CORPORATE GOVERNANCE

İŞBANK

ANNUAL REPORT 2014

77

Internal Control

Internal Control system of İşbank is designed and operated in a way to ensure the protection of assets of the Bank, the continuation of the

Bank’s activities in compliance with the laws and other related regulations, banking conventions, internal rules and policies; in an effective

and efficient way and to provide the reliability and integrity of accounting and financial reporting systems and to enable the availability of

information in a timely manner. The continuous integrity of the Bank’s operations is enabled by the internal control system.

At the time of planning and operation of Banking activities, the main framework of the internal control activities that are carried out by all

of İşbank personnel with a sense of high responsibility are structured on the control of operations, the control of communication channels

and information systems, control of financial reporting system and compliance controls. The Internal Control Division operates under the

direction of and reports to the Board of Directors. It aims to provide the maximal contribution to ensure that the internal control structure

that makes up the Bank’s control infrastructure always functions in compliance with the related laws, regulations and standards in a sound,

strong and effective way. Internal Control Division is responsible for examining, controlling, monitoring and evaluating the Bank’s activities

and reporting its findings to the parties concerned. Control and monitoring activities by the Internal Control Division are carried out by on

site activities and/ or from a central location, these controls are structured to comprise the Head Office divisions, internal and external

branch operations and subsidiaries that are subject to consolidation.

The results of internal control activities together with opinions and recommendations that will increase effectiveness and efficiency are

shared with those responsible for the related processes and this contributes to the implementation of solutions. All of these proceedings

are continuously and closely monitored by the internal controllers and the Internal Control Department Management as well as by those

responsible for the conduct of the activities. The evaluations made about the operations are reported to Senior Management. The results

of the internal control activities are also continuously evaluated and monitored by the Board of Directors and the Audit Committee.

In the strong control environment of İşbank, all employees work with a high sense and responsibility of control. The Board of Directors

monitors and supports the internal control system so that it functions in line with the goals of the Bank in an efficient and effective way.

The potential risks and their probable effects have been assessed and the necessary controls to mitigate the risks or keep them at an

acceptable level have been implemented. There is a healthy communication environment which provides the access to information to

implement internal control activities that support corporate goals and which enables all employees to be informed about their internal

control duties and responsibilities. The existence and healthy operation of internal control components are monitored continuously and

orderly by all the relevant parties who continually strive to develop the internal control system. It is concluded that İşbank’s internal control

system is dependable and operates effectively in line with the regulations and parallel with the goals and targets of the Bank.

Compliance

Compliance is the foremost duty and responsibility of all managers and employees of the Bank at any level. The functions and activities

regarding compliance executed in the Head Office Divisions and Branches of the Bank is monitored through the corporate compliance

activities conducted within the Corporate Compliance Division, which reports to the Board of Directors.

Corporate Compliance Division operates with the purpose to provide maximum contribution in order to manage the compliance risk and

control this risk in an appropriate and efficient manner and in this regard to execute and manage the activities of the Bank continuously in

compliance with the relevant laws, regulations and standards.

The necessary researching, analyzing, monitoring, assessing, informing, conducting, coordinating and reporting activities regarding

compliance issues are conducted within the Corporate Compliance Division, which consists of four units, namely, Corporate Compliance,

Banking Activities Compliance, Fiscal Offences, and Capital Market Instruments Suspicious Transactions Investigation.

The duties and responsibilities of the Compliance Officer as stated in the Prevention of Laundering Proceeds of Crime Law and other

related regulations in effect are fulfilled by the Head of Corporate Compliance Division, who is the legal “Compliance Officer” of the Bank as

well. The activities regarding the prevention of laundering proceeds of crime and finance of terror in our Bank are executed in an express

and efficient manner within the context of related legislations and the Bank’s Policy and the Compliance Program, which have been

prepared in accordance with these legislations.

Capital Market Instruments Suspicious Transactions Investigation Unit, was established in accordance with the “Communiqué on Obligation

of Notification Regarding Insider Trading or Manipulation Crimes” (V-102.1) published in the Official Gazette edition 28889 on 21/01/2014.

Bank’s Compliance and Compliance Risk Management Policy and Prevention of Laundering Proceeds of Crime and Finance of Terror Policy

are stated in “Investor Relations / Corporate Governance” link at our Bank’s website

www.isbank.com.tr

in English and Turkish.

The results of the activities regarding compliance are also regularly monitored and evaluated by the senior management and the Board of

the Bank.