021 | 2022 | Change (%) |
|---|---|---|---|
| Paid-in Capital | 306 | 1,612 | 427 |
| Profit and Capital Reserves | 390 | 294 | -25 |
| Previous Years Income/Loss | 164 | 164 | 0 |
| Net Profit/Loss for the Period | 189 | -121 | -164 |
| Total Shareholders’ Equity | 1,049 | 1,949 | 86 |
At end-2022, Aksigorta’s principal investments amounted to TL 3,407 million in value.
Developments in the Company’s investments during the most recent two years are shown below:
| Investments (TL Thousand) | 2021 | 2022 | Change (%) |
|---|---|---|---|
| Financial Assets and Investments with Risks on Policyholders | 306 | 1,612 | 427 |
| Subsidiaries | 390 | 294 | -25 |
| Affiliates | 164 | 164 | 0 |
| Properties | 189 | -121 | -164 |
| Total Investments | 2,963,628 | 3,407,343 | 15 |
Aksigorta does not have affiliates as of the end of 2022.
Financial Information and Risk Management
Quality Policy and Quality Management Systems
Quality Policy
As a strong, reputable and trustworthy company together with our agents, employees and suppliers, we are committed to provide quality service and continuous improvement of our services by prioritizing customer satisfaction in line with our vision, mission and values and in conformance with national and international laws, regulations and standards regarding insurance business.
Quality Management System
Aksigorta is committed to providing quality service to all its customers, business partners, stakeholders and employees.
According to this principle, Aksigorta established the quality assurance system and obtained the BS EN ISO 9001:1994 Quality Standard Certificate from BVQI (Bureau Veritas Quality International) in 1998. Quality Assurance System standard has been revised regarding the customer needs and current conditions, and ISO 9001: 2015 Quality Management System has been published in 2015. Aksigorta has aligned its current systems with the up-to-date version.
Aksigorta established ISO 10002: 2015 Customer Complaints Management System and upgraded customer relationship management to international standards’ line which based on customer-oriented service approach.
Financial Information and Risk Management
Risks and Assessment by the Management Body
Risk Management Framework
The Company’s risk management framework includes the strategies, policy models, processes, and reporting procedures required to identify, measure, manage, monitor and report the risks to which the Company is or may be exposed.
It is the responsibility of the Board of Directors to identify the risk management principles and standards to be applied throughout the company, to update the risk policies depending on the changes in the operating conditions, and to establish and operate effective risk management systems and processes. The Board is also ultimately responsible for monitoring the risk level of the Company, controlling the situation against these limits by establishing risk limits, and putting the necessary measures into practice.
The tools required for determining, measuring, managing, monitoring, and reporting of risks vary according to the type of the risk. There are five risk classes: such as Insurance risks, Financial risks, Compliance risks, Operational risks, and Strategic risks.
Aksigorta is exposed to business risk in relation to its operations in the non-life insurance sector. Likewise, the Company also faces financial risks related to its operations, such as loan, market, and liquidity risks. Operational risk arises as a result of human, process, and system errors during the management of other related risks. Strategic risks are associated with changes in strategic planning, sector, competitive environment and technological changes. Sustainability risks are also assessed as strategic risks.
Emerging risks are the result of new trends that may pose a threat or risk to the company. These trends are ambiguous by nature, making it challenging to measure them and perform an impact analysis. The emerging risks inventory is regularly reviewed in light of global and local researches in the insurance industry.
Information on Risk Management Policies by Risk Type
Risk Management Framework Policy
Aksigorta’s risk management strategy, implemented risk management system, and risk governance approach across the Company, as well as the roles and responsibilities for risk management are established in the Risk Management Framework Policy and approved by the Board of Directors.
The basic objectives of this policy are determining the basic principles and standards of the risk management systems and processes, implementing such systems and processes, and complying with the determined risk limits. The Company’s Risk Management Framework Policy defines the risk management roles and responsibilities of the Board of Directors, the Early Detection of Risk Committee under the Board of Directors, and the General Manager. The said policy also explains the role of each level in the triple line of defense model and the functioning of the delegation of authority in Aksigorta.
The activities covered by the Risk Management Framework Policy are carried out within the framework defined by the insurance legislation and the other relevant legislation to which the Company is subject.
