As the sole official export credit agency in Türkiye, Türk Eximbank supports the exports sector with its credit, guarantee and insurance programs through non-profit activities. However, the Bank also seeks to ensure the most appropriate rate of return in order to maintain its capital and financial strength, and it complies with broadly accepted banking and investment principles in all its activities. In this regard, while conducting its legal function, which is “to provide financial support to exports sector”, the Bank maintains its risk level without weakening its financial strength.

As per the provisions of the legislation issued by the BRSA regarding Banking Law No. 5411, necessary organizational structures were developed at the Bank, internal systems of the Bank were established, and an Audit Committee was formed. Internal Audit Directorate, Internal Control Directorate, Risk Management Directorate and Regulation and Compliance Directorate carry out their activities under the supervision of the Audit Committee made up of two members elected by the Board of Directors from amongst its own members.

In 2024, the Audit Committee held 14 meetings and took 30 different decisions.

Internal Audit

The Internal Audit Directorate carries out its responsibilities to the Board of Directors via the Audit Committee, which was established to perform the supervisory and regulatory obligations of the Board of Directors and to perform the following tasks within the framework of Audit Committee Regulation issued within the scope of the Regulation on Internal Systems of Banks and Internal Capital Adequacy Assessment Process:

• Analyzing and evaluating the compliance of the Bank’s activities with the relevant laws, regulations, decrees, communiqués, articles of association, banking principles, instructions and other statutes,
• Reviewing and evaluating the functioning, efficiency and adequacy of the Bank’s internal control and risk management systems,
• Providing opinions, suggestions and comments regarding effective and efficient use of the Bank’s resources,
• Reviewing the accuracy and reliability of accounting records and financial reports,
• Evaluating the operation, efficiency and adequacy of the Bank’s information systems and communication channels,
• Conducting audits and examinations of operations, accounts and activities in the Bank’s headquarters units, regional directorates and branches.

Assigned with risk-based auditing of all activities of the Bank without any limitations periodically, the Internal Audit Department performs its activities in an impartial and independent manner exercising the required professional diligence, with the aim of ensuring that the resources are used efficiently and that all activities make the maximum contribution to the Bank.

The annual Audit Plans are prepared and implemented in keeping with this understanding, taking other comprehensive criteria into consideration in line with the risk assessment matrices prepared by the Internal Audit Directorate and the Bank’s risk assessment matrix. Auditing the Bank’s units, branches and processes financially, operationally and in terms of compliance and reporting within the framework of the annual Audit Plan, the Internal Audit Directorate communicates the findings covered in the reports that are produced as a result of the audits to the Board of Directors via the Audit Committee and closely monitors the steps taken in relation to the findings. In addition, the Board of Directors keeps abreast of the activities of the Internal Audit Directorate through its quarterly activity reports submitted via the Audit Committee.

According to the relevant legislation issued by the BRSA, the Bank must present a “management declaration” to its external independent auditors, signed by the Board of Directors for each audit period, concerning the current situation and internal control activities carried out on information systems and banking processes. In this regard, the control and audit activities intended to be the basis of this management declaration were prepared by the Internal Control Directorate and the Internal Audit Directorate for information systems and banking processes, and the report prepared was presented to the Board of Directors.

The Audit Committee continued its activities in 2024 with the aim of developing the activities of the Bank and adding value to them, and it ensured that the internal control activities that form the basis of the management declaration are performed in a coordinated manner.

Internal Control

Carrying out its activities and reporting to the Board of Directors via the Audit Committee, the Internal Control Department is charged with the following monitoring and control activities by observing the matters mentioned below, within the frame of the Internal Control Department Bylaws drafted in accordance with the Regulation on the Internal Systems and Internal Capital Adequacy Assessment Process of Banks.

• Establishing functional separation of duties, distribution of responsibilities and creation of workflow diagrams at the Bank,
• Integrity and security of accounting and financial reporting system and information systems, and timely availability of information,
• Functionality of internal communication channels that will ensure communicating the information produced and problems confronted with related individuals,
• Identification of the deficiencies or weaknesses in the design of operation of internal control mechanisms embedded in information systems applications employed in the performance of operations related to banking processes that are comprised of credit, insurance, treasury, accounting, financial reporting and payment systems,
• Verification of the existence and operation of manual and systemic approval mechanisms for critical processes and whether restrictions are adhered to,
• Verification of the compliance of the Bank’s activities and products with the Law and other applicable legislation, and controls regarding new product processes
• Implementation of guidelines set regarding the recording, retention and accessibility of documents and assets kept in physical safe deposit boxes and especially the guarantees received,
• Existence and update of business continuity plans consisting of information systems business continuity and emergency and contingency plans,
• Activities related to information systems management at the Bank and at the providers of outsourced services, processes supporting these activities, and compliance of the information systems controls in place with the legislation and internal policies, procedures and standards.

