2019 ANNUAL REPORT
The Audit Committee’s Assessments of the Operation of the Internal Audit, Internal Control and Compliance, and Risk Management Systems

The activities of internal audit, internal control, compliance and risk management in our Bank are carried out respectively by the Supervisory Board, Directorate of the Internal Control and Compliance Department and Directorate of the Risk Management Department, under the Audit Committee.

The following is aimed with the organization that is established in a way to include all units and branches:

  • To continue banking operations in a secure manner in line with the legislation, policy, principles and objectives,
  • To achieve sustainable profitability targets, to perform the financial and administrative reporting in a timely and secure manner,
  • To define Ziraat Participation’s legal, nominal and financial risks, to measure, report, and monitor the risks and to minimize the concerned risks by controlling them.

THE FUNCTIONING OF INTERNAL AUDIT

The Supervisory Board controls whether the operations carried out by the Bank’s all units and branches are in accordance with the law and other relevant legislation and the Bank’s strategies, policies, principles and objectives; the effectiveness of internal control and risk management systems within the framework of risk-based audit approach.

The Supervisory Board continues to work in such a manner to contribute to the decision-making processes by informing the Bank’s Senior Management.

The Supervisory Board assessed the accuracy, effectiveness and efficiency of the operational steps that comprise of primary and secondary processes by auditing the Bank activities’ compliance with the processes which they are subjected to in accordance with the provisions of “Regulation on the Bank Information Systems and Banking Processes Audit to be Realized by External Audit Institutions” and “Regulation on Banks’ Internal System and Intrinsic Capital Adequacy Assessment Processes”.

The Branch, Unit and Process audits were completed at a ratio of 98% in accordance with the Audit Plan prepared to be implemented in 2019. The 2020 Audit Plan preparation works are still ongoing by taking into consideration the risks carried by the branches and units and in a manner compliant with the Bank objectives and policies.

The Management’s Declaration pertaining to the 2019 operations, which is prepared in order to present assurance about the effectiveness, adequacy and compliance of internal controls on the Information Systems and Banking processes, was prepared in time by adding the reports regarding the audits of the companies from which information systems processes audits and support services are procured. The Supervisory Board closely monitored the changes stipulated by the legislative regulations, the Banking Regulation and Supervision Agency decisions, the Bank’s Senior Management and the Headquarters units, and regularly revised the audit points.

THE FUNCTIONING OF INTERNAL CONTROL AND COMPLIANCE SYSTEM

The purpose of Internal Control activities is to ensure the protection of the Bank’s assets, effective and efficient conduct of the operations, unity and reliability of the accountancy and reporting system and timely access to the information.

Within the scope of “Regulation on Banks’ Internal System and Intrinsic Capital Adequacy Assessment Processes”, Internal Control activities were configured in a way to cover the operations of the Branches, the Headquarters units and the Subsidiaries Subject to Consolidation.

The branch control activities are carried out remotely and on-site within the framework of the control programs prepared according to the opening dates of new branches, most recent reporting dates and periodical risk situations of current branches.

In order to increase the risk and control awareness during the internal control activities of the branch and to prevent the losses arising from operational risks, the branch personnel were continuously informed.

Control activities in branches are conducted in line with main goals and strategies of the Bank in terms of scope and methods used. In addition to this, a proactive structure is adopted to provide compliance with changing strategy, risk perception and conditions on a timely basis.

In order to make control activities in branches more effective and efficient, they are performed over a web-based Control Model. With the proactive structure adopted, the Bank contributed to compliance of the Bank’s operations with external legislation and competitive conditions.

Internal Control activities carried out at the Headquarters units were conducted in compliance with the Bank’s main goals and strategies within the framework of law, other relevant legislation, the Bank’s internal policies and rules, and common banking practices. Moreover, while carrying out the activities, a proactive approach was adopted to make sure that the compliance to changing strategy, risk perception and conditions is provided without wasting time.