Insurance Risk
In any insurance contract, the risk is that one party (the insurer) accepts a significant insurance risk from the other party (the insured) by agreeing to indemnify the insured if a specific uncertain future event (the insured event) negatively affects the insured.
The company has adopted a central risk assessment policy. This policy is carried out within the framework of predetermined activities and limits. In general, the probability of damage occurring is determined during risk assessment by methods of past damage experiences, comparison of similar risks, and process risks within the production process. Location, geographical region, field of activity, and fire and theft measures are the primary criteria considered in risk assessment.
Insurance risks are managed by the company through a policy production strategy, reassurance agreements, and effective liquidation and payment transactions. The policy generation strategy of the Company is based on the most effective risk assessment during policy production, as well as the most accurate distribution of assumed risks based on their types, sizes, industries, and geographical regions.
The Company enters into reassurance contracts for excess of loss, quota share, surplus, and catastrophic guarantees to manage insurance risk. The company has no surplus agreements in the branches of fire, transportation, engineering, and general accidents. Annual quota share contracts with a certain proportional turnover rate are included in the motor, professional liability, electronic devices, machinery breakdown, mandatory bus passenger, cyber risks, credit, political violence, health, and individual accident branches. Also, there are Risk & CAT, Transportation and Optional Financial Liability Non-Proportional Reassurance contracts that protect the net risks our company holds.
Market Risk
The company is generally exposed to interest rate risks as a result of its financial investments, as well as credit risks as a result of insurance receivables.
Changes in market interest rates cause fluctuations in the costs of financial instruments, forcing the company to deal with interest rate risk. The primary risk to which the company’s portfolio’s available-for-sale financial assets are exposed is the damage that will result from a decrease in the actual values of financial assets due to changes in market interest rates.
The Company is exposed to currency risks, which arise from foreign exchange rate changes caused by the conversion of its foreign exchange and foreign exchange indexed assets and liabilities into Turkish Lira.
Market risk components the Company faces, like the interest risk and currency risk, are periodically measured and reported via stress and scenario tests.
Liquidity Risk
Liquidity risk is the likelihood of the company failing to meet its net funding liabilities. Liquidity risk is caused by events that reduce funding resources, such as market disruptions or credit score reductions.
In the event that the Company’s financial resources are insufficient, there is a risk of ceasing current operations or reducing the scope of operations.
The company’s investment strategy approved by the Board of Directors has been established considering the liquidity conditions of the Company and the band widths (lower and upper limits) movable during the management of assets for investment and asset management and especially taking into account the potential liquidity profile of the liabilities. The liquidity risk management contains an approved limit structure and a series of triggering arrangements which provide that management is informed about potential problems.
Credit Risk
Credit risk arises from the counterparty failing to meet its obligations under the contracts to which the company is a party. Limits and guarantees are determined by evaluating criteria such as financial strength and business capabilities of related parties. The Company’s credit risk is arises from insurance activities such as: the investment activities in banks and finance corporations, bond market investments, and receivables from agencies, insured customers, and reinsurance companies. Credit risk is managed with the credit risk rating and limit framework defined for the Company and organizations involved in the transactions made as counterparty.
Capital Management
The primary goal of Capital Management is optimizing the company’s capital structure, composition, and distribution, as well as protecting its financial capacity and productivity. The Capital Management Policy has been established and approved by the Board of Directors to define the roles and responsibilities, capital risk appetite, and reporting requirements in order to achieve the goals set.
Operational Risk
Operational risk is the loss that may arise due to uncontrolled business processes, human or system errors or external factors. It is essential to evaluate the probability of the operational risks and the level of impact they will create, and take the necessary measures accordingly. In the first line of defense, it is aimed to manage operational risk by effective follow-up and monitoring of the processes. Efficiency and adequacy of controls and implementation of action plans are primarily the responsibility of the first line of defense and are monitored and reported by the Internal Control, Risk Management and Compliance Directorate. Aksigorta’s target is to keep the operational risk at the lowest level that is commercially reasonable.