Accordingly, in 2024, the Internal Control Department carried out control activities concerned with the Bank’s units, branches and processes under its internal control schedule, and communicated the findings to relevant units, provided guidance for remedial actions, and followed up the outcomes of the actions taken by related units.

The quarterly reports of the Internal Control Department relating internal control activities were presented to the Audit Committee regularly. The control and audit activities concerning information systems and banking processes that form the basis of the Management Declaration to be submitted to the independent auditor were carried out by the Internal Control Directorate and the Internal Audit Directorate, and the report produced was presented to the Board of Directors via the Audit Committee.

Risk Management

According to the Charter and Procedures of the Risk Management Directorate approved by the Board of Directors, the Risk Management Directorate is responsible for:

• Describing, measuring and analyzing the Bank’s risk exposure as a whole within the frame of the principles approved by the Bank’s Board of Directors; managing and monitoring them in view of internal limits/early warning thresholds approved by the Board of Directors, and creating and exploring risk policies and implementation procedures,
• Performing profit, cost and capital calculations regarding the manageability of all these risks in cooperation with related departments, taking into account national and international regulations, and timely reporting risk data to the Board of Directors via the Audit Committee.

Risk management activities at the Bank are being carried out through the Credit Risk and Market and Other Risks departments with the target of bringing the risk management function close to best practices by establishing a risk culture across the Bank and by constantly improving the system and human resource in accordance with the Regulation on the Internal Systems and Internal Capital Adequacy Assessment Process of Banks, other applicable regulations, and the BRSA Best Practices Guides.

Within the frame of risk management activities;

Under the Credit Risk, risks arising from cash and non-cash loan transactions are monitored against the regulatory and Bank-specific limits. Commercial bank risk taken directly or indirectly gets the highest share within the credit risk, which is the largest category of the Bank’s risk exposure. Therefore, cash and non-cash limits made available to banks are assessed in detail, and updated as needed. Credit Risk is reported to the BRSA according to the BRSA’s Standard Method. Counterparty Credit Risk, which is a sub-item of credit risk and refers to the losses that may result from potential deteriorations in creditworthiness upon defaulting of banks particularly engaged in derivatives and repurchasing transactions, is measured using the Basel III Standard Method and includes the same in capital adequacy calculations.  

Market risk is calculated monthly using the Standard Method devised by the BRSA and is considered in the calculation of the Capital Adequacy Ratio. In order to duly manage the interest rate and exchange rate risks that make up the main elements of the market risk; transactions performed in money and capital markets need to be diversified, taking into consideration the instruments, maturity, currency, type of interest and similar parameters. As the trading portfolio making the basis for market risk has a very little share in risk-weighted assets at Türk Eximbank, which is a mission bank, the market risk liability is also very low. The Bank implements hedge accounting principles for derivative transactions.

Operational Risk involves identification of risks arising from inadequate or failing internal processes, people and processes or external events associated with banking activities, and assessment and oversight of controls pertaining to these risks. Operational risk management function is fulfilled by the Operational Risk Committee under the policies set by the Board of Directors. Operational risk, which is one of the capital adequacy items, is calculated once a year using the basic indicator method, and reported to the BRSA. In addition to that, internal method, which is developed in accordance with the IT risk methodology, is also used and records subject to risk, which are entered into data entry screens, are subjected to modeling in view of their significance. IT risks, which represent another source of operational risk, is managed by an independent risk management process, and is included in the integrated risk matrix which consolidates the impact and probabilities for all of the Bank’s risks.

Apart from credit, market and operational risks which make up the Pillar 1 of Basel II, quantitative and/or qualitative studies are carried out on other risk types such as country risk, concentration risk, structural interest rate risk, liquidity risk, environmental/social risks, climate-related financial risks and reputation risk that take place within the Pillar 2. All risks that the Bank is exposed to are closely monitored within the frame of Internal Limits and Early Warning Thresholds approved by the Board of Directors. Based on the Board of Directors decision dated 23 December 2024, Climate-Related Financial Risks Committee has been set up for overseeing the Bank’s compliance with Climate-Related Financial Risks, and for undertaking improvement efforts in view of the Türkiye Sustainability Reporting Standards (TSRS) activities.

The ICAAP Report prepared based on the actualizations of the previous year-end, and which makes the capital planning for the next three years, and the Stress Testing attended thereto, were approved by the Board of Directors and sent to the BRSA before the end of March in accordance with the BRSA legislation in force. According to the relevant articles of the ICAAP Report that refers to the Risk Appetite, Türk Eximbank has adopted maintaining the capital adequacy ratio in the 13%-15% interval as its risk appetite indicator, and embraced the principle that any capital adequacy ratio level below 13% should trigger initiatives to increase the capital.

In Stress Testing and Scenario Analyses, calculations are performed also for Economic Capital under the scenarios of downgraded country rating for Credit Risk, increased loss ratios in case of default or increased exchange rate; for Value at Risk using Historical Simulation under exchange rate shocks for information purposes for Market Risk; for individual and universal stress tests and reverse stress tests for Environmental and Social Risks and Climate-Related Financial Risks; and for capital requirements according to various scenarios devised based on the loss database within the frame of Basel III Standard Method for Operational Risk.

