Bankacılık Sektörü (Basel Prensiplerine Uyumu, BCP) (8 Şubat 2017)

IMF Country Report No.
17/46
TURKEY
FINANCIAL SECTOR ASSESSMENT PROGRAM
February 2017
DETAILED ASSESSMENT OF OBSERVANCE—
BASEL CORE PRINCIPLES FOR EFFECTIVE
BANKING SUPERVISION
This Detailed Assessment of Observance of the Basel Core Principles for Effective Banking
Supervision on Turkey was prepared by the staff of the International Monetary Fund and
the World Bank. It is based on the information as of April 2016.
Copies of this report are available to the public from
International Monetary Fund  Publication Services

PO Box 92780  Washington, D.C. 20090
Telephone: (202) 623-7430  Fax: (202) 623-7201
E-mail: [email protected] Web: http://www.imf.org
Price: $18.00 per printed copy
International Monetary Fund

Washington, D.C.
© 2017 International Monetary Fund

TURKEY
FINANCIAL SECTOR ASSESSMENT PROGRAM
November, 2016
DETAILED ASSESSMENT OF
OBSERVANCE
BASEL CORE PRINCIPLES FOR EFFECTIVE BANKING
SUPERVISION
Prepared By This report was prepared in the context of a joint

IMF-World Bank Financial Sector Assessment
Monetary and Capital
Program (FSAP) mission in Turkey during April, 2016,
Markets Department, IMF,
led by Nigel Jenkinson, IMF and Mario Guadamillas,
and Financial and Private
World Bank, and overseen by the Monetary and
Sector Development, World
Capital Markets Department, IMF, and the Financial
Bank
and Private Sector Development Vice Presidency,
World Bank. Further information on the FSAP
program can be found at
http://www.imf.org/external/np/fsap/fssa.aspx, and
www.worldbank.org/fsap.
INTERNATIONAL MONETARY FUND THE WORLD BANK

TURKEY
CONTENTS
GLOSSARY _________________________________________________________________________________________ 3
LIST OF REGULATIONS ___________________________________________________________________________ 5
INTRODUCTION __________________________________________________________________________________ 9
INSTITUTIONAL AND MARKET STRUCTURE—OVERVIEW ___________________________________ 10
PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION __________________________________ 15
DETAILED ASSESSMENT ________________________________________________________________________ 18

A. Supervisory Powers, Responsibilities, and Functions __________________________________________ 18
B. Prudential Regulations and Requirements ____________________________________________________ 91
SUMMARY COMPLIANCE WITH THE BASEL CORE PRINCIPLES _____________________________ 222
RECOMMENDED ACTIONS AND AUTHORITIES’ COMMENTS_______________________________ 239

A. Recommended Actions_______________________________________________________________________ 239
B. Authorities’ Response to the Assessment ____________________________________________________ 243
FIGURES
1. A Bank Dominated Financial Sector ___________________________________________________________ 12

2. A Mid-sized Banking System Characteristics __________________________________________________ 13
TABLES
1. Turkey Financial Soundness Indicators (FSI) ___________________________________________________ 14
2 INTERNATIONAL MONETARY FUND

TURKEY
Glossary
AML/CFT Anti-money Laundering/Combating Financing of Terrorism
BAT The Banks Association of Turkey
BAT The Banks Association of Turkey
BCBS Basel Committee on Banking Supervision
BCP Basel Core Principles for Effective Banking Supervision
BL Banking Law
BRSA The Banking Regulation and Supervision Agency
BRSB The Banking Regulation and Supervision Board
CAMELS Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, Sensitivity to
Market Risk
CAR Capital Adequacy Ratio
CBRT Central Bank of the Republic of Turkey
CC Coordination Committee
CMB Capital Markets Board of Turkey
CP Core Principle for Effective Banking Supervision
EC Essential Criteria
FSAID Financial Soundness Analysis Identification Number
FSAP Financial Sector Assessment Program
FSASP Financial Soundness Analysis Software Package
FSB Financial Stability Board
FSC Financial Stability Committee
FSEC Financial Sector Commission
FX Foreign Exchange
GACL Guidance on Credit Risk and Accounting for the Expected Credit Loss
GAR General Assessment Report
GDP Gross Domestic Product
IAS International Accounting Standards
ICAAP Internal Capital Adequacy Assessment Process
ICRR Internal Capital Requirement Ratio
IFRS International Financial Reporting Standards
IRA Identification of Risk Areas
IRRBB Interest Rate Risk in the Banking Book
ISA International Standards of Audit
IT Information Technology
MASAK Financial Crimes Investigation Board
MoU Memorandum of Understanding
NPL Nonperforming Loans
POA Public Oversight Accounting and Auditing Standards Authority
SDIF Savings Deposit Insurance Fund
SI Special Inspection
SRAG Systemic Risk Assessment Group
INTERNATIONAL MONETARY FUND 3

TURKEY
TAS Turkish Accounting Standards

TCC Turkish Commercial Code
TFRS Turkish Financial Reporting Standards

TURKEY
LIST OF REGULATIONS
Abbreviation Name of the Regulation or Guideline
BL Banking Law No. 5411
The Communiqué on the Principles and Procedures for the Administrative Fines to be
CAFBDTS Imposed on Reportings Made within the Scope of Banking Data Transfer System
Communiqué on Calculation of the Risk Weighted Exposure Amount for Operational Risk
CAMA
by Advanced Measurement Approach
Communiqué on Principles and Procedures Concerning the Activities of Representative

CAROT Offices in Turkey
CCFS Communiqué on Preparation of Consolidated Financial Statements of Banks
CCRM Communiqué on Credit Risk Mitigation Techniques
CDRM Communiqué on Disclosures About Risk Management to be Announced to Public by Banks
Communiqué on Calculation of the Risk Weighted Exposure Amount for Credit Risk by
CIRB
Internal-rating based Approaches
Communiqué on Bank Information Systems and Banking Procedures Audits Performed by

CITEA External Audit Firms
Communiqué on Principles of Information Systems Management by Information Exchange

Firms, Custody Firms, and Clearing Firms and on Examination of Business Process and
CITIECC Information Systems
Communiqué on the Calculation of Capital Requirement for Market Risk of Options, Using
CMRO
Standardized Approach
Communiqué on the Calculation of Market Risk by Risk Measurement Models and

CMR-RMM
Assessment of Risk Measurement Model
Communiqué on the Financial Statements and Their Disclosures to be Announced to Public

CPD
by Banks
CPITMB Communiqué on the Principles of Information Systems Management by Banks
Communiqué on the Calculation of Risk Weighted Exposure Amount Related to

CSE
Securitization
CSP Communiqué on Structural Position
CUCA Communiqué on The Uniform Chart of Accounts and its Prospectus
EBL Enforcement and Bankruptcy Law
Guideline on The Assessment Criteria Considered in the Audits to be Performed by the

GAA
Agency

TURKEY
Guidelines on the Application Process of Internal Rating Based Approaches and Advanced
GAPA
Measurement Approach
Guidelines on Assessment and Validation of Internal Rating Based Approaches and

GAVA
Advanced Measurement Approach
GBCP Guideline on Best Compensation Practices
GCM Guideline on Credit Management of Banks
GCPRM Guideline on Counterparty Risk Management
GCRM Guideline on Country Risk Management
GFVM Guideline on Fair Value Measurement
GICAAPR Guideline on ICAAP Report
GIRRM Guideline on Interest Rate Risk Management
GLRM Guideline for Liquidity Risk Management
GMCR Guideline on The Management of Concentration Risk
GMRM Guideline on Market Risk Management
GORM Guideline on Operational Risk Management
GRRM Guideline for Reputational Risk Management
GST Guideline on Stress Testings to be Used by Banks in Capital and Liquidity Planning
Regulation on Principles and Procedures Concerning the Audit to be performed by the

RAA
Banking Regulation and Supervision Agency
RAAVF Regulation on the Principles regarding the Authorization and Activities of Valuation Firms
Regulation on the Procedures and Principles for Accounting Practices and Retention of
RAP
Documents by Banks
RCA Regulation on Measurement and Assessment of Capital Adequacy of Banks
RCB Regulation On Capital Conservation and Countercyclical Capital Buffers
RCGB Regulation on the Corporate Governance Principles of Banks
RCT Regulation on Credit Transactions by Banks
REAB Regulation on the External Audit of Banks
REOAMC Regulation on Establishment and Operation of Asset Management Companies
Regulation on the Procedures and Principles for the Evaluation of loans and other
REPL receivables and Provisions
RFHC Regulation on Financial Holding Companies

TURKEY
Regulation on Grants and Aids by Banks and Other Institutions Included in Consolidated
RGABCS Supervision
RIA Regulation on Independent Audit
RICAAP Regulation on Internal Systems and Internal Capital Adequacy Assessment Process of Banks
Regulation on Measurement and Assessment of Interest Rate Risk in the Banking Book by
RIRRBB Standard Shock Method
Regulation on Bank Information Systems and Banking Procedures Audits Performed by

RITEA External Audit Firms
RLA Regulation on Measurement and Assessment of Liquidity Adequacy of Banks
RLCR Regulation on Calculation of Liquidity Coverage Ratio of Banks
RMAL Regulation on Measurement and Assessment of Leverage Level of Banks
RMSDE Regulation on Merger, Sale, Disintegration, and Exchange of Shares
Regulation on Calculation and Implementation of Net General Position of Foreign Exchange

RNFER Over Own Funds Ratio for Banks on Non-Consolidated and Consolidated Basis
ROF Regulation on Own funds of Banks
Regulation on Principles of Professional Conduct to be Observed by the Members of the

RPC BRSB and by the Staff of the BRSA
Regulation on Principles and Procedures Concerning the Trading Precious Metals and the
RPMCP Disposal of Commodity and Property Acquired due to Receivables
Regulation on Principles and Procedures Concerning the Preparation and Publication of

RPPAP Annual Report
Regulation on the Procedures and Principles for Acceptance, Withdrawal and Time
RPPD Limitation of Deposits and Participation Funds
RRA Regulation on the Principles regarding the Authorization and Activities of Rating Agencies
RROS Regulation on Receiving Outsourcing Services by Banks
RRRRTB Regulation on Repo and Reverse Repo Transactions of Banks
Regulation on Declaration of the Whom to be Appointed to Managerial Position, Oath and

RSMOD Declaration of Property, and Holding Docket
RTSPIO Regulation on Transactions Subject to Permission and Indirect Share Ownership
RVLB Regulation on Voluntary Liquidation of Banks
SMBSP Supervisory Manual on Banking Supervision Process
SMCEP Supervisory Manual on Credit Examination Procedures

TURKEY
SMAMLCFT Supervisory Manual on AML/CFT Issues
SMGAR Supervisory Manual on General Assessment Report
SMIRASP Supervisory Manual for Identifying Risky Areas and Supervision Planning
SMRAC Supervisory Manual on Risk Assessment Criteria

TURKEY
INTRODUCTION1
1. This assessment of the current state of implementation of the Basel Core Principles for
Effective Banking Supervision (BCPs) in Turkey has been completed as a part of a Financial
Sector Assessment Program (FSAP) undertaken by the International Monetary Fund (IMF) and
the World Bank during 2016. It reflects the regulatory and supervisory framework in place as of
the date of the completion of the assessment. It is not intended to represent an analysis of the state
of the banking sector or the crisis management framework, which have been addressed in the broad
exercise.
2. The Banking Regulation and Supervisory Authority (BRSA) as a member of the Basel
Committee on Banking Supervision (BCBS), is committed to the adoption of international
standards and sound practices promulgated by the BCBS, as well as other relevant
international standard-setting bodies. The BRSA has implemented, or is in the process of
implementing, all of the BCBS standards, most notably those related to capital adequacy and
liquidity with a high level of compliance. The BRSA is to be commended for its ongoing commitment
to adhering to the highest standards for supervision and regulation.
3. Since the previous assessment conducted in 2011, the BRSA has made several
significant improvements to its supervisory framework. Turkey has built a good foundation for
banking supervision. The Banking Law (BL) provides a broadly appropriate supervision framework
with clear responsibilities and necessary supervisory powers. The established methodology for
banking supervision is comprehensive and grounded on extensive databases and on regulation
largely in compliance with international standards. The BRSA has also made vast efforts to improve
consolidated supervision, organizing supervisory colleges, signing a number of important
Memorandum of Understanding (MoUs) and removing obstacles for the supervision of Turkish
banks operations in foreign countries.
4. There are areas that still warrant improvement. These include, among others, addressing
legal provisions that undermines supervisory independence, providing a deeper risk assessment
focus to supervisory inspections and follow up, enhancing the forward looking component of the
assessments, streamlining risk management and corporate governance requirements, strengthening
the asset quality examination process and the accuracy of classification therein, strengthening the
supervisory enforcement regime, demanding recovery plans, developing group resolution plans and
increasing the ability to act at an early stage to address unsafe and unsound practices.
5. The Assessment has been conducted in accordance with the revised BCP assessment
methodology approved by the Basel Committee. The Turkey supervisory regime was assessed
and rated against the Essential Criteria (EC). The methodology requires that the assessment be
based on (i) the legal and other documentary evidence; (ii) the work of the supervisory authority;
and (iii) its implementation in the banking sector. Full compliance requires that all these
prerequisites are met. The guidelines allow that a country may fulfill the compliance criteria in a
different manner from those suggested, as long as it can prove that the overriding objectives of
1 This Detailed Assessment Report has been prepared by Caio Fonseca Ferreira, IMF and Laura Ard, World Bank.

TURKEY
each Core Principle (CP) are achieved. Conversely, countries may sometimes be required to fulfill
more than the minimum standards, such as in the event of structural weaknesses in that country.
The methodology also states that the assessment is to be made on the factual situation of the date
when the assessment is completed. However, where applicable, the assessors made note of
regulatory initiatives that have yet to be completed or implemented.
6. The conclusions are based on extensive discussions with staff members of the BRSA
and a review of related regulation and internal supervisory documents. The mission reviewed
the BCP self-assessment undertaken by BRSA preceding this assessment, and detailed responses to
a questionnaire addressing supervisory issues. The mission also reviewed a number of laws
governing banking supervision powers and activities, including the BL and a number of regulations
and decisions addressing prudential standards and risk management requirements. Special attention
was given to inspection reports. The mission also held meetings with senior officials of local banks,
an external auditing firm and a credit rating agency. A representative from the Turkish Treasury was
present at all meetings.
7. An assessment of compliance with the CP is not, and is not intended to be, an exact
science. Reaching conclusions require judgments by the assessment team. Banking systems differ
from one country to another, as do domestic circumstances. Also, banking activities are changing
rapidly around the world after the crisis and theories, policies and best practices are evolving rapidly.
Nevertheless, by adhering to a common agreed methodology, the assessment should provide the
Turkish authorities with an internationally consistent measure of quality of their banking supervision
relative to the 2012 revision of the Core Principles, which are internationally recognized as minimum
standards.
8. The assessors appreciated the cooperation received from the BRSA. The team sincerely
thanks the staff of the BRSA for their high professionalism, for the spirit of active cooperation and
for making enormous efforts to attend the information requests of the team.
INSTITUTIONAL AND MARKET STRUCTURE—

OVERVIEW
9. The Turkish financial sector is supervised by three main regulatory and supervisory
authorities. The BRSA is the regulatory and supervisory authority for the banking industry as well as
financial leasing, factoring, financial holding companies, electronic money institutions, consumer
financing, some payment systems institutions and asset management companies; the Capital
Markets Board of Turkey (CMB) is the regulatory and supervisory authority for the securities markets;
the General Directorate of Insurance and the Insurance Supervisory Board operating under the
Undersecretariat of Treasury (Treasury) are responsible for the insurance sector. The other
authorities that have a role in the regulation and supervision of the banking system are the Central
Bank of the Republic of Turkey (CBRT) as the monetary authority, the Financial Crimes Investigation
Board (MASAK) as the authority for anti-money laundering (AML) and combating financing of
terrorism (CFT); and the Savings Deposit Insurance Fund (SDIF) as the deposit insurance and bank
resolution authority.

TURKEY
10. Banks, holding over 90 percent of the financial system by asset ownership, are vital to
financial stability in Turkey. Nonbank financial institutions (NBFIs) are small by peer emerging
market levels, with insurance and pension fund assets constituting less than two percent each of the
sector (Figure 1). Capital market intermediation remains small. The overall financial system is about
122 percent of 2015 gross domestic product (GDP) by assets and has been growing significantly
faster than GDP since 2008.
11. The banking system is of average size, although the proportion of credit financed by
non-deposit channels is larger than in peer emerging markets (Figure 2, panels A—B).
Concentration is not significant and market share is equally distributed among private domestic,
foreign-owned, and state-owned banks (Figure 2; panels C—D). Acquisition-based entry by foreign
banks in recent years has led to a substantial increase in their asset ownership share. By the end of
December 2015, there are 34 deposit taking banks, 5 participation banks and 13 development and
investment banks under the BRSA’s supervision.
12. Capital adequacy has declined over the past five years but remains relatively high in
relation to international standards (Table 1). As nonperforming loans (NPLs) have been broadly
constant around some 3 percent of gross lending since 2012, the deterioration in capital adequacy
and returns owes to a combination of rapid balance-sheet expansion with a reorientation of lending
towards lower margin corporate lending and a policy induced squeeze on retail credit margins.

TURKEY
Figure 1. A Bank Dominated Financial Sector
A. Turkey’s financial sector has grown faster than GDP since

B. and is of average size relative to peer emerging markets
the crisis
130 (in percent of GDP)
120
110
100
90
80
70
60
2008 2009 2010 2011 2012 2013 2014
C. It is dominated by banks D. The pension sector is small even by peer EM standards
16
(2014, in percent of GDP)
12
4
2
E. as are the life insurance F. and non-life insurance sectors
12
(2014, in percent of GDP) 6
(2014, in percent of GDP)
8
4
4
2
1
0.2
0
0
Sources: EDSS, WEO, IMF FSI Annex, and World Bank

FinStats.
Notes: A)-(B) Financial sector assets-to-GDP; (C) Assets-to-

total financial sector assets; (D) Pension fund assets-to-
GDP; (E) Life insurance premiums-to-GDP; (F) Non-life
insurance premiums-to-GDP.

TURKEY
Figure 2. A Mid-sized Banking System Characteristics
A. Turkey’s banks are larger than peer EM average when B. …. but of average size when measured by domestic deposits
measured by credit intermediated
180
160 Bank credit Domestic deposits
140 (in percent of GDP, 2014) 150 (in percent of GDP, 2014)
120
120
100
80 70 90
60 55
60
40
20
30
0 0
C. Concentration in the banking industry is low relative to D. State-owned, foreign-owned and private domestic banks hold
peer EMs roughly the same quantity of banking assets
90 Top three banks Assets (in percent of total assets)

(in percent of banking assets, 2014)
Domestic Private State Foreign
3.1 3.6
60 100 6.5
13.1 14.3
42 17.4 16.2 16.3 16.7 17.0 18.3 19.5
80
30.5
30
39.8 37.9 34.0 31.5 30.3
60 29.8 32.2 31.7 30.2 29.9 30.9
31.0
0 31.7
40
20
57.1 58.5 59.5 55.4 55.4 52.8 51.6 52.0 53.2 53.1 50.8 49.5 37.7
0
2003 2007 2011 2015
Source: World Bank FinStats and BRSA.

TURKEY
Table 1. Turkey Financial Soundness Indicators (FSI)

TURKEY
PRECONDITIONS FOR EFFECTIVE BANKING

SUPERVISION
Macroeconomic and Financial Sector Policies
13. The financial sector operates in an uncertain economic environment. Growth is

dependent on external finance. During 2016, domestic demand and growth are expected to remain
relatively robust due to a 30 percent minimum wage increase, relaxation of macro prudential
regulations, and accommodative monetary and fiscal policies. Nevertheless, the domestic savings
rate is low, creating a dependence on external funds and making the economy vulnerable to
external shocks. Inflation has also remained high and above target.
14. External imbalances demand attention. While the oil price decline and economic
slowdown have attenuated the current account deficit, it is expected to rise again if these factors
reverse going forward. It may rise also if term premia and funding costs decompress as the U.S.
begins monetary policy normalization. Against this backdrop, the external position demands
attention. External debt is high (at about 60 percent of GDP) and concentrated in private sector
hands, annual financing needs are high (about 27 percent of GDP), capital inflows are mainly short-
tenor and debt creating, the net international investment position (NIIP), at about -50 percent of
GDP is weak by international standards, and net foreign exchange (FX) reserves, at US$29 billion, are
low.
15. Macroprudential policies are coordinated through the Financial Stability Committee
(FSC). The FSC is composed of the heads of all the major agencies having a stake in the
maintenance of financial stability; viz., the Undersecretary of Treasury and the heads of the CBRT,
BRSA,CMB and SDIF, under the chairmanship of the Deputy Prime Minister in charge of the
Undersecretariat of the Treasury. The 2015 Financial Stability Board (FSB) Peer Review concluded
that the FSC has helped to promote information sharing and the exchange of views as well as to
coordinate some policy measures among its member institutions. Importantly, the authorities have a
broad range of tools at their disposal and have used them in a proactive and flexible manner in
recent years to slow down the rise in household leverage and to encourage banks to increase core
funding. At the same time, further steps were identified to strengthen the framework in a number of
areas such as integrating the systemic risk assessment and policy framework and improving
institutional arrangements and public communication.
Public Infrastructure
16. Business laws are based on the Civil Law, dated 8/2001 and the New Turkish
Commercial Code (TCC), dated July, 2012. The Code of Obligations, 2011, and the Competition
Law, No. 4054, 1994, also form the framework of business laws as do the Law on the Protection of
the Consumer No. 6502, 2014, and the Execution and Bankruptcy Code (EBC) of 1932 (amended
2003/4).
17. The New TCC was promulgated 2012. The New TCC aims to harmonize the Turkish and
European Union Laws in order to strengthen foreign economic relations. One of the new features

TURKEY
increased transparency by requiring stock companies to create a website dedicated to publishing all
data relevant for shareholders, such as annual and interim financial statements and audit reports.
The new TCC also aimed to reinforce the rights of shareholder and corporate governance.
18. The basic principles of the independence of courts and security of judges and public
prosecutors are provided in the Constitution. The Turkish legal system does not provide for
special courts for dealing with bank or financial sector related cases, however in some big cities
specific courts are identified to deal only with banking related cases.
19. All listed and non-listed companies are obliged to apply financial reporting standards
issued by the Public Oversight Accounting and Auditing Standards Authority (POA). POA
issues Turkish Accounting Standards (TAS) and Turkish Financial Reporting Standards (TFRS) which
correspond, respectively, to the International Accounting Standards (IAS) and the International
Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB).
The authorities explained that the main difference between the implementation of IFRS and TFRS in
Turkish banks is in loan loss provisioning. For loan loss provisioning, the Turkish banks apply the
BRSA’s REPL instead of the impairment requirements of TAS 39 or IAS 39. The BRSA is planning to
apply IFRS 9, including the provision rules, from 1 January 2017. By 2017, Turkish banks will be able
to recognize provisions for credit losses in accordance with TFRS 9 which is considered by the
Turkish authorities to be fully compliant with the IFRS 9 with the option of the recent amendments
to the REPL. The last amendment entitles the banks to use existing provisions of the REPL or to
apply TFRS 9. The auditing of companies is carried out in compliance with international auditing
standards by independent auditors who meet the professional competence requirements.
20. The companies which are subject to independent audit are determined in the TCC. In
addition, the companies which fall under the Capital Markets Law or the BL are automatically subject
to the independent auditing requirement, whereas the companies such as the license holding
companies operating under the regulations of the Energy Market Regulatory Authority and public
companies under the Capital Markets Law are subject to the independent auditing requirement only
if they meet certain criteria. The external auditing firms which meet the required criteria are
authorized by POA. On the other hand, external audit activities conducted in banks and other
financial institutions are also subject to the BL and REAB.
21. Payment and settlement systems in Turkey are well developed with a sound legal and
regulatory framework and with the roles of regulators and overseers clearly established. The
Overseers of the FMIs in Turkey are the CBRT and the CMB. In addition, the BRSA has responsibility
for payment services, payment institutions, and electronic money. The authorities have been
systematically reforming the National Payments System in Turkey covering implementation of the
necessary infrastructure, internal organization arrangements and strengthening the legal and
regulatory framework, and have achieved several critical National Payments System (NPS)
objectives—most notably, as the result of on-going modernization efforts. A conducive legal and
regulatory framework and the core components of the NPS are in place.
22. There is one credit bureau operating in Turkey. The Credit Registry Bureau, (CRB-KKB)
was founded in 1995 as a private enterprise with the initiative of The Banks Association of Turkey
(BAT) and partnership of 11 leading banks of the sector to facilitate the exchange of information and

TURKEY
documents between credit institutions and financial institutions. Banking Law no: 5411 Article 73/4
grants special permission to the CRB to collect information from member institutions and to
facilitate exchange of this information. In order to gather risk information about customers of credit
institutions and other financial institutions, the Risk Center was established as a part of BAT in 2012.
BAT and CRB signed a service contract, with the approval of the BRSA, in order to carry out all
operations of the Risk Center in December 2012.
23. Statistical information availability is extensive in the Turkish banking system. The BRSA
publishes regularly (weekly, monthly, quarterly, annual) data on bank and non-bank financial
institutions. Data cover balance sheet, income statement, loans, consumer loans, SME loans, as well
as deposits by type and maturity. Also fees and commissions faced by financial customers are also
published on BRSA’s web site as a tool to strengthen market discipline. Deposit interest rates and
price quotes about financial markets are available on a daily basis and are provided by related
monetary, banking and financial market regulators.
24. The banking supervisor works closely with the deposit insurer and central bank on
crisis management issues. The previous FSAP mission highlighted the broad range of measures
that the BRSA has at its disposal to mitigate bank vulnerabilities, found the CBRT’s framework for the
provision of emergency liquidity to be sound and characterized the SDIF as broadly conforming to
best international practice. The 2015 FSB Peer Review for Turkey,2 found that the absence of certain
resolution powers—such as bridge banks, bail-in powers and temporary stays of early termination
rights—may make it difficult for the authorities to resolve the largest banks in the system in a timely
and cost-effective manner. The review also pointed out that, impediments to cross-border
cooperation can challenge the effective resolution of banks with cross-border operations, while a
lack of recovery and resolution planning requirements undermines resolution preparedness. The
Turkish authorities have informed the mission that they are currently working to align the Turkish
resolution framework with the FSB Key Attributes for Resolution Regimes.
2 http://www.fsb.org/wp-content/uploads/Turkey-peer-review-report-19Nov15.pdf.

TURKEY
DETAILED ASSESSMENT
Supervisory Powers, Responsibilities, and Functions
Principle 1 Responsibilities, objectives and powers. An effective system of banking supervision has
clear responsibilities and objectives for each authority involved in the supervision of
banks and banking groups.3 A suitable legal framework for banking supervision is in place
to provide each responsible authority with the necessary legal powers to authorize banks,
conduct ongoing supervision, address compliance with laws and undertake timely
corrective actions to address safety and soundness concerns.4
Essential criteria
EC1 The responsibilities and objectives of each of the authorities involved in banking
supervision5 are clearly defined in legislation and publicly disclosed. Where more than one
authority is responsible for supervising the banking system, a credible and publicly available
framework is in place to avoid regulatory and supervisory gaps.
Description and The Banking Law No. 5411 (BL) establishes the BRSA as being responsible for the
findings re EC1 supervision and regulation of the banking industry as well as financial leasing, factoring and
consumer financing companies in Turkey.
The other authorities that have a role in the regulation and supervision of the financial
system are:
- CBRT as a monetary authority;
- MASAK as a specialized anti-money laundering entity established to prevent

money laundering and to detect anti-money laundering offences;
- Treasury as the insurance supervisor;
- SDIF, as the responsible for deposit insurance and banking resolution;
- CMB, as responsible for the securities industry and the mortgage finance
corporations (MFCs).
Responsibilities of each entity are well established with small room for overlap or regulatory
gap.
3 Inthis document, “banking group” includes the holding company, the bank and its offices, subsidiaries, affiliates and
joint ventures, both domestic and foreign. Risks from other entities in the wider group, for example non-bank (including
non-financial) entities, may also be relevant. This group-wide approach to supervision goes beyond accounting
consolidation.
4 The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the subsequent
Principles.
5 Such authority is called “the supervisor” throughout this paper, except where the longer form “the banking supervisor”
has been necessary for clarification.

TURKEY
EC 2 The primary objective of banking supervision is to promote the safety and soundness of
banks and the banking system. If the banking supervisor is assigned broader
responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and Article 93 of the BL establishes that the BRSA is responsible “for the establishment of
findings re EC2 confidence and stability in financial markets, the sound operation of the credit system, the
development of the financial sector and the protection of the rights and interests of
depositors”. The BL also obligates the BRSA “to prevent any transaction and practice that
could endanger the rights of the depositors and the sound and safe operation of banks
and severely damage the economy; and to take and implement the decisions and measures
in order to ensure the efficient operation of the credit system”.
The concept of “sound operation of the credit system” is not further developed. Nevertheless,
considering the role of the BRSA in the development of the financial sector, article 94 of the
BL states that the BRSA should ensure the profitable, efficient and rational operation of banks;
ensure competitiveness of the financial system; closely following up the status of international
banks in terms of supervision; ensure the integration of professional in the financial market;
and prepare the regulations pertaining to financial markets.
The BL does not distinguish among the objectives and seems to assign the same hierarchy to
the financial stability and development of the financial sector objectives. The assessors noted
that some BRSA decisions (e.g., loan loss provisions for some products, loan restructuring
rules) might be interpreted as rules that aim primarily to support financial development
objectives, despite the fact that the BRSA considers that some of them are within the scope of
macroprudential policy.
EC3 Laws and regulations provide a framework for the supervisor to set and enforce minimum
prudential standards for banks and banking groups. The supervisor has the power to
increase the prudential requirements for individual banks and banking groups based on
their risk profile6 and systemic importance.7
Description and The BL empowers BRSA to set and enforce minimum prudential standards. The BL (art. 43)
findings re EC3 also states that the Board is authorized to set more cautious different minimum or
maximum standard ratios or limits from those set for each bank or banking groups or to
change the calculation and reporting periods, or to set ratios or limits that have not been
set in general terms. This provision is applicable both on a consolidated and non-
consolidated basis. Please refer to CP16 for example of practical application of these
powers.
According to article 7 of Regulation On The Procedures And Principles For The Audit To Be
Made By The Banking Regulation And Supervision Agency (RAA) and also the RICAAP the
6 In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.
7In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or
cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global systemically
important banks: assessment methodology and the additional loss absorbency requirement, November 2011.