Information on Risk Management and Internal Control System
As per the Law on Insurance No 5684, Article 4 and the Regulation on Internal Systems in Insurance and Private Pension Industries, insurance companies must set up an effective internal control system to ensure that the company’s assets are protected; that its activities are conducted in accordance with the requirements of the Law and related other legislation, with in-company policies and with established insurance industry practices; and in such a way as to be both effective and productive; and that the accounting and financial reporting system as well as all systems used in the provision of the main services are secure, coherent, and capable of providing timely access to information.
Risk management is the Company’s main means of avoiding undesirable outcomes in the pursuit of its targets and ensuring the continuity of its activities. The Risk Management Department’s functions are to identify, measure and monitor the risks to which the Company is exposed, to ensure that actions are taken to keep the risks within the limits determined as per the risk appetite and report such actions. Within this scope, it ensures that the business decisions are taken in a risk-based approach and the resources are used efficiently so that the expectations of the entire Company and its business partners, including customers and shareholders, are met at the highest level.
The general risk level to be assumed for each type of risk, as well as the maximum risk limits allocated to management and their implementation procedures are specified in the policies which have been approved by the Board of Directors.
In order to monitor incurred risks and to provide control, the Company established and operates a structure of internal systems complying to the scope of its activities as specified by the legislation. In this approach, dubbed “the triple defense line,” the division of authority and responsibility is as follows:
Line of Defense Officials, Authorities and Duties
1. Line of Defense: Company Management
Identifying, assessing, managing and reporting risks in an effective and risk-oriented manner, and ensuring compliance with company policies. Establishing and maintaining an effective internal control system
2. Line of Defense: Risk Management, Internal Control and Compliance Directorate
Supporting the Company management in identifying, assessing, managing and reporting risks, overseeing compliance with Company policies and correcting any noncompliance; in short, assisting in the functioning of Aksigorta’s Risk Management Framework. Providing an acceptable assurance regarding the following subjects: Company assets are protected with internal control structure; its activities are carried out effectively, efficiently and in compliance with laws and other relevant legislation, in-house policies and rules of the Company, insurance business customs; the accounting and financial reporting systems are functioning reliably; the integrity of all systems used in the provision of services, and timely irretrievability of the information.
3. Line of Defense: Internal Audit Directorate
Assuring the Board of Directors about the effectiveness of the Company’s risk management and internal control mechanism from an impartial and independent viewpoint.
Risk Management, Internal Control and Compliance Directorate
The Risk Management, Internal Control and Compliance Directorate activities are carried out as per the “Regulation on Internal Systems in Insurance and Private Pension Industries.” According to the regulation, as of April 2022, Aksigorta and AgeSA’s Risk Management, Internal Control and Actuarial Supervision activities are carried out jointly.
It is aimed to provide assurance to the Board of Directors through risk management and internal control activities on:
The reports which include the risk monitoring, assessment, management activities, and internal control activities are submitted to the Board of Directors and the Early Detection of Risk Committee regularly.
Internal Control and Risk Management Group Directorate
Internal control activities are primarily the responsibility of the business units that perform them. A Internal Control Unit has been commissioned for supporting business units in the design of the processes carried out or controls used by these units, evaluating the adequacy, effectiveness and compliance of said processes and controls together with these units, and monitoring the internal control functionality of the company.
The Risk Management unit ensures that potential risks are defined, assessed, and managed in a timely manner. The activities of the Internal Control and Risk Management units include managing all risks associated with the Company, affiliates subject to consolidation, as well as service providers and agencies.
The Internal Control and Risk Management Group Directorate targets to make contributions under the following categories through its operations:
The control activities performed by the business units have been supervised within the annual plan, as have activities to improve the company’s existing internal control processes.
As the second line of defense, the determinations made as a result of the supervision of the company’s risk management and internal control activities were regularly reported to the Early Detection of Risk Committee (EDOR) (CRO Report, Internal Control Report, etc.)
The regulation on Internal Systems of Insurance and Private Pension Sectors was published in the Official Gazette dated 25 November 2021 and numbered 31670, to enter into force on the published day. A communique on the application of certain articles of the regulation, in addition to the regulation, was issued on 30.05.2022. Analysis, compliance, and reporting studies were initiated within the scope of the regulation, which includes radical changes in the organizational, managerial and administrative responsibilities of the Internal Systems, which also includes the Internal Control and Risk Management units. The necessary actions have been determined and are being monitored in order to provide full compliance with the regulation.