Results of stress tests performed with internal models as well as standard methods demonstrate that, with its stable and strong capital structure, the Bank can operate free of any problems while under intense stress factors.

For Liquidity Risk that our Bank monitors closely, instant cash inflows/outflows are monitored and the continuity and sustainability of liquidity adequacy are guaranteed with the gap analyses, scenario analyses, and stress/reverse stress tests performed. The Emergency and Contingency Plan also incorporates the rules set that rates the actions to be taken in connection with the severity of the incident to be experienced in case of liquidity crunch.

Regulation and Compliance

The Regulation and Compliance Directorate monitors regulatory framework for ensuring continued compliance of the Bank’s activities with the governing legislation and ensures that the related employees are informed of changes in the regulatory framework by way of announcements. Before draft regulatory arrangements concerning the banking business are enforced, the Bank’s internal units are briefed about the drafts to determine the potential implications of the related arrangement for the Bank, and the Bank’s opinions and feedback regarding the same are obtained and shared with the regulatory agencies.

In cases where it is deemed necessary, briefing and coordination are carried out for the participation of related units in the meetings held before the Banks Association of Türkiye (BAT). The Bank takes part in the working groups set up at the BAT via relevant business units. When opinions are requested, the feedback received from related business units are considered and coordinated as necessary for responding to the relevant agency on behalf of the Bank.

The Directorate establishes the regulatory framework governing the Bank and keeps it up-to-date, and assesses the regulatory conformity of products and services that the Bank will design/revise.

Feedback is provided for execution of the Bank’s activities in accordance with the Banking Law and applicable legislation, the Bank’s internal policies and guidelines, and the Bank’s Articles of Association. Coordination is provided with related units for updating the processes in accordance with the legislation depending on regulatory changes.

The main points of regulatory changes are communicated to the entire Bank through monthly Regulatory Bulletins.

Regulation and compliance controls are performed to establish the effect regulatory changes will have on the Bank’s affairs and transactions, along with necessary actions to be taken. The Directorate carries out compliance activities in order to protect against, monitor, and control the risks within the scope of the Prevention of Laundering Proceeds from Crime (AML), Financing of Terrorism (CFT) and Proliferation of Mass Destruction Weapons. With the aim of monitoring international sanctions in this respect, controls are performed regarding the decisions of various organizations and institutions such as the UN Security Council, the US Office of Foreign Assets Control (OFAC), the European Union and the like.

The Directorate identifies and classifies the Bank’s potential AML/CFT risks, defines measures for mitigating those risks, and evaluates the effectiveness and efficiency of those measures. In addition, current compliance risk trends are monitored, and the Bank’s products/services and customer profile are subjected to systemic risk analysis in the light of these risks.

Related parties’ requests for information and questionnaires in relation to compliance processes and information/document requests from governmental agencies, in particular from MASAK (Financial Crimes Investigation Board,) for anti-money laundering and countering the financing of terrorism are fulfilled. Asset freezing decisions published by our country’s authorities are followed up and necessary actions are taken accordingly.

The Unit also takes actions for raising increased awareness of the Anti-Bribery/Anti-Corruption and Ethics Policy and execution of associated processes, which are aimed at explicitly and clearly manifesting the Bank’s commitments for combating bribery/corruption and for ethics, establishing the rules/responsibilities for determining potential actions that can be considered in this frame and preventing them; raising employee consciousness and ensuring compliance with national/international regulations.

Training programs that deal with the topics addressed in national and international legislation and regulations targeted at the Bank’s personnel are organized in cooperation with HR. Training contents are updated in view of the minimum regulatory requirements and international developments. Furthermore, the Directorate employees take part in the seminars, training programs and workshops that are linked to their field of activity.

The Directorate takes part in internal committees acting as the committee’s secretariat or member, and thus, performs corporate compliance activities.

The Directorate also handles compliance efforts in relation to Islamic banking transactions that are carried out based on the provision that development and investment banks are allowed to provide financing provided that the same are compliant with the requirements that rely on the fund provision methods of participation banks and restricted to resources that they shall have secured exclusively through interest-free methods as set out in Article 77 of the Banking Law and the BRSA Regulation on Banks’ Lending Transactions published in the Official Gazette issue 30666 dated 25 January 2019 (revision RG-21.12.2023-32406).

Opinions and feedback concerning the conformity of transactions carried out in this scope to the Islamic Banking Principles and Standards are shared with related units, necessary information is provided, and compliance controls are performed.

It is targeted to lend contribution to establishing the Bank’s compliance with the national/international legislation in force, the Bank’s internal policies and procedures, organizational management and ethical standards, as well as to protecting the Bank’s reputation, through the Directorate’s activities.