TURKEY
Board of BRSA has the power to publish guidelines to inform on best practices expected
from banks and on the evaluation criteria that will be considered on examinations carried
out by the agency. These guidelines follow the principle of proportionality in the sense that
banks are expected to implement the principles according to the banks' own scales, risk
profiles, activities, volume, nature and complexity of their business and transactions.
EC4 Banking laws, regulations and prudential standards are updated as necessary to ensure that
they remain effective and relevant to changing industry and regulatory practices. These are
subject to public consultation, as appropriate.
Description and The BL was established in 2005 and has been updated several times. The BRSA is authorized
findings re EC4 to issue regulations and communiqués through Board decisions to ensure that all rules and
regulations remain effective and relevant to changing industry and regulatory practices. The
agency has done so frequently to implement international standards, including Basel II/III,
and update the regulation appropriately.
According to the BL, the drafts of the secondary legislation (regulation and communiqués)
prepared by the BRSA need to be made public for a minimum seven days consultation
period to inform the public opinion and collect suggestions. In practice the period is usually
longer.
EC5 The supervisor has the power to:
a) have full access to banks’ and banking groups’ Boards, management, staff and records
in order to review compliance with internal rules and limits as well as external laws and
regulations;
b) review the overall activities of a banking group, both domestic and cross-border; and
c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and On access to banks, the BL (art. 43, 93, 95) empowers the BRSA to have access to banks and
findings re EC5 banking group’s information for supervisory purposes. Banks are required to provide the
BRSA, timely and properly, any consolidated and non-consolidated information, document,
report or financial statements. The documents should be consistent with their accounts and
record keeping systems, within the framework set forth by the BRSB. BRSA supervisors also
have access to the staff of the banks including the board of directors.
On review the overall activities of the banking group, reporting and supervision
requirements prescribed in the regulations covers consolidated activities of banks, including
their cross-border activities. According to article 96 of the BL, the regulated institutions and
their shareholders and subsidiaries shall provide the BRSA with any information and
document, including those classified as confidential, if requested by the BRSA. The
requirements include parent banks as well as their domestic and foreign subsidiaries, their
jointly-controlled undertakings, their branches and representative offices.
On the supervision of foreign banks, Turkish banking legislation, does not separate
regulatory and supervisory framework according to ownership. In this context, foreign

TURKEY
banks established and operating in Turkey are subject to the same prudential, supervisory
and regulatory rules applied to domestic banks.
EC6 When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is
or is likely to be engaging in unsafe or unsound practices or actions that have the potential
to jeopardize the bank or the banking system, the supervisor has the power to:
a) take (and/or require a bank to take) timely corrective action;

b) impose a range of sanctions;
c) revoke the bank’s license; and
d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of
the bank, including triggering resolution where appropriate.
Description and The BL provides the BRSA a broad range of tools that can be applied according to the
findings re EC6 severity of the situation. The definitions of situations when corrective actions can be taken
allow for timely supervisory action. Actions that could be taken include revoking the bank’s
license and triggering resolution. There are protocols that allow supervisors to coordinate
with resolution authorities.
Article 67 of the BL establishes that remedial action shall be taken against a bank when:
a) Its assets are likely not to meet its obligations in terms of maturity or that the bank
does not comply with the provisions pertaining to liquidity,
b) Its profitability is not at level that is sufficient to reliably perform its activities, due to
impaired balance and relations between revenues and expenses,
c) Its own funds is inadequate pursuant to the provisions pertaining to capital adequacy, or
such case is likely to occur,
d) The quality of its assets have deteriorated in such a manner that its financial structure
will weaken,
e) Its decisions, transactions and practices are in violation of the BL and the applicable
regulations,
f) It cannot establish its internal audit, internal control and risk management systems or
cannot operate these systems efficiently or there is a factor that impedes supervision, and
g) Due to the incompetence of the management, the risks and the applicable legislation
have increased remarkably or have concentrated in such a manner that they may weaken
the financial standing.
If the BRSA identifies any of the situations described above, the agency may call on the
board of directors of relevant banks to increase the amount of the bank’s own funds or to
suspend the distribution of profits temporarily and transfer such to the reserves; or to
increase the provisions, or to stop extending loans to shareholders; or to ensure liquidity by
selling off assets; or to restrict or stop new investments; or to restrict payment of fees and
other types of payments; or to stop long-term investments. It can also call on eliminating
the violations, reviewing the loan policies and avoiding and stopping risky transactions, as
well as taking the necessary measures to mitigate the maturity, exchange rate or interest

TURKEY
rate risks encountered. These measures or other measures deemed appropriate by the BRSA,
needs to be implemented by banks within a time period set by the BRSA.
When the bank fails to implement the determined corrective measures the agency may
require the bank’s board of directors to take and promptly implement any measure,
including the following:
a) to correct the financial structure, to raise one or both of the capital adequacy or
liquidity levels, to sell off long-term or fixed assets, to restrict operational and
management expenditures, to stop any payments to employees other than the regular
payments and to restrict or prohibit the provision of cash or non-cash loans to certain
persons, institutions, risk groups or sectors,
b) to eliminate violations; to call on the general assembly to convene extraordinarily to
change one or several or all of the members of board of directors or to appoint new
members or to remove from office the responsible employees; to prepare short,
medium and long-term plans to be approved by the Board.
The BRSA can also impose restrictive measures when banks fail to take the measures laid
down above, or if the situation is judged severe enough by the Board. In those cases, the
BRSA board shall require the bank to take and implement one or more of the following
measures:
a) Restrict or temporarily suspend its activities, as inclusive of all the organization of the
relevant activity, or the domestic or overseas branches to be deemed necessary or the
relations with correspondent banks;
b) Impose any restriction or limitation pertaining to the collection and extension of funds,
including interest rates and maturity limitations;
c) Dismiss some or all of the general manager, deputy general managers, relevant unit
and branch directors including board of directors and obtain the approval of the
Agency for persons to be appointed or selected in place of the persons removed from
office;
d) Provide long-term loans to an extent that is not more than the amount of deposit or
participation funds that is subject to insurance, with adequate guarantee to be
provided from the shares of dominant partners and other assets;
e) Restrict or suspend the activities that are causing losses and liquidate the low-efficient
and inefficient assets;
f) Merge with another willing bank or banks;
g) Find new shareholders to be deemed appropriate, in order to increase own funds; and
h) Deduct the arising loss from the own funds.
Finally, according to Article 71 of the BL when the BRSA determines that the conditions for
intervention are met in relation to a bank, it has two options: to revoke the bank’s operating
permission (Article 106 of the BL) or to transfer the shareholder rights and its management
and control to the SDIF (Article 107 of the BL). The conditions defined in the BL for
intervention are the following:

TURKEY
a) The bank has not taken, either partially or completely, the requested restrictive
measures within the appropriate period or, even if having taken these measures, the
financial structure has not been strengthened or, it is considered that it cannot be
strengthened;
b) The continuation of the bank’s activities will endanger the rights of the owners of
depositors and participation funds as well as the security and stability of the financial
system;
c) The bank has not fulfilled its obligations as they fall due;
d) The total value of the liabilities of the bank exceeds the total value of its assets; and
e) The dominant partners or managers of the bank fraudulently use the resources of the
bank directly or indirectly in their own or others’ favor in such a manner that the sound
operation of the bank will be at stake, thus causing a loss for the bank;
There is regular exchange of information between the BRSA and the SDIF that enables the
SDIF to access supervisory information on individual banks. A Coordination Committee has
been established between the two institutions. This Committee meets at least once every
three months to further promote the exchange of information and high-level cooperation
between the two institutions. Furthermore, the BL determines that the BRSA and the SDIF
shall have access to jointly-agreed databases of each other within the principles of
confidentiality.
In addition, according to protocol signed between the BRSA and the SDIF, the BRSA notifies
the SDIF that a bank has been required to take corrective, rehabilitative, or restrictive
measures (Articles 68, 69, and 70). The timely notification allows SDIF to develop a
Resolution Action Plan. Please also refer to CP3.
Please also refer to CP11 for additional discussion on the use of these powers in practice.
EC7 The supervisor has the power to review the activities of parent companies and of companies
affiliated with parent companies to determine their impact on the safety and soundness of
the bank and the banking group.
Description and The BL provides powers for the BRSA to supervise both banks and controlling parents of the
findings re EC7 bank. Supervision is performed on a consolidated and non-consolidated basis. Article 96 of
the BL includes among those obligated to provide information the shareholders of the
banks and banking groups therefore including parent companies.
Assessment of Largely Compliant.

Principle 1
Comments The BL provides a broadly appropriate framework for regulating and supervising banks. It
also provides clear responsibilities and adequate powers to the BRSA. However, the lack of
appropriately defined hierarchy among the objectives of financial stability and development
of the financial sector may cause potential conflicts and be harmful to the safety and
soundness of banks. The assessors noted that some BRSA decisions (e.g., differentiations in
loan loss provisions and loan restructuring rules) might be interpreted as rules that aim
primarily to support financial development objectives. Such measures might hinder the

TURKEY
reputation of the supervisors and convey the message of forbearance. In order to be fully
compliant with this principle the objective of development of the financial sector should be
explicitly subordinated to financial stability in the BL.
Principle 2 Independence, accountability, resourcing and legal protection for supervisors. The
supervisor possesses operational independence, transparent processes, sound governance,
budgetary processes that do not undermine autonomy and adequate resources, and is
accountable for the discharge of its duties and use of its resources. The legal framework for
banking supervision includes legal protection for the supervisor.
Essential criteria
EC1 The operational independence, accountability and governance of the supervisor are
prescribed in legislation and publicly disclosed. There is no government or industry
interference that compromises the operational independence of the supervisor. The
supervisor has full discretion to take any supervisory actions or decisions on banks and
banking groups under its supervision.
Description and Article 82 of the BL explicitly states that the BRSA:

findings re EC1
- has been established as a public legal person with administrative and financial autonomy;
- shall independently perform and use the regulatory and supervisory duties and rights
assigned thereto by the BL and the applicable legislation, under its own responsibility;
- shall independently use the financial resources allocated thereto within the framework of
the related laws, to the extent its duties and powers necessitate within the framework of the
principles and procedures set out in its own budget;
- shall employ adequate number of personnel with required qualifications in order to

efficiently fulfill its duties and powers.
However, the BL also establishes a few provisions that might undermine independence in
practice. Article 93 requires the BRSA to consult the related Ministry (Deputy Prime Minister),
before putting into force regulatory procedures other than internal regulations, in order to
check the harmony with the sector strategy and policies. Furthermore, the BL also allows the
relevant ministry to challenge BRSA’s regulatory decisions, allowing it to file a lawsuit for the
cancelation of the BRSA Boards’ regulatory decisions (art. 105). The BRSA has informed the
assessors that there is a draft amendment to the BL proposing the revocation of article 105.
On accountability and governance, the BRSA must brief the Council of Ministers
regarding its policies every six months. The Agency must also inform the Plans and Budget
Commission of the Turkish Grand National Assembly about its activities annually. The BL
(art. 97) also determines the BRSA to publish quarterly reports regarding the
developments in the financial sector as well as regular reports regarding the aggregated
performance of the financial institutions. Nevertheless, the assessors did not see evidence of
transparent scrutiny of the BRSA activities in relation to its goals and responsibilities, i.e., a
third part aiming to ensure that the powers delegated to the BRSA are exercised

TURKEY
appropriately and that its operations are effective and in line with its mandates and
objectives.
EC2 The process for the appointment and removal of the head(s) of the supervisory authority
and members of its governing body is transparent. The head(s) of the supervisory authority
is (are) appointed for a minimum term and is removed from office during his/her term only
for reasons specified in law or if (s)he is not physically or mentally capable of carrying out
the role or has been found guilty of misconduct. The reason(s) for removal is publicly
disclosed.
Description and The governing body of the BRSA is the board (BRSB) whose seven members including one
findings re EC2 Chairman, (also the Chairman of the BRSA), and one Deputy Chairman (co-Chairman) who
are appointed by the Council of Ministers.
The BL (Art. 84) establishes requirements for appointment of the members of the Board.
Board members should broadly meet the same conditions required for the founders of a
private bank and, additionally, cannot hold shares of the entities related to the sectors
which are under the regulatory and supervisory scope of the BRSA, engage in commerce,
carry out stock exchange transactions or to be directors or members of the board of
auditors of any company (Art. 86). Detailed obligations, prohibitions, incompatibilities, and
liabilities are established in the Regulation on Principles of Professional Conduct to be
Observed by the Members of the Banking Regulation and Supervision Board and by the
Staff of the Banking Regulation and Supervision Agency, which binds the BRSB members
and the BRSA employees by rules on impartiality, conflicts of interest, confidentiality,
compatible activities outside the BRSA, acceptance of gifts as well as principles to be
observed while leaving the BRSA.
The chairman and/or members of the BRSB are appointed for a 5 years term that can be
renewed once (BL, art. 85). The conditions for board members being removed from office
are established in the BL and cover issues such as medical conditions or not being able to
meet conditions for appointment. The removal depends upon approval of the Prime
Minister, but the law does not require the disclosure of the reasons.
EC3 The supervisor publishes its objectives and is accountable through a transparent framework
for the discharge of its duties in relation to those objectives.8
Description and According to Article 88 of the BL, the BRSB is responsible for determining the strategic plan,
findings re EC3 performance criteria, goals and objectives of the BRSA. The planning process comprises of
the determination of the goals, objectives and methods of the institution including the
human and financial resources. The resulting plan is published every three years.
The accountability arrangements are established in the BL. The BRSA must prepare and
submit an annual report of its activities to the Council of Ministers (art. 97). The report that
covers goals, organizational structure, regulatory and supervisory activities and agency
resources among other issues should be published in conjunction to its audit final accounts.
8 Please refer to Principle 1, Essential Criterion 1.

TURKEY
The BRSA is also required to inform the Plans and Budget Commission of the Turkish Grand
National Assembly about its activities once a year. As explained in EC1, the assessors did
not see evidences of independent and transparent scrutiny of the BRSA activities.
EC4 The supervisor has effective internal governance and communication processes that enable
supervisory decisions to be taken at a level appropriate to the significance of the issue and
timely decisions to be taken in the case of an emergency. The governing body is structured
to avoid any real or perceived conflicts of interest.
Description and The BL establishes the BRSB as the decision-making organ of the BRSA. The Board main
findings re EC4 duties and powers are:
- take corrective, rehabilitating and restrictive measures against banks;
- revoke the operation permission of Banks;
- prepare the secondary legislation in harmony with the international standards and principles
regarding the sector or area which they are authorized to regulate and supervise and take
decisions to this effect;
- set the strategic plan, performance criteria, goals and objectives and service quality standards
of the Agency; to establish the human resources and working policies; to provide suggestions
regarding the Agency’s service units and their duties;
- debate and decide on the proposed budget of the Agency that is prepared in tune with the
Agency’s strategic plan and goals and objectives;
The chairman, who is the top rank manager of the Agency, is responsible for administering
and representing the Agency. The Chairman may assign some of his duties and powers,
which are not related to the Board, to his subordinates, provided that the boundaries of
such assignment are clearly put down in writing.
In practice, important decisions such as granting or revoking a bank’s license, significant

changes in a bank’s ownership structure and imposing severe measures to a bank are taken
by the BRSA Board. The level of the decisions to be taken is determined in the BL and in sub
regulations.
Operationally, all supervisory findings that might demand an action by the BRSA are sent to
the enforcement department which analyzes the available evidence and suggests an action
to the Board or other competent body.
Please refer to EC2 to information on conflict of interest.
EC5 The supervisor and its staff have credibility based on their professionalism and integrity.
There are rules on how to avoid conflicts of interest and on the appropriate use of
information obtained through work, with sanctions in place if these are not followed.
Description and Board members and agency personnel are subject to regulation on Professional and Ethical
findings re EC5 Principles that aims to ensure professionalism and integrity. The principles provide, for
example, rules regarding impartiality, conflicts of interest, confidentiality, compatible

TURKEY
activities outside the BRSA, acceptance of gifts as well as principles to be observed while
leaving the BRSA.
Additionally, the BL states that the Board chairman and other personnel shall not disclose
confidential information regarding the Agency to any person even if they leave the office.
Also according to Article 92 professional staff cannot assume for at least two years any duty
in a bank where they conducted on-site and off- site supervision process or practice during
the past two years.
Banks expressed their respect for the professionalism and integrity of the BRSA staff.
EC6 The supervisor has adequate resources for the conduct of effective supervision and
oversight. It is financed in a manner that does not undermine its autonomy or operational
independence. This includes:
a) a budget that provides for staff in sufficient numbers and with skills commensurate
with the risk profile and systemic importance of the banks and banking groups
supervised;
b) salary scales that allow it to attract and retain qualified staff;
c) the ability to commission external experts with the necessary professional skills and
independence, and subject to necessary confidentiality restrictions to conduct
supervisory tasks;
d) a budget and program for the regular training of staff;
e) a technology budget sufficient to equip its staff with the tools needed to supervise the
banking industry and assess individual banks and banking groups; and
f) a travel budget that allows appropriate on-site work, effective cross-border
cooperation and participation in domestic and international meetings of significant
relevance (e.g., supervisory colleges).
Description and The expenses of the BRSA are financed from contributions paid by the supervised
findings re EC6 institutions. The amount collected as contribution cannot exceed three per ten thousand of
the total assets of the institutions. Excess revenues of the Agency at the end of the financial
year are transferred to the general budget. The ratio, decided by the BRSA board, is
substantially below the limit, given the agency room for maneuvering.
The BRSA staff on supervisory functions number grew from approximately 220 in 2013 to
265 in 2015 mainly due to the creation of the Department of Information Systems
Compliance and the Department of Data and System management. Also refer to CP 9.
BRSA personnel can be hired under contract or permanent position. Senior management,
including Vice chairmen, department heads, directors, chairman’s advisors and the
professional staff are employed under contracts signed for their positions. This arrangement
exempts their remuneration from following the Civil Servants Law.
Board Chairman shall be paid a monthly salary that is equal to the amount of financial and
social rights paid to the Prime Ministry Undersecretary. The remuneration of Board members
is equal to ninety-five percent of the Board Chairman. The salaries and other social and

TURKEY
financial rights of the permanent contracted personnel of the Agency are determined by the
Board, on the condition that they will not be more than the maximum amount indicated to the
chairman.
BRSA non contractual personnel follow the public sector salary scales. The salary level tends
to be lower than the private sector especially for the middle and upper management levels.
The average compensation at the entry level is higher than the private sector.
The BRSB is empowered to hire new employees observed the limits fixed by the BL. The BL
limits are reasonably higher than the current staff, allowing room for additional staff if the
Agency consider necessary. Entry conditions are not attractive for mid-career professionals
that provides practical constraints to the hiring of experienced staff. In practice new hires
are mostly recently graduate professionals that are trained in the agency. The absence of an
effective option to recruit mid-career staff might represent a challenge particularly if the
agency loses a substantial number of experienced staff.
The BRSA has a budget and a program for regular training of the staff. Records show a
comprehensive number of trainings activities in terms of topics and number of participants
that were developed domestically and abroad.
Technology expenditures are made to keep the staff equipped with the tools needed to
supervise the banking industry. BRSA has memberships at online learning environments,
market data providers (Reuters, Bloomberg and etc.) and buys specialized hardware and
software (about reporting systems, risk measurement tools etc.) to supervise the industry.
The BRSA explained that the travel budget is adequate for their supervisory work and
cooperation initiatives with other supervisors. As an example, it mentioned that BRSA staff
represents BRSA in a number of committees and subgroups of the Financial Stability Board
and the Basel Committee. The BRSA also claimed that adequate resources are allocated for
the participation in supervisory colleges and on-site supervision of subsidiaries abroad.
EC7 As part of their annual resource planning exercise, over the short- and medium-term, taking
into account relevant emerging supervisory practices. Supervisors review and implement
measures to bridge any gaps in numbers and/or skill-sets identified.
Description and BRSA board is responsible for defining the strategic plan for the agency. The plan sets three
findings re EC7 years goals and objectives and discusses the availability of human and financial resources.
Training needs to bridge gaps are assessed annually during the development of the BRSA
Annual Training Plan. The process collects training needs from the different departments
and proposes events to address them. The plan is discussed with the Human Resources
Committee and the Chairman.
When additional human resources are considered necessary, head of departments make a
request to the Human Resources Committee. After an evaluation, the final decision for
hiring new personnel is made by the chairmanship.

TURKEY
EC8 In determining supervisory programs and allocating resources, supervisors take into
account the risk profile and systemic importance of individual banks and banking groups,
and the different mitigation approaches available.
Description and The BRSA determines its supervisory plan with a dynamic risk focus approach. Resources are
findings re EC8 allocated mainly based on the sector share of bank’s total risk (Credit, Market and
Operational) and the bank’s rating determined by the supervisory team. A larger amount of
resources are allocate to more risky and systemic important banks. See detailed discussion
in CP8.
The supervisory plan is continuously revised, which may change the allocation of resources
during the year. These are discussed constantly between the frontline analyst teams and the
BRSA’s senior management.
EC9 Laws provide protection to the supervisor and its staff against lawsuits for actions taken
and/or omissions made while discharging their duties in good faith. The supervisor and its
staff are adequately protected against the costs of defending their actions and/or omissions
made while discharging their duties in good faith.
Description and The BL provides legal protection for the supervisors. Article 104 estates that lawsuits against
findings re EC9 the Chairman, Board members and staff for actions taken in good faith in the exercise of
their responsibilities are subject to the permission of relevant Minister for the Chairman and
Board members and the permission of the Chairman for the Agency staff.
The law also establishes that for the initiation of any investigation of offenses alleged to
have been committed by the chairman, Board members and Agency personnel in
connection with their duties there must be a clear and solid evidence indicating that such
members or personnel have acted for acquiring interests for themselves or third persons
and for causing damages on the Agency or third persons and have acquired interests for
themselves or third persons and caused damages as a result of their acts.
The law also establishes a framework to protect staff from the costs of litigation connected
to their duties in the BRSA even if they have left office. The legal fees for such lawsuits as
well as the attorney’s fees are financed from the budget of the Agency.
Finally, the law provides protection against legal action for compensation of damages,
payment of receivables and executive proceedings. As long as the action is connected with
the duties of the Agency, both during and after the staff terms in office, the legal action
should be considered to have been taken against the Agency. There were no civil law cases
against officers and managers of the BRSA within the scope of this provision in the last five
years.
Assessment of Materially Non-compliant

Principle 2
Comments The legal protection of the supervisor is broadly adequate. Nonetheless the institutional
framework contains shortcomings that should be improved.

TURKEY
The BL establishes the BRSA as an independent body but it contains provisions that might
undermine independence in practice. There are several channels of interaction between the
BRSA and the government that, considered together, may accommodate political influence:
i) the appointments of the Chair and Board members are made by the Council of Ministers
without any confirmation process by other independent body; ii) before putting into force
regulatory procedures the BRSA needs, by law, to consult the related Ministry; iii) the Prime
Minister can approve the removal, if the conditions specified in the BL are met, of members
of the Board without publishing the reasons; iv) the relevant minister may permit lawsuit
against board members; and v) the BL allows the relevant ministry to file a lawsuit for the
cancelation of the Boards regulatory decisions (art. 105). These possible channels of political
influence over the Agency, particularly considering the large role played by state owned banks in
Turkey, might cause conflicts of interests that might undermine financial stability.
The authorities should therefore review the legislation to limit the cases that require the
Minister’s involvement. In particular, it seems appropriate to establish a third party to
perform a stronger role in the checks and balances framework such as, making regulatory
consultation procedures more transparent, so that BRSA proposals and Ministry comments
are published, introducing a process for appointments for the BRSB to be confirmed by a
nonexecutive government body and removing the related minister permission for lawsuits
for the cancelation of the BRSB regulatory decisions.
There also seems to be room for improving the accountability framework. Despite the
periodic briefings from the BRSA to the Council of Ministers, the assessors could not see
evidence of a third part aiming to ensure that the powers delegated to the BRSA are
exercised appropriately and that its operations are effective and in line with its mandate and
objectives.
Finally, in relation to resourcing, entry conditions to the BRSA are not attractive for the
hiring of mid-career professionals and provide practical constraints in the event of a
shortfall in experience levels.
Principle 3 Cooperation and collaboration. Laws, regulations or other arrangements provide a

framework for cooperation and collaboration with relevant domestic authorities and foreign
supervisors. These arrangements reflect the need to protect confidential information.9
Essential criteria
EC1 Arrangements, formal or informal, are in place for cooperation, including analysis and
sharing of information, and undertaking collaborative work, with all domestic authorities
with responsibility for the safety and soundness of banks, other financial institutions and/or
the stability of the financial system. There is evidence that these arrangements work in
practice, where necessary.
9 Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host
relationships” (13) and “Abuse of financial services” (29).

TURKEY
Description and There are several arrangements in place for cooperation between domestic authorities.
findings re EC1
The FSC composed of the Treasury and the heads of the CBRT, BRSA, CMB, and SDIF under
the chairmanship under the chairmanship of the Deputy Prime Minister in charge of the
Undersecretariat of the Treasury was created in 2011. The FSC aims to identify and mitigate
emerging systemic risks and coordinate macroprudential policy actions. In order to further
strengthen and support the FSC’s activities, the authorities established the Systemic Risk
Assessment Group (SRAG) in October 2012. The SRAG was established by a protocol signed
by the FSC members and its main mandate is to identify potential systemic risk areas, alert
the FSC about potential systemic risks and improve coordination between member
institutions for timely and consistent responses. The SRAG members are the FSC member
institutions’ deputies, with the BRSA acting as the secretariat. The SRAG meets at least four
times a year, and the minutes and outcomes of the meetings are reported to the FSC.
The Financial Sector Commission (FSEC), consisting of the representatives of BRSA, Ministry
of Finance, the Treasury, CBRT, CMB, SDIF, Competition Board, SPO, Istanbul Gold
Exchange, securities stock exchanges, Futures and Options Markets and the associations of
institutions is responsible for establishing and ensuring confidence, stability and the
development of the financial markets. This Commission is meant to ensure exchange of
information, cooperation and coordination among institutions and propose joint policies. It
meets once every six months and shall brief the Council of Ministers regarding the results of
its meetings.
The article 98 of the BL, also determines the BRSA, Treasury Undersecretary, State Planning
Organization Undersecretary, the SDIF and CBRT to exchange views regarding the
implementation of monetary, credit and banking policies. Article 98 also contains provisions
allowing the BRSA, SDIF and the CBRT to have access to the jointly-agreed databases of
each other.
The Coordination Committee (CC) composed by the BRSA and the SDIF aims to ensure
cooperation in bank resolution. The committee meets quarterly to exchange views about
the banking sector and other common issues.
Particularly relevant for the supervision of conglomerates are protocols signed for
information sharing between BRSA and other local authorities. These authorities includes
the Treasury, CMB, SDIF, CBRT, General Directorate of Criminal Registration and Statistics,
MASAK, Republic of Turkey Social Security Institution; TÜRKSAT A.Ş., Central Registration
Institution and Turkish Competition Authority.
There is evidence that these arrangements have been operating and discussing relevant
issues. Bilateral protocols like the one signed by the BRSA and the Treasury seem particular
relevant for exchange of information such as summaries of inspection reports between
supervisors while committees such as the FSC and FSEC focus on more broad issues.
EC2 Arrangements, formal or informal, are in place for cooperation, including analysis and
sharing of information, and undertaking collaborative work, with relevant foreign

TURKEY
supervisors of banks and banking groups. There is evidence that these arrangements work
in practice, where necessary.
Description and The legal basis for formal cooperation and information sharing by the BRSA with other
findings re EC2 foreign supervisory authorities is found in Article 98 of the BL.
The BRSA has signed MoUs with supervisory authorities of 34 countries. According to these
agreements supervisors commit themselves to use their best endeavors to cooperate in
routine supervisions and to notify and provide each other relevant information in a prompt
and timely manner regarding any material supervisory concerns. Discussions on MoUs are
underway with authorities of 5 additional countries.
Article 98 of the BL authorizes the BRSA to cooperate with foreign supervisory authorities
even in the absence of an MoU. In this case, eventual requests from foreign authorities are
subject to BRSB’s approval considering the principle of reciprocity.
The BRSA conducts on-site inspections in foreign jurisdictions in which Turkish banks and
their subsidiaries operate and foreign supervisors conduct inspections in Turkey on the
basis of reciprocity. When BRSA supervisors conduct on-site examination of banks in a
foreign jurisdiction, findings are always shared with foreign supervisory authorities through
official correspondence or meetings.
Turkish supervisors also participate in supervisory colleges in foreign jurisdictions upon

invitation. The BRSA, as a host supervisor authority, is an observer in some supervisory
colleges of the global banks which also operate in Turkey.
There is evidence of collaborative work. Refer to CP 13 for additional discussion.
EC3 The supervisor may provide confidential information to another domestic authority or
foreign supervisor but must take reasonable steps to determine that any confidential
information so released will be used only for bank-specific or system-wide supervisory
purposes and will be treated as confidential by the receiving party.
Description and The framework for the protection of confidential information is established in the article 73
findings re EC3 of the BL that lays down the restrictions not only for domestic authorities but also foreign
supervisors. In essence all data obtained by the BRSA by virtue of its supervisory activity are
covered by professional secrecy.
Nevertheless, the BL establishes several working arrangements that allow the exchange of
information with other domestic and foreign authorities as long as the principle of
confidentiality is appropriately maintained (see EC1 and EC2 above). The BRSA requires
other supervisors to commit themselves to protect the information, including signing
memorandums of understanding with specific confidentiality clauses. According to the BL,
the agency does not share confidential information if it has any reason to believe that the
counterparties will not maintain the confidentiality. The BL also forbids the BRSA to share
confidential information with anyone who is not authorized by the BL or may use the
information for own benefit

TURKEY
EC4 The supervisor receiving confidential information from other supervisors uses the
confidential information for bank-specific or system-wide supervisory purposes only. The
supervisor does not disclose confidential information received to third parties without the
permission of the supervisor providing the information and is able to deny any demand
(other than a court order or mandate from a legislative body) for confidential information in
its possession. In the event that the supervisor is legally compelled to disclose confidential
information it has received from another supervisor, the supervisor promptly notifies the
originating supervisor, indicating what information it is compelled to release and the
circumstances surrounding the release. Where consent to passing on confidential
information is not given, the supervisor uses all reasonable means to resist such a demand
or protect the confidentiality of the information.
Description and According to the article 73 of the BL, the BRSB is responsible for keeping the confidentiality
findings re EC4 of information and documents obtained within or outside the scope of MoUs. Confidential
information and documents obtained by the Agency may be used for the purposes of
licensing, supervision, monitoring compliance with legislation and for administrative
lawsuits filed against the decisions of the Board. The confidential information and
documents obtained by the BRSA cannot be disclosed to any person or entity, other than
the public prosecutors and criminal courts if and when needed in the course of criminal
proceedings and prosecutions.
Additionally, protocols on information exchange that the BRSA has signed with other
domestic authorities contain provisions establishing the confidentiality clauses of the BL. As
explained in EC3, all data obtained by the BRSA by virtue of its supervisory activity are
covered by professional secrecy.
MoUs with foreign authorities contain clauses stating that the provided information is
subject to confidentiality and should be used only for supervisory purposes. These clauses
also establish that when the supervisor is legally compelled to disclose confidential
information it has received from another supervisor, the supervisor promptly notifies the
originating supervisor.
EC5 Processes are in place for the supervisor to support resolution authorities (e.g., central
banks and finance ministries as appropriate) to undertake recovery and resolution planning
and actions.
Description and The Turkish resolution authority for credit institutions, including the branches and
findings re EC5 subsidiaries of foreign banks established in Turkey, participation banks (“Islamic banks”) and
financial holding companies is the SDIF. The role of the BRSA in the resolution process is to
initiate the resolution and decide on the transfer of a failed bank to the SDIF either by
revoking its operating license or by transferring its management and control as defined in
the article 71 of the BL. As described in EC1, the CC created by the BL ensures coordination
between the two authorities on bank resolution.
Following the notification of the BRSA that a bank is asked to take corrective, rehabilitative,
or restrictive measures the SDIF develops a bank-specific Resolution Action Plan. The

TURKEY
Resolution Action Plan includes alternative bank-specific resolution plans, a verification

process for determining the amount of insured deposits to be covered and plans for the
rapid deployment of the personnel for the purpose of safeguarding the information
technology (IT) systems and data of the bank.
However, there is no framework for ex ante recovery and resolution planning in Turkey. The
BRSA and the SDIF have formed a joint working group that is currently in the process of
developing policy proposals and necessary amendments to the legislation.
Assessment of Compliant
Principle 3
Comments Legal provisions as well as operational frameworks for cooperation and collaboration with
domestic and foreign authorities are in place. Protections on confidentiality appear
appropriate. Regarding the lack of processes for recovery and resolution planning, the
assessors do not see their absence as reflecting a lack of collaboration between authorities.
See also CP9.
Principle 4 Permissible activities. The permissible activities of institutions that are licensed and subject
to supervision as banks are clearly defined and the use of the word “bank” in names is
controlled.
Essential criteria
EC1 The term “bank” is clearly defined in laws or regulations.
Description and The term “bank” is defined in the BL Article 3 as deposit banks, participation banks and
findings re EC1 development and investment banks.
Deposit banks are defined as the institutions operating primarily for the purpose of
accepting deposit and granting loan in their own names and for their own accounts.
Participation banks are those operating primarily for the purposes of collecting fund through
special current accounts and participation accounts and granting loan. Finally, development
and investment banks are those operating primarily for the purposes of granting loan or to
fulfill the duties assigned by their special laws, other than accepting deposit or participation
funds.
EC2 The permissible activities of institutions that are licensed and subject to supervision as
banks are clearly defined either by supervisors, or in laws or regulations.
Description and The BL defines the activities that banks are permitted to perform and prohibited to carry
findings re EC2 out.
According to article 4, banks may perform a broad range of activities including accepting
deposits or participation funds, granting loans, either cash or non-cash, carrying out any
type of payment and collection transactions, including cash and deposit payment and fund
transfer transactions, correspondent bank transactions, or use of check accounts,
purchasing transactions of commercial bills, safe-keeping services, issuing payment
instruments such as credit cards, carrying out foreign exchange transactions, trading of

TURKEY
money market instruments, trading of precious metals and stones, trading and
intermediation of forward, future and option contracts, purchase and sale of capital market
instruments and repurchasing or re-sale commitments, intermediation for issuance or
public offering of capital market instruments, transactions for trading previously issued
capital market instruments for intermediation purposes, guarantee transactions like
undertaking guarantees and other liabilities in favor of other persons, investment
counseling services, portfolio operation and management, primary market dealing for
purchase-sales transactions, factoring, financial leasing services, insurance agency and
individual private pension fund services.
The BL also allows banks to perform “other activities to be determined by the Board”. The
BRSA has explained that these activities are mostly on advisory services and operational
support, particularly for subsidiaries. Banks’ requests to perform other activities are
analyzed according to the supervisory opinion on the specific case and principles settled by
the BRSB.
EC3 The use of the word “bank” and any derivations such as “banking” in a name, including
domain names, is limited to licensed and supervised institutions in all circumstances where
the general public might otherwise be misled.
Description and According to the article 150 of the BL legal persons who do not have a license are
findings re EC3 prohibited to use the business title of a bank in notices, advertisements and public
statements. It is also prohibited to use other words and expressions which could create the
impression that they were accepting deposits or participation funds or acting as a bank.
Penalties for the breach of these rules are imprisonment and judicial fines for real persons
and close of the business places where the offense is committed.
EC4 The taking of deposits from the public is reserved for institutions that are licensed and
subject to supervision as banks.10
Description and Art. 60 of the BL establishes that only credit institutions, that are supervised by BRSA are
findings re EC4 permitted to accept deposits or participation funds. Accepting deposits without permission
of the BRSA is legally punishable.
EC5 The supervisor or licensing authority publishes or otherwise makes available a current list of
licensed banks, including branches of foreign banks, operating within its jurisdiction in a
way that is easily accessible to the public.
Description and The list of licensed banks and branches is published and updated regularly on the BRSA’s
findings re EC5 website. According to the Article 10 of the BL, the permissions granted shall be published in
the Official Gazette.
10The Committee recognizes the presence in some countries of non-banking financial institutions that take deposits
but may be regulated differently from banks. These institutions should be subject to a form of regulation
commensurate to the type and size of their business and, collectively, should not hold a significant proportion of
deposits in the financial system.