The first phase of the “Integrated Risk Management Project,” which aims a digital and cultural transformation in Risk Management and Internal Control operations was completed on 18.08.2021. The Project aims to increase risk management competencies and create risk intelligence by combining best industry practices and GRC (Governance, Risk, Compliance) technology. The Company’s risk and control catalog was transferred to the GRC application (IRM) as part of the related project, control ownerships were determined, and the results of regular control activities were reported via IRM.
The second phase of the project is scheduled to be completed in 2023 and will include the “Archer GRC Application Improvement” project’s Operational Risk Management methodology.
Actuarial Supervision Unit
Actuarial Supervision Unit The Actuarial Supervision Unit targets to make contributions under the following categories through its operations:
Business Continuity
Aims to provide the continuity of Aksigorta operations, to effectively and seamlessly maintain value-creating critical products, services, and service activities, to reduce negative impacts, to predetermine risks for the continuity of processes providing value to customers and stakeholders, and to be prepared in times of crisis by developing measures. Human life and health are the top priority in business continuity efforts.
A Business Continuity Plan is created in order to protect business processes and valuable assets and to maintain the ability to do business after crises and events, and the effectiveness of the process is ensured through tests and exercises.
The structure of business continuity is developed based on the results of business impact analysis and risk assessment studies, and targets and performance criteria are identified based on data included in analysis activities, so that the organizational structure, business unit requirements, location, and system infrastructure are in harmony, and required development necessities are identified.
Audit and control activities, management reviews and corrective actions required for the continuous improvement of the business continuity management structure, and the necessary actions to identify risks and opportunities are provided by the management and the teams that the management assigns the responsibility for business continuity.
Within the framework of these principles, the following activities were completed during the year:
Law, Legislation and Compliance
All changes in legislation that are significant and related to our company’s activity area have been closely monitored and reviewed, and all actions have been taken to comply with legislation.
Within the scope of MASAK compliance, the project designed has been completed, and related processes have been transferred to a digital environment with effective software applications in order to effectively monitor sanction decisions, institutions, and persons subject to sanctions.
The Claims and Law department has filed 50,484 new case files and closed 39,389 files in 2022. Settlements were made in traffic bodily harm files, and 2234 case files were resolved amicably until the end of November 2022.
Information Technologies and Information Security Risks Management
Aksigorta’s vision includes an elementary insurance approach based on cutting-edge technology. At the same time, by focusing on technology, Aksigorta Information Technologies Department has adopted the elementary insurance approach using cutting-edge technology. The Information Technologies department works in parallel to Aksigorta’s strategy. A strong and flexible system, value-added and next-generation technologies, cyber security solution implementation, and IT talent management are strategic priorities in the new normal order.
Within this context, the Agile Management Methodology, which has recently emerged as a global trend, has been adopted. Information Technologies is where the first agile transformation has begun as of 2019. The IT organization has undergone change as part of this transformation, which was initiated with the goal of most productively and quickly addressing market dynamics and providing competitive advantage. The transformation from project to product management, as well as from department structure to inter-functional squad structure, has been completed, and Aksigorta’s entire project portfolio is now managed with Agility. The senior management, product owner, and domain owners regularly monitor the Squads’ target key results (OKR) through quarterly Big Room meetings.
Information Technologies has adopted the company’s risk management methodology for its own risk management. The IT Risk Management committee meets quarterly to assess IT risks.
Information systems risks and checkpoints have been defined. As part of the COBIT 2019 compliance program, control targets are reviewed and necessary updates are performed at checkpoints.
The data governance structure has been designed and disposal, exploration, data classification activities have been performed. Process controls have been defined, and data governance has been systematized with appropriate support tools.
Financial Information and Risk Management
Notable Changes in Regulations – 2022
A. IMPORTANT REGULATION CHANGES OF THE YEAR 2021
1. Amendments Introduced with the Directive on Measures to Prevent Laundering Crime Income and Terror Financing
With the Official Gazette dated 24.02.2021 and no. 31405 (Repetition 2), the Directive on Measures to Prevent Laundering Crime Income and Terror Financing (“Directive on Measures”) was published.
