The General Assessment of the Audit Committee for the Year 2020 Regarding Activities and Risk Management, Internal Control and Internal Audit Systems at Turk Eximbank
As the sole official export credit agency in Turkey, Turk Eximbank supports the exports sector with its credit, guarantee and insurance programs through non-profit activities. However, the Bank also seeks to ensure the most appropriate rate of return in order to maintain its capital and financial strength, and it complies with broadly accepted banking and investment principles in all its activities. In this regard, while conducting its legal function, which is “to provide financial support to exports sector”, the Bank maintains its risk level without weakening its financial strength.
As per the provisions of the legislation issued by the BRSA regarding Banking Law No. 5411, necessary organizational changes were made at the Bank on 31 October 2006, internal systems of the Bank were established with their current status, and an Audit Committee was established. Internal Audit, Internal Control, Risk Management and Compliance departments carry out their activities under the supervision of the Audit Committee made up of two members elected by the Board of Directors from amongst its own members.
The Internal Audit Department carries out its responsibilities to the Board of Directors via the Audit Committee, which was established to perform the supervisory and regulatory obligations of the Board of Directors and to perform the following tasks within the framework of Audit Committee Regulation issued within the scope of the Regulation on Internal Systems of Banks and Internal Capital Adequacy Assessment Process:
Analyzing and evaluating the compliance of the Bank’s activities with the relevant laws, legislation, regulations, decrees, communiqués, instructions and other statutes;
Reviewing and evaluating the functioning, efficiency and adequacy of the Bank’s internal control and risk management systems;
Conducting investigations and examinations of operations, accounts and activities in the Bank’s headquarters units, regional directorates and branches.
The Internal Audit Department performs its activities in an impartial and independent manner using a risk-based approach, with the aim of ensuring that the resources are used efficiently and that all activities make the maximum contribution to the Bank.
The annual audit plans are prepared and implemented using risk assessments of the risk appraisal matrix.
In order to ensure effective continuity of internal audit activities, the Internal Audit Department has performed inspections at the units, branches and representatives of the Bank within the framework of the annual audit plan. The Audit Department reports to the Board of Directors via the Audit Committee, and it monitors the measures taken against inappropriate conduct. In addition, the Board of Directors keeps abreast of the activities of the Internal Audit Department through its quarterly and annual activity reports submitted via the Audit Committee.
According to the relevant legislation issued by the BRSA, the Bank must present a “management declaration” to its external independent auditors, signed by the Board of Directors for each audit period, concerning the current situation and internal control activities carried out on information systems and banking processes. In this regard, the control and audit activities intended to be the basis of this management declaration were prepared by the Internal Control Department and the Internal Audit Department for information systems and banking processes, and the report prepared was presented to the Board of Directors. The Management Declaration was signed by the Board of Directors on 31 January 2020 and submitted to the external auditor.
The Audit Committee continued its activities in 2020 with the aim of developing the activities of the Bank and adding value to them, and it ensured that the internal control activities that form the basis of the management declaration are performed in a coordinated manner.
The primary objective of the internal control system established at the Bank based on the provisions of the legislation published by the BRSA is to secure the protection of the Bank’s assets; to ensure performance of the Bank’s activities effectively and efficiently and in compliance with the Law, other applicable legislation, internal policies, guidelines and banking customs, and to guarantee the reliability and integrity of accounting and financial reporting system, and timely availability of information.
Main functions of the Internal Control Department include designing the internal control system and internal control activities, and defining how they will be performed in cooperation with the senior managers of related units, contributing to the adoption of internal control culture and discipline by employees at all levels of the Bank, ensuring internal coordination for the establishment and development of the internal control environment, monitoring, examining and controlling by using various methods to verify that the Bank’s operations are carried out securely, and ensuring that the internal control system is maintained as a self-running mechanism by mobilizing related parties for resolving the findings from the aforementioned activities.
The duties of the Internal Control Department are set out in the Internal Control Department Regulation which is approved and enforced by the Board of Directors decision no. 136, dated 20 December 2019.
Within the duties delegated to it, the Internal Control Department performed monitoring, analysis and control activities by observing the matters mentioned below, giving priority to processes and transactions identified based on a risk-focused approach and within the materiality criteria during 2020:
Findings of on-site or distant monitoring, review and controls performed manually or with systematic methods conducted by the Internal Control Department in 2020 on matters such as functioning of internal control mechanisms in units where banking operations are performed, compliance with rules and limitations and existence of required control points in information systems, have been shared with the related units. Instructions on correction of deficiencies and flaws were shared and results of the actions taken by the relevant units were followed up.