TURKEY
Principle 4
Comments The BL provides clear definitions of activities that are only permitted to be conducted by
registered banks, including taking deposits from the public.
Principle 5 Licensing criteria. The licensing authority has the power to set criteria and reject
applications for establishments that do not meet the criteria. At a minimum, the licensing
process consists of an assessment of the ownership structure and governance (including the
fitness and propriety of Board members and senior management)11 of the bank and its
wider group, and its strategic and operating plan, internal controls, risk management and
projected financial condition (including capital base). Where the proposed owner or parent
organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1 The law identifies the authority responsible for granting and withdrawing a banking license.
The licensing authority could be the banking supervisor or another competent authority. If
the licensing authority and the supervisor are not the same, the supervisor has the right to
have its views on each application considered, and its concerns addressed. In addition, the
licensing authority provides the supervisor with any information that may be material to the
supervision of the licensed bank. The supervisor imposes prudential conditions or
limitations on the newly licensed bank, where appropriate.
Description and The BL identifies the BRSA as both the licensing and supervisory authority in Turkey.
findings re EC1 According to article 6 of the BL, the establishment of a bank in Turkey or the opening up of
the first branch in Turkey by a bank established abroad needs to be approved by the BRSB.
The licensing of banks in Turkey is a two-step process that includes on-site supervisors and
several prudential conditions that needs to be fulfilled by banks. The whole process is
conducted by the BRSA. See a description in EC2.
During the last five years four banks were granted a license to operate in Turkey.
EC2 Laws or regulations give the licensing authority the power to set criteria for licensing banks.
If the criteria are not fulfilled or if the information provided is inadequate, the licensing
authority has the power to reject an application. If the licensing authority or supervisor
determines that the license was based on false information, the license can be revoked.
11 This document refers to a governance structure composed of a board and senior management. The Committee
recognizes that there are significant differences in the legislative and regulatory frameworks across countries
regarding these functions. Some countries use a two-tier board structure, where the supervisory function of the
board is performed by a separate entity known as a supervisory board, which has no executive functions. Other
countries, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these
differences, this document does not advocate a specific board structure. Consequently, in this document, the terms
“board” and “senior management” are only used as a way to refer to the oversight function and the management
function in general and should be interpreted throughout the document in accordance with the applicable law within
each jurisdiction.

TURKEY
Description and Article 7 of the BL establishes a number of conditions that needs to be fulfilled for the
findings re EC2 establishment of banks in Turkey including that:
a) It should be established as a joint stock company,

b) Members of the board of directors should meet the necessary qualifications and
professional experience,
c) Its envisaged fields of activity are in harmony with planned financial, managerial and
organizational structure,
d) Its paid-up capital, i s not be less than 30 million New Turkish Liras (BRSA announced
that the current minimum paid-up capital should not be less than 300 million USD),
e) There is a transparent and open partnership structure and organizational that will not
constitute an obstacle for the efficient supervision of the institution,
f) There is no element that hampers consolidated supervision, and
g) It submits its work plans for the envisioned fields of activity, the projections regarding the
financial structure of the institution including capital adequacy and budget plan for the
first three years and an activity program including internal control, risk management and
internal audit system.
Additionally, any bank established abroad should meet the following conditions to be
allowed to operate a branch in Turkey:
a) Its primary activities must not have been prohibited in the country where they are
headquartered,
b) The supervisory authority in the country, wherein the headquarters of the bank is located
should not have negative views regarding its operation in Turkey,
c) The paid-in capital reserved for Turkey should not be less than the amount indicated for
the establishment of banks in Turkey,
d) Members of the board of directors meets the necessary qualifications and
professional experience,
e) It must submit an activity program indicating work plans for the fields of activity
covered by the permission, the budgetary plan for the first three years as well as its
structural organization, and
f) The banking group must have a transparent partnership structure.
The BRSA assess these conditions through documents provided by the applicants. The
necessary documentation is listed in Regulation on Transactions Subject to Permission and
Indirect Shareholding (RTSPIO), Article 4.
In addition to the establishment permission, banks need to request the BRSA permission for
operation. The banks that have an establishment permission are required to meet additional
criteria including:
a) Their capital should have been paid in cash and must be at a level that enables the
execution of the planned activities,

TURKEY
b) At least one fourth of the system entrance fee, equivalent to ten percent of the
minimum capital requirements, should have been paid to the account of the deposit
insurance fund (SDIF),
c) Their activities should be in compliance with corporate governance provisions and have
the required personnel and technical infrastructure,
d) Their managers should bear the qualifications set out in the corporate governance
provisions, and
e) The Board should comment that they bear the qualifications required for executing the
activities.
The article 10 of RTSPIO provides additional information about the assessment process for
granting operating license. The conditions are assessed in on-site examinations. BRSA examines
among other issues whether the capital of the bank has been paid in cash in an arm‘s
length basis, whether it has technical equipment, hardware and adequate staff capable of
performing such operations, whether its staff in managerial positions meet fit and proper
criteria and whether necessary arrangements have been made to ensure compliance of its
operations with the principles of corporate management.
The establishment permission of a bank can be revoked by a Board decision in case of one
or more of the following conditions (BL, art. 11):
a) The permission is based on non-factual declarations,

b) Failure to apply for operating permission within nine months following the
issue of the establishment permission,
c) Clearly stating the decision to waive the establishment permission,
d) Losing the eligibility qualifications for permission until commencement of operation,
e) Failure to obtain the operating permission,
f) Voluntary waiver from the whole activities allowed for banks,
g) Completion of bank merger and acquisition transactions, and
h) Completion of liquidation or bankruptcy proceedings under Article 106 of this Law.
The BRSB can also revoke the operating permissions of banks in case the Agency
determines, as a result of supervision, that appropriate conditions have not been fulfilled
(see CP1, EC 6 for discussion).
During the last five years one licensed was surrender. None have been revoked.
EC3 The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and As described in EC 2, the BL provides criteria for authorization and registration that are
findings re EC3 consistent with those applied for ongoing supervision.
EC4 The licensing authority determines that the proposed legal, managerial, operational and
ownership structures of the bank and its wider group will not hinder effective supervision
on both a solo and a consolidated basis.12 The licensing authority also determines, where
12 Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January 2003.)

TURKEY
appropriate, that these structures will not hinder effective implementation of corrective
measures in the future.
Description and Among the criteria imposed by the BL for the establishment of banks it is set out that the
findings re EC4 ownership structure required does not hamper effective supervision on both a solo and a
consolidated level. There are also criteria for clear ownership structures that do not hinder
the implementation of corrective measures (see EC2 above for details).
EC5 The licensing authority identifies and determines the suitability of the bank’s major
shareholders, including the ultimate beneficial owners, and others that may exert significant
influence. It also assesses the transparency of the ownership structure, the sources of initial
capital and the ability of shareholders to provide additional financial support, where
needed.
Description and The BL (article 8) establishes criteria for bank’s founders and natural person shareholder of
findings re EC5 the legal person founder with qualified shares of banks. These criteria include:
a) not have been declared bankrupt;

b) not have qualified shares or not hold control in banks that have been subjected to
restrictive measures;
c) not have qualified shares or not hold control in banks subjected to liquidation, in
development and investment banks whose operating permissions have been revoked,
or in credit institutions whose shareholder rights have been transferred to the SDIF;
d) have not been sentenced to heavy imprisonment;
e) have necessary financial strength and reputation; and
f) have the honesty and competence required for the business.
The BL also demands that, in case of legal person and banks established abroad,
partnership structure should be open and transparent.
In order to assess the above mention criteria, the BRSA (RTSPIO Art. 4) demands a series of
documents such as tables showing the shareholding structure of legal entity founders until
their natural partners, lists showing shareholder eventual privileged shares, legal documents
stating that qualified shareholders have not been declared bankruptcy, criminal records of
qualified shareholders, reports on the financial status of qualified shareholders and
commitments to declare the source of capital.
The enforcement department of the BRSA analyses all the documents following internal
manuals that list topics that should be considered, including when assessing financial
strength of the shareholders.
In terms of initial capital, according to Article 7of RTSPIO, the Agency examines whether the
capital of the bank applying for operating permission has been paid in cash in a manner
free of any fictitious transactions and whether it is in an appropriate level. The initial capital
of the bank that is transferred to the bank accounts is checked by on-site supervisors that
also assess whether the amount of capital is sufficient to fulfill the planned activities.
EC6 A minimum initial capital amount is stipulated for all banks.

TURKEY
Description and BRSA has stipulated a minimum capital amount of 300 million USD for all banks (see EC2
findings re EC6 above).
EC7 The licensing authority, at authorization, evaluates the bank’s proposed Board members
and senior management as to expertise and integrity (fit and proper test), and any potential
for conflicts of interest. The fit and proper criteria include: (i) skills and experience in
relevant financial operations commensurate with the intended activities of the bank; and
(ii) no record of criminal activities or adverse regulatory judgments that make a person unfit
to uphold important positions in a bank.13 The licensing authority determines whether the
bank’s Board has collective sound knowledge of the material activities the bank intends to
pursue, and the associated risks.
Description and As described in EC2 the conditions for the establishment of banks in Turkey includes fit and
findings re EC7 proper criteria for board members. The BL establishes that the majority of the board of
directors should meet the qualifications for general manager that includes: not have been
declared bankrupt, have not been sentenced to heavy imprisonment or convicted of serious
crimes, have at least undergraduate degrees in suitable disciplines and have at least ten
years of professional experience in the field of banking or business administration.
The Deputy general managers must have at least seven years of professional experience
and at least two thirds of them must have at least undergraduate degree in suitable
disciplines. Even if employed with different position titles, other executives whose authority
and duties are comparable to a deputy general manager or who occupy higher executive
positions are subject to the provisions pertaining to deputy general managers.
The suitability criterion is evaluated through documents attesting the educational and
professional background. The documentation that should be provided to the BRSA is
specified in regulation (RSMOD). Apart from educational and professional background, the
BRSA also checks if there is no record of criminal activities or adverse regulatory judgments
that make a person unfit to uphold managerial positions in a bank.
The BRSA does not impose requirements and does not assess if the board of the bank has a
collective sound knowledge of the material activities the bank intends to pursue.
EC8 The licensing authority reviews the proposed strategic and operating plans of the bank. This
includes determining that an appropriate system of corporate governance, risk
management and internal controls, including those related to the detection and prevention
of criminal activities, as well as the oversight of proposed outsourced functions, will be in
place. The operational structure is required to reflect the scope and degree of sophistication
of the proposed activities of the bank.14
Description and As noted in EC2, the criteria for the establishment of banks in Turkey include the harmony
findings re EC8 of the envisaged activities with planned financial, managerial and organizational structure.

14 Please refer to Principle 29.

TURKEY
The BL also demands the applicant bank to submit to the BRSA the work plans for the
envisioned fields of activity, the projections regarding the financial structure of the
institution including capital adequacy, the budgetary plan for the first three years and an
activity program including internal control, risk management and internal audit system.
The RTSPIO demands applicants to send “an operational program, which analyzes benefits
expected from establishment of the bank, indicates operations to be carried out and
operational plans containing methods of achieving internal supervision, internal control and
risk management and incorporates the financial structure of the organization in a manner
also containing the capital adequacy of the relevant projections, thereof.“
The projections and operational program of the proposed bank is assessed and reviewed
with comparison to existing banks in Turkish banking sector that engages in similar
activities and have a similar structure. Internal manuals guide the process listing issues that
should be considered by supervisors. Compliance with corporate governance regulations,
including risk management and internal control systems and IT systems are assessed in on-
site supervision before the operating permission is granted.
EC9 The licensing authority reviews pro forma financial statements and projections of the
proposed bank. This includes an assessment of the adequacy of the financial strength to
support the proposed strategic plan as well as financial information on the principal
shareholders of the bank.
Description and The BL demands the founders of banks to have the necessary financial strength and
findings re EC9 reputation. These criteria and financial projections of the proposed bank are assessed by
the BRSA during the licensing process (please also refer to EC 2 for details).
EC10 In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the
host supervisor establishes that no objection (or a statement of no objection) from the
home supervisor has been received. For cross-border banking operations in its country, the
host supervisor determines whether the home supervisor practices global consolidated
supervision.
Description and The criteria for the establishment of foreign banks in Turkey includes that the bank primary
findings re EC10 activities must not have been prohibited in the country where they are headquartered and
that the home supervisor do not have negative views regarding its operation in Turkey. In
order to assess these requirements, the BRSA requires a “no objection letter” from the
home supervisor (RTSPIO). Nevertheless, there is no determination that the home
supervisor practices global consolidated supervision.
EC11 The licensing authority or supervisor has policies and processes to monitor the progress of
new entrants in meeting their business and strategic goals, and to determine that
supervisory requirements outlined in the license approval are being met.
Description and During the license approval process, banks are instructed on issues that need improvements
findings re EC11 and eventual recommendations to correct deficiencies are shared with on-site supervisors
who are responsible for following them up. As explained in EC2, licensing is a two-step

TURKEY
process. The period between the establishment permission and the operation permission is
a monitoring phase with a special focus on governance and operational requirements.
Once the bank starts operating, supervision procedures follow the ones applicable to all
banks. These procedures include assessing the actual performance of banks in relation to
their business plans.
Assessment of Largely Compliant

Principle 5
Comments Provisions in the laws and regulations related to licensing and the process followed by the
BRSA provide a comprehensive framework to assess the adequacy of new registrations for
banks, including foreign bank branches. The BRSA seems to have a broadly sound process
to assess applications in practice. However, in order to maintain a licensing process fully
compliant with the principle, the BRSA needs to additionally: i) impose requirements and
assess if the bank’s board has a collectively sound knowledge of the material activities the
bank intends to pursue; and ii) for cross-border banking operations, determine whether the
home supervisor practices global consolidated supervision.
Principle 6 Transfer of significant ownership. The supervisor15 has the power to review, reject and
impose prudential conditions on any proposals to transfer significant ownership or
controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1 Laws or regulations contain clear definitions of “significant ownership” and “controlling
interest”.
Description and According to the Article 3 of the BL, “control” is defined as “the power to appoint or remove
findings re EC1 from office the decision-taking majority of members of board of directors through direct or
indirect possession of the majority of a legal entity’s capital irrespective of the requirement
of owning minimum 51 % of its capital; or by having control over the majority of the voting
right as a consequence of holding privileged shares or of agreements with other
shareholders although not owning the majority of capital”.
The concept of “Significant ownership” is referred in the BL as “qualified shares” and is

defined as “the shares that represent, directly or indirectly, 10 % or more of the capital or
voting rights of an undertaking or that yield the privilege to appoint members to board of
directors even though such rate is below 10 %”. The BL also define “dominant partner” as
“natural or legal entities that directly or indirectly, individually or jointly control an
undertaking”.
EC2 There are requirements to obtain supervisory approval or provide immediate notification of
proposed changes that would result in a change in ownership, including beneficial
15 Whilethe term “supervisor” is used throughout Principle 6, the Committee recognizes that in a few countries these
issues might be addressed by a separate licensing authority.

TURKEY
ownership, or the exercise of voting rights over a particular threshold or change in

controlling interest.
Description and The BL establish requirements for approval of changes in ownership. Article 18 of the BL
findings re EC2 requires the permission of the BRSA for:
a) Any acquisition of shares that result in the acquisition by one person directly or
indirectly of shares representing 10 % or more of the capital of a bank or if shares held
directly or indirectly by one shareholder exceed 10 %, 20 %, 33 % or 50 % percent of
the capital as a result thereof, and assignments of shares that result in shares held by
one shareholder falling below these percentages.
b) Assignment and transfer of preferential shares with the right of promoting a member
to the board of directors or audit committee or issue of new shares irrespective of
limits.
c) The transfer of shares of legal entities directly or indirectly, who own 10 % or more of
the capital of a bank, under terms and conditions of a).
Article 18 of the BL also establishes that the permission might be given on the condition
that the person who acquires the shares bears the qualifications required for the founders
(see CP5). In cases where the shares are transferred without the permission of the BRSB, the
shareholder rights of the legal entity stemming from these shares, other than dividends,
shall be exercised by the SDIF.
The documents that are required to be submitted for transfer of ownership are listed in
Article 11 of Regulation on Transactions Subject to Permission and Indirect Shareholding
(RTSPIO).
EC3 The supervisor has the power to reject any proposal for a change in significant ownership,
including beneficial ownership, or controlling interest, or prevent the exercise of voting
rights in respect of such investments to ensure that any change in significant ownership
meets criteria comparable to those used for licensing banks. If the supervisor determines
that the change in significant ownership was based on false information, the supervisor has
the power to reject, modify or reverse the change in significant ownership.
Description and The BRSA has the power to reject any proposal for a change in significant ownership,
findings re EC3 (article 18 of the BL), as each material change (according to predefined thresholds) requires
its permission (see also EC2).
According to the Article 18 of the BL, the shareholders with qualified shares who do not
bear the conditions required for founders any more shall not benefit from the shareholder
rights other than dividends. In such cases, other shareholder rights shall be exercised by
SDIF, upon the notification of BRSA. Such shareholders shall not use their preferential rights
until the rate of their direct or indirect shares in the capital fall below 10 %.
If BRSA determines that the change in significant ownership was based on false information,
according to the article 155 of BL, those persons may be sentenced to imprisonment from
one year to three years and a judicial fine which shall not be less than 1,500 days.

TURKEY
EC4 The supervisor obtains from banks, through periodic reporting or on-site examinations, the
names and holdings of all significant shareholders or those that exert controlling influence,
including the identities of beneficial owners of shares being held by nominees, custodians
and through vehicles that might be used to disguise ownership.
Description and Banks are required to submit their detailed shareholders structure on a monthly basis by
findings re EC4 means of a surveillance report. This report covers name and country of the owner, the size
of holding, share percentage, control type (qualified, preferred shares, jointly control, non-
controlling share etc.) and the way of ownership (directly owned, from public offering).
Additionally, in order to evaluate qualified legal entity shareholders’ ownership structure,
the BRSA requires one additional surveillance report semiannually.
EC5 The supervisor has the power to take appropriate action to modify, reverse or otherwise
address a change of control that has taken place without the necessary notification to or
approval from the supervisor.
Description and According to the Article 18 of the BL, transferring of shares affected without permission
findings re EC5 shall not be recorded in the book of shares. Any records made in the book of shares in
breach of the foregoing provision shall be null and void. Furthermore, article 18 also
establishes that in cases where the shares are transferred without the permission of the
Board, the shareholder rights of the legal entity stemming from these shares, other than
dividends, shall be exercised by the SDIF.
EC6 Laws or regulations or the supervisor require banks to notify the supervisor as soon as they
become aware of any material information which may negatively affect the suitability of a
major shareholder or a party that has a controlling interest.
Description and According to 11(5) of RTSPIO “The board of directors is under obligation to take actions
findings re EC6 and measures for determination of whether a prior consent of the [BRSA] Board is taken for
participants of bank general assembly meetings within the frame of obligations arising out
of Article 18 of the Law, except for third, seventh and eighth paragraphs thereof.”
The BRSA explained that in order to fulfill the determination of the RTSPIO mentioned
above as well as the determinations of article 18 of the BL, banks notify the BRSA when a
shareholder no longer meets the criteria for major shareholders.
principle 6
Comments The power given to the supervisor by laws and regulations as well as the current procedures
provide broadly sound control and oversight regarding significant ownership of a bank and
a controlling company.
Principle 7 Major acquisitions. The supervisor has the power to approve or reject (or recommend to
the responsible authority the approval or rejection of), and impose prudential conditions
on, major acquisitions or investments by a bank, against prescribed criteria, including the

TURKEY
establishment of cross-border operations, and to determine that corporate affiliations or

structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1 Laws or regulations clearly define:
a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions
and investments need prior supervisory approval; and
b) cases for which notification after the acquisition or investment is sufficient. Such cases
are primarily activities closely related to banking and where the investment is small
relative to the bank’s capital.
Description and Turkish laws and regulations require that all banks investments, with the exception of banks
findings re EC1 trading operations, need supervisory approval.
Cross border investments of banks require the BRSA approval according to the article 14 of
the BL and article 9 of RTSPIO. In order to be allowed to make a cross border investment,
banks’ practices should be in line with corporate governance and safeguarding provisions
of the BL. Furthermore, there should be no obstacles in gathering information and
executing supervision on the cross border company.
Previous permission for participating or establishing a domestic partnership is required by

the article 8 of the RTSPIO. Additionally, article 57 of the BL prohibits banks to invest in
entities whose main field of activity is property trading, except for mortgage financing
institutions and real estate investment trusts.
The mentioned provisions of RTSPIO are not applied on investments made on shares for
trading purposes, or on acquisition of shares solely for collection and recovery of
receivables, or on participation in capital increases of partnerships.
Finally, article 56 of the BL limits the acquisition of shares by banks at undertakings other
than credit institutions and financial institutions at an amount of 15% of its own funds, and
the total amount of its shares in these undertakings shall not be more than 60 % of its own
funds. Any investment in excess of the above limits is deducted from bank’s equity for
capital adequacy purposes.
EC2 Laws or regulations provide criteria by which to judge individual proposals
Description and The regulatory framework determines that the investment of banks domestically and
findings re EC2 abroad needs to comply with corporate governance and protective provisions.
According to article 14 of the BL, banks established in Turkey may open branches or
representative offices abroad, including off-shore banking regions, set up undertakings or
participate in existing undertakings on the condition that they comply with the corporate
governance and protective provisions, such as capital and liquidity adequacy or large
exposures limits (article 43, 44, 45, 46, 54, 57 of BL).
According to the article 8 of RTSPIO, banks established in Turkey may set up undertakings
or participate in existing undertakings at home as long as they comply with the corporate

TURKEY
governance and protective provisions, such as capital and liquidity adequacy or large
exposures limits (article 43, 44, 45, 46, 54, 57 of BL) and the principles established by BRSB.
The permission to allow the investments is decided by the BRSA board.
Article 9 of RTSPIO requires banks planning to invest in or establish foreign entities to

submit to the BRSA a detailed feasibility study indicating sums of funds necessary, an
analysis of costs and benefits concerning the proposed activity, estimated balance sheets,
cash flows and profit/loss schedules which set forth targets for three years from foundation.
The assessors could see examples showing that in practice the application of articles 8 and
9 of RTSPIO require the applicant banks to be compliant with management, internal
systems, financial reporting and prudential requirements such as capital adequacy, liquidity,
asset quality, provisioning and large exposures limits as stipulated in the BL and regulations.
The BRSA also verifies that there should be no obstacles in gathering information and
conducting supervision of the cross border company. If needed, the BRSA may require an
MoU with the host supervisory authority.
EC3 Consistent with the licensing requirements, among the objective criteria that the supervisor
uses, is that any new acquisitions and investments do not expose the bank to undue risks or
hinder effective supervision. The supervisor also determines, where appropriate, that these
new acquisitions and investments will not hinder effective implementation of corrective
measures in the future.16 The supervisor can prohibit banks from making major
acquisitions/investments (including the establishment of cross-border banking operations)
in countries with laws or regulations prohibiting information flows deemed necessary for
adequate consolidated supervision. The supervisor takes into consideration the
effectiveness of supervision in the host country and its own ability to exercise supervision
on a consolidated basis.
Description and The BRSA analyses, as part of the approval process, the risks posed by new acquisitions and
findings re EC3 investments to the banking group. The analysis is performed mainly by the evaluation of a
detailed feasibility study submitted by banks. Compliance with prudential measures such as
capital and liquidity adequacy is also verified. Please also refer to EC2.
Powers attributed to the BRSA by the BL allows effective supervision of domestic

undertakings (see CP 1 and 12 for discussion). Consistent with the licensing criteria,
according to Article 9 of RTSPIO, there should be no obstacles in gathering information and
conducting supervision of the cross border company and, where necessary, the BRSA may
require an MoU with the host supervisory authority. Nevertheless, there is no explicit
consideration about the effectiveness of supervision in the host countries.
EC4 The supervisor determines that the bank has, from the outset, adequate financial,
managerial and organizational resources to handle the acquisition/investment.
16In the case of major acquisitions, this determination may take into account whether the acquisition or investment
creates obstacles to the orderly resolution of the bank.

TURKEY
Description and Based on the laws and regulations explained in EC 2, banks are required to submit a
findings re EC4 detailed feasibility study indicating necessary resources, costs and benefits analysis of the
proposed activity, estimated balance sheets and cash flows and profit/loss estimates for the
following three years from foundation. The BRSA evaluates the submitted study during the
process of granting permission. The regulation (RTSPIO) is explicit about the required study
only for cross border investments, but the assessors also observed examples where
domestic investments were analyzed in similar terms. Additionally, Article 8/7 of RTSPIO
requires banks to submit a report explaining the reasoning behind the proposed domestic
investment.
EC5 The supervisor is aware of the risks that non-banking activities can pose to a banking group
and has the means to take action to mitigate those risks. The supervisor considers the
ability of the bank to manage these risks prior to permitting investment in non-banking
activities.
Description and The assessment of the risks that non-banking activities can pose to a banking group is
findings re EC5 mostly assessed in the CAMELS rating process (see CP8). The process involves the
assessment of many topics, including the risk that subsidiaries and other entities of the
group may represent to the bank. The Internal Capital Adequacy Assessment Process of
Banks (ICAAP) and its revision by the supervisor also address risks from non-banking
activities. The opinion formulated on these assessments is reflected in the decision to
permit banks to invest in non-banking activities.
Finally, the BL sets limit for investing in non-financial activities. According to article 56 of BL,
a bank shall not acquire shares in entities other than credit institutions and financial
institutions in excess of 15 % of its own funds, and the total amount of such investments
shall not be more than 60 %of its own funds. Any investment in excess of the above limits
reduce bank’s equity for capital adequacy purposes.
AC1 The supervisor reviews major acquisitions or investments by other entities in the banking
group to determine that these do not expose the bank to any undue risks or hinder
effective supervision. The supervisor also determines, where appropriate, that these new
acquisitions and investments will not hinder effective implementation of corrective
measures in the future.17 Where necessary, the supervisor is able to effectively address the
risks to the bank arising from such acquisitions or investments.
Description and
findings re AC1
Principle 7
Comments The regulatory framework subjects major acquisitions and investments by banks and
controlling companies to prior approval by the BRSA. The BRSA also has well established
supervisory practices to limit and monitor risks arising from such activities. Going forward,
17 Please refer to Footnote 33 under Principle 7, Essential Criterion 3

TURKEY
supervisors should consider more extensively and formally the effectiveness of supervision
in host countries.
Principle 8 Supervisory approach. An effective system of banking supervision requires the supervisor
to develop and maintain a forward-looking assessment of the risk profile of individual
banks and banking groups, proportionate to their systemic importance; identify, assess and
address risks emanating from banks and the banking system as a whole; have a framework
in place for early intervention; and have plans in place, in partnership with other relevant
authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1 The supervisor uses a methodology for determining and assessing on an ongoing basis the
nature, impact and scope of the risks:
a) which banks or banking groups are exposed to, including risks posed by entities in the
wider group; and
b) which banks or banking groups present to the safety and soundness of the banking
system
The methodology addresses, among other things, the business focus, group structure, risk
profile, internal control environment and the resolvability of banks, and permits relevant
comparisons between banks. The frequency and intensity of supervision of banks and
banking groups reflect the outcome of this analysis.
Description and The supervisory approach of the BRSA is defined in the RAA as a dynamic risk-focused (RFS)
findings re EC1 one that aims to ensure efficiency, continue adequacy of supervision and efficient allocation
of supervisory resources. The approach proposes to shape supervision form, scope, time,
content and intensity based on the risk profile and adequacy of internal controls and risk
management systems of each institution.
The BRSA’s methodology for ongoing supervision of banks, established in the Supervisory
Manual on Banking Supervision Process (SMBSP) is organized in supervisory cycles that last
one year.
Main Players
Three different departments play major roles in the supervisory cycle:
- The audit departments are responsible for on-site inspections. That includes special
inspections, complementary inspections and the Camels rating system (see below).
- The off-site department analyzes various indicators related to bank’s financial

performance in different periods and prepares periodical reports on issues of concern. The
analysis made by the off-site team aims to provide feedback and early warning mechanism
for emerging risks for on-site inspections.
- The enforcement department is responsible for the formal communication between banks
and the BRSA in relation to corrective measures. Findings of the audit and off-site

TURKEY
department are analyzed by the enforcement department that proposes supervisory actions
to the BRSB or another competent authority within the BRSA.
Planning
The first phase of the cycle is the strategic planning. Based on previous accumulated
knowledge this phase sets a high level plan for on-site inspections, listing the banks that
will be assessed and broadly allocating the personal for each activity. The plan is elaborated
by the heads of the audit departments and is approved by the chairman.
One of the main inputs of the planning phase is the risk profile of the bank, represented by
its supervisory rating and its systemic importance. More specifically, the SMBSP determines
that the minimum frequency of inspections depends on:
- The sector share (SS) of bank’s total risk weighted exposure amount,
- Bank’s final rating which is assigned by the supervision team at the end of the supervision
process. (10 is the worst, 1 is the best rating)
Banks are mapped into three different categories, “red”, “yellow” and “green”, based on the
above indicators and the following matrix:
Category of Banks Final Rating
10,9,8,7,6 4,5 3,2,1
SS≥3 Red Red Yellow

Sector Share
3>SS≥0,5 Red Yellow Green
0,5>SS Yellow Green Green
Banks in the “red” category are examined on-site annually, banks in the “yellow” category
are examined at least once every two years and the banks in “green” category are examined
at least once every three years. The BRSA explained that even though the rule would allow
some of the largest banks to be assessed every other year, in practice they are examined
annually due to its systemic importance.
Identification of Risk Areas (IRA)
Banks selected to be assessed on-site are subject to the IRA phase of the supervisory cycle.
The IRA aims to provide a snapshot of the risks of different areas of the bank. This phase is
meant to be a short initial assessment based mainly on previous available information,
including the latest risk matrix and profile, CAMELS rating, internal capital adequacy
assessment process (ICAAP) report, special and complementary inspections and off-site
reports. The IRA produces an initial opinion about the riskiness of different areas of the
bank and a supervision plan identifying the specific areas that are going to be subject to
special inspections. Camels rating assessment is performed in all other areas.
Special Inspections (SI)

TURKEY
Special Inspections (SI), as described in the Supervisory Manual on Special Inspections

Report, are detailed on-site inspections meant to assess risks and quality of management in
a particular area under inspection. SI are meant to reveal problems that have the potential
to affect the financial soundness of the bank and identify measures that should be required
from banks to resolve eventual problems and mitigate risks. The number of Special
Inspections conducted in 2014 and 2015 were 61 and 44 respectively. Among these 105 SI,
there were 70 SI conducted on loan portfolios in 27 different banks.
SIs are deep evaluations performed in three levels. The first level checks the adequacy of
internal evaluations made by banks aiming to determine whether or not the bank manages
well its activities and risks arising from those activities. The second level contrasts banks
practices with BRSA best practice guidelines and finally, the last level examine specific
transactions and operations through sampling methodology looking for potential issues
that might affect the financial soundness of the bank.
SIs may have different themes, for instance, specific credit portfolios, business model and
profitability, information systems, liquidity management and derivatives among others.
CAMELS rating and risk profile
The CAMELS rating phase of the supervisory cycle is conducted by analyses of the financial
soundness of the bank and the assessment of the efficiency of the bank's general risk
profile, risk management and internal control and internal audit systems. The analyses is
guided by a series of almost five hundred questions, contained in the Annex of the General
Assessment Report (GAR), that supervisors are required to answer using as inputs the IRA
evaluation, SI and ICAAP reports, banks data and discussion with bank managers. Relevant
information is scanned and included in system in order to substantiate the response to the
questions. The results of this phase are a financial structure and rating report, risk matrix,
risk profile and their view of the ICAAP report submitted by banks.
Complementary analyses.
Once the SI and rating processes are completed, the BRSA executes a series of additional
on-site inspections that usually have a stronger compliance nature. These inspections cover
issues such as legal concerns, policies and processes on anti-money laundering and
combating the financing of terrorism (AML/CFT) and follow up on supervisory findings and
consumer complaints. Also see CP 29 to discussion on AML/CFT inspections.
Additionally, supervision teams may also perform thematic reviews considering

developments and trends in the banking sector or significant specific changes to the
operation of the bank.
Banks not been assessed on-site
Banks within “yellow” and “green” categories, that are not been assessed on-site in one
particular year (e.g., have not been submitted to IRA, SI, rating and complementary
inspections) should be assessed by the supervision teams of the audit department at least
every six month (green category) or quarterly (yellow) through off-site reports including

TURKEY
"Monthly Report of Follow-Up of Compliance with Legal Limits", "Monthly Report of Ratios
Follow-Up" and "Monthly Report". The SMBSP manual requests that the evaluations shall
not be limited to the mentioned surveillance reports but also take into account the effects
of current macroeconomic developments on the financial soundness of the bank, as well as
the changes in shareholder structure and similar issues.
Off-site supervision
During the whole process, on-site supervision teams from the audit department have access
to off-site reports regarding banks and other financial companies on a solo and
consolidated basis. These reports include stress test and various prudential ratios of the
bank and its peers. Additionally, during on-site inspections, supervisors have easy access to
comprehensive databases with information of banks and its groups. See CP 10 for
additional information.
Furthermore, within the scope of the off-site supervision function, the BRSA monitors
individual banks and the banking sector as a whole, evaluates potential risks and informs
on-site teams and upper management about present or emerging vulnerabilities. Bank
surveillance reports, periodic and non-periodic thematic reports, stress tests and banking
sector presentations are the main outputs of off-site supervision (also refer to CP 9).
Practice
The assessors reviewed examples of inputs, working papers and outputs of the different
phases of the supervisory cycle. The review suggested that the practical implementation of
the supervisory manuals face challenges that might hinder the quality of the process and its
products. One of the shortcomings is an excessive compliance nature of the inspections.
Although the declared goal of all the different inspections is to evaluate the risks faced by
the bank, in practice the inspections appear to focus extensively on establishing compliance
with the different regulations. The inspections seem to fall short of developing a clear view
on the risks faced and posed by the bank and particularly important on the potential need
for broader and more forceful supervisory action. To support this process, supervisors need
to establish and highlight the implications of the findings of specific inspections for the
broader risk assessment of the bank, which frequently does not seem to be the case.
Another point that needs to be considered is the strength and weaknesses of the CAMELS
rating process. The process is comprehensive and requires supervisors to collect a large set
of information to be able to provide answers on almost five hundred different criteria.
Nevertheless, it is important to recognize that, by its own nature, the analyses executed by
the supervisor during the rating process cannot be as deep and comprehensive as the ones
performed, for example, during special inspections. The relatively limited nature of the
ratings is expected and is not necessarily a problem if supervisors frequently take more
detailed approaches to inspect the bank. It is not enough to inspect a number of issues only
during the ratings process. BRSA should not take excessive comfort from the fact that some
issues are analyzed during this phase. From time to time, the scope of special inspections

TURKEY
needs to encompass issues that currently seem to be addressed only during the ratings
phase.
Regarding banks that have not been selected to be inspected in one particular year, it was
not possible to verify what kind of supervisory attention is given to them due to the fact
that the supervisors’ analyses of off-site reports, do not typically deliver a formal
assessment. Nevertheless, the possibility embedded in the current methodology of leaving
some banks without a structured supervisory assessment for up to three years seems
inadequate.
Finally, the BRSA has not started to assess the resolvability of banks.
EC2 The supervisor has processes to understand the risk profile of banks and banking groups
and employs a well-defined methodology to establish a forward-looking view of the profile.
The nature of the supervisory work on each bank is based on the results of this analysis.
Description and As described in EC 1 and in the Supervisory Manual on Banking Supervision Process
findings re EC2 (SMBSP), the BRSA has a process to understand the risk profile of the banks. Different
phases of the supervisory cycle aim to deepen the understanding of the banks risks. From
the initial IRA until the Camels rating, the results of the previous phases are used to guide
the work that is done subsequently.
The criteria for risk assessment are well established in the Supervisory Manual on Risk
Assessment Criteria (SMRAC). The final products of the supervisory cycle, particularly the
risk matrix and risk profile aims to show the risk types and levels which the banks are
exposed to.
The most important forward looking element of the methodology is the ICAAP assessment
that involves capital projections, by banks, for the following three years under different
economic scenario. Nevertheless, the revision of supervisors’ working papers and discussion
with banks suggested that the process still is in a learning phase. The quality of banks
reports and the scrutiny of the reports by supervisors need to develop further before the
results can be more extensively used.
Furthermore, as part of the off-site supervision efforts, the BRSA performs top-down stress
testing analyses (please refer to CP9). The methodology could provide an important
forward looking tool to deepen the assessment of the risk profile of banks and drive
supervisory action but the assessors saw little evidence of its use currently during the banks’
assessment process.
Finally, the CAMELS rating system and the matrix used to summarize the risk profile of the
banks does not have an explicit forward looking component that provides an indication of
future trends in the soundness of the bank.
EC3 The supervisor assesses banks’ and banking groups’ compliance with prudential regulations
and other legal requirements.