The coverage of the article on incumbents was expanded according to the amendments introduced. The lower limits of the transaction amount or the amount of multiple inter-connected transactions stipulated for the obligation to evidence identity in the transactions made by the incumbents was increased from TL 20,000 to TL 75,000. Obligations for obtaining the details of job and profession, and risk scoring to get to know the customer.
With the article 6/A introduced to the Measures Regulation, remote identification of real persons has become possible. Accordingly, if the legislation related to the main field of activity of the incumbent allows for the establishment of a contract with methods that would allow for the verification of the customer’s identity without face-to-face contact with the customer, then remote identification methods may be used in order to verify the identity of the customer during the establishment of a permanent business relationship with real persons.
It has been regulated that the audit of the Financial Crimes Investigation Board (“MASAK”) on the incumbent could be carried out with on-site or remote auditing methods, and fulfill the duty of auditing the incumbent through the treasury and finance experts employed at the Board and assigned to this task.
2. Amendments Introduced with the Regulation on the Compliance Program related with the Liabilities to Prevent Laundering Crime Income and Terror Financing
Amendments have been introduced to the Regulation on the Program for Compliance with the Liabilities to Prevent Laundering Crime Income and Terror Financing (“Compliance Program Regulation”) in the Official Gazette no. 31407 dated 26.02.2021.
The scope of the liabilities has been expanded and (i) Group A-powered enterprises listed in the foreign exchange legislation, (ii) financing, factoring and financial leasing companies, (iii) portfolio management companies, (iv) precious metals brokerage companies, (v) electronic currency organizations and (vi) payment organizations excluding those which intermediate invoice payments exclusively, payment order starting service exclusively, and submission of information related with the payment account exclusively have also been included among the incumbents who are required to create a Compliance program under the Regulation on the Program for Compliance.
The definition of “financial group” in the law on the Prevention of Laundering Crime Income dated 27 December 2020 and no. 5549 has also been included in this regulation. Accordingly, a group which comprises the financial organizations based in Turkey, which are affiliated with a parent organization headquartered in Turkey or abroad, or which controls this organization, and their branches, agencies, representatives and commercial agents and other similar units will be considered as a “financial group.” Detailed regulations have been set out on the nature of the financial group in the Regulation on the Program for Compliance.
The scope of the liability for creating a compliance program for financial groups has been described. Besides, the liability to review and update where required certain measures in every two years has been introduced. It has been stated that the responsibility for the supervision of the execution of the compliance program at the financial group level ultimately rests with the board of directors of the main financial institution within the scope of Article 6 of the Compliance Program Regulation.
In addition to the appointment of a compliance officer, an obligation to appoint assistant compliance officer has been introduced for the relevant obliged parties specified in the Compliance Program Regulation. The scope of the liability to establish a corporate policy has been expanded. The financial group has also been held liable for creating a corporate policy.
3. Amendments introduced with the Circular on the Appointment of Loss Adjusters in Value Loss Claims within the Scope of Highway Motor Vehicle Compulsory Financial Liability Insurance
The “Circular on the Appointment of Loss Adjusters in Value Loss Claims within the Scope of Highway Motor Vehicle Compulsory Financial Liability Insurance” dated 09.11.2021 and no. 2021/10 has stipulated that where any value loss is claimed by the right holders, the loss shall be identified by the loss adjusters licensed in the relevant branch.
According to the Regulation on Assignment of Loss Adjusters, published in the Official Gazette dated 25.08.2015 and numbered 29456, the insurer from whom loss of value is claimed, shall assign the loss adjuster on the basis of sequential order through the system established in the Insurance Information Center (SBM) to ensure fair distribution of job assignments.
It is stated that in the event that the loss adjuster is assigned by the right holder, the assignment can be made through the system to be established, while assigning a loss adjuster in accordance with the provisions of the relevant legislation without applying the sequential order procedure specified here could also be appropriate. Changes have been introduced in that SBM will establish the necessary IT infrastructure for the establishment of the loss adjuster assignment system and will take any kinds of measures regarding the operation of the system.
4. Amendments Introduced with the Regulation on Internal Systems in Insurance and Private Pension Industries
The Regulation on Internal Systems in Insurance and Private Pension Sectors in the Official Gazette dated 25.11.2021 and no. 31670 has aimed to strengthen the institutional structures of institutions operating in the insurance and private pension sector and to integrate the practices in the industry with the international system.