Internal Control system contributed to the carrying out of the Bank’s operations in compliance with the domestic and international legislations and competition conditions through the control matrixes that are prepared pursuant to the adopted proactive manner and regularly revised based on the possible changes.

The control periods of Headquarters units were determined by taking into consideration of the functions of the units, the risks they carry, job descriptions and the units’ effect on the Bank’s balance sheet and were revised in accordance with the needs.

Within our Bank, Internal Control activities were carried out on the following topics: functional segregation of duties; division of responsibilities; establishment of the accountancy and reporting system, the information system and the Bank’s internal communication channels in a manner that they will operate effectively; the creation of work flow charts in which the controls on the Bank’s work processes and work steps are indicated.

R&D studies are conducted in order to carry out technology-focused, central, and real-time internal control activities, and to help the relevant business units to take a rapid action against the common shortcomings.

The findings revealed as a result of all these activities were periodically conveyed to the Bank’s relevant business units and to the Senior Management.

Information Notes were prepared for the issues which are identified during the Internal Control activities carried out in the Headquarters units and the branches and which are considered being in need of rapid action taken and the notes were quickly shared with the relevant units and/or the Senior Management.

In 2019, Recommendation Reports were continued to be prepared for the improvement of processes regarding the operations carried out in the Bank and the establishment of control points on these processes, which will be complied and implemented by the personnel from all levels, increasing the effectiveness of the controls on the processes, prevention of possible risks, ensuring customer satisfaction and taking cost reducing measures.

Internal Control staff attended numerous trainings during the year for their professional development. In order to increase company-wide awareness for internal control activities, various trainings were organized for Bank employees and Internal Control staff has provided support for those trainings.

Within the framework of 18th article of Assessment Processes of the Banks’ Internal System and Intrinsic Capital Adequacy, compliance controls were carried out under the compliance function. In this context, all the operations that the Bank performs or plans to perform with the new transactions and products were controlled in terms of their compliance to law and other relevant legislation, the Bank’s internal policies and rules and the banking practices.

The compliance program for the Liabilities Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism was formed in accordance with the “Communiqué on Compliance with Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism”. Activities aimed at preventing the laundering of proceeds of crime have been carried out in line with national and international regulations and standards. Accordingly, the Compliance Service Unit performs the functions of inspection, monitoring, reporting, analysis and control.

The Bank’s policy for preventing the laundering of the proceeds of crime and financing of terrorism was updated based on Ziraat Finance Group’s policy and shared with the public on the Bank’s website. Moreover, the Bank’s employees are provided with face-to-face and online training regarding the prevention of laundering proceeds of crime and financing of terrorism to ensure they adopt compliance culture at global standards and implement this culture at their work and activities. Compliance Service Management realized branch visits with the same objective.

Within the scope of sectoral activities, the Bank participated a task force formed by TBB’s coordination to develop a remote training program which will be offered for use by all financial institutions with sector representatives from 9 different banks. Moreover, the Bank also participated a working group formed in OECD to prevent laundering of the proceeds of crime on an international basis during the process of National Risk Assessment Audits performed by Financial Action Task Force (FATF) which Turkey is also a member, along with sector representatives from 9 different banks.

THE FUNCTIONING OF RISK MANAGEMENT SYSTEM

The main purpose of Ziraat Participation risk management system is to ensure the definition, measurement, monitoring and control of the risks, to which the Bank is exposed, through the policies and the limits determined to monitor, control, and when necessary to change the operations’ nature and level in relation to the risk-return structure that the future cash flows will include.

The main approach in the risk management activities, instilling risk culture across the Bank in accordance with the provisions of “Regulation on Banks’ Internal System and Intrinsic Capital Adequacy Assessment Processes”, to execute the risk management function with best practices by continuously improving the system and the human resources. The activities carried out within the framework of risk management system are given care to be carried out simultaneously with the contributions of the units that are included in the business line with which each risk type is related.

The risk management activities cover the basic headings of credit risk, market risk, operational risk, liquidity risk and other risks. The final objective is to comply with the best practices.