TURKEY
Description and The BL provides an appropriate framework for the BRSA to conduct compliance inspection
findings re EC3 in banks as part of its regular inspection activities. These inspections include compliance
with the BL, sub-regulations issued by the BRSA and other regulations applied to banks,
including anti-money laundering.
The BRSA utilizes a number of tools to assess compliance of banks and banking groups with
prudential and other requirements. As described in EC1, on-site supervisors conduct several
compliance inspections during the complementary analysis phase of the supervisory cycle.
Additionally, the rating process also involves the analysis of banks compliance with
regulation and prescribed best practices.
Finally, the off-site department generates monthly reports to confirm banks’ consolidated
and non-consolidated compliance with prudential regulations and other legal requirements.
There is an off-site reporting template supporting a legal requirements check list. When a
breach is detected, the BRSA takes necessary actions including demand the correction and
applying penalties.
EC4 The supervisor takes the macroeconomic environment into account in its risk assessment of
banks and banking groups. The supervisor also takes into account cross-sectoral
developments, for example in non-bank financial institutions, through frequent contact with
their regulators.
Description and The BRSA develops macroeconomic analysis that includes local and global conditions that
findings re EC4 might affect the banking system. These analyses are inputs for bank inspections.
According to Supervisory Manual for Identifying Risky Areas and Supervision Planning
(SMIRASP), inspection teams are expected to examine the diversity and scope of the bank's
activities and products, risk appetite, place in the sector, growth plan and strategies. They
are also expected to understand the corporate culture of the bank and to have an opinion
about the bank's financial soundness and risk profile on a consolidated basis. While forming
this opinion, the latest developments affecting all the institutions belonging to the group
and its major shareholders, including non-bank activities, should be considered in
conjunction with the latest trends and general macroeconomic conditions.
As part of the off-site monitoring function, the BRSA develops reports regarding the banks’
derivative transactions, CDS spreads, equity prices, that are used by supervision staff and
senior management. Depending on market developments and risk factors, specific analysis
and reports are also prepared.
The macroeconomic environment is also considered in stress testing studies. Top down
macro stress testing studies employ a baseline and an adverse scenario and try to estimate
how banks and the industry will be affected within a two years’ time frame. Macro variables
such as GDP growth, FX rates, interest rates and unemployment rates in alternative
scenarios are modeled and related with banks financial structure in terms of credit risk,
interest rate risk, exchange rate risk and contagion risk. These analyses help to take account
of the macroeconomic environment in both bank supervision and systemic risk analysis.

TURKEY
Regarding cross-sectoral developments, the rating process includes a section called

consolidated supervision containing questions that aims to evaluate relationship among the
bank and other financial and non-financial entities of the group. Additionally, some specific
reports are prepared by off-site supervision in order to assess the banking sector as a
whole. As mentioned in EC1, the rating process analyses are limited by its own nature.
BRSA also participates in a number of committees and working arrangements that allow the
collaboration among different financial market supervisors (see CP 1 and 3 for details). In
particular, BRSA, Treasury and CMB meet annually to share their findings and concerns and
coordinate the supervision efforts toward insurance firms, investment firms, pension fund
firms and others which are affiliated with banks.
EC5 The supervisor, in conjunction with other relevant authorities, identifies monitors and
assesses the build-up of risks, trends and concentrations within and across the banking
system as a whole. This includes, among other things, banks’ problem assets and sources of
liquidity (such as domestic and foreign currency funding conditions, and costs). The
supervisor incorporates this analysis into its assessment of banks and banking groups and
addresses proactively any serious threat to the stability of the banking system. The
supervisor communicates any significant trends or emerging risks identified to banks and to
other relevant authorities with responsibilities for financial system stability.
Description and The BRSA requires banks to submit information on a number of issues and converts them in
findings re EC5 a meaningful database for analyzing the financial system. Concentrations and trends are
monitored through reports generated from this database.
The BRSA off-site supervision function monitors and assesses asset quality, profitability,
capital adequacy and liquidity of the individual banks and banking system as a whole by
means of periodic reports such as: Bank Surveillance Reports, Weekly Banking Sector
Report, Potential Non-Performing Loans Report, Monthly Key Indicators Report, Banking
Sector Outlook, Stress Test Report, Country Risk Report, Credit Bureau Individual Credit
Rating Results Report, etc.
In addition to periodic reports, ad-hoc analysis about emerging risks and tendencies facing
the banking sector are also prepared. It was mention, as an example, that because of the
size of the open positions of the corporations, FX lending was a potential emerging risk
factor for the sector. In the second half of 2015 a survey was conducted on FX loans which
covered 2,527 biggest firms (71 % of total FX loans) and gathered information about FX
assets, liabilities, income generation capacity and derivatives for hedging FX risks.
BRSA findings are discussed in a number of committees with other authorities. Particularly
relevant are the FSC and FSEC. See CP 1 and 3 for additional information.
EC6 Drawing on information provided by the bank and other national supervisors, the
supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability
where appropriate, having regard to the bank’s risk profile and systemic importance. When
bank-specific barriers to orderly resolution are identified, the supervisor requires, where
necessary, banks to adopt appropriate measures, such as changes to business strategies,

TURKEY
managerial, operational and ownership structures, and internal procedures. Any such
measures take into account their effect on the soundness and stability of ongoing business.
Description and According to the BL, the two authorities with roles in bank resolution are the BRSA and the
findings re EC6 SDIF. They regularly meet to exchange information and discuss measures and policies about
banks (please refer to CP3). Additionally, BRSA and SDIF are the members of FSC and FSEC
which are formed to increase the coordination, cooperation and information sharing among
these institutions.
Under the current legislative framework, resolution options and tools are evaluated when
the bank is asked to take corrective actions. These options are analyzed taking into account
high level considerations such as safeguarding confidence and financial stability, prevailing
market conditions and cost-effectiveness of resolution.
The BRSA and the SDIF have established a joint working group to analyze the eventual need
to change the current resolution regime and align it with FSB’s Key Attributes of Effective
Resolution Regimes. As part of this process, the two institutions have agreed to include
resolvability assessment into the legislation. The joint working group is still formulating
policy proposals and necessary legislative amendments on these issues. For the time being,
banks are not required to develop recovery plans and supervisors have not started to assess
banks’ resolvability.
EC7 The supervisor has a clear framework or process for handling banks in times of stress, such
that any decisions to require or undertake recovery or resolution actions are made in a
timely manner.
Description and The BRSA has the authority to take an appropriate range of remedial actions which are
findings re EC7 stated in the Articles of 68, 69 and 70 of BL. The range of measures is broad and allows
appropriate escalation according to the situation (see CP 1 for detailed description).
Supervisory procedures are also intensified when banks are under stress. The frequency of
inspections increase with the deterioration of the rating of the bank and the number of
topics covered in the inspections may also increase due to the number of meaningful
weaknesses identified (see details in EC1).
When the BRSA decides to initiate the resolution, the process involves either the revocation
of the bank’s operating permission (Article 106 BL) or the transfer of the management and
control of the bank to the SDIF (Article 107 BL). The decision about the process is based on
general considerations, such as the structure of the balance sheet, the amount of deposits
and potential wider impact of the different options. After the bank is transferred to the
SDIF, the SDIF decides which actions to take in line with its mandate and powers specified
in the BL.
If the bank is resolved under Article 106, the operating license of the failed bank is revoked
and the SDIF makes a pay-out to the insured depositors and apply to the courts for a
decision as to whether a bankruptcy proceeding should be initiated for the remainder of

TURKEY
the failed bank. If the court rejects the application, the SDIF may start liquidation
proceedings through a decision of the SDIF Board.
In cases where the BRSA transfers management and control of a bank to the SDIF, the SDIF
has wide powers under Article 107 of BL, including to suspend the activities of the bank and
manage it, transfer assets and liabilities, take over its shares and restructure it, sell or merge
it with another bank, and request the BRSA to revoke the operating license of the bank. The
SDIF may also provide financial support to a failing bank if it has acquired all or the majority
of its shares.
One issue that should be considered in the effectiveness of the framework is that the
sharing of communication responsibilities between the audit and the enforcement
departments seems to generate a fragmented process that increases the risks that the
messages conveyed to the bank do not reflect appropriately supervisory concerns. The
speed of actions and decisions might also be affected. Please refer to CP9.
As explained in EC6, authorities are studying changes in the current resolution framework to
harmonize it with the FSB’s Key Attributes of Effective Resolution Regimes.
EC8 Where the supervisor becomes aware of bank-like activities being performed fully or
partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw
the matter to the attention of the responsible authority. Where the supervisor becomes
aware of banks restructuring their activities to avoid the regulatory perimeter, the
supervisor takes appropriate steps to address this.
Description and Bank-like activities without the authorization of BRSA are legally punishable. BRSA initiates
findings re EC8 investigations in case of file of complaints or information provided on potentially bank-like
activities being performed without required permission. If needed, findings are submitted to
the responsible authority for further proper legal actions, including reporting to the
prosecutor’s office.
The restructuring of a bank that involves establishing a subsidiary or investing in a joint

venture requires a prior approval by the BRSA, where the bank needs to provide detailed
information regarding structures and activities of the new undertaking. The BRSA explains it
would not approve the application if it results in avoidance of the regulatory perimeter.
Furthermore, the BRSA receives call reports on the structured of the banking groups and
analyze group structure issues during on-site inspections.

Principle 8
Comments The BRSA has an established and comprehensive methodology to supervise banks. This
methodology is documented on a number of manuals and grounded on comprehensive
databases and a broadly appropriate regulatory framework. Nevertheless, the practical
implementation of the process is subject to shortcomings that needs to be addressed:
 The inspections need to develop a more profound and forward-looking risk assessment
nature, producing a clear view of the risks faced by and posed by the bank. Current

TURKEY
conclusions tend to focus mostly on compliance issues and do not identify and make
clear if there is need for broader and more forceful supervisory action. Supervisors also
need to derive and highlight the implications of the specific findings for the broader
risk assessment of the bank.
 The BRSA should not take excessive comfort from the fact that issues are analyzed
during the ratings process. By its own nature, and as currently applied by the BRSA, the
ratings process is not deep enough to generate firm and actionable conclusions. From
time to time, the scope of special inspections needs to encompass issues that are
currently addressed only during the ratings phase.
 The BRSA needs to enhance the forward-looking components of its assessments.

Results of the ICAAP need to be more thoroughly analyzed and discussed with banks.
Stress tests results should play a larger role in the assessment framework. In addition,
the ratings methodology could explicitly incorporate the expected trend for each
component.
 Banks, particularly the systemic important ones, should be required to develop recovery
plans and the BRSA should assess their resolvability.
The assessors understand that the BRSA is already developing actions to address some of
the above issues and encourage the authorities to keep working to improve the efficiency
of the process.
Principle 9 Supervisory techniques and tools. The supervisor uses an appropriate range of techniques
and tools to implement the supervisory approach and deploys supervisory resources on a
proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1 The supervisor employs an appropriate mix of on-site18 and off-site19 supervision to
evaluate the condition of banks and banking groups, their risk profile, internal control
environment and the corrective measures necessary to address supervisory concerns. The
specific mix between on-site and off-site supervision may be determined by the particular
conditions and circumstances of the country and the bank. The supervisor regularly
assesses the quality, effectiveness and integration of its on-site and off-site functions, and
amends its approach, as needed.
Description and The principles and procedures for the supervision of the institutions under the scope of the
findings re EC1 BRSA are determined by RAA. More specifically, article 5 of the RAA defines that the BRSA
18 On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls
exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank
and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on
supervisory concerns, etc.
19Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on
matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of
further off-site and on-site work, etc.

TURKEY
will conduct risk focus supervision (RFS). The RFS approach aims to shape the scope and
intensity of the supervision taking into consideration the risk profile and the existence and
adequacy of internal controls and risk management systems of banks.
The BRSA’s supervision system is composed of two essential activities, on-site and off-site
supervision which aims to complement and support each other.
On-site supervision
On-site supervision covers issues that might have an impact on the financial safety and
soundness of the bank, including a comprehensive risk assessment of the bank to identify
its risk profile. On-site supervisors frequently perform: i) comprehensive reviews of the loan
portfolio and the adequacy and effectiveness of the internal control systems; ii) evaluation
of the compliance of the financial statements and accounts with national and international
accounting standards; iii) assessment and analysis of the consolidated group; iv) analysis of
the adequacy and reliability of the information systems of the bank; and v) alignment of the
operations of the bank with all relevant legislation, among other activities. Bank‘s inherent
risks are analyzed taking into account its risk management framework as well as its
compliance with corporate governance principles. Corrective measures are recommended
when problems are identified. See CP8 for detailed discussion on the supervisory cycle and
description of on-site main inspections. CP 11 discusses corrective measures.
Currently there are approximately, 75 on-site examiners assigned to conduct on-site bank
inspections and 17 examiners assigned to non-bank financial institutions. Another 29
examiners are responsible for conducting specific examinations regarding customer
complaints, alleged criminal activities of bank staff, etc, and 8 more are in the internal
review team. There are also 13 on-site examiners working in the Risk Management and
Financial Consumer Relations Departments, who are not included in regular bank or non-
bank institutions’ examinations but they do perform ad hoc examinations that complement
the regular supervision. Other expert personnel of the BRSA, including law experts and IT
experts who can also be assigned to these groups when it is deemed necessary. The team
head usually leads the inspection of the same set of banks for three years while the
examiners assigned for the team change every supervisory cycle. There are also 50
examiners that do not belong to the audit departments who are responsible for specific
inspections not related to prudential issues.
Off-site supervision
Off-site supervision activities are carried out analyzing various indicators related to bank’s
financial performance in different periods and preparing periodical reports on issues of
concern. Data sources include surveillance call reports, regulatory reports, on-site
supervision and external audit reports, CBRT and Credit Bureau data, rating agency reports
and media. Conclusions are immediately reported to other departments and senior
management.
The analysis made by the off-site team aims to provide feedback and early warning
mechanism for emerging risks for on-site inspection. The off-site supervision department

TURKEY
produces various periodic reports and analysis on demand, including stress tests (see CP
10). Off-site supervision activities are performed by 22 supervisors (average 3 banks per
banking expert). These activities have been organized under a separate department aiming
to strengthen the off-site function, improve efficiency and ensure standardization.
Quality assessment
The quality assurance system is defined in the article 7 of RAA. According to this article,
quality assurance system comprises all processes in the supervision framework and ensures
the improvement of quality in BRSA’s inspections as well as the consistency in inspection
reports and their alignment with the standards set forth by the BRSA. The quality assurance
system aims to continuously improve the inspection standards. The BRSA assesses the
compliance of audit systems and products to internationally-accepted principles and
standards as a non-integrated part of quality assurance system and provides them to be
subject to an independent analysis.
The current quality assurance system seems to be focused on the results of individual on-
site inspections, ensuring that the procedures followed by the supervisors are in compliance
with the relevant manuals. The BRSA has yet to develop policies and processes to assess
more broadly the effectiveness and integration of on-site and off-site functions, and to
address any weaknesses that are identified.
EC2 The supervisor has a coherent process for planning and executing on-site and off-site
activities. There are policies and processes to ensure that such activities are conducted on a
thorough and consistent basis with clear responsibilities, objectives and outputs, and that
there is effective coordination and information sharing between the on-site and off-site
functions.
Description and According to Article 10 of RAA, inspection plans are prepared by team leaders, evaluated by
findings re EC2 the heads of departments and submitted to the approval of the Chairman with the assent of
the Vice-Chairman.
As described in CP8, the specific scope and extent of the supervision process is determined
at the strategic planning phase of the supervisory cycle taking into consideration the
findings of previous inspections and current risks evaluations. Inspection plans also include
the terms of assignment of the examiners and the duties that they are required to perform.
The consistency of the supervisory procedures and process are determined by several
supervision manuals. These manuals describe the methods and processes for data
collection and evaluation as well as other relevant procedures including the report.
According to Article 17 of RAA, at the end of the inspection process, the team prepares an
inspection report, or a paper formally explaining the opinions of the examiner or a brief
information paper, depending on the nature of the inspection.
Inspection reports are reviewed by the heads of the audit departments for their compliance
with the regulations and guidelines. Inspection products with deficiencies or wrong

TURKEY
interpretations are returned to the related expert personnel for correction (article 18 of
RAA).
Bank’s data, audit reports and internal and external information sources are used and
analyzed as part of off-site supervision activities. The process generates individual bank
analysis and sector based thematic reports that are shared with the on-site teams and
related enforcement departments. As described on CP 10, the off-site team also monitors
the quantitative information provided by banks and notifies the on-site examiners of
problems responsible for the bank when needed.
Supervisory Manuals also include references to off-site reports to be taken into account
during the on-site inspection process. For example, SMCEP requires the on-site inspection
team to review the off-site reports during the inspection of the loan portfolio of the bank.
Additionally, on-site teams are informed about the names and contact information of the
banking experts in the off-site supervision function responsible for the bank under
examination.
In practice there seems to be a large set of off-site reports as well as a comprehensive

database available for the supervision work. On-site supervisors refer to it as a tool to
facilitate the comparison of financial information; nevertheless, the assessors could not
observe many examples of a deeper exchange of information between the on- and off-site
supervisors or joint analyses and projects.
EC3 The supervisor uses a variety of information to regularly review and assess the safety and
soundness of banks, the evaluation of material risks, and the identification of necessary
corrective actions and supervisory actions. This includes information, such as prudential
reports, statistical returns, information on a bank’s related entities, and publicly available
information. The supervisor determines that information provided by banks is reliable20 and
obtains, as necessary, additional information on the banks and their related entities.
Description and The BRSA is empowered by the BL to require banks to submit information on their financial
findings re EC3 condition, performance, and risks on both solo and consolidated basis. These reports
provide information on different issues such as on- and off-balance sheet assets and
liabilities, profit and loss accounts, capital adequacy, liquidity, large exposures, asset
concentrations, asset quality, loan loss provisioning, related party transactions, interest rate
and market risk, FX positions and securities positions. The process of collecting and
analyzing information from banks is based on a predetermined frequency (daily, monthly,
quarterly, semiannually or annually) commensurate with the nature of the information
requested and the size, activities and risk profile of the individual bank. In order to make
meaningful comparisons between banks and banking groups, the BRSA collects data from
all banks and all relevant entities covered by consolidated supervision on a comparable
basis and related to the same dates and periods. These data forms a database which can be
easily accessed by supervisors.

TURKEY
A number of control procedures are applied to improve data quality. The data source is
checked in terms of reliability, correctness and consistency. In this respect, banks’ call
reports are checked from different sources and verified throughout the supervision process.
The control procedures are applied on both client and server sides to provide consistency
of the data. To maintain a regular reporting cycle, the system produces and sends the
required warnings to institutions such as expected reports, reporting latency, errors in
consistency checks and so on. Completed and consistent reporting sets are locked to
protect the data from unauthorized changes.
Please refer to CP10 for detailed discussion on information available for the supervision
process.
EC4 The supervisor uses a variety of tools to regularly review and assess the safety and
soundness of banks and the banking system, such as:
a) analysis of financial statements and accounts;

b) business model analysis;
c) horizontal peer reviews;
d) review of the outcome of stress tests undertaken by the bank; and
e) analysis of corporate governance, including risk management and internal control
systems.
The supervisor communicates its findings to the bank as appropriate and requires the bank
to take action to mitigate any particular vulnerabilities that have the potential to affect its
safety and soundness. The supervisor uses its analysis to determine follow-up work
required, if any.
Description and During the supervisory cycle a large number of tools are used to assess and monitor the
findings re EC4 safety and soundness of banks. See CP 8 above.
Using a variety of tools, on-site and off-site supervision perform analysis of financial
statements and accounts. Business model analyses are performed in special inspections
and, to some extent, within the rating process. Off-site reports with peer group
comparisons on a number of subjects are available for on-site supervisors who also conduct
horizontal analysis in complementary inspections. The outcome of stress tests undertaken
by the banks is reviewed within the context of the ICAAP assessment. Finally, analysis of
corporate governance, including risk management and internal control systems are carefully
taking into consideration by the on-site team in several phases of the supervisory cycle.
Supervisors conduct formal and informal meetings with the bank management as well as
other relevant bank personnel and share their opinions on issues such as risk management
systems, banks’ financial performance, capital adequacy and any other relevant subject. On-
site inspection team members are in contact with institutions’ middle and senior
management during the supervision process.
The on-site inspection team follows up the correction and/or mitigation of any vulnerability
identified during the supervision framework. The supervisory findings, corrected by the
bank under inspection prior to the finalization of the supervision cycle, are communicated

TURKEY
by the bank to the inspection team. Any uncorrected deficiencies are scrutinized in the
inspection reports. These reports are sent to the enforcement department that is
responsible for the formal correspondence of examination reports which are sent to the
bank. Related inspection teams are informed about bank’s actions with regard to the
correction of deficiencies.
The assessors observed the communication process between banks and supervisors and
consider that there is room for improvement. Initially, communication with the bank’s board
could be strengthened. It would be helpful, for instance, setting policies establishing at least
one annual meeting between supervisors and the board of the bank. The end of the rating
process, when the supervisor summarizes the opinion about the bank, might be an
appropriate occasion to explain the supervisors’ views and concerns to the board.
Additionally, other important analyses done by the BRSA, such as the stress testing
exercises could also be more formally discussed with the banks. Finally, the sharing of
communication responsibilities between the audit and the enforcement departments seems
to generate a fragmented process that increases the risks that the messages conveyed to
the bank do not reflect appropriately supervisory concerns.
EC5 The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and
mitigate any emerging risks across banks and to the banking system as a whole, potentially
including conducting supervisory stress tests (on individual banks or system-wide). The
supervisor communicates its findings as appropriate to either banks or the industry and
requires banks to take action to mitigate any particular vulnerabilities that have the
potential to affect the stability of the banking system, where appropriate. The supervisor
uses its analysis to determine follow-up work required, if any.
Description and Stress tests are conducted as a part of the off-site supervision activities. Mainly it is a top
findings re EC5 down macro stress testing study to assess the resilience of Turkish Banks and the Turkish
Banking System to extreme but plausible events. It is based on the Macro Stress Testing
Model developed by European Central Bank’s Technical Assistance in 2011. It has been
modified to fit the data, needs and approaches peculiar to Turkish banking system. It has
also been customized with satellite models.
There are two macro scenarios in the model, the baseline scenario and the adverse scenario.
Macro scenarios include GDP growth, FX rates, Interest Rates and Unemployment rates. The
goal is to estimate how the Turkish banking industry might be affected within a two years
period. Each bank is considered in the stress tests on solo basis. Individual results are
aggregated to build the industry assessment.
The “baseline scenario” is formed by using market expectations extracted from information
sources such as CBRT Market Survey and Bloomberg expectations and expert judgment.
The “adverse scenario” depends on a “sudden stop” scenario based on a serious increase in
rollover in government and private borrowing and a slowdown in international capital flows.
This 1st year shock causes pressure on markets and increase interest rates and FX rates,
resulting in an economic slowdown. The effects last for 2 years.

TURKEY
Main risks included are credit risk, interest rate risk (duration method for trading book,
income method for the banking book), exchange rate risk and contagion effects.
A major part of the stress testing approach is the satellite (auxiliaries) models used to
estimate the growth in the loan portfolio and the increase in the non-performing loans as a
function of the macro scenarios for the following two years. The model uses quarterly panel
data to estimate growth rates broken down by commercial and retail portfolios.
Final results are summarized using changes to the capital adequacy ratio (CAR) that are
compared to the 8% and 12% regulatory prescriptions. If the resulting CARs are below
these levels, the banks are highlighted together with their potential capital need. On-site
inspection teams are informed of the findings of stress tests. Moreover, Core Tier I, Tier I
and CAR are evaluated as well. In addition to the Macro Stress Testing Model, several
sensitivity and what if analyses are performed. Short term FX and interest rate sensitivities
of the Turkish Banking Sector are tested separately. The process includes tests of 10% to
30% increases in FX rates and 100 bps to 300 bps increases in interest. Moreover, loan
losses threshold high enough to reduce banks’ CAR below 8% and 12% are examined.
Additionally, the effects of “what if all loans under follow up are classified as NPL” are
measured for each bank.
Stress tests are conducted on a quarterly basis. They are reported internally twice a year and
presented to the Chairman, Vice Chairmanships of Supervision and Enforcement. Results are
evaluated by on site, off site supervisors and the related BRSA staff internally.
Liquidity Tests are only conducted when required by the BRSB. Liquidity tests use the
“Implied Cash-flow Test” which tries to estimate how the banking system will be affected
under two scenarios applied on a bank by bank basis. The first scenario assumes that there
will be no deposit withdrawal within the industry, but there will be a reduction in the non-
deposit liabilities due to unrolled foreign funding (1 month remaining maturity foreign
borrowings are not renewed). The second scenario adds the assumptions of deposit
withdrawals (10% for TRL, 20% for FX deposit) to the first Scenario. In addition, 15% to 50%
haircuts are considered for liquid assets.
Finally, as part of the ICAAP, banks have to maintain their stress testing programs. This
regulation requires banks to have detailed stress testing programs consistent with their size
and complexity. Tests for market risk, counterparty credit risk and liquidity risks are required
to be conducted at least once a month and bank wide extensive stress tests with all risk
factors are required to be conducted at least once a year. Banks are also required to apply
the BRSA’s scenarios if given. The RICAAP regulation maintains an interaction between
banks’ stress testing results and internal capital adequacy calculations. The BRSA is
authorized to enforce banks to mitigate risk or to hold additional reserve depending on the
stress test results. ICAAP results with stress testing outputs are collected and examined in
the supervision process.
The BRSA does not disclose the results of the stress tests to banks.