The regulation has included specifications to increase the effectiveness of the board of directors with regard to the internal systems, both directly and through the audit committee structure. Moreover, regulations have been introduced to establish an audit committee organization with professional membership attributes to continuously monitor the activities of the organizations, and to ensure the supervision of the functioning of the internal systems by the senior management.
The regulation has detailed the internal control, risk management, actuarial and internal audit functions as well as the qualifications of the unit and personnel responsible for carrying out these functions.
The regulation aims to create these control functions without being influenced by the other activities of the company, together and in integrity with the activities, and so that they ensure the personnel responsible for the internal systems can fulfill their duties without conflict of interest, and arrangements; and the regulations were introduced accordingly.
Information systems requirements and business continuity issues have been regulated in accordance with the actuarial requirements and the unique structure of the insurance industry in terms of cyber security.
The reporting requirements brought by the regulation, the development of a transparent management approach, and the effectiveness of the industry’s surveillance and supervision open to the public are considered as an important element that increases transparency.
Shared use of resources in insurance groups and financial groups has been aimed to ensure effective use of resources and productivity increase.
5. Amendment to the General Conditions Regarding the Amendment to the General Conditions of Highway Motor Vehicle Compulsory Liability Insurance
General Conditions for Amending the General Conditions of Highway Motor Vehicle Compulsory Liability Insurance were published in the Official Gazette dated 04.12.2021 and numbered 31679. In this framework, considering the aforementioned decisions, articles 18 and 19 of the Law No. 7327 dated 9 June 2021 and articles 90 and 92 of the Highway Traffic Law No. 2918 were amended.
Changes have been made to compensation for depreciation, permanent disability and lack of support. Article B2 of the General Conditions has been amended with article 9 of the Communiqué and, the requirement of using OEM parts has been introduced as a rule for the repair of vehicle damages within the scope of traffic insurance. In accordance with the aforementioned amendment, it is regulated that the damaged part can be replaced with an equivalent or reusable part only in cases where the approval of the right holder is obtained and where it is not possible to replace the damaged part with the OEM part. Similarly, the use of equivalent parts is also included in cases where the part that needs to be replaced is not original.
The depreciation calculation in Annex-1 of the General Conditions has been further elaborated. Likewise, the calculations of compensation for loss of support and compensation for injury have been further elaborated. Here, the aims was to make regulations in accordance with the SEDDK’s goal of minimizing the disputes and calculating the damage with a fair and realistic approach.
6. Regulation on the Amendment of the Regulation on the Principles of Implementation of Insurance Related to Personal Loans
The Regulation on the Amendment of the Regulation on the Principles of Implementation of Insurance Related to Personal Loans was published in the Official Gazette dated 29.12.2021 and no. 31704. This regulation has introduced amendments on issues such as entitlement, compulsory insurance, permanent data storage, informing the insured, obtaining health declarations, and surviving taxpayers.
B. IMPORTANT REGULATION CHANGES OF THE YEAR 2022
1. Regulation on Amendment to Commercial Advertisement and Unfair Commercial Practices
The Regulation on Amendment to Commercial Advertisement and Unfair Commercial Practices was published in the Official Gazette dated 01.02.2022 and no. 31737. This amendment introduced a regulation for analyzing the purchasing behaviors and other personal data of the consumer regarding any goods and services and specified that the offered price is a personalized price, and it should be included in the same space as the current price. Where discounted price is included, the obligation of stating the price before the discount has been introduced. It has been determined that the lowest price applied within 30 days before the discount is applied in the determination of the sales price before the discount. In advertisements where it is stated that a good or service is offered for sale with a tied loan, it is stated that the maturity of the loan, the interest rate, the monthly and annual percentage value of the total cost to the consumer and the repayment conditions should be included on the media where the advertisement is published.
In the event that a product or service offered for sale on the internet is sorted by comparing price, quality and similar aspects, it is regulated that the information on which criteria the ranking was created will be in the same field or in a way that can be easily seen on the pop-up screen where consumers can be directed with a link or warning sign. An obligation to include the phrase ‘advertisement’ in the ranking results displayed based on advertisements or sponsorships and similar agreements has been introduced.
