The organization set up for the operation of internal control, internal audit and risk management systems at TEB was structured in accordance with the provisions of the “Regulation on Banks’ Internal Systems and Internal Capital Adequacy Evaluation” published in the Official Gazette dated 11 July 2014.

The mentioned structure is aligned with the scope and nature of the Bank’s operations, and possesses the quality and efficiency to respond to evolving conditions.

Risk Management, Compliance and Internal Control, and the Internal Audit Group report to the Board of Directors; independent of one another, these units worked in coordination and successfully completed their activities in 2015.

The Board of Directors has taken necessary action to approve important strategies and policies regarding control activities, and to maintain an efficient internal audit system and risk management system.

The audit system created encompasses all operations and units of the Bank and its subsidiaries. As at year-end, the Internal Audit Group was formed of 1 Group Head, 3 Assistant Group Heads, 6 Audit Managers, 4 Supervisor Auditors, 23 Auditors, 10 Authorized Assistant Auditors, 27 Assistant Auditors, 4 IT Audit Executives, 1 Internal Audit Group Support and Coordination Executive, 1 Internal Audit Group Support and Coordination Assistant Executive, and 1 Executive Assistant.

The Board of Directors has taken all necessary action to make sure that the Internal Audit Group is able to audit all operations and units of the Bank and its consolidated subsidiaries without any restrictions.

Within the scope of 2015 audit activities, 159 branches were audited.

In addition to branch audits, inspections were conducted in a total of 30 different areas: 19 at the Head Office, 6 at subsidiaries, 5 in IT. Besides these audits, Management Assessment was carried out, which covered banking and information technology processes.

The Compliance and Internal Control Group covers the Internal Control Division, Legislation and Compliance Division, and IT Control Division.

Internal control activities are arranged so as to cover basic control areas, and internal control and compliance functions have been organized separately. According to the internal control organization, the Branches Control Department and Head Office Control Department under the Internal Control Division conduct the daily, weekly, monthly or quarterly controls at branches and head office departments, respectively.

Legislation and Compliance function, on the other hand, encompasses the Legislation Department and the Compliance Department in line with the Regulation on Banks’ Internal Systems and Internal Capital Adequacy Evaluation issued by the BRSA.

The aim of Risk Management system is to define, measure and monitor the Bank’s risk exposure stemming from its operations, and to make sure that these risks are controlled through the policies, guidelines and limits established.

Risk Management functions of the Bank and all subsidiaries are gathered under the Group Risk Management. Group Risk Management reports to TEB Group Boards of Directors via the Audit Committee at TEB A.Ş. and is responsible for carrying out the general monitoring, warning and recommendation functions on behalf of the Boards of Directors in line with the principles stipulated in this regulation.

The Bank’s Group Risk Management is organized in four divisions:

Operational Risk and Business Continuity Department was included under the Risk Management Group as of November 2015.

At the Bank’s Board of Directors meeting held on 08 November 2005, a decision was passed to set up an Audit Committee responsible for the entire TEB Group companies in view of the provisions of Article 24 of the Banking Law no. 5411, and it was decided that the said committee should assume the powers of the members of the Senior Risk Committee set up at the Bank under Law no. 4389.

During 2015, the Audit Committee met 55 times. The Committee works committedly to monitor the risks on a consolidated basis across the entire Group, to create control points, to review documented procedures on the basis of activities, to provide the coordination among the Internal Audit Group, Risk Management, Compliance and Internal Control groups, and to set up the internal control system of the same scope between the Bank and Group companies.

The Bank closely monitors and implements international best practices, as well as the new regulatory requirements regarding internal audit and risk management systems.