TURKEY
EC6 The supervisor evaluates the work of the bank’s internal audit function, and determines
whether, and to what extent, it may rely on the internal auditors’ work to identify areas of
potential risk.
Description and An effective internal audit system is one of the requirements for the establishment of a
findings re EC6 bank in Turkey. According to the article 29 of the BL, banks are obliged to establish and
operate adequate and efficient internal audit systems that are compatible with the scope
and structure of their activities. The BL also determines the internal audit systems to involve
all banks’ units, branches and undertakings subject to consolidation. Banks’ internal auditors
must investigate the conformity of the banking activities to the legislation, articles of
association, internal regulations and banking principles. Internal audit activities should be
performed in an impartial and independent manner exercising due professional care by the
adequate number of auditors.
Further principles and procedures for the establishment and functioning of the internal
control, internal audit, and risk management systems are established in the RICAAP. The
RICAAP also gives banks the obligation to report to the BRSA a number of issues related to
the internal audit function including but not limited to their internal regulations,
organizational structure, audit plans and reports submitted to the board of directors.
Compliance with all requirements set out in RICAAP are verified by the BRSA‘s supervisors
that according to article 14 of the RAA should analyze the adequacy and efficiency of the
risk management, internal control and internal audit systems of the banks. During the on-
site inspection, supervisors examine whether the internal audit function has sufficient
resources, appropriate independence, full access to and communication with any member
of staff, employ a methodology that identifies the material risks and prepares an audit plan
based on its own risk assessment and allocates its resources accordingly. Financial
Soundness Analysis Software Package (FSASP) includes a number of criteria to evaluate the
internal audit function of the bank.
EC7 The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s
Board, non-executive Board members and senior and middle management (including heads
of individual business units and control functions) to develop an understanding of and
assess matters such as strategy, group structure, corporate governance, performance,
capital adequacy, liquidity, asset quality, risk management systems and internal controls.
Where necessary, the supervisor challenges the bank’s Board and senior management on
the assumptions made in setting strategies and business models.
Description and On-site examiners have frequent formal and informal meetings with different personnel of
findings re EC7 the bank during their analysis inspections and follow-up. In these meetings conducted with
the bank management as well as other relevant bank personnel, supervisors share their
opinions on issues such as risk management systems, banks’ financial performance, bank’s
strategies, group structure, corporate governance, liquidity, asset quality, capital adequacy
and any other relevant subjects. In cases where some important issues are detected, they

TURKEY
are immediately reported to BRSA management and the BRSA management organizes
formal meetings with the bank upper management to discuss such issues.
Additionally, the RAA provides a framework for more official contact. Heads of audit
departments are formally responsible for organizing official meetings to be held with
institutions under the supervisory and regulatory framework of the BRSA and with
institutions providing service to these institutions. It also stipulates that, within the
framework of carrying out risk evaluations and building up the risk profile of the
institutions, inspections should be preceded by introductory meetings with the
management of the bank. Along the same lines, according to SMBSP, in the process of IRA,
the on-site inspection team collects the information required for completing the
supervision plans and makes introductory meetings with the bank management.
There are also explicit requirements for inspection findings to be shared with the bank
management in conclusion meetings under the coordination of the Group Head. The
purpose of the conclusion meeting is to receive the opinions of the bank management
about inspection findings and conclude the inspection report taking into account these
opinions to the extent necessary.
Banks confirmed that supervisors maintain regular communications with them. Although it
was clear that supervisors have access to all levels of staff in the bank, as discussed in EC4,
there is opportunity for improvement in terms of frequency of meetings with the board and
in the issues disclosed and discussed.
EC8 The supervisor communicates to the bank the findings of its on- and off-site supervisory
analyses in a timely manner by means of written reports or through discussions or meetings
with the bank’s management. The supervisor meets with the bank’s senior management
and the Board to discuss the results of supervisory examinations and the external audits, as
appropriate. The supervisor also meets separately with the bank’s independent Board
members, as necessary.
Description and As discussed in EC 4, 5 and 7, the BRSA maintains regular communication with the bank by
findings re EC8 means of written reports and through discussion with the management. Nevertheless, as
previously mentioned, there seems to be room for improvement, particularly concerning
establishing a policy for minimum frequency of meetings with board members and
communication of off-site findings like stress test results.
EC9 The supervisor undertakes appropriate and timely follow-up to check that banks have
addressed supervisory concerns or implemented requirements communicated to them. This
includes early escalation to the appropriate level of the supervisory authority and to the
bank’s Board if action points are not addressed in an adequate or timely manner.
Description and The BRSA has a broad range of powers to impose remedial actions and escalate it as
findings re EC9 needed. For a detailed discussion see CP1.
Remedial measures are addressed to the banks’ Board in a written document and banks are
required to prepare a rehabilitation plan within a time period and a framework approved by

TURKEY
the BRSA. The bank should submit regular written progress reports according to the plan
that is approved and the severity of the matter. Progress reports are regularly monitored by
the BRSA and shared with the supervision departments to follow up whether remedial
actions have been completed satisfactorily.
When important issues have not been addressed, they are immediately reported to BRSA
management that takes the appropriate measures.
EC10 The supervisor requires banks to notify it in advance of any substantive changes in their
activities, structure and overall condition, or as soon as they become aware of any material
adverse developments, including breach of legal or prudential requirements.
Description and The regulatory framework in Turkey demands banks to notify the BRSA in a number of
findings re EC10 changes and material developments. Article 43 of the BL demands notification in case the
restrictions and threshold related to the standard ratios set in BL are breached.
The RICAAP requires banks to notify or to submit to the BRSA a number of topics including:
i) appointment or resign of the internal systems manager or committee members, the
members of the audit committee, and the senior managers of the units included within the
scope of these systems; ii) changes to internal regulations concerning the duties, powers
and responsibilities of the audit committee and of the internal systems manager and the
organizational structure, duties, powers and responsibilities of the internal audit unit, the
risk management unit and the internal control unit; iii) changes in their approved risk
management policies and implementation procedures as well as their new strategy and
policy texts; iv) internal audit plans and the risk assessments used in these plans; v) internal
audit unit reports submitted to the board of directors; vi) ICAAP reports; vii) stress test
report; viii) Internal model validation report,
Additionally, the RICAAP demands banks to promptly submit to the BRSA an action plan
when the current capital adequacy ratio is below the internal capital requirement ratio
(ICRR). The plan enters into practice after being approved by the Agency. At the end of the
period foreseen in the plan, a new ICAAP Report is prepared and results of the action plan
are submitted to the Agency.
EC11 The supervisor may make use of independent third parties, such as auditors, provided there
is a clear and detailed mandate for the work. However, the supervisor cannot outsource its
prudential responsibilities to third parties. When using third parties, the supervisor assesses
whether the output can be relied upon to the degree intended and takes into consideration
the biases that may influence third parties.
Description and According to Article 95 of the BL, the chairman of the BRSA has the authority to commission
findings re EC11 independent audit firms to examine specific matters that require expertise where he or she
deems necessary. However, the BRSA is not legally authorized to outsource its prudential
responsibilities to third parties.
Third parties are not extensively used for supervision purposes. Information Systems is one
of the few areas where there is a more relevant reliance on external audit firms. External

TURKEY
auditors are utilized for annual audits which are defined in RITEA after being previously
approved by the BRSA. Their reports are evaluated by BRSA experts that subsequently send
an official letter informing banks about the evaluation results and deadlines for the
corrective actions.
The BRSA has the authority to monitor the quality of work done by external auditors for
supervisory purposes. According to Article 17 of the Regulation on the External Audit of
Banks (REAB), external audit firms are obliged to send to the BRSA all information and
documents related to their audit when it is demanded and should keep them ready for the
BRSA supervision.
EC12 The supervisor has an adequate information system which facilitates the processing,
monitoring and analysis of prudential information. The system aids the identification of
areas requiring follow-up action.
Description and The BRSA utilizes an information system specially designed to support the whole
findings re EC12 supervisory cycle. The FSASP supports all the steps of process including IRA, SI and CRRE.
The software comprises both risk assessment and CAMELS rating modules in harmonization
with the supervision manuals. It also includes criteria (via questions) to be assessed during
the on-site inspection process. The FSASP stipulates the working papers to be recorded. It
also allows supervisors to produce risk profile and risk matrix of the banks. In addition, the
final rating of the bank is also derived from the assessments in that software. This
information is used for follow up actions.
Banks data are also stored in appropriate databases that allow supervisors to develop
queries for analyzing prudential issues relatively easily.
Please also refer to the BCP 10 for detailed reporting structure.
Additional
criteria
AC1 The supervisor has a framework for periodic independent review, for example by an internal
audit function or third party assessor, of the adequacy and effectiveness of the range of its
available supervisory tools and their use, and makes changes as appropriate.
Description and
findings re AC1

Principle 9
Comments The BRSA employs an array of tools and techniques to carry out its supervisory
responsibilities. On-site and off-site functions are relevant and well developed. The different
departments also share their findings with each other, but their work seems to be
conducted in parallel with little coordination. The departments do not seem to have joint
projects and supervisors rarely exchange views beyond written reports. As required by EC1,
it is important for the BRSA to develop policies and processes to assess the effectiveness

TURKEY
and integration of on-site and off-site functions, and to address any weaknesses that are
identified. Increasing the rotation between on- and off- site supervisors could also help the
integration of the areas.
Communication with banks could also be improved. The BRSA should consider setting
policies establishing at least one annual meeting between supervisors and the board of the
bank. The end of the CAMELS rating process, when the supervisor summarizes its opinion of
the bank, might be an appropriate occasion to explain to the board the views and concerns
of the BRSA. The assessors understand that this is frequently done, but not systematically
with all banks. Additionally, other important analyses done by the BRSA, such as the stress
testing exercises could also be more clearly discussed with banks.
Principle 10 Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and
statistical returns21 from banks on both a solo and a consolidated basis, and independently
verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1 The supervisor has the power22 to require banks to submit information, on both a solo and
a consolidated basis, on their financial condition, performance, and risks, on demand and at
regular intervals. These reports provide information such as on- and off-balance sheet
assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk
concentrations (including by economic sector, geography and currency), asset quality, loan
loss provisioning, related party transactions, interest rate risk, and market risk.
Description and Articles 95 and 96 of the BL authorize the BRSA to obtain information from the institutions
findings re EC1 under the scope of the law on both a solo and consolidated basis. Banks are required to
provide the BRSA, timely and properly, any consolidated and non-consolidated information,
document, report or financial statements. The information should be provided consistently
with their accounts and record keeping systems, within the framework of the principles and
procedures set forth by the BRSB.
The BL also authorizes the BRSA to request any information including those classified as
confidential, where they are deemed necessary for the provisions of the BL, from banks and
their subsidiaries, from the undertakings where they hold qualified shares, from the
undertakings they control jointly, their branches and representative offices, their
outsourcing institutions and from other real and legal entities; to review their ledgers,
records and documents including the ones related to taxation; keep their ledgers, records
and documents ready for inspection; make their information systems available to the expert
staff of the BRSA responsible for on-site supervision; ensure the security of their data; and
submit all the ledgers, records and statements that they have to keep as well as the
microchips, micro film, magnetic tapes, compact disks and other records for inspection.
21In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to
required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle 27.

TURKEY
Based on these provisions of the BL, the BRSA require banks to periodically transmit data on
solo and consolidated reports, including reports of their subsidiaries operating abroad and
their shareholders.
Banks’ reporting frequencies varies from daily to annually. The periodicity of the requested
reports is determined taking into consideration basic elements such as the information
needs on supervision activities of the bank, the importance of data in analyzing the financial
performance or risk structure of the banks, the importance or the size of the bank in the
financial system, and the product diversity of the financial institution.
The most important data reported by banks on consolidated and solo basis to the BRSA’s
database, are as follows:
Surveillance Reporting Set: includes broad range of summary and detailed information on
daily, weekly, monthly, quarterly, semiannual and annual intervals in order to monitor the
financial conditions of banks as well as their compliance with relevant regulation. The BRSA
receives on a daily basis, for example, reports on the stock volume of some major on and
off balance sheet items, details of the securities portfolio, the transaction based derivatives
details, the custody services regarding securities, and the volumes and currency type of
foreign currency transactions. The BRSA also receives some reports on weekly basis
providing information about foreign currency position, consumer loans types and volumes,
liquidity positions, details of securities kept in the banks’ accounts, including the names of
the banks and the customers, details of repo transactions. In addition to these daily and
weekly reports, monthly reports cover the largest part of the surveillance reporting set. The
main financial tables are balance sheet, income statement, and various detailed and
aggregated reports of loan portfolio, detailed information on subsidiaries, securities
issuance and shareholders, general ledger, related parties and positions with other financial
institutions.
Basel Reporting Set: includes own funds, capital adequacy, LCR and sub forms related to
different risk categories (credit, market, operational etc.). Additionally, BRSA requires banks
to prepare a detailed form named “Detailed Credit Risk Assessment Form-AKRİF” to see the
steps for risk weighted asset calculation for credit risk. Since the size of the report is too
large, banks keep it ready for on-site inspection.
Cross Border Organizations Reporting Set: includes narrow range of summary and detailed
information on quarterly intervals for cross border financial subsidiaries and off-shore
branches of banks established in Turkey (balance sheet, profit/loss, loans, financial sector
relations, derivatives, interest rates, investments in associates, capital adequacy, repo, FX
position etc.).
Banks’ Shareholders Reporting Set: includes main financial tables (balance sheet and
income statements), shareholders list and ratio of each bank shareholder, and the set
should be reported for both domestic and foreign shareholders.

TURKEY
Non-Bank Financial Institutions Reporting Set: includes information, on a quarterly basis, in

order to monitor the financial conditions of non-bank financial institutions as well as their
compliance with relevant regulation.
External audit reports and notes to financial statements are the main sources of
consolidated information about asset concentrations by economic sector, geographical
location and currency type. The BRSA does not collect regular reports directly from non-
financial subsidiaries of the banks. However, semiannual consolidated reports include non-
financial subsidiaries and affiliates which are prepared with a wider scope in addition to
quarterly consolidated reports.
EC2 The supervisor provides reporting instructions that clearly describe the accounting
standards to be used in preparing supervisory reports. Such standards are based on
accounting principles and rules that are widely accepted internationally.
Description and Based on the provisions of the BL, the RAP establishes the Turkish banking system‘s
findings re EC2 accounting practices in line with the TFRS which is issued by the POA as the Turkish
transposition of the IFRS. The BCP assessors were informed that the main difference
between the implementation of IFRS and TFRS in banks and financial institutions is in loan
loss provisioning standards. For loan loss provisioning Turkish banks apply REPL instead of
impairment requirements of TAS 39 or IAS 39. The BRSA is planning to apply IFRS 9,
including the impairment rules from 1 January 2017. By 2017, Turkish banks may choose to
implement either the REPL or amended REPL that allows the use of TFRS 9.
The content and format of each report that banks are required to submit to the BRSA are
appropriately documented in template files and instructions manual. Instructions for
supervisory reporting and public disclosure of financial statements clearly demand the use
of the TFRS.
EC3 The supervisor requires banks to have sound governance structures and control processes
for methodologies that produce valuations. The measurement of fair values maximizes the
use of relevant and reliable inputs and is consistently applied for risk management and
reporting purposes. The valuation framework and control procedures are subject to
adequate independent validation and verification, either internally or by an external expert.
The supervisor assesses whether the valuation used for regulatory purposes is reliable and
prudent. Where the supervisor determines that valuations are not sufficiently prudent, the
supervisor requires the bank to make adjustments to its reporting for capital adequacy or
regulatory reporting purposes.
Description and As described in EC2, Turkish banks apply TFRS that are a transposition of IFRS. Valuation
findings re EC3 procedures also follow TFRS.
The BRSA provides banks further guidance on valuation methodologies on “Guideline On

Fair Value Measurement” (GFVM). The guidelines require banks to maintain a broad set of
practices compatible with international practices on governance, internal controls,
independent validation, use of data, determination of valuation adjustments, dealing with
uncertainties of the valuation process and consistent use of the results. In addition to this,

TURKEY
there is a section specific to financial instrument fair value practices at Guideline on The
Assessment Criteria Considered in the Audits to be Performed by the Agency (GAA).
Supervisory procedures established in the GAR include the assessment of the valuation
process. The assessment includes the adequacy of information and documentation, the
appropriateness of the banks’ management governance on the valuation process, including
the understanding of the methodologies and deficiencies in the process.
During inspections, if the team determines that valuations are not sufficiently prudent, the
bank is instructed to make necessary adjustments to its regulatory reporting based on
Article 37(3) of BL and Article 31(2) of Regulation on Measurement and Assessment of
Capital Adequacy of Banks (RCA). Additionally, according to Article 12(1) of the Regulation
on the Principles regarding the Authorization and Activities of Valuation Firms (RAAVF), the
BRSA is authorized to require the bank to verify its valuation framework by an independent
valuation firm, where it is deemed necessary.
EC4 The supervisor collects and analyses information from banks at a frequency commensurate
with the nature of the information requested, and the risk profile and systemic importance
of the bank.
Description and Based on the provisions of the BL, the BRSA requests, collects and analyses several
findings re EC4 information reports. As explained in EC1, reporting frequencies varies from daily to
annually. The frequency of the requested reports is determined taking into consideration
basic elements such as the nature of the information, the information needs on supervision
activities of the bank, the importance of data in analyzing the financial performance or risk
structure of the banks and the product diversity of the financial institution.
The report frequencies stipulated in the regulation do not differ among banks, except from
reports related to the type of bank. However, the analysis of information differs depending
on general market conditions, the individual condition of the bank, risk profile and size of
the bank. As way of example, while normal frequency for off-site financial condition report
is on a quarterly basis, in case of a market turbulence or existence of a problem related to
the financial condition of a specific bank, off-site reports can be prepared on a daily basis.
In addition to periodic reporting and analyzing, on demand reporting and monitoring can
also be intensified in case of institution specific or sector wide risks. Authorities mentioned
that during the political crisis between Turkey and Russian Federation in the last quarter of
2015, some banks were required to submit detailed risk assessments about their Russia
related country risks and the recent financial condition of their financial subsidiaries in
Russia. An off-site supervision report called “Turkish Banking Sector-Russia Risks” was also
prepared in order to see the extent of country risk.
EC5 In order to make meaningful comparisons between banks and banking groups, the
supervisor collects data from all banks and all relevant entities covered by consolidated
supervision on a comparable basis and related to the same dates (stock data) and periods
(flow data).

TURKEY
Description and See above ECs. The requirement of reports stipulated by the BRSA applies to all banks on a
findings re EC5 consolidated and non-consolidated basis in the same manner in terms of the content and
frequency.
EC6 The supervisor has the power to request and receive any relevant information from banks,
as well as any entities in the wider group, irrespective of their activities, where the
supervisor believes that it is material to the condition of the bank or banking group, or to
the assessment of the risks of the bank or banking group or is needed to support resolution
planning. This includes internal management information.
Description and As described in EC1, the BL provides the BRSA the power to obtain information from the
findings re EC6 institutions under the scope of the BL on both a solo and consolidated basis, including
those classified as confidential, where they are deemed necessary to fulfill its mandate.
This access to information include banks and their subsidiaries, the undertakings where they
hold qualified shares, the undertakings they control jointly, their branches and
representative offices, their outsourcing institutions and from other real and legal entities.
Most supervisory reports are required on both solo and consolidated versions and
compiled on the same date, providing comparable information for analysis.
EC7 The supervisor has the power to access23 all bank records for the furtherance of supervisory
work. The supervisor also has similar access to the bank’s Board, management and staff,
when required.
Description and The BRSA has a full and wide access to records about the institutions under its supervision
findings re EC7 pursuant to Articles 95 and 96 of the BL (see EC 1 and 6 for details).
Access to banks’ staff is also facilitated in practice by the on-going presence of the BRSA
within individual institutions. Please refer also to CP9.
EC8 The supervisor has a means of enforcing compliance with the requirement that the
information be submitted on a timely and accurate basis. The supervisor determines the
appropriate level of the bank’s senior management is responsible for the accuracy of
supervisory returns, imposes sanctions for misreporting and persistent errors, and requires
that inaccurate information be amended.
Description and Article 39 of the BL addresses the responsibility for the accuracy of supervisory returns. The
findings re EC8 requested financial reports prepared by banks shall be signed, with names, surnames and
titles indicated, by the chairman of the board of directors, the members of the audit
committee, general manager, deputy general manager responsible for financial reporting as
well as the relevant unit manager or equivalent authorities. They must declare that the
financial report is in compliance with the legislation pertaining to financial reporting and
with the accounting records. The signing responsibility shall be fulfilled by the members of
the board of branches in Turkey of banks established abroad.

TURKEY
Pursuant to Article 146 of the BL, the BRSA is authorized to impose administrative fines
from 5,000 TL to 15,000 TL24 in cases of failure to submit the information requested by the
BRSA, from 5,000 TL to 10,000 TL in case of late submission of such information, and from
5,000 TL to 15,000 TL in case of missing information, control errors or recurring control
errors. Late and non submitted reports are detected by the electronic data transfer system,
while erroneous information is checked using cross controls.
The Communiqué on the Principles and Procedures for the Administrative Fines to be
Imposed on Reportings Made Within the Scope of Banking Data Transfer System (CAFBDTS)
explains how and when administrative fines are applied. The BRSA has applied
administrative fines to banks breaching the regulation several times.
EC9 The supervisor utilizes policies and procedures to determine the validity and integrity of
supervisory information. This includes a program for the periodic verification of supervisory
returns by means either of the supervisor’s own staff or of external experts.25
Description and BRSA receives most periodic reports via electronic data transfer system and automatic
findings re EC9 controls procedures are applied to each received report. These controls consist of formal,
logical and mathematical checks within and cross different forms. After passing through
intra form controls successfully and reaching the BRSA’s database, reports are subject to
cross controls and, if there are no reporting errors, the system sends a confirmation
message to the sender of the data informing on the successful transfer of the data. If the
system detects errors, banks are required to correct them.
The BRSA also perform special inspections that aim to guarantee the quality of the data
provided by banks. Additionally, if errors are found during off-site and on-site inspections,
banks are instructed to correct them immediately. Banks reporting erroneous information
are also subject to administrative fines.
EC10 The supervisor clearly defines and documents the roles and responsibilities of external
experts,26 including the scope of the work, when they are appointed to conduct supervisory
tasks. The supervisor assesses the suitability of experts for the designated task(s) and the
quality of the work and takes into consideration conflicts of interest that could influence the
output/recommendations by external experts. External experts may be utilized for routine
validation or to examine specific aspects of banks’ operations.
Description and See also CP9. Article 95 of the BL allows the BRSA to supplement its audits by external
findings re EC10 experts. The Chairman has the authority to commission external audit firms to examine
specific matters that require expertise where it is deemed necessary. This can either be an
expansion of the normal audit, or a special audit. The work is commissioned by the BRSA
24 As of May 31, 2016, 1 TL equals 0.34 US$

25Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
26 Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisor, yet it
is ultimately the supervisor that must be satisfied with the results of the reviews conducted by such external experts.

TURKEY
but paid for by the bank. The auditors of external audit firms bear the powers restricted
only to audit-related matters, and shall be subject to the obligation of keeping the
confidentiality of information and documents conveyed by the BL.
According to Article 33 of the BL, among the audit firms authorized by POA, BRSA has the
authority to set additional criteria for the firms that will perform external audits on banks.
REAB sets the additional criteria for firms that will audit banks’ financial reports. The audit
firms which meet the additional criteria are licensed by the BRSA and the list of the licensed
firms are disclosed to the public in BRSA website. The regulation also defines the scope of
the external audit as well as the roles and responsibilities of external audit firms. If, as a
result of supervision, it is determined that the audit firm does not comply with the
regulation, the license of the firm is revoked by BRSA. According to the same regulation,
external audit firms may conduct special audit activities, upon the request by the BRSA
pursuant to Article 95 of the BL mentioned above. The external audit firms that may
conduct information systems audit are also licensed by BRSA. Please also refer to CP9, EC11.
EC11 The supervisor requires that external experts bring to its attention promptly any material
shortcomings identified during the course of any work undertaken by them for supervisory
purposes.
Description and Article 33 of BL and article 17 of the REAB requires external auditors to promptly inform the
findings re EC11 BRSA of any material shortcomings identified during the course of their work.
EC12 The supervisor has a process in place to periodically review the information collected to
determine that it satisfies a supervisory need.
Description and The BRSA periodically reviews the information collected, but the process could be better
findings re EC12 structured. Coordination within the BRSA generally occurs through receiving a new report
or a new data set due to additional informational needs. As a result, data sets in the
database are subject to frequent updates. Any data or report can be ended due to the
cease of supervisory needs for the data or due to the fact that a more detailed information
is already been collected.
The BRSA also makes an effort to catch and follow new product types or to analyze their
effects to the financial conditions of the banks. As an example, authorities mentioned the
derivative transactions form as one of the most updated forms recently.
Assessment re Compliant
Principle 10
Comments The regulatory framework requires banks and controlling companies to periodically submit
a broad range of information. Regulatory and supervisory processes exist to ensure
accuracy and comparability of submitted returns. Developed procedures for analyzing
collected information and feeding into supervisory activities are in place.
Going forward the BRSA could consider formalizing the review of the information collected,
to determine that it remains appropriate and satisfies its needs.

TURKEY
Principle 11 Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage
to address unsafe and unsound practices or activities that could pose risks to banks or to
the banking system. The supervisor has at its disposal an adequate range of supervisory
tools to bring about timely corrective actions. This includes the ability to revoke the banking
license or to recommend its revocation.
Essential criteria
EC1 The supervisor raises supervisory concerns with the bank’s management or, where
appropriate, the bank’s Board, at an early stage, and requires that these concerns be
addressed in a timely manner. Where the supervisor requires the bank to take significant
corrective actions, these are addressed in a written document to the bank’s Board. The
supervisor requires the bank to submit regular written progress reports and checks that
corrective actions are completed satisfactorily. The supervisor follows through conclusively
and in a timely manner on matters that are identified.
Description and The BRSA maintains a constant communication between inspection teams and the
findings re EC1 representatives of the different levels of the bank. According to supervision manuals,
inspection teams are expected to communicate their findings to bank’s top management,
audit committee members and some of the directors before finalizing their report during
special inspections, CAMELS rating or risk assessment. Additionally, the BRSA sends an
official letter after inspection reports are finalized.
As discussed in CP1 and EC2 bellow, the BRSA has broad powers to determine corrective
and remedial actions. In these situations, supervisory determinations are addressed to the
banks’ board in a written document. Banks are expected to respond preparing a
rehabilitation plan within a time period and a framework determined by the BRSA. Finally,
the bank should submit regular written progress reports that are used to monitor if the
remedial actions were implemented satisfactorily.
Nevertheless, the review of supervisory files, including feedback and corrective actions, as
well as discussion with banks by the assessors have not provided evidence of a supervisory
approach that raises concerns at an early stage to enable them to be addressed, particular
on issues that are more dependent of supervisory judgment. The assessors could see
several examples of letters requiring banks to make adjustments but the scope of the letters
were mostly limited to specific issues that were in out of line with the regulation. Actions
addressing more broad supervisory concerns about banks’ financial soundness or unsafe
practices at an early stage were not observed. Asked about feedback from supervisors,
banks mentioned the result of the CAMELS rating as important information but they were
unable to point to criticisms made by supervisors arising out of the process.
The supervisory review process within the BRSA also seems to play a role that limits the
issues that supervisors raise with banks. On-site supervisory reports are subject to a number
of reviews within the audit department and the enforcement department. Although reviews
of supervisory reports are necessary, the current process seems long and relatively skewed
towards checking compliance rather than supporting supervisory judgements and actions.

TURKEY
Supervisors are much more likely to be questioned and challenged when suggesting a
corrective measure than when they do not raise concerns. Consideration could also be
given to integration of supervision and enforcement which might support a more risk
focused and less compliance based supervisory approach.
EC2 The supervisor has available27 an appropriate range of supervisory tools for use when, in the
supervisor’s judgment, a bank is not complying with laws, regulations or supervisory
actions, is engaged in unsafe or unsound practices or in activities that could pose risks to
the bank or the banking system, or when the interests of depositors are otherwise
threatened.
Description and The BRSA has available an appropriate range of supervisory tools for use when, in the
findings re EC2 supervisor’s judgment, a bank is not complying with laws, regulations or supervisory
decisions, or is engaged in unsafe or unsound practices. These tools include the ability to
require a bank to take prompt remedial action (Article 68, 69, 70 of BL) and to impose
administrative fines (Article 146-148 of BL).
As described in CP1, the situations defined in the BL when the BRSA can take corrective
actions are broad and allow for early measures. The bank subject to remedial and corrective
actions, should prepare a rehabilitation plan within the framework determined by the BRSA.
The bank should submit regular written progress reports that are used to monitor if the
remedial actions were implemented satisfactorily.
In practice the remedial and corrective actions provided for in the law are rarely used.
During the last five years there was just one case. The BRSA seems to rely more heavily on
administrative fines whose scope of application is more clearly defined in the BL.
EC3 The supervisor has the power to act where a bank falls below established regulatory
threshold requirements, including prescribed regulatory ratios or measurements. The
supervisor also has the power to intervene at an early stage to require a bank to take action
to prevent it from reaching its regulatory threshold requirements. The supervisor has a
range of options to address such scenarios.
Description and According to Article 67 of the BL, the corrective measures laid down in the BL Articles 68, 69
findings re EC3 and 70 shall be taken promptly against the relevant bank if, as a result of consolidated or
non-consolidated supervision, it is determined that:
a) Its assets are likely not to meet its obligations in terms of maturity or that the bank
does not comply with the provisions pertaining to liquidity,
b) Its profitability is not at level that is sufficient to reliably perform its activities, due to
impaired balance and relations between revenues and expenses,
c) Its own funds is inadequate pursuant to the provisions pertaining to capital adequacy,
or such case is likely to occur,
d) The quality of its assets have deteriorated in such a manner that its financial structure
will weaken,

TURKEY
e) Its decisions, transactions and practices are in violation of the BL and the applicable
regulations,
f) It cannot establish its internal audit, internal control and risk management systems or
cannot operate these systems efficiently or there is a factor that impedes supervision.
g) Due to the incompetence of the management, the risks defined in the BL and the
applicable legislation have increased remarkably or have concentrated in such a
manner that they may weaken the financial standing.
As explained in EC3, despite the power to act, in recent periods these measures have been
rarely used, although they were in the period from 1999 to 2004 when the financial system
went through a crisis.
EC4 The supervisor has available a broad range of possible measures to address, at an early
stage, such scenarios as described in essential criterion 2 above. These measures include the
ability to require a bank to take timely corrective action or to impose sanctions
expeditiously. In practice, the range of measures is applied in accordance with the gravity of
a situation. The supervisor provides clear prudential objectives or sets out the actions to be
taken, which may include restricting the current activities of the bank, imposing more
stringent prudential limits and requirements, withholding approval of new activities or
acquisitions, restricting or suspending payments to shareholders or share repurchases,
restricting asset transfers, barring individuals from the banking sector, replacing or
restricting the powers of managers, Board members or controlling owners, facilitating a
takeover by or merger with a healthier institution, providing for the interim management of
the bank, and revoking or recommending the revocation of the banking license.
Description and As described in EC3 the range of scenarios defined in the BL for supervisory remedial
findings re EC4 actions allow measures to be taken at an early stage. The bank subject to these actions,
should prepare a rehabilitation plan within a framework determined by the BRSA.
As described in CP 1, remedial and corrective actions set by article 68, 69 and 70 of the BL
allow their application according to the gravity of the situation. The broad range of possible
actions also allows supervisors to appropriately set prudential objective and act to
safeguard the banking system.
The measures listed in article 68 of the BL includes, among other provisions, that the BRSA
is allowed to require banks to increase the amount of the bank’s own funds, suspend the
distribution of profits, increase loan loss provisions, ensure liquidity by selling off assets,
restrict or stop new investments and restrict payments. Additionally, according to article 71
of the BL, the BRSA board is authorized to revoke the operating permissions of that bank or
to transfer the shareholder rights except dividends, and the management and supervision
of the bank to the SDIF, for the purposes of transferring, selling or merging them partially
or fully, on condition that the loss will be deducted from the capital of the existing
shareholders.
EC5 The supervisor applies sanctions not only to the bank but, when and if necessary, also to
management and/or the Board, or individuals therein.

TURKEY
Description and There are several provisions in the BL that allows the BRSA to impose sanctions not only to
findings re EC5 the bank but also to management and the Board.
Article 147 of the BL allows the BRSA to impose financial penalties against relevant persons
if they commit certain violations.
Article 69 of the BL, provides the possibility to apply sanctions to individuals. The BRSA may
require a bank to call on the shareholders meeting to convene extraordinarily to change
one or more of the members of board of directors, or to appoint new members by
increasing the number of board members, if the members have responsibility in the
decision taken, transactions made and practices applied, or to dismiss responsible
employees. Also, according to restrictive measures in article 70, BRSA may request a bank to
dismiss some or all of the general managers, deputy general managers, relevant unit and
branch directors including board of directors, and to get the approval of the BRSA for new
recruitments for the emptied positions or the seats.
According to the Article 110 of the BL, if it is determined that the managers and auditors of
a bank, or its general manager and assistant general managers, or its authorized signatory
officers have caused the application of the provisions of Article 71 for the bank through
their decisions and actions that are in violation of the applicable laws, on the basis of a
decision of SDIF Board and upon the request of the SDIF, such person shall be held
personally liable to the extent of the damage they have caused to the bank and a court may
declare any such person bankrupt.
Finally, article 26 of the BL establishes that persons who have been declared bankrupt or
hold control in banks that have been subjected to restrictive measures, liquidation, or
whose operating permissions have been revoked, cannot work at any bank as general
manager, deputy general manager or in a position wherein they have signing authority.
Additionally, the signing authority of any bank employee, who is found to have infringed
provisions of the BL or other applicable laws, might be temporarily revoked upon the
BRSB's decision. Such persons may not be employed by any bank as an employee vested
with signing authorities unless permitted by the BRSB.
EC6 The supervisor has the power to take corrective actions, including ring-fencing of the bank
from the actions of parent companies, subsidiaries, parallel-owned banking structures and
other related entities in matters that could impair the safety and soundness of the bank or
the banking system.
Description and As described in CP1, articles 68, 69 and 70 of the BL can be used to implement wide ranging
findings re EC6 corrective actions on banks and controlling companies. For example, these powers could be
used to restrict the subsidiary’s dividend payment to its controlling company, the subsidiary
exposure to the controlling company or to its related entities, or the controlling company’s
exercise of its shareholder’s right over the bank.

