Risk Management and Internal Control System

Pursuant to Article 4 of the Regulation on the Internal Systems of Insurance, Reinsurance and Pension Companies issued as per Article 4 of the Insurance Law no. 5684, insurance and reinsurance companies are required to establish an effective internal control system, including internal audit and risk management, in order to regularly control and audit the compliance of all their business and operations with insurance legislation and other relevant legislation, internal regulations of the company and its management strategy and policies, and to detect and prevent mistakes, fraud and unlawfulness.

According to the legislation, internal control and risk management activities carried out by “Internal Control and Risk Management Department.”

Internal Control

The internal control system is in place to ensure that the company’s assets are protected; that its activities are conducted in accordance with the requirements of laws and regulations, with company policies and procedures, and with established insurance industry practices and in such a way as to be both effective and productive; and that the accounting and financial reporting system is secure, coherent, and capable of providing timely access to information. Internal Control Unit is responsible for continuity and development of responsibilities by coordinating the necessary actions to ensure the effectiveness of the internal control system.

The Internal Control Unit conducts activities according to the approved Internal Control Plan. In 2019, Internal Control Unit worked through in order to maintain the internal control system. Besides, internal control activities have continued, and the efficiency of unit/process controls have been evaluated. The actions that are taken to offset risks and deficiencies in controls are efficiently monitored by the Internal Control Unit.

Risk Management

The Risk Management Unit is established as a 2nd line of defense to identify, quantify, monitor, and control all the risks to which the company is exposed. The Risk Management Unit is also responsible for overseeing business continuity, information security, and capital adequacy. In addition, the key risks that are identified together with business units are monitored closely, and the actions are reported to the Early Detection of Risk Committee and Aksigorta Risk Committee.

Compliance

In order to ensure compliance with the insurance regulation and other regulations which the Company is subject to, The Compliance Unit is responsible for full compliance of the Company to the entire regulation it is subject to. Announcing new/amended laws and regulations to company, determining and monitoring actions that need to be taken in order to comply with these laws and regulations are also under the Compliance Unit’s responsibility.

In addition, the unit is charged with developing and implementing a risk-sensitive program to ensure the company’s compliance with the requirements of anti-money-laundering laws, regulations, and administrative provisions; conducting activities required by such a compliance program; and communicating and coordinating activities as necessary with the Financial Crimes Investigation Board (MASAK). The Compliance Unit is responsible for raising awareness throughout the company and all distribution channels about Anti-Money Laundering/Combating the Financing of Terrorism by providing trainings, and also informing the Financial Crimes Investigation Board about suspicious transactions.

In line with the changing and developing conditions of the insurance industry, Compliance, turning more essential and comprehensive, has become an organization with wider activity fields by increasing its existing influence area both in the country and abroad more essential and comprehensive and. As in following;

Within the country; Financial Crimes Investigation Board (“MASAK”) of Ministry of Treasury and Finance is one of most recognized entities related with Compliance. Following new developments in insurance industry, there are many agencies and regulations. The following are among the main agencies and regulations;

  • Insurance and Private Pension Regulation and Supervision Agency (“SEDDK”),
  • Competition Authority having a significant influence on activities within the insurance industry,
  • Insurance Association of Turkey (“TSB”),
  • Electronic Communication Management System (İYS) by reason of advancing technological developments,
  • Various Non-Governmental Organizations (“STK”),
  • Personal Data Protection Authority (“KVKK”) and Data Controllers’ Registry Information System (“Verbis”)
  • State of Emergency (OHAL) - Decree Law (KHK) processes,

Internationally; the activities of Ageas Insurance International N.V. being our corporate partners and having a wide Insurance portfolio, transaction supervisions determined regarding the “Sanctions” which we have been hearing a lot recently due to interstate relations and OFAC (Office of Foreign Assets Control).

Among the most important duties of SEDDK which is recently established and playing a role similar to the Banking Regulation and Supervision Agency (“BDDK”) in the Insurance industry there are regulating, monitoring, auditing the activities of insurance companies and private pension companies, and imposing penalties on them when it is necessary.

Also, in the regulation regarding the establishment of SEDDK a participation share to be paid by the insurance companies is mentioned. The issues such as agricultural insurances, Turkish National Catastrophe Insurance Pool (DASK) shall also be regulated and audited under the authority of the agency. These regulations also fall under the tasks of Compliance Unit.