VKF_FRAE_2017

PART II: MANAGEMENT AND CORPORATE GOVERNANCE PRACTICES 120 VakıfBank Annual Report 2017 CORPORATE GOVERNANCE PRINCIPLES COMPLIANCE REPORT The Corporate Governance Committee is composed of the Members of the Board of Directors Serdar Tunçbilek (Committee Chairman - Independent Member), İsmail ALPTEKİN and Head of International Banking and Investor Relations Mustafa TURAN. The Committee generally convenes once every three months or at least twice in a year on semi-annual basis on a date determined by the Committee Chairman. The Remuneration Committee is composed of Öztürk ORAN (Committee Chairman - Independent Member), Dr. Adnan ERTEM and Dilek YÜKSEL. Remuneration Committee evaluates the remuneration policy and applications within the scope of risk management and submits the suggestions as a report to the Board of Directors every year. The Committee convenes once every year. Committees carry out their tasks within the scope of the framework of the working principles specified in the Articles of Incorporation of the Bank. Committees meet at a regularity required by their tasks. All tasks are carried out in writing and necessary records are kept. Furthermore, the procedures and principles practiced by the committees in carrying out their activities are available in the Annual Report. The 48 th Article of VakıfBank Articles of Corporation in relation to the criteria of the selection of Board of Members is as follows: “The Board of Directors of the Bank consists of nine members including the General Manager”. However, the number of the Members of the Board of Directors carrying out tasks is “8”. Board Members assume duties in more than one committee since the number of the members of the committees of the Board of Directors is greater than the number of the members of the Board of Directors as stipulated in the principles of the Capital Markets Board Corporate Governance Principles and Banking Regulation and Supervision Agency. Committees are composed of at least 2 members. 5.4 Risk Management and Internal Control Mechanism Head of Risk Management directly reporting to the Audit Committee that is responsible for carrying out activities for defining, measuring, reporting, monitoring and controlling the risks that the Bank faces. Furthermore, all departments are considered as a part of the risk management system. Risk Management activities in the Bank are carried out in conformity with the legal legislation, also international best practices are pursued. Within this scope, risk management strategies were set up, as the policies for managing each of the risks were written within the framework of principle of materiality. A capital structure in appropriate with the risk level is closely monitored, as the Bank’s resistance against unexpected and negative developments is measured via scenario analysis and stress tests. Besides measuring legal capital requirement, İSEDES (Internal Capital Adequacy and Evaluation Process) activities that include internally evaluating the capital requirement for the risks the Bank faces/will face also carried out, as the results are evaluated by the top management. Furthermore, Risk Management Department carries out its activities in coordination with the Audit Board and Internal Control Department, within the scope of the “Regulation on Banks’ Internal Systems and Internal Capital Adequacy Evaluation Process”. An efficient and effective internal control system was set up in order to; I) carry out the activities of the Bank in conformity with the targets, policies and strategies set by the top management and within the framework of existing legal legislation, and II) make sure that risky transactions are controlled in the Bank. In order to set up, develop and coordinate a healthy internal control system in the Bank and to enable the reliability, integrity of the accounting and financial reporting system, and timely access to information, the Internal Control Department controls the operational procedures for carrying out activities of the Bank, bank’s communication channels, information systems, financial reporting systems and business processes. Findings and suggestions within the scope of the internal control activities conducted onsite or from the center by the internal control staff are reported and shared with the relevant departments as the actions taken are monitored. Furthermore, information technology controls are also performed to check whether or not information system activities are carried out securely and in conformity with the guidelines determined by the Bank. Internal Control Department; I) controls the functional classification of tasks, and distribution of duties and responsibilities, for defining, measuring and preventing the Bank’s risks, II) presents opinions about existing, changed, cancelled or new set up procedures and processes, and about the projects formulated by the Bank’s business departments, and evaluates their potential risks and their compliance to Bank’s internal policies and guidelines III) determines control points, IV) makes effective controlling and monitoring, set up and enhancing auto-control and systematic control mechanisms in processes and procedures, and decreasing operational risks. The Audit Board Department performs systematic audits on internal control and risk management systems in conformity with all legal regulations and Bank’s directives. Compliance Department carries out necessary activities in order to ensure compliance with the legal obligations within the scope of “Prevention of Laundering of Proceeds of Crime and Financing of Terrorism”, and with the international rules and principles on the same issue. Within this scope, as per the “Regulation On Program of Compliance with The Obligations Regarding Prevention of Laundering of Proceeds of Crime and Financing of Terrorism”, in order to ensure that the Bank’s obligations are fulfilled; » » necessary policies and procedures are structured in the issues of identifying the customers, classifying them into risk categories and monitoring them, informing about the suspicious customer transactions and » » controls are made to see if these policies and procedures are implemented or not,