TURKEY
EC7 The supervisor cooperates and collaborates with relevant authorities in deciding when and
how to effect the orderly resolution of a problem bank situation (which could include
closure, or assisting in restructuring, or merger with a stronger institution).
Description and There is regular exchange of information between the BRSA and the SDIF that enables the
findings re EC7 SDIF to access supervisory information of individual banks. In accordance with article 100 of
the BL, a Coordination Committee has been established between the two institutions. This
Committee meets at least once every three months to further promote the exchange of
information and high-level cooperation between the two institutions. Furthermore, the BL
determines that the BRSA and the SDIF shall have access to jointly-agreed databases of each
other within the principles of confidentiality.
In addition, according to the protocol signed between the BRSA and the SDIF, the BRSA
notifies the SDIF that a bank has been required to take corrective, rehabilitative, or
restrictive measures (Articles 68, 69, and 70). The timely notification allows SDIF to develop
a Resolution Action Plan and prepare for the eventual process.
As it is explained in CP1 once the BRSA determines that the conditions for intervention are
met in relation to a bank, it has two options: to revoke the bank’s operating permission
(Article 106 of the BL) or to transfer the shareholder rights (except dividends) and its
management and control to the SDIF (Article 107 of the BL). In the second case, the SDIF
can select and implement any resolution strategy that falls within its statutory remit, and
cooperates with other authorities – primarily the BRSA – during the resolution process. The
BRSA retains its supervisory and regulatory authority over a bank in resolution under SDIF
management.
Additional
criteria
AC1 Laws or regulations guard against the supervisor unduly delaying appropriate corrective
actions.
Description and
findings re AC1
AC2 When taking formal corrective action in relation to a bank, the supervisor informs the
supervisor of non-bank related financial entities of its actions and, where appropriate,
coordinates its actions with them.
Description and
findings re AC2
Assessment re Largely Compliant

principle 11
Comments The BRSA has available an appropriate range of supervisory tools to use when, in the
supervisor’s judgment, a bank is not complying with the regulations or represents a risk for
the financial sector. Nevertheless, in practice, the remedial and corrective actions provided

TURKEY
for in the law are rarely used at an early stage as preventative measures. The BRSA seems to
rely more heavily on administrative fines whose scope of application is more clearly defined
in the BL than on taking actions at an early stage to address unsafe and unsound practices
that require supervisory judgment.
The assessors were presented evidence of BRSA actions requiring banks to make
adjustments to practices and processes. Nevertheless, such action had a scope limited to
specific issues such as the classification of particular loans operations. Evidence was not
observed of supervisors addressing broader concerns about the risks posed and faced by
banks from a deepening and expansion of the initial review, a point reinforced in the
comments of banks.
The supervisory review process within the BRSA also seems to play a role towards limiting
the issues that supervisors raise with banks. Although reviews of supervisory reports are
necessary, the current process seems relatively skewed towards validation of compliance
processes and thus constrains active supervisory judgments and decisions. Consideration
could also be given to integration of supervision and enforcement, particularly in terms of
communication with financial institutions, which might support a more risk focused and less
compliance based supervisory approach.
In order to become fully compliant with this principle the BRSA needs to incorporate the
results of forward looking tools more heavily in its decision making process and act at an
early stage to restore weak banks and correct examples of unsound practices, even if formal
prudential ratios haven’t been breached.
Principle 12 Consolidated supervision. An essential element of banking supervision is that the

supervisor supervises the banking group on a consolidated basis, adequately monitoring
and, as appropriate, applying prudential standards to all aspects of the business conducted
by the banking group worldwide.28
Essential criteria
EC1 The supervisor understands the overall structure of the banking group and is familiar with
all the material activities (including non-banking activities) conducted by entities in the
wider group, both domestic and cross-border. The supervisor understands and assesses
how group-wide risks are managed and takes action when risks arising from the banking
group and other entities in the wider group, in particular contagion and reputation risks,
may jeopardize the safety and soundness of the bank and the banking system.
Description and The BL provide powers and responsibilities for the BRSA to supervise bank groups on a
findings re EC1 consolidated basis:
- Article 66 states that parent banks are subject to limitations and standard ratios on a
consolidated basis and to consolidated supervision.
28 Please refer to footnote 19 under Principle 1.

TURKEY
- Articles 95 and 96 of the BL, authorizes the BRSA to request all necessary documentation
and information from the parent company of a banking group as well as the entities within
the group to perform its duties. The law also allows the collection of information from
banks’ shareholder and therefore includes banks ‘parent companies even if they are not
financial companies.
- Financial holding companies are also subject to consolidated supervision pursuant to

Article 78 of the BL.
Based on the authority provided by the BL, the BRSA has issued guidance on the
preparation of consolidated financial statements of banks. The CCFS states that parent
banks are obliged to prepare consolidated financial statements quarterly considering the
financial subsidiaries of the group and semi-annually including financial and non-financial
subsidiaries. Financial subsidiaries include insurance firms. The consolidated financial
statements and reports are used for calculating regulatory ratios and limits.
The BRSA request an extensive amount of information about the group. Intra group
transactions are monitored by off-site supervisors through monthly call reports. Banks also
regularly report and update the names of all real and legal persons in their own risk group,
including their shareholders, affiliates and subsidiaries on a monthly basis. Loans extended
within the group of the own bank, transactions with related party, derivative transactions
within the own group and risk limits are the main surveillance call reports which are used
for reviewing aggregate exposures to the group of the own bank. Names of all real and
legal persons in their own risk group and related party risk limits are the main surveillance
call reports for financial holding companies.
In order to complement consolidated reports and analysis, BRSA also requests balance
sheet, income statement, loan book details (including non-performing loans), securities,
derivatives, FX position, transactions between cross-border establishments and the banking
group, capital adequacy, transactions with financial sector and deposits data on a quarterly
basis from the foreign based subsidiaries and off shore branches of the banks.
Banks are also required to submit a number of periodic reports containing information of
their parent companies, including balance sheet, shareholders list and income statements.
The BRSA updated its on-site supervision process in 2012 and all banks have been
examined with respect to the new process since then. As described in CP 8, BRSA teams
take into account the consolidated risk profile of banks. Supervision manuals (SMIRASP and
SMGAR) explicitly ask supervisory teams to understand the structure of the banking group
to which the bank belongs. Also, the ownership structure of the bank is included in
inspection reports together with the other findings.
In this context, the adequacy of their risk management, internal control and internal audit
systems, effectiveness of their internal processes and procedures and the compliance of
their operations with the relevant legislation are assessed, on a group level, by the on-site
examiners through the CAMELS rating system. Contagion and reputation risks, for instance,
are taken into account with specific questions that need to be answered by the supervisor.

TURKEY
There are also assessment criteria to address the risks that may arise from banks’ parent
companies, affiliates and subsidiaries.
Furthermore, banks are required to prepare their ICAAP reports on consolidated basis
according to RICAAP article 46(1). In the article 47of RICAAP, it is stated that ICAAP reports
comprise all the risks of the bank on consolidated basis. According to article 61 of RICAAP,
banks should not abide by the definition and scope of consolidation specified in the
legislation and the assessment should be made based on the partnership's risk profile,
rather than the inclusion of the partnership to the definition of consolidation specified in
the legislation. Furthermore, section 5 of Annex to Guideline on ICAAP Report (GICAAPR),
states that “In identifying their own risks, banks should also consider risks arising from the
parent company or subsidiaries belonging to the parent company (for example,
reputational risk), alongside the risks existing by themselves or arising from their
consolidated affiliates and subsidiaries. In doing so, they should be attentive that there are
no inconsistencies between the identification of risk and measurement and management
activities”.
As discussed in CPs 8 and 9, in practice, CAMELS rating assessments do not provide an

appropriate framework for the deep analysis of issues and the ICAAP process is still on a
learning phase for both banks and supervisors. That limits the ability of supervisors to fully
understand the overall structure and group-wide risks of the conglomerates.
In Turkey, as of September 2015, 19 banks have established foreign operations which

include 60 subsidiaries. Total assets of these cross border operations amounts to 15.7% of
the total assets of banking sector. In terms of total assets, the largest foreign establishments
are located in Malta, Bahrain and the Netherlands whereas the highest number of branches
and subsidiaries operate in the Turkish Republic of Northern Cyprus.
EC2 The supervisor imposes prudential standards and collects and analyses financial and other
information on a consolidated basis for the banking group, covering areas such as capital
adequacy, liquidity, large exposures, and exposures to related parties, lending limits and
group structure.
Description and Based on article 43 of the BL, prudential limits covering capital adequacy, liquidity, large
findings re EC2 exposures, exposures to related parties and lending limits are required to be met on both
solo and consolidated basis. As explained in EC1, the BRSA collects and analyses data for
monitoring the prudential limits and assess risks on a consolidated basis. Prudential
consolidated ratios such as, capital adequacy, liquidity coverage ratio, lending limits, group
risks, large and related party exposures, leverage ratio and FX net position are received from
the banks on specified intervals. Banks are also required to submit to the BRSA quarterly
consolidated financial statements such as balance sheet, income statement, cash flow
statement, share-holders equity statement and earnings distribution tables. Issues
associated with group structure are analyzed using monthly call reports and information
collected during on-site inspections.

TURKEY
EC3 The supervisor reviews whether the oversight of a bank’s foreign operations by
management (of the parent bank or head office and, where relevant, the holding company)
is adequate having regard to their risk profile and systemic importance and there is no
hindrance in host countries for the parent bank to have access to all the material
information from their foreign branches and subsidiaries. The supervisor also determines
that banks’ policies and processes require the local management of any cross-border
operations to have the necessary expertise to manage those operations in a safe and sound
manner, and in compliance with supervisory and regulatory requirements. The home
supervisor takes into account the effectiveness of supervision conducted in the host
countries in which its banks have material operations.
Description and As explained in CP 7, banks’ cross border investments requires BRSA approval according to
findings re EC3 the BL Article 14 and RTSPIO Article 9. The BL also establishes that there should be no
obstacles in gathering information and executing supervision on the cross border company
and where necessary, the BRSA may require a MoU with the host supervisory authority.
Therefore, BRSA has authority to reject any cross-border investment proposal either in the
form of branch or subsidiary if the supervisory framework of the host country is deemed
insufficient or does not allow appropriate access for supervision purposes.
BRSA regulation requires banks to build an appropriate risk management framework that
comprise the whole banking conglomerate. In particular, the ICAAP report should consider
risk management practices in subsidiaries and the CAMELS rating system should evaluate
the adequacy and effectiveness of management’s oversight of bank’s foreign operations.
Furthermore, banks should inform the BRSA who are the board members of foreign
subsidiaries and the BRSA that might reject them if consider that they do not hold the
appropriate conditions for their functions.
The BRSA also conducts on-site inspections in foreign branches and subsidiaries of banks
once every two or three years. The effectiveness of the parent company’s oversight on the
foreign operations is evaluated during these visits.
Finally, there are specific reports submitted by banks on cross-border operations. The Cross
Border Organizations Reporting Set, please refer to CP9, is the main source of information
about the oversight of banks’ foreign operations. The reports include detailed information
about operations of foreign establishments of banks.
EC4 The home supervisor visits the foreign offices periodically, the location and frequency being
determined by the risk profile and systemic importance of the foreign operation. The
supervisor meets the host supervisors during these visits. The supervisor has a policy for
assessing whether it needs to conduct on-site examinations of a bank’s foreign operations,
or require additional reporting, and has the power and resources to take those steps as and
when appropriate.
Description and BRSA has the power to initiate and carry out on-site inspections of foreign subsidiaries and
findings re EC4 branches of banks licensed in Turkey. On-site examiners of the BRSA perform periodic
inspections in subsidiaries and branches overseas. The BRSA determines the list of the

TURKEY
subsidiaries and branches which will be subject to on-site inspection mainly according to
size and complexity of the operations. The frequency and timing of on-site inspections of
foreign establishments also depend on work load of on-site examiners and host country
supervisory authority’s time preferences. The issue is considered by the head of
departments every year during the strategic planning phase of the supervisory cycle.
The BRSA conducted 52 on-site visits to foreign subsidiaries and branches since 2008. These
visits include 19 subsidiaries, 6 off-shore branches and 27 on-shore branches of 11 banks.
The last time a large number of banks were visited was in 2013. Besides, upon the invitation
from the host authorities, the BRSA on-site inspection teams have been involved in on-site
inspection of subsidiaries of banks in a few jurisdictions during the last two years.
The BRSA has entered into MoUs with the supervisory authorities of 34 countries to
facilitate on-site inspections of foreign establishments of banks operating in Turkey. Among
the 34 MoUs concluded by the BRSA, 19 MoUs are signed with the supervisory authorities
of countries where Turkish banks have presence. These foreign operations represent 77% of
total assets of the Turkish banks operating abroad. Additional MoUs are under discussion
with foreign supervisory authorities.
Article 98 of the BL also authorizes the BRSA to cooperate with a foreign supervisory
authority even in the absence of an MoU. In this case, the requests of authorities of foreign
countries regarding the audit of Turkey branches or undertakings of institutions operating
in the financial markets of their own countries and to obtain information about such
branches and undertakings, and the requests of information covered by consolidation from
the overseas branches and undertakings of banks shall be subject to BRSB’s approval within
the framework of the principle of reciprocity. Please also refer to CP13, EC2.
EC5 The supervisor reviews the main activities of parent companies, and of companies affiliated
with the parent companies, that have a material impact on the safety and soundness of the
bank and the banking group, and takes appropriate supervisory action.
Description and The activities of parent companies are mostly assessed through the ratings process. The
findings re EC5 methodology has a number of assessment criteria that are analyzed by on-site supervisors.
Nevertheless, as discussed in CP8, the methodology is not designed to provide an in-depth
evaluation of all the criteria.
The BRSA also requires banks to prepare reports on intra-group transactions on a yearly
basis since 2014. Intra-group transaction reports include:
- Transactions between the bank and its financial and non-financial subsidiaries
(controlled directly or indirectly by the bank)
- Transactions between the bank’s financial and non-financial subsidiaries (controlled

directly by the bank)
- Transactions between parent company and the bank together with its financial
subsidiaries (controlled directly or indirectly by the bank)

TURKEY
- Transactions between the bank with its financial subsidiaries and companies
controlled directly or indirectly by parent company.
The transactions include financial (securities, loans and participation investments) and non-
financial transactions (trading, property related transactions, leasing, technical services,
consulting services etc.). Information on intra-group transaction reports is an input for BRSA
examiners in the rating process.
EC6 The supervisor limits the range of activities the consolidated group may conduct and the
locations in which activities can be conducted (including the closing of foreign offices) if it
determines that:
a) the safety and soundness of the bank and banking group is compromised because the
activities expose the bank or banking group to excessive risk and/or are not properly
managed;
b) the supervision by other supervisors is not adequate relative to the risks the activities
present; and/or
c) the exercise of effective supervision on a consolidated basis is hindered.
Description and As explained in CP 1, article 67 of the BL allows the BRSA to impose restrictive measures on
findings re EC6 banks in a number of situations that include impediments to supervision and inadequate
risk management. Among these restrictive measures, article 70 of the BL authorizes the
BRSA to require the bank to restrict or temporarily suspend its activities, as inclusive of all
the organization of the relevant activity, or the domestic or overseas branches to be
deemed necessary or the relations with correspondent banks.
Furthermore, according to article 78 of BL, financial holding companies are also subject to
article 70. Therefore, if a bank or a financial holding company is a parent company of a bank
or part of a banking group, BRSA has power to restrict or temporarily suspend their
activities.
EC7 In addition to supervising on a consolidated basis, the responsible supervisor supervises

individual banks in the group. The responsible supervisor supervises each bank on a stand-
alone basis and understands its relationship with other members of the group.29
Description and According to article 95 of BL, BRSA is responsible for the supervision of institutions under
findings re EC7 the scope of the law both on a consolidated and individual basis.
The supervisory perspective of the BRSA analyses individual banks and risks that other
entities of the group might impose on them. The BL and all the other applicable regulations
put the individual banks (the statement “bank”) at the center of the regulatory and
supervisory framework. As explained on CPs 8 and 9, data is also collected and analyzed on
individual basis and the impact of the individual bank’s relationships with the other
members of the group on the safety, soundness and reputation of the bank is assessed in
29 Please refer to Principle 16, Additional Criterion 2.

TURKEY
the context of the rating process and off-site reports such as the intra-group transactions
report.
Additional
criteria
AC1 For countries which allow corporate ownership of banks, the supervisor has the power to
establish and enforce fit and proper standards for owners and senior management of
parent companies.
Description and
findings re AC1

Principle 12
Comments The regulatory and reporting framework provides a broadly appropriate structure for
monitoring and assessing risks to banks from non-banking and foreign banking operations
in banking groups. However, the current limitations of the CAMELS rating and ICAAP
process, the BRSA should make further effort to monitor and manage risks arising from
nonbanking and foreign activities or parent entities of a financial group. In this regard, as
described in CP 8 and 9, the BRSA should deepen the analyses and strengthen its
techniques, such as group-wide stress testing, to monitor and assess these risks. It is
important to improve further the group-wide strategic view of the banking group
operations and risks. Authorities should further improve the recovery and resolution
planning of large banking groups particularly once the necessary power is given to the
supervisor by the expected new legislation. Such planning should also consider scenarios
where shocks originate from non-banking entities or parent groups. Taking into account
that these shortcomings have already been reflected in other principles, particularly CP 8
and 9, the assessors considered this principle compliant.
Principle 13 Home-host relationships. Home and host supervisors of cross-border banking groups
share information and cooperate for effective supervision of the group and group entities,
and effective handling of crisis situations. Supervisors require the local operations of foreign
banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1 The home supervisor establishes bank-specific supervisory colleges for banking groups with
material cross-border operations to enhance its effective oversight, taking into account the
risk profile and systemic importance of the banking group and the corresponding needs of
its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a
significant branch in its jurisdiction and who, therefore, has a shared interest in the effective
supervisory oversight of the banking group, is included in the college. The structure of the
college reflects the nature of the banking group and the needs of its supervisors.

TURKEY
Description and As of September 2015, 19 Turkish banks had foreign subsidiaries or branches operating in
findings re EC1 28 different countries. At least 5 of these have more than 15% of their assets abroad and at
least two of them have more than 40%.
The BRSA has organized early this year a supervisory college for one of the largest Turkish
banks that maintain substantial operations abroad. The college was the first one organized
by the BRSA in its capacity as home supervisor. Host authorities from the 6 countries where
the bank maintains operations were invited. Representatives of the BRSA presented
information on the current situation of the banking sector of Turkey and the BRSA’s
approaches to banking regulation and supervision. There was also exchange of information
among home and host supervisors about the operations, strength and weakness of the
particular bank. Host and home supervisors considered the event important for the
consolidated supervision of the bank.
There are other banks in Turkey with extensive operations abroad that would benefit from
colleges. The BRSA explained that it plans to organize other colleges in the future.
EC2 Home and host supervisors share appropriate information on a timely basis in line with
their respective roles and responsibilities, both bilaterally and through colleges. This
includes information both on the material risks and risk management practices of the
banking group30 and on the supervisors’ assessments of the safety and soundness of the
relevant entity under their jurisdiction. Informal or formal arrangements (such as
memoranda of understanding) are in place to enable the exchange of confidential
information.
Description and According to the article 98 of the BL, the BRSA is authorized to cooperate and exchange
findings re EC2 information about financial institutions and financial markets with competent supervisory
authorities, within the framework of bilateral memoranda of understanding or through
other means, in order to conduct inspections in foreign countries, provide training and
ensure exchange of personnel with the purpose of the harmonization of policies and
legislation.
The MoUs signed by the BRSA specify general principles and procedures concerning the
cooperation within the statutory legislation. They contain provisions about the exchange of
information that includes providing relevant information to the counterparty authority
regarding: i) material developments or supervisory concerns in respect of cross-border
establishments; ii) events which have the potential to endanger the stability of the cross-
border establishments; iii) material enforcement actions taken against the cross-border
establishment; and iv) cases of revocation of the license and operating permission or
voluntary liquidation.
The BRSA has entered into MoU with the supervisory authorities of 34 countries. Among the
34 MoUs concluded by the BRSA, 19 MoUs are signed with the supervisory authorities of
30 See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on
supervisory colleges for further information on the extent of information sharing expected.

TURKEY
countries where Turkish banks have presence. These foreign subsidiaries hold 77% of total
assets of the Turkish banks operating abroad. Besides, MoU negotiations are continuing
with six countries other countries where Turkish banks are operating. Difficulties that
occurred in the past for supervision in a specific country have been overcome.
The BRSA explained that currently the agency does not face any problems to supervise
cross border subsidiaries or exchange information with home supervisors.
Furthermore, the BRSA is legally authorized to cooperate with a foreign supervisory

authority even in the absence of a specific agreement. Pursuant to Article 98 of the BL, if a
MoU is not effective, the requests of authorities of foreign countries, which have been
authorized for supervision pursuant to their respective laws and which are equivalent to the
BRSA, to examine the Turkish branches or undertakings of institutions operating in the
financial markets of their own countries and to obtain information about such branches and
undertakings, and the requests of information covered by consolidation from the overseas
branches and undertakings of banks shall be fulfilled within the framework of the principle
of reciprocity and is subject to the permission of the BRSB.
Finally, as a host supervisor of 32 banks the BRSA has participated in supervisory colleges
arranged by several countries and organized a college for one of Turkish banks with one of
the largest operations abroad.
EC3 Home and host supervisors coordinate and plan supervisory activities or undertake
collaborative work if common areas of interest are identified in order to improve the
effectiveness and efficiency of supervision of cross-border banking groups.
Description and As explained in EC1 and EC2 the BRSA maintains MoUs with other relevant supervisory
findings re EC3 authorities and participates in supervisory colleges.
In order to improve the efficiency of the consolidated supervision, the BRSA has conducted
on-site inspections of foreign subsidiaries and branches of Turkish banks operating in a
number of countries. Additionally, upon the invitation from host authorities, the BRSA on-
site inspection teams have participated in inspections of Turkish banks operating abroad.
The BRSA provides feedback to the host authority on the issues found by the examiners
during the on-site inspection of the cross border establishment providing a summary of the
inspection report. In the case of on-site visits, communication is updated through opening
and closing meetings held between the BRSA examiners and the host supervisory authority.
The BRSA also approves meeting requests of equivalent supervisory authorities concerning
the cross border establishments operating in Turkey. Similarly, the BRSA organizes meetings
with the auditors of foreign supervisory authorities who perform on-site visit to the Turkish
subsidiaries of foreign banks. Any findings that might have an impact on the safety and
soundness or the risk management capabilities of the banking group are also shared with
the relevant host authority within the scope of MoUs concluded.
The BRSA also explained that it exchanges appropriate information with foreign supervisory
authorities in line with the provisions of the BL regarding the financial situation of banks,

TURKEY
process of mergers, disintegrations and change of shares, qualifications of managers,

material risks, safety and soundness of relevant entity.
EC4 The home supervisor develops an agreed communication strategy with the relevant host
supervisors. The scope and nature of the strategy reflects the risk profile and systemic
importance of the cross-border operations of the bank or banking group. Home and host
supervisors also agree on the communication of views and outcomes of joint activities and
college meetings to banks, where appropriate, to ensure consistency of messages on
group-wide issues.
Description and As mentioned above, the BRSA is empowered to exchange information with other relevant
findings re EC4 supervisors and maintain a number of MoU setting the principles for the communication.
Colleges and on-site inspections are also part of the strategy.
EC5 Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities, develops a framework for cross-
border crisis cooperation and coordination among the relevant home and host authorities.
The relevant authorities share information on crisis preparations from an early stage in a
way that does not materially compromise the prospect of a successful resolution and
subject to the application of rules on confidentiality.
Description and Since Turkey is not a home country or a key-host country for G-SIBs, the BRSA and SDIF,
findings re EC5 although available, have not been participating in crisis management groups of these
institutions.
Turkish supervisory authorities have not initiated the development of a framework for
cross-border crisis cooperation and coordination. As mentioned in EC1, some Turkish banks
present material cross border operations and could benefit from such framework.
EC6 Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities and relevant host authorities,
develops a group resolution plan. The relevant authorities share any information necessary
for the development and maintenance of a credible resolution plan. Supervisors also alert
and consult relevant authorities and supervisors (both home and host) promptly when
taking any recovery and resolution measures.
Description and As mentioned in CP 8, Turkish supervisory authorities have not initiated the development of
findings re EC6 group resolution plans. The BRSA and the SDIF have established a joint working group to
analyze the eventual need to change the current resolution regime and align it with FSB’s
Key Attributes of Effective Resolution Regimes. The joint working group is still formulating
policy proposals and necessary legislative amendments. Banks have not been required yet
to develop recovery plans and supervisors do not assess the resolvability of banking
groups.
EC7 The host supervisor’s national laws or regulations require that the cross-border operations
of foreign banks are subject to prudential, inspection and regulatory reporting
requirements similar to those for domestic banks.

TURKEY
Description and Pursuant to the legislation, subsidiaries or branches of foreign banks operating in Turkey
findings re EC7 are subject to the same prudential, supervisory and regulatory reporting requirements
applied to domestic banks.
EC8 The home supervisor is given on-site access to local offices and subsidiaries of a banking
group in order to facilitate their assessment of the group’s safety and soundness and
compliance with customer due diligence requirements. The home supervisor informs host
supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and According to the Article 98 of the BL, foreign authorities which have been authorized for
findings re EC8 supervision under their respective laws and which are equivalent to the BRSA, need to
request permission to examine the Turkish branches or undertakings of institutions
operating in the financial markets of their own countries. These permissions and requests of
information covered by consolidation from the overseas branches and undertakings of
banks are fulfilled within the principle of reciprocity and are subject to the permission of the
BRSB.
In this context, home supervisors may carry out on-site examination in Turkey subject to
prior notification to the BRSA. If there is a MoU in place, the request regarding the on-site
inspection is evaluated considering the provisions of the MoU. If there is not a MoU, the on-
site visit request is submitted to the BRSB for approval.
The BRSA explained that all the inspection requests of home supervisory authorities of
foreign banks operating in Turkey have been accepted by the BRSA. A number of
jurisdictions have performed on site visits to cross border establishments of financial
institutions operating in the financial markets of their own countries. As mentioned in EC 3,
overseas subsidiaries and branches of Turkish banks are also subject to on-site inspection.
BRSA has conducted 39 on-site visits to foreign subsidiaries and branches of banks
operating in Turkey since 2011. These visits include 20 subsidiaries and 16 branches
operating in 13 countries.
EC9 The host supervisor supervises booking offices in a manner consistent with internationally
agreed standards. The supervisor does not permit shell banks or the continued operation of
shell banks.
Description and The BRSA does not permit shell banks or booking offices.
findings re EC9
Furthermore, Article 6 (4) of the BL stipulates that representative offices of the foreign
banks are not allowed to do any banking business. CAROT regulates the activities of
representative offices of foreign banks.
EC10 A supervisor that takes consequential action on the basis of information received from
another supervisor consults with that supervisor, to the extent possible, before taking such
action.
Description and As explained in EC1, 2 and 3 above, the BRSA works in contact with other supervisors
findings re EC10 through various channels. MoUs signed by the BRSA includes provisions that authorities
should inform each other of any material developments and formal enforcement action

TURKEY
taken against cross-border establishments. Even in the absence of MoU with foreign
authorities, the BRSA may consult with the other supervisory authorities.

Principle 13
Comments The BRSA has made vast efforts to improve home-host relationship during the last few
years. Among several initiatives the agency has started organizing colleges, signed a
number of important MoUs and removed obstacles that weakened the supervision of
Turkish banks operations in several countries. Nevertheless, considering that some Turkish
banks hold material operations abroad, it is important to improve the relationship even
further. In particular, it is essential to develop a framework for cross-border crisis
coordination with relevant host authorities and the development of resolution plans that
pay special attention to cross border issues.
Prudential Regulations and Requirements

Principle 14 Corporate governance. The supervisor determines that banks and banking groups have
robust corporate governance policies and processes covering, for example, strategic
direction, group and organizational structure, control environment, responsibilities of the
banks’ Boards and senior management,31 and compensation. These policies and processes
are commensurate with the risk profile and systemic importance of the bank.
Essential criteria
EC1 Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and
senior management with respect to corporate governance to ensure there is effective
control over the bank’s entire business. The supervisor provides guidance to banks and
banking groups on expectations for sound corporate governance.
Description and Corporate governance features prominently in Turkish banking legislation. The legal and
findings re EC1 regulatory framework surrounding corporate governance resides in several key laws and is
comprehensive. BL Article 1 establishes corporate governance as a part of ensuring
confidence and stability in financial markets, the efficient functioning of the credit system
and the protection of the rights and interests of depositors. It establishes that shareholders’
interests are secondary to the depositors’ interests for banks, and is generally aligned with
Basel guidance and principles for corporate governance.
The BL, 3rd part, explicitly addresses corporate governance. This part regulates the allocation
of authority, qualifications and responsibilities of management, internal systems, authorized
institutions and financial reporting. Related to these titles a number of sub-regulations, of
which the most important are RICAAP and Regulation on the Corporate Governance
Principles of Banks (RCGB), have been designed in order to implement the principles and
enumerate responsibilities on corporate governance.
31 Please refer to footnote 27 under Principle 5.

TURKEY
The responsibilities and authorities of the banks’ board is regulated in the Article 23 of BL.
According to Article 23(3) the responsibilities of the board of directors shall include
ensuring the establishment, functionality, appropriateness and adequacy of internal control,
risk management and internal audit systems compliant with the applicable legislation;
securing financial reporting systems; and specification of the powers and responsibilities
within the bank.
Under the BL Article 23, the board of directors shall have at least 5 members including the
general manager. The qualifications of a majority of members shall have similar
qualifications as the general manager. The positions of chairman of the board and general
manager (or chief executive officer) must be separate. The BRSA must be informed about
(and approve) the appointment of the members. However, the BL nor subsidiary legislation
requires the majority of the board to be non-executive and collectively act independently
and objectively from the influence of other parties.
Article 24 goes on to direct that the board must appoint an audit committee of at least 2
board members. These 2 members shall not have executive functions within the bank.
(RICAAP Article 6 goes on to define “non-executive” members which is very similar to the
definition of independent given in the CMB’s Communique.)
While some bank boards in the system have populated this committee with more members,
a minimum of 2 members is considered too few in order to execute the duties assigned to it
in a robust and effective manner. In addition, the chair of this committee, in some banks is
also the chairman of the board which does not reflect best practice and potentially
represents a conflict of interest.
The duties and responsibilities of the audit committee include the supervision of the
efficiency and adequacy of the bank’s internal control, risk management and internal audit
systems and the accounting and reporting systems within the framework of BL. The audit
committee shall also be responsible for ensuring that internal systems units and the
external audit firms regularly provide reports regarding the execution of their tasks.
Given that the audit committee is responsible for the oversight of internal systems in which
risk management is a part, many banks’ audit committees also fill the role of a board risk
committee that would, in other circumstances be separate from the audit committee. The
team was informed that in the more complex banks, there is, in fact, a separate risk
committee.
RICAAP enumerates major provisions assigning responsibility to the board and senior
management for establishing and monitoring of the internal systems. The term “internal
system" includes internal audit, internal control and risk management systems. Article 5(1)
of RICAAP provides that members of the board of directors are ultimately responsible for
establishment and effective operation of the internal systems. They are also responsible for
defining the powers and duties within the bank regarding these systems. Article 5(2) defines
the responsibilities of the board in detail by mentioning the board’s overall responsibilities
on determining the structure of the whole organization, human resources policies, senior

TURKEY
management selection policies, and also with reference to the internal system’s structure,
organization and policies, strategic policies, risk management and consumer complaints
from conduct of business.
Article 7 of RICAAP sets forth in more detail the duties of the audit committee which must
act in the name of the board of directors. The committee must supervise efficiency and
adequacy of the internal systems. In this manner, the audit committee must supervise
compliance with the provisions of RICAAP concerning internal control, internal audit and
risk management and with the internal policies and implementation procedures approved
by the board of directors and to make proposals to the board of directors in relation to
measures which it is considered necessary to take. Furthermore Article 7(2) gives the details
of these responsibilities such as: the establishment of communication channels in the bank;
assessment of the adequacy of the internal systems; internal systems staff and
management; establishment of whistle-blowing channels; evaluation of internal audit plans
and follow up; evaluation of the adequacy of internal system staff, risk management tools,
and infrastructure; the contact with internal and external auditors; monitoring of the
financial reporting system; evaluation of outsourced activities.
Duties and responsibilities of the senior management are also regulated under RICAAP as
well as in the Regulation on Corporate Management Principles of Banks (RCGB). According
to Article 8, the senior management must fulfill their responsibilities to carry out their
assigned responsibilities and ensure they do so efficiently. They must also report the board
of directors about material risks to which the bank is exposed.
CMB also has its Communiqué on Corporate Governance32 (Communiqué) applicable to

listed companies. According to the paragraph 4 of Annex 1 of the Communiqué, the board
of directors keeps in balance a corporation’s risk, growth and returns at the most
appropriate level through strategic decisions and manages and represents the corporation
by firstly protecting the long-term benefits of the corporation through rational and prudent
risk management. Board of directors also has to define the strategic targets of the
corporation, establish the human and financial resources of the bank, and evaluate
management performance. The board must be composed of a minimum of independent
members for which the definition of “independent” is given. Among others, the
Communiqué requires the board of directors to conduct its activities in a transparent,
accountable, fair and responsible way.
There is not a special section in TCC for corporate governance principles, but these
principles are spread through the Code. The TCC addresses, inter alia, duties of care and
loyalty of the members of the board of directors, fair treatment of shareholders, and powers
of the board of directors. It also defines the liability of the members of the board of
directors and the managers for the damages they cause to the company, shareholders and
the company’s creditors. It also compels companies to announce specific information on
their websites.
32 http://www.cmb.gov.tr/apps/teblig/displayteblig.aspx?id=479&ct=f&action=displayfile