The quarterly reports of the Internal Control Department relating internal control activities were presented to the Audit Committee regularly. The control and audit activities concerning information systems and banking processes that form the basis of the Management Declaration to be submitted to the independent auditor were carried out by the Internal Control Department and the Internal Audit Department, and the report produced was presented to the Board of Directors via the Audit Committee.
According to the Charter and Procedures of the Risk Management Department approved by the Board of Directors, the Risk Management Department is responsible for:
Risk management activities at the Bank are being carried out with the target of bringing the risk management function close to best practices by establishing a risk culture across the Bank and by constantly improving the system and human resource in accordance with the Regulation on the Internal Systems and Internal Capital Adequacy Assessment Process of Banks, other applicable regulations, and the BRSA Best Practices Guides.
Within the frame of risk management activities;
Under the Credit Risk, risks arising from cash and non-cash loan transactions are monitored against the regulatory and Bank-specific limits. Commercial bank risk taken directly or indirectly gets the highest share within the credit risk, which is the largest category of the Bank’s risk exposure. Therefore, cash and non-cash limits made available to banks are assessed in detail, and updated as needed. In addition, limits are defined on the basis of banks in order to eliminate concentration risk. Credit Risk is reported to the BRSA according to the BRSA’s Standard Method.
Market risk is calculated monthly using the Standard Method devised by the BRSA and is considered in the calculation of the Capital Adequacy Ratio. Interest rate and exchange rate risks make up the main elements of the market risk; in order to duly manage these risks, transactions performed in money and capital markets need to be diversified, taking into consideration the instruments, maturity, currency, type of interest and similar parameters. In addition, as almost the entire portfolio subject to market risk is hedged, market risk is very low. The Bank implements hedge accounting principles regarding derivative transactions.
Operational Risk entails identification of risks arising from banking operations, and evaluation and monitoring of controls associated with these risks. An IT risk matrix is created for monitoring and managing IT risks.
Stress Tests section of the Internal Capital Adequacy Assessment Process (ICAAP) and the ICAAP Report were approved by the Audit Committee and the Board of Directors, and was submitted to the BRSA in March. Under ICAAP, Turk Eximbank has adopted maintaining the capital adequacy ratio in the 13%-15% interval as its risk appetite indicator, and embraced the principle that any capital adequacy ratio level below 13% should trigger initiatives to increase the capital.
When preparing Stress Tests, in addition to the standard method, economic capital calculations are performed regularly using the ratings assigned by international rating agencies to commercial banks to which a transaction limit has been allocated, Probability of Default (PG) and Loss Given Default (LGD) values, given the fact that the Bank extends credits substantially via the commercial banking system. The calculations made are repeated also under stress conditions assuming negative change in PD and increased LGD ratios.
The credit risk stress tests carried out with the internal models indicate that, with its stable and strong capital structure, the Bank can operate free of any problems while under intense stress factors. In addition to credit stress tests, Value-at-Risk calculations were conducted for information purposes for market risk which has a relatively small share in risk weighted assets (0.2%) considering foreign currency and interest stress factors.
In addition to all these activities, reports incorporating scenario analysis of GAP, Duration, Assets and Liabilities management are regularly submitted to the Bank’s senior management.
As part of TFRS 9 provision calculations, work continued throughout the year to update the model’s parameters (PD, LGD, etc.).
During the reporting period, Capital Adequacy calculations were performed taking into consideration the COVID-19 measures introduced by the BRSA.
Regulatory Compliance Department follows up regulatory framework in order to ensure compliance of the Bank’s operations with the applicable legislation governing the Bank, makes sure that they are captured in internal practices through the announcements and guidance it provides, and evaluates and forms opinions regarding the regulatory compliance of new products and services. The Department represents the Bank in various Working Groups active within the Banks Association of Turkey, takes part in anti-bribery initiatives associated with export credit before OECD, and supports the formulation of related internal policies and procedures. In addition, the Department carries out the activities for putting into practice the regulations in relation to anti money-laundering and prevention of terrorist financing by keeping a close eye on local/international regulations and regulations related to personal data protection. The Department is also assigned with exchanging opinions with regulatory and supervisory authorities, and sharing the opinions received with related units.
Member of the Audit Committee
Member of the Audit Committee