C. KEY DEVELOPMENTS AND DECISIONS UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA
Public announcement on COVID-19 PCR test result and vaccination information:
On 28 September 2021, the Agency posted a public announcement regarding the processing of vaccination information and PCR test result. The Agency referred to the letter of the Ministry of Interior, which requires the provision of a PCR test and/ or vaccination information for collective participation of people in group activities, and the letter of the Ministry of Labor and Social Security which require a PCR test to be requested once a week from non-vaccinated employees, and stated that the data of vaccination and PCR test results processed within the scope of preventive and protective activities constitute an exception to the Law No. 6698 on the Protection of Personal Data (the “Law”). In this respect, the data processing activities of public institutions and private organizations based on and being limited with the letters of the Ministry of Internal Affairs and the Ministry of Labor and Social Security will not be considered within the scope of the Law, while any processing activities that exceed the scope of the relevant articles will be subject to the provisions of the Law.
Guidelines to be Considered in the Processing of Biometric Data under the Law on the Protection of Personal Data: On 17 September 2021, the Personal Data Protection Authority (“Authority”) published the Guidelines to be Considered in the Processing of Biometric Data (“Guidelines”). The guidelines defines biometric data and includes processing conditions and principles in accordance with the Law on the Protection of the Personal Data.
The biometrical data include significant information about the data subjects due to their attributes. With the introduced Guidelines, the Authority introduces new responsibilities for the data controllers regarding the processing of the biometrical data with the goal of ensuring data protection and security in the processing of the biometrical data. The data controllers who are to process biometrical data should realize their activities in conformity with the principles and measures listed in the Guidelines.
Decision – Decision on sanction regarding the application of instant messaging:
The Personal Data Protection Authority (the “Authority”) identified that an instant messaging application (the “Application”) updated the service requirements and the principle of confidentiality as a prerequisite for the offered service. The authority started an ex officio inspection mainly on (i) transferring data abroad, (ii) binding the service to the requirement of explicit consent, and (iii) conformity to general principles. With the resolution dated 3 September 2021 and no. 2021/891, the Authority concluded as follows: y obtaining a single express consent for the processing and transfer of personal data abroad through the terms of service contract damages the “free will disclosure” element of the express consent; y the terms of service and the statements in the policy of confidentiality are presented in a non-negotiable nature, and the use of the application is tied to the condition of transfer, which is in violation of the principle of “compliance with the law and good faith” in Article 4 of the Law; y a conduct was performed against the principles of “processing for evident, clear and legitimate purposes” and the principles of “being related, limited and aligned with the objective of processing” in article 4 of the Law, y as long as the servers of the data controller are not located in Turkey, any processing activity regarding the personal data obtained from the persons in Turkey means the transfer of personal data abroad and the said transfer is not made in accordance with Article 9 of the Law; and y not obtaining explicit consent from the related individuals regarding the cookies used for profiling is not in accordance with the law. In this direction, the Authority ruled that (i) an administrative fine of TL 1,950,000 should be imposed on the data controller for not taking the necessary technical and administrative measures, (ii) the data controller should ensure conformity of their service requirements and policy of confidentiality text to the Law in 3 months, and (iii) the data controller should provide a clarification in accordance with the provisions of Article 10 of the Law and the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Clarification Obligation.
Other Resolutions:
In a decision regarding the data breach notification of an insurance company, the Authority decided to impose an administrative fine of TL 30,000 on the grounds that the data controller did not comply with the Personal Data Security Guidelines and did not take the required technical and administrative measures to ensure data security. The penalty amount was maintained law considering the economic condition of the data controller and that the error which caused to the violation was an exceptional case.
In a decision regarding the data breach notification of an insurance company, the Authority concluded that no action was required to be taken, considering that although there were health data among the affected data, 1 person was affected by the breach and the data controller informed the Authority as soon as possible.
In a decision regarding a bank’s data breach notification, the Authority considered that the data controller (i) did not limit the KKB queries of the personnel before the breach, (ii) did not carry out adequate inspection and supervision, (iii) imposed an administrative fine of TL 200,000 based on failure to take the required technical and administrative measures to ensure data security considering that the training on the Law for the Protection of Personal Data was not adequate.
