Financial Crime World

Compliance Procedures for Banks in Turkey: A Growing Concern

In recent years, corporate risk management and legal compliance have become increasingly important in Turkey as the country continues to adopt stricter regulations to ensure financial stability and transparency. As a result, banks operating in Turkey must now adhere to a set of strict compliance procedures to mitigate risks and maintain good governance.

Key Obligations for Banks

Under Turkish law, banks are required to establish efficient and effective internal systems for risk tracking, covering all activities of domestic and foreign branches and consolidated subsidiaries. These internal systems consist of:

  • Internal audit
  • Internal control
  • Risk management systems

These systems must be overseen by the board of directors or delegated to a non-executive board member, committee consisting of non-executive members, or the audit committee.

Internal Control Units

Internal Control Units must inform the Audit Committee of information provided by internal control personnel and operations personnel every three months. The Internal Audit Unit is responsible for evaluating the sufficiency and effectiveness of internal control and risk management systems, reporting its findings to the Audit Committee, which in turn presents the report to the Board of Directors within 10 days.

Risk Management Units

Risk Management Units must establish a risk management system, design and implement risk measurement models, and monitor compliance with risk management policies tailored to specific types of risks, such as:

  • Interest rate risk
  • Treasury risk
  • Credit risk
  • Indirect country risk

These risk types are specified and detailed under Turkish banking regulations.

Standards and Guidelines

Code on the Protection of Personal Data

The Code allows companies to retain and process customer and employee personal data only after obtaining explicit consent (save for specific exceptions).

Corporate Governance Principles Communique

Listed companies must establish early risk detection committees, which report to the Board of Directors every two months and alert directors of any potential risks or threats that the company may face.

Obligations for All Undertakings

All undertakings domiciled or operating in Turkey are subject to relevant risk and compliance obligations. Key risk and compliance management obligations include:

  • Establishing early risk detection committees
  • Implementing internal control, audit, and risk management systems
  • Designating a non-executive board member, committee consisting of non-executive members, or the Audit Committee to oversee these systems
  • Reporting findings to the Board of Directors within 10 days
  • Maintaining customer satisfaction and product/service quality
  • Disclosing social responsibility activities in annual reports

In conclusion, compliance procedures for banks in Turkey have become increasingly important in recent years. Banks must adhere to strict regulations to mitigate risks and maintain good governance, while all undertakings domiciled or operating in Turkey are subject to relevant risk and compliance obligations.