TURKEY
EC2 The supervisor regularly assesses a bank’s corporate governance policies and practices, and
their implementation, and determines that the bank has robust corporate governance
policies and processes commensurate with its risk profile and systemic importance. The
supervisor requires banks and banking groups to correct deficiencies in a timely manner.
Description and There are a number of ways in which the BRSA assesses the various elements of corporate
findings re EC2 governance in banks. This is accomplished through on and offsite supervision as well as
through the licensing process. The role of the board of directors and their responsibilities
are clearly anchored in, firstly, the banking law as well as other attendant regulation.
However, the validation of banks’ corporate governance on an ongoing basis through the
examination process requires concrete strengthening through a more holistic approach,
analysis, and well substantiated conclusions. This is a critical aspect of conducting effective
risk focused supervision.
A. Supervisory Process
The on-site and off-site supervision by BRSA is regulated in the Article 95 of BL. According
to Article 95(1) BRSA is responsible for the supervision of the implementation of the
regulations by the banks beside the financial safety and soundness supervision and also the
supervision of compliance with corporate governance principles. The supervision of
compliance with corporate governance principles is solely and especially mentioned as one
of the supervisory responsibilities of BRSA in this article. The sub-regulation related to
supervision by BRSA is RAA which includes in its scope the supervision of the financial
institutions’ compliance level to the corporate governance principles in its Article 2(1)(d).
RAA also mentions the assessment of the quality of the corporate governance in financial
institutions as a type of on-site supervision in the Article 14(1) (a-9).
As a part of the risk focused supervision (the IRA phase), the supervisors will scope the
activities for the upcoming cycle through various means. This includes, in part, meeting with
the board members, senior managers and independent auditors to understand recent
changes in the bank’s profile and activities. As a part of the cycle planning process and to
inform on governance, the supervisor will also review the board minutes, strategic plan,
budgeting, policies, procedures, audit reports, MIS, etc. according to the size, activities,
complexity and structure of the banks. Depending on the outcome of the IRA, special
examinations will be conducted of areas identified as concerns or special supervisory
interest.
The BRSA indicated that 3 special examinations focused on governance elements were
conducted in 2014/15.
B. On-site Supervision
In practice compliance with corporate governance principles and the assessment of quality
of compliance is taken into consideration during the CAMELS review/GAR methodology
supervision. In assigning M (for management) the supervisor evaluates mainly the following
elements:

TURKEY
 MIS and its unrestricted access by examiners including the bank’s information systems
and data including the bank’s foreign branches.
 assessment of the accounting and financial reporting systems including adequacy of

written processes for accounting and financial reporting, efficiency and effectiveness of
the internal control/audit on these systems, the existence and number of manual
and/or retrospective interventions on the accounting and financial reporting systems.
 assessment of the internal systems which include internal control, risk management and
internal audit which includes evaluation of the relevant structure, procedures, policies,
compliance with the enforcement actions instructed by BRSA, and adequacy of
contingency action plans.
 assessment of the organization, management and business strategies including the

objectives and reality of the strategic plan and its risks, organizational policies and
procedures and internal regulations, duties and responsibilities of the staff, the relation
between the bank’s board’s and senior managers’ success and the bank’s financial
performance, risk management and compliance level.
 assessment of human resources including evaluation of the policies and

implementations in human resources management. As well, feedback from bank staff is
considered and staff turnover in critical areas.
While assessing above mentioned elements, examiners more specifically address:
 compliance of board numbers and qualifications;
 if relevant policies, procedures, and workflows approved by the board and are they
clearly defined; do conflicts of interest exist among procedures or workflows;
 if a corporate governance committee exists; if an internal CG policy exists;
 if a "corporate governance compliance report" exists;
 policy on disclosure and transparency;
 monitoring process for breaches in policies, procedures, limits and for informing the
board.
Special examinations conducted by the examiners will feed into the CAMELS rating process
in a more informal way, by providing insight into the function of selected areas of the bank.
However, no concrete conclusions are drawn regarding the quality of board oversight or
corporate governance in general.
Also, supervisory review of the ICAAP process highlights governance elements of risk
management and more generally. Through this process, the GAR process, and the IRA work,
the bank’s current business strategies are reviewed and compared to last year’s plan and
projected numbers. The IRA process involves discussions with management, review of
performance, review of strategies, evaluation of bank resources, etc. These steps feed into
the responses to the CAMELS review/GAR process which in turn, creates the subcomponent

TURKEY
ratings before leading to the assignment of the “M” in CAMELS which reflects governance
elements. No analytical, critical narrative exists which reflects a collective view on corporate
governance of a bank or the attendant systems and controls which compose it.
C. Other supervisory activities
Besides the regular CAMELS on-site supervision by BRSA, the BRSA reviews board member
and senior management qualifications immediately following their appointment to their
posts as per BL Articles 5 and 7.
Similarly, approval of the top management team is necessary before the BRSA will authorize
a bank to operate in Turkey. Besides these prerequisites for establishment and operation
authorization of banks’ operations, BL Article 13 requires the banks to take the corporate
governance regulations of BL into account while opening a new branch in Turkey. And
Article 14 requires the banks to be compliant with the corporate governance regulations of
BL for approvals to operate abroad.
The BRSA has the authority to take corrective action when certain concerns and deficiencies
are identified. Among these are failures by board and management to institute required
internal systems in BL Article 67. Also, as a result of supervisory examinations and according
to the severity of the findings and the responsibility of the board members, the composition
of the board can be changed by BRSA according to these articles. The responsibility of
supervision for determining the compliance with the corporate governance parameters is
clearly mentioned in the Article 95(1) of BL and the related sub-regulation RAA Article 2 (d).
The evaluation of the quality of the corporate governance management is one of the
inevitable part of on-site supervision according to the Article 14(1)(a-9) of RAA.
The team reviewed several examples of work performed by the examiners to test how
observations about corporate governance were formed and the supervisory response
thereafter. The work conducted by the examiners, both on and offsite, is extensive.
However, the team found, through the review of several special examinations and the GAR
database, the results of the examinations and supervisory processes consistently stopped
short of drawing conclusions, in analytical, narrative form, on the implications the findings
have for other critical areas of the bank(s) which reflect directly on the overall corporate
governance effectiveness of the bank. As a result supervisory observations are not easily
collected in order to form a more cross-cutting, substantiated view on critical internal
systems and therefore, the boards’ ability to oversee the bank’s’ business.
For instance, if a loan portfolio is reviewed, deficiencies may be identified but are not
consistently linked to conclusions drawn about the 1) line and senior management and their
ability to oversee their business and know their risks, 2) risk management adequacy and
ability to proactively identify developing risks that management has not – and report such
issues and trends to the board, 3) impact provisioning levels and implications on financial
statement accuracy, 4) implications on internal audit’s role, 5) MIS particularly sent to the
board, and 6) ultimately, board oversight. All of these linkages reflect directly on the
strength and nature of corporate governance in a bank.

TURKEY
Without taking the examinations process further and drawing conclusions, assessment of
governance adequacy is much less able to leverage examination efforts to substantiate, and
perhaps change, the supervisory view on board and management ability to run and control
the bank’s business. This ultimately can impact the integrity of the “M” in the CAMELS.
EC3 The supervisor determines that governance structures and processes for nominating and
appointing Board members are appropriate for the bank and across the banking group.
Board membership includes experienced non-executive members, where appropriate.
Commensurate with the risk profile and systemic importance, Board structures include
audit, risk oversight and remuneration committees with experienced non-executive
members
Description and Article 23(1) of BL states the minimum number of the members in a bank’s board of
findings re EC3 directors as five and also sets out the requirements for the members to be appointed. The
qualifications required for the general manager in BL shall also be required for majority of
the board of directors. So majority of the members must have at least undergraduate
degrees in the disciplines of law, economics, finance, banking, business administration,
public administration and related fields and those that have undergraduate degrees in
engineering fields must have a graduate degree in the aforementioned fields, and they
must have at least ten years of professional experience in the field of banking or business
administration. Other financial and personal requirements for the members of the board of
directors are listed in detail under Article 8. The board is held responsible for the
establishment, effectiveness, compliance and efficiency of the internal control, risk
management and internal audit systems according to the Article 23(3).
As mentioned above in EC 1, only 2 board members are required to be nonexecutive

commensurate with the requirement that the Audit Committee be composed of at least 2
nonexecutive members. There are no requirements for the majority of board members to
be nonexecutive. As a result, boards can potentially be composed of executive directors
except for the 2 required nonexecutives. The only possible influence against this is the
approval process conducted by the BRSA if it was to disapprove such a structure. However,
there is no regulatory or practical support for this given the above structure of the law and
regulation.
The one required board committee is the audit committee. As mentioned in EC 1 above,
Article 24(1) of the BL provides that a banks’ board of directors shall establish audit
committees for the execution of the audit and monitoring functions in the name of the
board of directors and audit committee shall consist of minimum two non-executive board
members. According to the Article 24(3) the main duties and responsibilities of the audit
committee include the supervision of the efficiency and adequacy of the bank’s internal
control, risk management and internal audit systems, functioning of these systems and the
accounting and reporting systems and the integrity of the information produced. In RICAAP
the Article 4(2) it is repeated that the internal systems units can only be established directly
under the board. In the same paragraph it is clearly mentioned that the responsibility for
the internal systems may only be fully or partially assigned to one of the non-executive

TURKEY
directors or to committees composed of such directors or to the audit committee. In most

banks, the audit committees are responsible risk oversight as well as the audit and control
function oversight. However, some banks, depending on the size and complexity of their
operations, have established board risk committees as well.
The remuneration committee for the banks is regulated under paragraph 12 of the
Guideline on Best Compensation Practices of Banks (GBCP); it is not a required committee.
This committee is comprised of at least two non-executive members of board of directors
who have sufficient information and experience regarding remuneration policies and
internal systems as a whole. Besides this sub-regulation the second paragraph of the
Principle 6 of RCGB mentions that the remuneration committee which is responsible for the
monitoring and supervision of the remuneration policies in the name of the board of
directors to be comprised of two members. This committee is to evaluate the remuneration
policies and implementations under the risk management principles and to report their
findings to the board at least annually. The three largest banks have appointed
remuneration committees.
The BRSA approves board and senior management appointments. In this way, the BRSA
reviews the appointments process of the subject bank. Checklists have been prepared by
BRSA for use in the evaluation process. The assessment process not only includes
examining the documents submitted to the BRSA but also browsing the BRSA database. If
the assessment shows that the individual is not fit and proper for the appointment, the
bank will be informed about the situation and instructed to appoint a different individual.
Furthermore, the board members and senior managers are responsible for notifying BRSA
in case of a change in their situation after they are appointed (RSMOD, article 8). The
appointments process itself is not a focus of examination to date.
As indicated above, the BRSA conducted 3 special examinations of governance elements

during 2014/15; however, there is a need to form more holistic conclusions about
governance on a more regular basis and conduct cross sector assessments of corporate
governance, leveraging examination and offsite inputs.
EC4 Board members are suitably qualified, effective and exercise their “duty of care” and “duty
of loyalty”.33
Description and See EC3 above.

findings re EC 4
33 The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate
Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty
of a board member to act on an informed and prudent basis in decisions with respect to the company. Often
interpreted as requiring the board member to approach the affairs of the company in the same way that a ’prudent
man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business
judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the
company and shareholders. The duty of loyalty should prevent individual board members from acting in their own
interest, or the interest of another individual or group, at the expense of the company and all shareholders.”

TURKEY
Board member and senior management qualifications criteria are set out in Article 23(1) of
BL and addressed in EC 1 and 3 above.
Articles 7, 9 and 10 of BL requires the board members to meet the qualifications set out in
corporate governance provisions as a prerequisite for establishment and operating
permission. Besides the Article 7(1)(d), Article 9(d) requires the same qualifications for any
bank established abroad that wants to operate in Turkey by opening branch.
Principle 3 of the RCGB requires that management shall have the qualifications to fulfill
efficiently their duty and be conscious of their role; board members are to be well-
intentioned, informative, wise, and ethical, to be aware of their duties and responsibilities,
to have time and to participate actively in the bank business.
TCC Article 369 defines duty of care and duty of loyalty of the board members and the third
persons in charge of management. According to this provision, these persons have to fulfill
their duties with care as prudent managers and act in good faith while overseeing
company’s interest.
EC5 The supervisor determines that the bank’s Board approves and oversees implementation of
the bank’s strategic direction, risk appetite34 and strategy, and related policies, establishes
and communicates corporate culture and values (e.g., through a code of conduct), and
establishes conflicts of interest policies and a strong control environment.
Description and As mentioned in EC 1 according to the Article 23(3) of BL the responsibilities of the board of
findings re EC5 directors should include ensuring the establishment, functionality, appropriateness and
adequacy of internal control, risk management and internal audit systems which are
compliant with the regulations, and besides the specification of the powers and
responsibilities within a bank.
Main regulations addressing risk appetite, strategic policies, communication channels and
conflict of interest issues are covered in the RICAAP. Following the definition of risk appetite
in the Article 3(1) (gg), the responsibilities of the board are regulated in the 5th Article. The
Article 5(1) of RICAAP determines the board of directors as the ultimate responsible body
for the establishment, effective, adequate and efficient implementation of internal systems
in a bank. With respect to this responsibility, in the Article 5(2)(g) the board is held
responsible for and authorized to determine and monitor the strategic decision making
process and besides to maintain the determination of planning policies. Furthermore, in
Article 5(2)(h) one of the board’s responsibilities is mentioned as to determine the bank's
policies and strategies relating to risk management in general and separately for each risk
type, risk level the bank can take and related implementation procedures, to allocate
maximum risk limits for units and their managers or the personnel working in those units.
Article 5(2)(ı) requires the board to identify the bank's risk appetite, to ensure that business
34 “Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the
pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as
appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and
“risk tolerance” are treated synonymously.

TURKEY
lines, managers of the units within the scope of the internal systems and internal systems
manager gather and exchange ideas, to resolve the communication problems between
business lines within the aim of developing an effective risk management point of view
throughout the bank and to ensure that business lines are informed about the
developments, risks and risk mitigation techniques in the market.
The audit committee, as an extension of the board, according to Article 24 of BL, is also
responsible for the supervision of the efficiency and adequacy of the bank’s internal
systems, including the bank’s control environment, and the integrity of MIS therein.
Regarding potential conflicts of interest, requirements for functional division of tasks in a

bank is regulated in RICAAP
article 10 in order to prevent mistakes, fraud, conflicts of interest, manipulation of

information and misuse of resources at the bank. According to this article the powers and
responsibilities of all units, personnel and committees within the bank shall be determined
clearly and in writing, with a division of tasks in relation to the activities on the same
subject. Banks need to comply with the regulation which requires that activities from which
conflicts of interest may arise to be identified and minimized and the activities of approving
transactions, accounting and recording transactions, and monitoring and managing the
transaction are appropriately segregated. As well, RCGB Principle 1 addresses possible
conflicts of interest within senior management responsibilities.
The establishment of communication structure and communication channels is regulated in

the Article 12 of RICAAP. According to 12(1) it shall be ensured that information vertically
and horizontally flows within the organizational structure of the bank so as to reach the
relevant levels of management and the responsible personnel in safety and that the
managers of lower units and the operational personnel are fully informed of the bank’s
objectives, strategies, policies, implementation procedures and expectations. Information to
be directed towards personnel shall include data concerning the policies related to bank
activities, their implementation procedures, and the activity performance of the bank. It
shall be ensured that the bank personnel are aware of the rules concerning their duties and
responsibilities and that the necessary information rapidly reaches the concerned personnel.
Besides in the Article 7(2)(c) of the RICAAP audit committee members are held responsible
for and authorized to establish communication channels which enable the committee to be
informed and to check whether personnel who are authorized to lend have been involved in
the evaluation and/or the decision making process of certain identified borrowers, e.g.,
themselves, their spouses, dependent children and other natural persons or legal entities
which constitute a risk group.
While internal codes of conduct are not explicitly required, the team was informed that
many banks do, in fact, have them. This, as well as strategy, risk appetite, and internal
communication channels could all be topics addressed in a corporate governance
evaluation by the supervisor.

TURKEY
EC6 The supervisor determines that the bank’s Board, except where required otherwise by laws
or regulations, has established fit and proper standards in selecting senior management,
maintains plans for succession, and actively and critically oversees senior management’s
execution of Board strategies, including monitoring senior management’s performance
against standards established for them.
Description and The educational and experience requirements for the senior managers are mainly
findings re EC6 determined in Article 25 of BL. The Article 25(1) mentions the requirements for the general
managers while Article 25(2) does the same for the deputy general managers.
The Principle 2 in RCGB requires the board of directors to determine the duties and
responsibilities of the senior management in a bank while it also empowers the board to
monitor the compliance level of senior management’s activities to the policies which have
been put in place by the Board itself.
According to the points (a) and (c) of the Article 5(2) of the RICAAP, the board of directors
of the bank is authorized and liable for
 establishing the organizational structure and human resources policy of the bank and
to determine the criteria for the appointment of senior management and
 determining the written strategies, policies and the implementation procedures

concerning the activities of the units included within the scope of the internal systems
and ensuring that these are implemented and maintained effectively and coordinated
with each other.
There currently is no requirement for banks to develop succession plans for key
management positions. As mentioned in EC 5 and 3 above, there is not yet a cross-cutting
supervisory evaluation process of a bank’s corporate governance function.
EC7 The supervisor determines that the bank’s Board actively oversees the design and operation
of the bank’s and banking group’s compensation system, and that it has appropriate
incentives, which are aligned with prudent risk taking. The compensation system, and
related performance standards, are consistent with long-term objectives and financial
soundness of the bank and is rectified if there are deficiencies.
Description and Best practice guidelines for the structure and management of remuneration frameworks
findings re EC7 within an effective risk management environment are comprehensively enumerated in the
GBCP. Paragraph 8 of this guideline states that it is the responsibility of board of directors
of the bank to approve, periodically review and oversee the implementation of the
remuneration policy. Remuneration policies and practices should be consistent with the
complexity of activities, individual risk profile, risk appetite and strategy of a bank.
The GBCP paragraph 9 directs that the remuneration policy should support sound risk
management within the bank and not be associated with excessive short-term profit-
making goals and does not incentivize risk-taking that is beyond tolerated risk level of the
institution. The remuneration policy should also be in line with the scope and size of the
operations, risk management structure, business strategy, long-term financial soundness

TURKEY
and capital adequacy level of the institution, and incorporates measures to avoid conflicts
of interest.
Further, the GBCP paragraph 11 states that the bank should consider the impact of
remuneration policies on soundness indicators such as capital and liquidity and in case of a
threat against capital adequacy or when needed, a more conservative policy should be
followed on all remuneration issues, mainly the variable remuneration. Further, variable pay
levels should be established in relation to the performance of their unit as well as the bank’s
overall performance. The impact of risk taken should also factor into remuneration
formulas. When determining the performance of identified staff, financial and non-financial
criteria should be considered.
As well, principle 6 of RCGB directs that remuneration framework should be aligned with a
bank’s ethical values and strategic targets. Compensation shall not be based on short-term
performance or be guaranteed in advance.
No explicit supervisory reviews have been undertaken to date to address banks’

remuneration frameworks. Again, as mentioned in EC 5 and 3 above, this could be an area
to include in a cross-cutting supervisory evaluation process of a bank’s corporate
governance function.
EC8 The supervisor determines that the bank’s Board and senior management know and
understand the bank’s and banking group’s operational structure and its risks, including
those arising from the use of structures that impede transparency (e.g., special-purpose or
related structures). The supervisor determines that risks are effectively managed and
mitigated, where appropriate.
Description and Legislation does not explicitly direct boards and senior management to “know your
findings re EC8 structure” but they must have knowledge of the bank’s related structures in order to assess
individual and consolidated risk exposures and to prepare ICAAP on a consolidated basis.
The bank’s Board and senior management’s responsibilities are defined in RICAAP. Articles
5-8 regulate the responsibilities of top management (which includes key senior
management and the board of directors) regarding the establishment of the internal
systems (including risk management systems). This requires top management to set policies
and strategies relating the risk management as well as to establish the bank’s risk appetite
and maintain sufficient capital as determined through ICAAP. ICAAP must be prepared on a
consolidated basis, therefore bank management must know and understand all the risks to
which the bank is exposed. In addition; the “intra-group transactions report” that has to be
prepared each year guarantees that the bank management sees the financial relationship
between group entities. Please also refer to CP12 for consolidated supervision framework of
BRSA.
EC9 The supervisor has the power to require changes in the composition of the bank’s Board if it
believes that any individuals are not fulfilling their duties related to the satisfaction of these
criteria.

TURKEY
Description and According to the article 69 (b) of the BL, in the context of points (e), (f) and (g) of Article 67
findings re EC9 to eliminate violations, the BRSB has the power to require the bank to call on the general
assembly to convene an extraordinary meeting to change one or several or all of the
members of board of directors or to appoint new members by increasing the number of
board members if the board of directors’ members have responsibility in decisions,
transactions and practices.
Furthermore; the article 70(c) of the BL clearly empowers the BRSB to require the bank to
dismiss one or all of the board members or together with the general manager, deputy
general managers, and/or relevant unit and branch directors in cases where the bank fails
to take measures laid down in Article 68 and/or 69. The same article requires the approval
of BRSA for persons to be appointed or selected in place of the persons removed from
office.
The supervisor’s responsibility for detecting compliance with the corporate governance
principles is laid out in the BL Article 95(1) and the RAA Article 2(d). The evaluation of the
quality of the corporate governance management is one of the key parts of on-site
supervision according to the Article 14(1)(a-9) of RAA. Findings regarding CG enables the
BRSB to take action against the board or specific board members in case of breaches of CG
regulations and principles.
Another tool held by BRSA, contained in BL Article 26(2), is the ability to revoke the signing
authority of any bank employee who is found to have infringed provisions of BL or related
regulation, has endangered the safety and soundness of the bank, and legal proceedings
have been requested. These provisions apply to not only staff but also to board members.
There have been cases where such signing authority has been revoked, mainly dealing with
bank staff. Only one instance did such action involve a bank director.
Additional
criteria
AC1 Laws, regulations or the supervisor require banks to notify the supervisor as soon as they
become aware of any material and bona fide information that may negatively affect the
fitness and propriety of a bank’s Board member or a member of the senior management.
Description and
findings re AC1

Principle 14
Comments The legal framework surrounding the corporate governance framework for banks is
extensive, but very heavily focused on board responsibilities regarding internal systems (risk
management, internal control, internal audit). Examination processes (GAR and specialized
examinations) have required steps to check board approvals, internal structures, and
processes which reflect on the governance function. The BRSA approves board and senior

TURKEY
management appointments. In this way, the BRSA reviews the appointments process of the
bank.
However, the results of special examinations and supervisory processes consistently stop
short of drawing conclusions, in analytical, narrative form, on the implications the findings
have for critical areas that are directly linked to the examined area. These critical areas
reflect directly on the corporate governance effectiveness of the bank (such as management
oversight of business areas, adequacy of risk management and internal audit’s role in the
subject areas, integrity of MIS that goes up to the board level, and ultimately, board
oversight). As a result, supervisory observations are not easily collected in order to form a
more cross-cutting, substantiated view on corporate governance and the adequacy of
internal systems. Therefore, validation of the manner in which such internal systems and
governance operates is not well supported. This impacts the degree to which the BRSA
should place confidence in the systems that inform the board and itself, as well as the
systems’ ability to generate early warning indicators of deterioration.
There is no requirement for the majority of the board to be composed of non-executive

members which could result in, potentially, boards being composed of a majority of
executive directors with only the 2 nonexecutives as currently required by the legal
framework. However, practically speaking, 10 out of 53 banks are listed and must fall under
the CMB Communique on governance which requires a majority of independent directors.
Consideration should be given to upgrading banking legislation requiring the board to be
composed of a majority of nonexecutive members, and ideally, with a certain minimum of
independent individuals. (The definition of “independent” should be consistent with that
used by the CMB in its Communiqué on Corporate Governance.)
Audit committee membership should be expanded. While some bank boards in the system
have populated this committee with more members, a minimum of 2 members is
considered too few in order to execute the duties assigned to it in a robust and effective
manner. This is particularly so since the audit committee is considered an extension of the
board and is assigned the task of internal systems oversight which includes risk
management. In addition, the chair of this committee, in some banks, is also the chairman
of the board which does not reflect best practice and potentially represents a conflict of
interest. This committee should be expanded and should be composed of all independent
directors. As well, legislation directs that the audit committees have oversight responsibility
for internal systems which includes risk management. Under the current audit committee
structures, proper oversight of both critical areas is difficult at best. Risk management
oversight responsibility should be separated from the audit committee, particularly in the
more complex institutions (it was noted that one bank has, in fact, constituted a separate
risk management committee).
While (3) special inspections of governance elements have been conducted, there is a need
to more regularly conduct cross-cutting assessment of corporate governance in a holistic
manner which would, in part, leverage examination results and relevant offsite information
as well as information generated from any enforcement actions. Consideration could be

TURKEY
given to introducing such reviews on a more regular basis in order to enhance and better
substantiate conclusions on the adequacy of a bank’s corporate governance.
Given the observations cited in the above ECs (board membership/objectivity, board
nominations process, board committee structure and membership, management oversight
and performance evaluation, succession planning, “know your structure requirements”,
internal code of conduct, etc.) the BRSA should develop a more comprehensive corporate
governance regulation that completes the elements of governance that already exist in
guidelines and regulation. This type of instrument could be a focal point of supervisory
corporate governance reviews in the future.
Principle 15 Risk management process. The supervisor determines that banks35 have a comprehensive
risk management process (including effective Board and senior management oversight) to
identify, measure, evaluate, monitor, report and control or mitigate36 all material risks on a
timely basis and to assess the adequacy of their capital and liquidity in relation to their risk
profile and market and macroeconomic conditions. This extends to development and
review of contingency arrangements (including robust and credible recovery plans where
warranted) that take into account the specific circumstances of the bank. The risk
management process is commensurate with the risk profile and systemic importance of the
bank.37
Essential criteria
EC1 The supervisor determines that banks have appropriate risk management strategies that
have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to
define the level of risk the banks are willing to assume or tolerate. The supervisor also
determines that the Board ensures that:
a) a sound risk management culture is established throughout the bank;

b) policies and processes are developed for risk-taking, that are consistent with the risk
management strategy and the established risk appetite;
c) uncertainties attached to risk measurement are recognized;
d) appropriate limits are established that are consistent with the bank’s risk appetite, risk
profile and capital strength, and that are understood by, and regularly communicated
to, relevant staff; and
35For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk
management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure,
encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of
companies, the risk management framework should in addition cover the risk exposure across and within the
“banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or
members of the banking group through other entities in the wider group.
36To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by
the underlying reference documents.
37 It
should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk
management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a
bank’s Board and senior management.

TURKEY
e) senior management takes the steps necessary to monitor and control all material risks
consistent with the approved strategies and risk appetite.
Description and The focus of this BCP 15 is on both the framework for the overall risk management process in
findings re EC1 banks (both the legal and implementation aspects) as well as the BRSA’s supervisory process
over this critical function. The actual implementation of the framework and supervisory
process, and the results it renders, are specifically addressed in the respective Principles which
follow.
The BL Articles 29 and 31 state the obligations pertaining to internal systems (internal
control, risk management and internal audit systems). According to Article 29, banks are
obliged to establish and operate adequate and efficient internal systems that are in
harmony with the scope and structure of their activities, that can respond to changing
conditions and that cover all their branches and undertakings subject to consolidation in
order to monitor and control the risks that they encounter. In Article 31, within their risk
management frameworks, banks shall establish, implement and report risk policies within
the framework set by the BRSB. Risk management activities shall be performed by the risk
management department and personnel who work under the board of directors.
Based on the above mentioned BL articles, RICAAP has been issued for the purpose of
setting procedures and principles for the establishment and functioning of the internal
systems (internal audit, internal control and risk management systems) and internal capital
assessment process. While the ultimate output of ICAAP is the derivation of the internal
capital requirement and capital projections for the upcoming three years under different
economic scenarios, the process is highly dependent on banks’ internal risk management,
their assessment of its adequacy, and the risk based measures of capital needs.
It is through this process that the BRSA has enumerated comprehensive regulation
addressing requirements for robust risk management systems. This regulation, RICAAP,
underpins to a very significant extent, BRSA’s expected risk management framework in
banks which reflects much of what is international standard. The guidance offered by
RICAAAP is cited throughout the risk section of this assessment and is pivotal to the
evaluation of the adequacy of the system’s risk framework. Equally important,
implementation of RICCAP and other essential regulation and directions have been
evaluated to determine the extent that the requirements have taken root and are used
effectively to identify, measure, and control risk.
ICAAP is a relatively recent development in the country’s banking system. As a result, banks’
are still developing their approach and implementing important systems. The BCP team’s
review of supervisors’ working papers and discussion with banks indicated that banks as
well as supervisors are, in fact, in a relatively early phase. The quality of banks reports and
the scrutiny of the reports by supervisors will need to develop further before the results can
be more reliable and more extensively used.
Risk appetite & risk strategies:

TURKEY
The BL directs that internal systems shall be established directly under the Board of
Directors. The board may transfer all or part of its duties and responsibilities to the internal
systems manager. It is also possible to have a senior manager such as an executive vice
president who does not have any hierarchical link with CEO and whose performance
evaluation is conducted by the board of directors or the audit committee. Furthermore,
powers and duties of the board of directors, audit committee, and the senior management
regarding the risk management system are determined in the RICAAP as well as
establishment of internal capital assessment process.
As well, the board of directors of the bank is responsible for determining, in writing, the
strategies, policies and the implementation procedures concerning the activities of the units
included within the scope of the internal systems and to ensure that they are implemented
and maintained effectively and coordinated with each other. The section further states that
(the board of directors) will determine in writing the bank's polices and strategies relating
to risk management in general and separately for each risk type, risk level the bank can take
and related implementation procedures, to allocate maximum risk limits for units and their
managers or the personnel working in those units.
RICAAP Article 5 states that (the Board of Directors) will identify the bank's risk appetite, to
ensure that business lines, managers of the units within the scope of the internal systems
and internal systems manager gather and exchange ideas, to resolve the communication
problems between business lines within the aim of developing an effective risk
management point of view throughout the bank and to ensure that business lines are
informed about the developments, risks and risk mitigation techniques in the market.
As well, Article 39 (1) states that banks are obliged to establish a structure comprised of
policies and processes to determine the risk appetite and monitor the conformity of units to
the risk appetite. (2) Banks are obliged to set, measure, monitor and manage the risk limits
for controlling the current risk profile in order not to exceed the risk appetite approved by
the board of directors. Risk appetite structure shall be reviewed when necessary, once in a
year at a minimum.
Culture, policies, processes, limits, and monitoring
RICAAP Article 38 (1-3) states that (banks must establish) risk limits associated clearly with
the loss amount and allocated capital amount, connected with the risk appetite. Within this
scope, risk appetite approved by the board of directors is shared to risk types, units,
business lines and products as well as other levels deemed necessary and allocated.
Furthermore, transaction limits are established per personnel, sub-unit or unit for risk limits
in the required areas, mainly credit allocation and treasury transactions. Banks shall
determine implementation procedures concerning proposal, assessment, approval,
notifying in the bank, monitoring and audit processes of risk limits and the principles
determined are approved by the board of directors. Surveillance responsibility for the
bank's risk profile not to exceed risk limits and values realized to be monitored by top
management of the bank belongs to the board of directors. Risk limits are determined as a
part of risk appetite on consolidated and non-consolidated basis by considering the size of

TURKEY
bank in financial system. The risk limits shall be regularly reviewed and adapted in
accordance with changes in market conditions and in the bank strategy.
RICAAP Article 35 (4) states that banks are obliged to establish and implement an effective
risk management system for material risks in compliance with volume, complexity, and level
of activities that bear risks. In addition to Pillar 1 risks, Pillar 2 risks shall also be taken into
account considering their level of importance. Moreover, risks which are minor on their own
but which may cause significant losses when combined with other risk types are also
included.
RICAAP Article 38 requires banks to put in place board approved written limits and risk
appetites for each risk type on consolidated and non-consolidated basis by considering the
size of bank in the financial system. The risk limits are regularly reviewed and adapted in
accordance with changes in market conditions and in the bank strategy. Risk limits are
notified to related units and it is ensured that related personnel understands them. Limit
usages are monitored closely and limit exceeding is notified to the senior management
promptly in order to take necessary actions.
Article 4 of the RICAAP imposes banks to establish and operate adequate and effective
internal systems in conformity with the scope and nature of their activities in order to
monitor and control the risks to which they are exposed. BRSA requires banks to implement
the principles by considering banks' own scales, risk profiles; activities, volume, nature and
complexity of their business and transactions. It’s also necessary to make written
explanations and retentions for the principles which are not implemented totally or partially
[Article (4)(1)(m) of RAA].
According to the Article 46 of RICAAP, banks are obliged to calculate the capital internally
which will meet the risks exposed or which may be exposed on consolidated and non-
consolidated basis and maintain their activities with a capital higher than this amount on
consolidated and non-consolidated basis. The ICAAP process determines that the
management body; a) accurately and comprehensively identify, measure, aggregate,
monitor and report the bank’s risks, b) calculate and hold adequate internal capital in
relation to the bank’s risk profile, risk management process, adequacy of internal systems,
strategies and activity plan, c) establish and use sound risk management systems and
develop them further. The ICAAP also considers the impact of economic cycles, and
sensitivity to other external risks and factors. The ICAAP shall be integrated to the bank's
organizational structure, risk appetite framework and activity processes; and shall form a
basis for them.
Supervisory (onsite) manual
There are several criteria in the Supervisory Manual on Risk Assessment Criteria (SMRAC)
that require BRSA onsite examiners to take into consideration the strategies, policies and
processes concerning following risk categories; credit risk, operational risk, strategic risk,
reputational risk, liquidity risk, interest rate risk in the banking book, market risk, country
and transfer risk, concentration risk, residual risk, model risk, counterparty credit risk. In