In the decision regarding the data breach notification of an insurance company, the Authority determined that the data controller did not take the required technical measures to ensure data security, and imposed an administrative fine of TL 90,000. The decision no. 2020/357 dated 7 May 2020 is accessible here.
In a decision regarding the data breach notification of a bank, the Authority emphasized that (i) the control mechanism of the data controller was not at a sufficient level, (ii) the said errors should have been detected during the testing phase and the changes should have been corrected before they are released live, and imposed an administrative fine of TL 75,000 further to article 12/1 of the Law due to failure to take administrative measures.
Financial Information and Risk Management
Internal Audit Activities
Internal Audit Activities
The internal audit system of Aksigorta was structured in accordance with the Communiqué on the Internal Systems of Insurance and Private Pension Sectors issued in the Official Gazette dated November 25, 2021, and numbered 31670. As per Article 6 of the Communiqué no. 16/2022 Concerning Enforcement of Some Articles of the Regulation on the Internal Systems of Insurance and Private Pension Sectors, it is possible to jointly use an audit committee, internal control, risk management, actuarial and internal audit unit of any of the insurance, reassurance and pension companies under the Insurance group, without the need to form another such separate unit in other companies, too. Therefore, the AgeSA Emeklilik ve Hayat A.Ş. Internal Audit team has been restructured accordingly so that it can serve both Aksigorta A.Ş. and AgeSA Hayat ve Emeklilik A.Ş. companies Pursuant to the Board of Directors resolution dated October 31, 2007, and numbered 2007/31, and in accordance with applicable laws, rules, regulations and practices, an Audit Committee was set up to help protect the interests of the Company’s stakeholders. As stipulated by the Board of Directors resolution dated October 17, 2014, and numbered 2014/62, the aforementioned Committee was restructured and replaced by the current Audit Committee to ensure compliance with Capital Markets Board Corporate Governance Principles. The Audit Committee consists of two members, namely Hüseyin Gürer and Yeşim Uçtum, both Independent Members of the Board of Directors. According to the organizational chart, the Internal Audit department reports directly to the Board of Directors and operates independently. The Company aims to manage the internal control system within the maximum risk limits which determine risk factors which may prevent reaching strategic and operational goals. The Risk Management and Internal Audit Departments are responsible for ensuring operational productivity and efficiency, issuing financial and managerial results in a timely, accurate and reliable manner, overseeing compliance with applicable laws and regulations, protecting shareholder investments and Company assets, and managing risks effectively and efficiently. The scope of internal audit activities includes analysis and assessment of the efficiency and capability of internal control, risk management and administrative processes in order to yield reliable, independent and impartial opinion on these processes, and to present proposals for improvement and development.
As part of the annual audit plan for 2022, auditing of 13 processes was completed, and the associated reports were submitted to the Audit Committee. The actions taken by the Company executives in connection with the internal control deficiencies observed within the framework of Audit Reports were subsequently followed up and the adequacy of the actions were questioned by monitoring their effect on the risk level and the results were reported to the Audit Committee.
The Internal Audit team consists of 1 Chairman, 3 Managers, 7 Auditors and 1 Audit Data Analyst, who possess the qualifications specified in the Regulation on Internal Systems of Insurance, Reinsurance and Pension Companies. The internal audit personnel were provided with the necessary training courses to support their professional development and improve their knowledge. The Internal Audit department staff members have no responsibility, authority or influence on the audited operations of the Company, and their full independence is ensured.
Financial Information and Risk Management
Dividend Policy
AGENDA
Determination of allocation of annual profit of 2022, dividend pay-out rate and terms of dividend payment
RESOLUTION
It has been understood that there is a “Net Period Loss” of TL 121,148,616 in the Financial Statements for the period of 01.01.2022-31.12.2022, prepared in accordance with Capital Market Board’s Accounting Standards and Generally Accepted Accounting Principles and audited by PwC Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik A.Ş. (PwC), accordingly it has been decided to inform the shareholders that there will be no dividend distribution for the 2022 accounting period according to the Capital Market Board regulation on dividend distribution and to present this issue for approval of our shareholders at the Ordinary General Assembly Meeting of 2022 which will take place on 21 March 2023.