Within the framework of credit risk management activities, the activities for the definition, measurement, monitoring and reporting of the credit risk by using the methods in compliance with Basel II. In this context, the calculation of the amount subject to credit risk, which began legally as of 1 July 2012, is monthly reported to the BRSA in solo basis. Due to the fact that our Bank became operational in May 2015, there is not adequate data for the measurement of credit worthiness in relation to the advance measurement methods.

The credit risk limits approved by the Board are monitored; the activities to carry out scenario analysis and stress test regarding the credit portfolios are ongoing. Also, the compliance activities with the Basel III regulations and the regulations revised by the BRSA within the framework of Basel are continuing.

Operational risk management activities comprise the definition, classification, measurement, and analysis of the operational risks.

These activities are carried out as part of the Bank’s “Operational Risk Management Regulation” that is prepared in accordance with the arrangements issued on 28 June 2012 by the BRSA to comply with Basel II. The compliance with the operational risk limits approved by the Board, which are determined in order to manage operational risks, is periodically monitored. The risks stem from information technologies and the actions taken are also monitored. The risk assessments are carried out for the companies from which support services are procured within the framework of the BRSA’s regulations that are currently in effect.

As part of operational risk, media analysis reports relevant to reputation risk and provided daily from the Bank’s Corporate Communication Service are examined.

Within the scope of market and liquidity risks management, measurement, analysis, limiting, reporting and monitoring activities are carried out pertaining to liquidity risk and dividend rate risk stemming from banking calculations. The analyses conducted are supported with stress test. The compliance to the market and liquidity risk limits, which are approved by the Board and determined to manage the concerned risks, is periodically monitored. Also, Value at Risk is calculated daily with the internal models regarding exchange risk as part of market risk and retrospective test analyses are carried out for these models.

The results of the analyses carried out within the scope of risk management activities and risk indicators are reported annually to the Board of Directors, at three months periods to the Audit Committee, at weekly and daily periods to the operational units.

In order to increase the internal systems personnel’s individual and occupational development, the personnel was ensured to attend internal and external training, conference and seminars, thus, their practical knowledge level is constantly being developed..

Starting operations in 2015 with the principle of “Achieving More by Sharing”, Ziraat Participation increased its total assets by 64% YoY to TL 36.4 billion and shareholders’ equity to TL 3.2 billion rising by 43% compared to the previous year, in parallel with the strategy of increasing the share of participation banking from the sector.

Cash loans increased by 63% compared to the previous year and reached 79% of total assets. When compared to previous year, cash loans increased by TL 11 billion while non-cash loans increased by TL 1 billion.

Funds collected continued to be the most significant fund resource at Ziraat Participation’s liabilities in 2019. Funds collected increased by 68% in December 2019 in comparison with 2018 year-end and reached TL 25.5 billion. Share of funds collected in balance sheet was 70%, and it consists of 16% Private Current Accounts and 84% Participation accounts. Moreover, current accounts increased by 74% in comparison with 2018 year-end and reached TL 4.1 billion.

Ziraat Participation closed the year 2019 with a profit of TL 516.7 million with its principles of balanced growth sustainable financial performance and profitability. Profit share revenue at an amount of TL 3.6 billion is the most significant revenue item of the Bank. Profit share received from credits is the largest item in profit share revenues. Moreover, Return on Assets was 1.8% and Return on Equity was 19.2%.

The Bank sustained its strong capital structure, high liquidity level and funding capability in 2019. Capital adequacy ratio which was 12.8% at 2018 year-end increased to 16.6 in 2019.

The Bank diversified its resource structure and issued 19 lease certificates through its subsidiary Ziraat Katılım Varlık Kiralama A.Ş. Redemption of 14 of these lease certificates were realized during the year.

Ziraat Participation had two separate subordinated loans in 2019, a secondary capital credit for TL 300 million from its main shareholder T.C. Ziraat Bankası A.Ş. and an additional principal capital credit for EUR 100 million from TWF Market Stability and Equilibrium Sub-fund of Turkey Wealth Fund.