TURKEY
SMRAC, there are assessment criteria for each risk category to evaluate the effectiveness of
risk management.
For example, in the credit risk area, the criteria help the examiners to evaluate risk
management strategy whether the Board and senior management set a suitable risk
appetite to define the level of credit risk the bank is willing to assume or tolerate. In
addition to this, the examiner determines that if a sound credit risk management culture is
established throughout the bank; policy and processes are developed for risk taking that
are consistent with the risk management strategy and the established risk appetite;
appropriate credit limits are established that are consistent with the bank’s risk appetite, risk
profile, and that are understood by relevant personnel; and senior management takes the
necessary steps to monitor and control credit risk consistent with the approved strategies
and risk appetite. The authority and liability of the relevant staff is defined clearly and the
necessary steps in case of deficiency are defined.
CAMELS review/GAR methodology
The GAR process directs examiners to evaluate policies, strategies and processes,
contingency plans to determine if they address material risks such as operational risk issues
in departments such as corporate/small and medium enterprises/retail loans, credit cards,
accounting and reporting systems, derivatives etc.
EC2 The supervisor requires banks to have comprehensive risk management policies and
processes to identify, measure, evaluate, monitor, report and control or mitigate all material
risks. The supervisor determines that these processes are adequate:
a) to provide a comprehensive “bank-wide” view of risk across all material risk types;
b) for the risk profile and systemic importance of the bank; and
c) to assess risks arising from the macroeconomic environment affecting the markets in
which the bank operates and to incorporate such assessments into the bank’s risk
management process.
Description and As stated in EC1 above, RICAAP comprehensively addresses the risk management function
findings re EC2 in banks.
The complexity level of risk management system is formed in proportion with the bank’s
size and the complexity of its activities. If BRSA finds the mentioned level insufficient, banks
are obliged to remove this insufficiency within a timeframe to be determined by BRSA
(Article 35(3) and 35(5)).
Banks should have comprehensive risk management policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate all material risks. In addition, the
management of the material risks in the bank’s risk profile and providing a comprehensive
“bank-wide” view of risk across all material risk types are arranged in the RICAAP Articles 5,
35, 37, 38, 39, 42, 45.
RICAAP Article 38 requires banks to put in place board approved written limits and risk
appetites for each risk type on consolidated and non-consolidated basis by considering the

TURKEY
size of bank in the financial system. The risk limits are regularly reviewed and adapted in
accordance with changes in market conditions and in the bank strategy. Risk limits are
notified to related units and it is ensured that related personnel understands them. Limit
usages are monitored closely and limit exceeding is notified to the senior management
promptly in order to take necessary actions.
The article 36(2) of the RICAAP states that risk management policies and implementation
procedures must adapt to changing conditions. The board of directors or the relevant
internal systems manager shall regularly assess their adequacy and make the necessary
changes. In addition, according to the 42(6) of the RICAAP, the risk measurement methods
and models should be periodically updated to reflect changing market conditions.
Macroeconomic environment affecting the markets in which the bank operates is assessed
in ICAAP reports as stated in the GICAAPR (section “2. General Assessment and
Expectations”) in a detailed manner because of the fact that it may cause material risks for
the bank.
During the CAMELS review/GAR methodology process, as well as during special

examinations, supervisors check whether a bank has suitable policies and processes that
clearly articulate roles and responsibilities related to the identification, measurement,
monitoring and control of the material risks. As well, the examiners review banks’ strategy,
policies, procedures and growth budgets pertaining to various risks, including their
implementation, and invites bank management’s attention to areas of concern. Banks’
business plans in relation to their risk profile, capital, manpower skills, historical
performance, adequacy of procedures and controls are evaluated.
EC3 The supervisor determines that risk management strategies, policies, processes and limits
are:
a) properly documented;
b) regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk
profiles and market and macroeconomic conditions; and
c) communicated within the bank.
The supervisor determines that exceptions to established policies, processes and limits
receive the prompt attention of, and authorization by, the appropriate level of management
and the bank’s Board where necessary.
Description and RICAAP Article 5 and provisions that are mentioned in EC1 require that risk management
findings re EC3 strategies, policies, processes and limits are documented; regularly reviewed and adjusted
to reflect changing risk appetites, risk profiles, market and macroeconomic conditions;
communicated within the bank. Article 12 regulates establishment of the communication
structure and communication channels within the bank.
How the risk management system (RMS) of banks shall be established, the purpose of RMS,
which points have to be included in the policies and procedures, the activities of RMS, main
aspects of risk limit setting, risk appetite framework, new products and services,

TURKEY
responsibilities of risk management unit and personnel, risk measurement and its process,
stress testing to be performed by bank, data management process and reporting of risks
within the banks are regulated in Section Four (articles 35-45), “the Risk Management
System” of the Regulation.
Due to RICAAP, article 63(6), banks are required to prepare ICAAP reports every year. In
these reports, banks give detailed information about their risk management strategies,
policies, processes, limits and risk appetites. Banks are obliged to submit these reports to
BRSA in the first quarter of every year. Banks should have detailed risk management
strategy documents to prepare these reports. Furthermore, in the section “5. Risk
management” of GICAAPR, all material risks are taken into consideration in terms of
identification, measurement, management/control and mitigation as well as risk appetite
and risk limits.
In addition to this, banks are required to list internal regulations, communiqués, action
plans and decisions by which the policies and procedures and business flows and processes
are determined and duties and responsibilities are assigned relating to corporate
governance, management of each risk type (identification, measurement, monitoring,
control and reporting) capital and liquidity planning within risk management structure and
submit these documents to the BRSA in the annex of the ICAAP Report. Inside the Report,
amendments made to regulations within the period, as well as new regulations entered into
force and justified information about abolished ones are given to express the progress in
the bank's risk management capacity and its elasticity face to changing conditions.
In the on-site supervision process, the BRSA examiners are informed about important
decisions taken by banks and are able to access and assess banks’ policies, processes,
strategies, exceptions and internal reports on an ongoing basis. On-site examination reports
make observations on banks’ compliance with internal and regulatory limits. As a part of the
routine examination, BRSA examiners evaluate whether the risk management strategies,
policies, processes and limits are documented and limits are monitored by the top
management with the help of GAR module.
EC4 The supervisor determines that the bank’s Board and senior management obtain sufficient
information on, and understand, the nature and level of risk being taken by the bank and
how this risk relates to adequate levels of capital and liquidity. The supervisor also
determines that the Board and senior management regularly review and understand the
implications and limitations (including the risk measurement uncertainties) of the risk
management information that they receive.
Description and RICAAP Article 5 stipulates that the bank’s Board and senior management get sufficient
findings re EC4 information on, and understand, the nature and level of material risks being taken by the
bank and how these risks relate to adequate levels of capital and liquidity. In addition to
this, the Board and senior management shall regularly review and understand the risk
management information that they receive from the all units of the bank. RICAAP Article
5(3) states that the board of directors is responsible for ensuring that the bank has
adequate capital to support its risks by means of establishment and implementation of the

TURKEY
ICAAP. It needs to ensure that the bank management establishes a framework for assessing
the various risks, develops a system to relate risk to the bank’s capital level, and establishes
a method for monitoring compliance with internal policies. Also, information on the nature
and level of risk being taken by the bank should be reported to the Board of directors and
top management according to the article 45 of the RICAAP.
Banks shall prepare a report including their assessments on risk measurement, capital and
liquidity planning as well as risk management abilities made within the scope of the ICAAP
according to Article 56(1) of RICAAP.
In the Risk Assessment (CAMELS) phase of supervision, BRSA examiners assess whether the
bank’s top management obtains sufficient information about material risks that are taken
by the bank and regularly reviews and understands the implications and limitations of the
risk management information that they receive.
EC5 The supervisor determines that banks have an appropriate internal process for assessing
their overall capital and liquidity adequacy in relation to their risk appetite and risk profile.
The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy
assessments and strategies.
Description and In addition to abovementioned requirements (EC1-EC4), banks are also required to assess
findings re EC5 their internal capital and liquidity adequacy. They are required to have an ICAAP process
and the provisions regarding this process are regulated in RICAAP. Banks are required to
submit an ICAAP report once in a year and requirements of ICAAP reporting is regulated in
GICAAPR.
In the ICAAP reports, banks assess their capital and liquidity adequacy according to section
“6. Capital Planning” and “9. Liquidity Planning” of GICAAPR respectively. Moreover, there is
detailed information about how to carry out these capital and liquidity plans in other parts
of the GICAAPR.
According to Article 56(2) of the RICAAP, Bank's analysis and assessments relating to capital
and liquidity adequacy and planning in the ICAAP Report are assessed in the examinations
made by the BRSA. In addition, there are also specific provisions concerning the audits
conducted by the BRSA in terms of capital and liquidity adequacy, in the sections “3.
Regulatory Capital Adequacy”, “4. Internal Capital Adequacy”, “5. Adequacy of Liquidity”, “6.
Stress Tests” of the GAA.
As stated in EC 1, ICAAP is a relatively recent development in the country’s banking system.

As a result, banks’ are still developing their approach and implementing important systems.
The BCP team’s review of supervisors’ working papers and discussion with banks indicated
that banks as well as supervisors are, in fact, in a learning phase. The quality of banks
reports and the annual review of the reports by supervisors will need to develop further
before the results can be more reliable and more extensively used.
EC6 Where banks use models to measure components of risk, the supervisor determines that:
a) banks comply with supervisory standards on their use;

TURKEY
b) the banks’ Boards and senior management understand the limitations and uncertainties
relating to the output of the models and the risk inherent in their use; and
c) banks perform regular and independent validation and testing of the models
d) The supervisor assesses whether the model outputs appear reasonable as a reflection
of the risks assumed.
Description and There are 3 different communiques regarding standards for models used to measure
findings re EC6 market risk, credit risk and operational risk: Communiqué on the Calculation of Market Risk
by Risk Measurement Models and Assessment of Risk Measurement Model (CMR-RMM),
Communiqué on Calculation of the Risk Weighted Exposure Amount for Credit Risk by
Internal-rating based Approaches (CIRB), Communiqué on Calculation of the Risk Weighted
Exposure Amount for Operational Risk by Advanced Measurement Approach (CAMA)
respectively. Additionally, there are Guidelines on Assessment and Validation of Internal
Rating Based Approaches and Advanced Measurement Approach (GAVA) and Guidelines on
the Application Process of Internal Rating Based Approaches and Advanced Measurement
Approach (GAPA) guidelines regarding approval and validations processes for these
models. These guidelines regulate the model use for regulatory capital requirement
calculation purposes.
RICAAP has rules about model use for internal risk management purposes. RICAAP Article
5(2) (ğ) gives responsibility to the Board to have information about risks the bank is
exposed to and measurement methods and management of those.
It is mentioned in the Articles 42, 45(2)(ç), 55(1) of the RICAAP that different measurement
methods and models may be used to measure and assess risks. In these articles there are
detailed information about the processes related to method or model.
Regulation states that banks’ internal audit units are given the responsibility to audit risk
measurement models. If risk measurement models are used in the bank, the internal audit
unit should audit: whether the results obtained from risk measurement models and
methods are incorporated in daily risk management, the accuracy of data and assumptions
used in risk measurement models, reliability, integrity and timely availability of the data
source used and the accuracy of back-tests used for these models, etc. (Article 21(4) of the
RICAAP).
The responsibility of the risk management department is “to participate in the process of
designing, selecting and putting into practice the risk measurement models and giving
preliminary approval, to review the models regularly and to make the necessary changes”.
Article 41(1)(d), (e) of RICAAP.
RICAAP imposes separate roles to different internal system units regarding risk
measurement models. Article 11(2)(b) requires that the information systems of the bank
shall enable risks, including regulatory and internal capital adequacy calculations, to be
measured using risk measurement methods or models and to be reported in a timely and
effective manner. Article 15(2)(ç) gives internal control units the responsibility to interrogate

TURKEY
the accuracy of transaction details, activities, and outputs related to risk management
models.
Article 58 and 62 of the RICAAP arranges validation process of the internal model. The
validation process to be made within the scope of Article 58 is assessed by the BRSA.
According to article 58, validation of internal model used within the scope of ICAAP shall be
made by a team independent from the units which develops methodology or independent
from the executive units. Validation may be conducted by external experts. Validation
report should be submitted to BRSA together with ICAAP report (Article 63(9)). In addition
to the RICAAP, GICAAPR has numerous detailed provisions connected to the models or
methods as well as validation processes of them.
Additionally, model risk is highlighted in risk management guidelines such as in Guideline

on The Management of Concentration Risk (GMCR).
GAA, para 8, states that the Agency examines the regulatory capital adequacy and
calculation process, models and assumptions. In paragraph 10, the issues that the bank
considers while using the IRB approach are listed. According to paragraph 12, the Agency
examines the internal capital adequacy and calculation process, models and assumptions
that are used by banks.
The BRSA examiners examine compliance to the above mentioned regulations. To examine
these processes, the BRSA examiners use GAR (risk assessment – CAMELS) module
EC7 The supervisor determines that banks have information systems that are adequate (both
under normal circumstances and in periods of stress) for measuring, assessing and
reporting on the size, composition and quality of exposures on a bank-wide basis across all
risk types, products and counterparties. The supervisor also determines that these reports
reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely
basis to the bank’s Board and senior management in a form suitable for their use.
Description and Article 11 of RICAAP addresses information systems. The structure of information systems
findings re EC7 must be commensurate with the scale of the bank and with nature and complexity of the
products. The minimum outputs of these systems are regulated in RICAAP including
regulatory and internal capital adequacy calculations, early warning indicators, timely
reporting of breaches of maximum risk levels, allocation of capital requirement according to
risk level, stress tests and scenario analysis to be made, etc. Also Article 45 gives
information about reporting of risks within the bank.
RICAAP regulates the general requirements about information systems, however, in the risk
management guidelines that are listed in Principle 1, EC3, there are additional specific
requirements imposed regarding that specific risk. For example, Paragraphs 44-51 of
Guideline for Liquidity Risk Management (GLRM) explains how an information system for
liquidity risk management should be. GAA paragraphs 12(8), 12(11) mention about
management information systems and reporting.

TURKEY
Banks’ reporting framework comprises of a wide range of call reports on several aspects of
prudential importance, some of which pertain to the consolidated bank position. Banks are
obliged to prepare the ICAAP report annually both on a consolidated basis and non-
consolidated basis. Within the ICAAP report, the results of stress tests and scenario analyses
must be presented. Banks’ reporting is subjected to test checks by the BRSA. Periodical
internal systems audit conducted by external auditors and the BRSA provide assurance
about the integrity and coverage of the internal and supervisory reports.
BRSA sets the standards for information systems of banks in CPITMB, RICAAP, and GICAAP
and conducts IT examinations via its IT audit experts. Furthermore, annual external audit
findings are utilized to evaluate the IT risks associated with a bank as well. Bank’s Board and
senior management make self-assessments using Circular on Management Assertion and
submit their assessments to the external auditor.
Through the CAMELS review/GAR methodology, under MIS in the Management component
—the BRSA examiners assess whether banks have adequate information systems for
measuring, assessing and reporting on the size, composition and quality of exposures on a
bank-wide basis across all risk types. Through this process and procedure, they are to assess
whether these reports reflect the bank’s risk profile and capital and liquidity needs, and are
provided on a timely basis to the bank’s top management.
Furthermore, according to GAA paragraph 12(8); during the ICAAP examinations, the
Agency assesses the quality of the bank’s management information reporting and systems,
the manner in which business risks and activities are aggregated, and management’s record
in response to emerging or changing risks.
EC8 The supervisor determines that banks have adequate policies and processes to ensure that
the banks’ Boards and senior management understand the risks inherent in new products,38
material modifications to existing products, and major management initiatives (such as
changes in systems, processes, business model and major acquisitions). The supervisor
determines that the Boards and senior management are able to monitor and manage these
risks on an ongoing basis. The supervisor also determines that the bank’s policies and
processes require the undertaking of any major activities of this nature to be approved by
their Board or a specific committee of the Board.
Description and RICAAP Article 5(2) points (ğ) and (ö) give the Board the responsibility to have information
findings re EC8 about risks the bank is exposed and to understand the risks of new products. Board is also
given the responsibility to approve all policies and processes according to article 5(2) (i) and
best practice guidelines. Article 40 requires banks to carefully assess new products and
services offered by them. Banks are required to ensure that the necessary personnel,
technology and financial resources are available for these products and services to be
offered and that the top management is fully aware of the risks involved in the new
products and services. Also in article 18 of the RICAAP it is stated that new transactions and
38 New products include those developed by the bank or by a third party and purchased or distributed by the bank.

TURKEY
products should be included in the compliance controls carried out by the internal control
units of banks.
While Article 40 enumerates a number of the review requirements for new products, it does
not explicitly extend the process to address material modifications to existing products and
major acquisitions. It also does not require banks to restrict new products if they do not
have the necessary controls, management, and resources to manage related risks.
In addition to this, BRSA is able to verify compliance to these regulations as part of its
CAMELS rating methodology under the Management component during on-site
examinations. For example, Financial Soundness Analysis Identification Number (FSAID)
2753 supports this examination.
EC9 The supervisor determines that banks have risk management functions covering all material
risks with sufficient resources, independence, authority and access to the banks’ Boards to
perform their duties effectively. The supervisor determines that their duties are clearly
segregated from risk-taking functions in the bank and that they report on risk exposures
directly to the Board and senior management. The supervisor also determines that the risk
management function is subject to regular review by the internal audit function.
Description and BL (Article 31) stipulates that the risk management activities shall be performed by the risk
findings re EC9 management department which will work under the board of directors. RICAAP Article 4 (2)
also requires internal systems to be located under the board of directors. It furthermore
requires the board of directors to determine the duties, powers and responsibilities of the
internal systems units and of their managers clearly and without conflict of duties, to
approve the working procedures and principles for the staff appointed in these units, and to
ensure that the necessary resources are allocated.
Article 10(1) of RICAAP, provides information for the division of risk management
functions/tasks in banks. Moreover, the BRSA verifies the independence of the risk
management functions and recommend remedial measures if it is not observed.
In periodic and risk-based audits, the department audits the adequacy and effectiveness of
the internal control and risk management systems and ICAAP is assessed by the internal
audit unit. Additionally, the ICAAP report is also examined by the BRSA examiners.
The BCP team identified certain issues with the organization of the credit risk management
function and the credit monitoring function which is a line management activity. The
organizational arrangements discussed in BCP 17 do not adequately address independent
credit risk monitoring at the individual credit and portfolio levels. See BCP 17.
EC10 The supervisor requires larger and more complex banks to have a dedicated risk
management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO
of a bank is removed from his/her position for any reason, this should be done with the
prior approval of the Board and generally should be disclosed publicly. The bank should
also discuss the reasons for such removal with its supervisor.

TURKEY
Description and In Turkey, risk management departments of banks are separate units that are directly under
findings re EC10 the board of directors. According to the Article 31 of BL, risk management activities shall be
performed by the risk management department and personnel to work under the board of
directors.
RICAAP Article 4 directs that banks assign a senior manager or an executive vice president,
responsible for all internal systems departments, who has no hierarchical link with the CEO
in the bank’s organization structure and whose assessments on performance as well as
financial and personal rights are conducted by the board of directors or the audit
committee. Also the articles 37(1) and 41(3) have provisions regarding risk management
unit and personnel.
In Turkey, the risk management departments of banks are generally organized under a
senior manager reporting directly to audit committee. However, some banks do have CRO
type posts. Commensurate with their size and complexity of operations, banks should be
specifically required to have qualified CROs with sufficient stature, position and authority
within the organization to oversee risk management activities. The level of senior manager
may not provide the necessary stature necessary to challenge high level risk decisions and
processes.
According to RICAAP article 63(1), banks must notify the Agency in writing of the
appointment or resignation of the internal systems manager or committee members, the
members of the audit committee, and the senior managers of the units included within the
scope of these systems, within seven working days from the date of the relevant decision.
However, regulation should require, explicitly, if the CRO is removed from his/her position
for any reason, that the Board has been informed and has given its approval. This action
should be generally disclosed publicly. While the regulation requires banks to notify the
BRSA promptly, the reasons for such removal should be presented and discussed.
EC11 The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk,
interest rate risk in the banking book and operational risk.
Description and BRSA has issued detailed specific guidelines articulating the standards related to credit risk,
findings re EC11 market risk, liquidity risk, and operational risk, interest rate risk in the banking book, country
risk, reputational risk, and others.
EC12 The supervisor requires banks to have appropriate contingency arrangements, as an integral
part of their risk management process, to address risks that may materialize and actions to
be taken in stress conditions (including those that will pose a serious risk to their viability). If
warranted by its risk profile and systemic importance, the contingency arrangements
include robust and credible recovery plans that take into account the specific circumstances
of the bank. The supervisor, working with resolution authorities as appropriate, assesses the
adequacy of banks’ contingency arrangements in the light of their risk profile and systemic
importance (including reviewing any recovery plans) and their likely feasibility during
periods of stress. The supervisor seeks improvements if deficiencies are identified.

TURKEY
Description and RICAAP Article 13 addresses the emergency and contingency plans and business continuity
findings re EC12 management. Banks must establish a business continuity management structure approved
by the board of directors in order to ensure the sustainability of activities in case of an
interruption or to save them time to minimize operational, financial, legal and reputational
negative effects. There are also other provisions at RICAAP Article 13 that address payment
and settlement systems and business disruption. For a possible emergency and contingency
regarding the payment and settlement systems, communication arrangements shall be
established between the authorities of the CBRT, the persons responsible for the interbank
payments, agreements and settlement systems and the Agency as well as a communication
channel or network open to the public and the customers. The continuity of information
systems is handled in information systems continuity plan approved by the board of
directors prepared within the scope of business continuity plan and in state of emergency
and contingency plan. Banks have to mention their contingency arrangements in their
ICAAP reports. Please refer to GICAAPR Annex section 6, paragraphs (1, 3, and 4), section 8
paragraph 4, section 9 paragraphs (2, 3, and 5(7)).
Provisions regarding business continuity plans are further regulated in GORM in a more
detailed manner. According to GORM Principle 10, banks need to have a business
continuity plan to be able to continue their activities on an ongoing basis and limit losses in
the event of severe business disruption.
Negative condition scenarios created by the bank should be assessed for their financial,
operational and reputational impact and the resulting risk assessment should be the
foundation for recovery priorities and objectives (paragraph 71 of GORM).
All the disaster recovery and business continuity plans are tested at least once in a year
according to RICAAP article 13. These tests are checked by the BRSA on-site examination
teams as a part of the ratings process. This includes whether there is a business continuity
plan approved by the board of directors and if this plan is tested by the bank.
EC13 The supervisor requires banks to have forward-looking stress testing programs,
commensurate with their risk profile and systemic importance, as an integral part of their
risk management process. The supervisor regularly assesses a bank’s stress testing program
and determines that it captures material sources of risk and adopts plausible adverse
scenarios. The supervisor also determines that the bank integrates the results into its
decision-making, risk management processes (including contingency arrangements) and
the assessment of its capital and liquidity levels. Where appropriate, the scope of the
supervisor’s assessment includes the extent to which the stress testing program:
a) promotes risk identification and control, on a bank-wide basis

b) adopts suitably severe assumptions and seeks to address feedback effects and system-
wide interaction between risks;
c) benefits from the active involvement of the Board and senior management; and
d) is appropriately documented and regularly maintained and updated.

TURKEY
The supervisor requires corrective action if material deficiencies are identified in a bank’s
stress testing program or if the results of stress tests are not adequately taken into
consideration in the bank’s decision-making process
Description and RICAAP Article 43 stipulates that Banks shall establish and operate a stress testing program
findings re EC13 in order to measure its material risks and vulnerabilities which may arise from both negative
developments peculiar to the bank and the developments in stressed economic and
financial environment. Top management is responsible for establishment and
implementation of a stress testing program as a whole. In addition to this, stress testing
program shall be based on historical data including statistical risk and loss predictions and
complementary for other risk management methods and qualitative implementations.
Stress testing program shall include clearly defined purposes, well designed scenarios in
compliance with the bank's activities and its risk arising from those activities, written
assumptions, a strong methodology, reporting supporting the decisions taken, revising
stress testing processes in a continuous and efficient manner and management actions
based on stress testing results. Stress testing program requires, an overall firm-wide stress
testing, in addition to each material risk type.
Consistent with RICAAP Article 43(7), a Guideline on Stress Testing to be used by Banks In
Capital and Liquidity Planning (GST) was published. GST is arranged to determine the
principles on the implementation of the mentioned article and banks are expected to be in
compliance to the extent with their structures, size and complexity of the Bank’s activities.
Principles stated in the guideline also make a base for supervision and surveillance activities
of the Agency. Within the scope of GST, stress testing defines all the implementations
enabling the forward-looking evaluation of possible events or changes that could adversely
impact the bank.
During the examinations conducted, BRSA reviews the key assumptions driving stress
testing results and their continuing relevance in view of existing and potentially changing
market conditions. BRSA evaluates banks on how stress testing is used in internal processes
of banks and the way it affects decision-making.
EC14 The supervisor assesses whether banks appropriately account for risks (including liquidity
impacts) in their internal pricing, performance measurement and new product approval
process for all significant business activities.
Description and Article 40 of RICAAP states that the top management should be fully aware of the risks
findings re EC14 involved in the new products and services. The bank must ensure that detailed assessment
of the risks that may arise from the product or service, determination of the necessary
resources to assess risk management practices and carry out effective risk management for
the new product or service, implementation procedures to be followed in measuring,
monitoring and controlling the risks that would arise from the new product or service are
taken into account when a new product is offered.

TURKEY
Additional
criteria
AC1 The supervisor requires banks to have appropriate policies and processes for assessing
other material risks not directly addressed in the subsequent Principles, such as reputational
and strategic risks.
Description and
findings re AC1

Principle 15
Comments The RICAAP forms a part of the core of the BRSA’s regulatory framework for risk
management. Given that the ICAAP is a relatively recent requirement, banks’ are still
developing their approach and implementing important systems. The BCP team’s review of
supervisors’ working papers and discussion with banks indicated that banks as well as
supervisors are, in fact, in a learning phase. The quality of banks reports and the scrutiny of
the reports by supervisors will need to develop further before the results can be more
reliably and more extensively used.
Commensurate with their size and complexity of operations, banks should be specifically
required to have qualified CROs with sufficient stature, position and authority within the
organization to oversee risk management activities. The level of senior manager may not
provide the necessary stature necessary to challenge high level risk decisions and processes.
As well, while there are comprehensive requirements for the evaluation of new products,
parameters should be expanded to explicitly address material modifications to existing
products and major acquisitions. It should also direct banks to restrict such products or
activities if they do not have the necessary controls, management, and resources to manage
related risks.
Principle 16 Capital adequacy.39 The supervisor sets prudent and appropriate capital adequacy
requirements for banks that reflect the risks undertaken by, and presented by, a bank in the
context of the markets and macroeconomic conditions in which it operates. The supervisor
defines the components of capital, bearing in mind their ability to absorb losses. At least for
internationally active banks, capital requirements are not less than the applicable Basel
standards.
Essential criteria
EC 1 Laws, regulations or the supervisor require banks to calculate and consistently observe
prescribed capital requirements, including thresholds by reference to which a bank might
39The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II
and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for
compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions
that have declared that they have voluntarily implemented it.

TURKEY
be subject to supervisory action. Laws, regulations or the supervisor define the qualifying
components of capital, ensuring that emphasis is given to those elements of capital
permanently available to absorb losses on a going concern basis.
Description and According to Article 45 of the BL all banks in Turkey need to hold a capital adequacy ratio
findings re EC1 (CAR) of at least 8%. The BL also authorizes the BRSB to increase the minimum CAR, to set
different ratios for each bank and to revise the risk weight assets after taking into
consideration the banks’ internal systems as well as their asset and financial structures.
Using these powers the BRSA has implemented a capital framework in compliance with
Basel standards. For the regulatory minimum capital requirement, the BRSA sets the
minimum standard for CET1, Tier 1 and Total Capital on a solo and consolidated level
according to the Basel requirements, which are 4.5%, 6.0% and 8.0% of risk-weighted assets,
respectively, and, as a parallel requirement, the BRSA also sets a targeted minimum total
capital ratio of 12% of risk-weighted assets. Minimum levels are defined in the RCA (art. 29
and 30) while ROF defines the elements of regulatory capital.
Banks are also required to maintain a capital planning buffer above the minimum amounts
based in their internal capital assessment and planning (RICAAP, art. 55 and 60).
EC2 At least for internationally active banks,40 the definition of capital, the risk coverage, the
method of calculation and thresholds for the prescribed requirements are not lower than
those established in the applicable Basel standards.
Description and The BRSA applies the Basel Framework on a consolidated basis to all credit institutions in
findings re EC2 Turkey, including credit banks and participation banks. The capital framework is mostly
established in the Regulation on Own Funds (ROF) and in the Regulation of Measurement
and Assessment of Capital Adequacy in Banks (RCA) and is in compliance with Basel
Standards.
Some aspects of the regulation are more rigorous than the Basel framework. Turkish
legislation, for instance, applies a more conservative approach in assigning risk weights
based on ratings for exposures to corporates. All domestically incorporated corporates are
subject to a risk weight of at least 100%. The floors applied to the IRB and AMA framework
are also more conservative than the ones prescribed by Basel, although currently there is no
bank authorized to calculate regulatory requirements following these approaches
Given the low materiality of securitization exposures in the Turkish banking system, the
BRSA has not implemented the internal ratings-based approach for securitization.
40 The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply
capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business.
Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully
consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test
that banks are adequately capitalized on a stand-alone basis.

TURKEY
The BRSA capital framework has been assessed as compliant by the Basel Committee
Regulatory Assessment Program
EC3 The supervisor has the power to impose a specific capital charge and/or limits on all
material risk exposures, if warranted, including in respect of risks that the supervisor
considers not to have been adequately transferred or mitigated through transactions (e.g.,
securitization transactions)41 entered into by the bank. Both on-balance sheet and off-
balance sheet risks are included in the calculation of prescribed capital requirements.
Description and Article 45 of BL provide the BRSB the power to increase the minimum CAR and to set
findings re EC3 different ratios for each bank after taking into consideration the banks’ internal systems as
well as their asset and financial structures.
In practice specific capital charges are established in the ICAAP and SREP review. The
RICAAP Section 5 (ICAAP) requires banks to assess their capital needs, estimate capital
charges for Pillar 2 risks and estimate a capital planning buffer based on stress scenario for
the following three years. Banks are required to maintain a higher level than the amount
estimated internally. The BRSA examines the ICAAP report and in case missing parts or
errors are found, a new ICRR can be determined. Article 60 of the RICAAP also allows the
BRSA to increase capital requirements if it considers that banks are not holding sufficient
capital for Pillar1 and Pillar2 risks.
The regulation imposed by the BRSA is complex and difficult to enforce. Banks are allowed
to use models to calculate the internal capital charge for Pillar 1 and Pillar 2 risks, to
consider risk diversification benefits, and are provided a few constraints on the projections
of their capital needs for the following years under stress. In addition to that, the specific
capital charge may not be binding for several banks. Since the capital planning buffer is
only applied when the results are higher than the capital conservation buffer, it is likely to
fade in importance over the next few years as the capital conservation buffer will be fully
phased-in. The 12% total capital parallel requirement imposed by the BRSA might also be
the effective binding constraint for a number of banks.
EC4 The prescribed capital requirements reflect the risk profile and systemic importance of
banks42 in the context of the markets and macroeconomic conditions in which they operate
and constrain the build-up of leverage in banks and the banking sector. Laws and
regulations in a particular jurisdiction may set higher overall capital adequacy standards
than the applicable Basel requirements.
41 Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital
measurement and capital standards: a revised framework, comprehensive version, June 2006.
42 In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses,
among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b)
the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and
reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls.
Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the
appropriate level of capital to support the risks it is running and the risks it poses.

TURKEY
Description and As explained in EC3, the BL authorizes the BRSA board to increase the minimum capital
findings re EC4 adequacy ratio and to set different ratios for each bank taking into consideration the banks’
internal systems as well as their asset and financial structures. The BRSA does that in
practice through the ICAAP.
Systemic importance is taken into account imposing additional loss absorbency

requirements for domestic systemically important banks. The BRSA methodology is similar
to the one used by the FSB to identify and group G-SIBs. The regulation creates four groups
of banks as shown in the table below and distributes the banks in the groups according to
their systemic importance. Seven banks are expected to populate the bottom three groups
of the table.
Groups Domestic Systemically

Important Banks (D-SIBs)
Buffer rates (%)
Group 4- empty 3
Group 3 2
Group 2 1,5
Group 1 1
Macroeconomic conditions are taken into account through the countercyclical capital
buffer. Following the Basel guidance, the BRSA’s capital framework prescribes a process
whereby both national and cross-border conditions are taken into account. The national
component of the buffer is currently set at zero. BRSA has established indicators and a
process for monitoring the macroeconomic conditions in Turkey and update this value as
needed. Banks should obtain the value of the foreign component of the buffer for each
country where they contain exposures from the Basel Committee website.
Another tool implemented by the BRSA to limit leverage in the banking system is the
leverage ratio. The regulation on Measurement and Assessment of Leverage Level of Banks
(RMAL) establishes that the three-month simple arithmetic average of the leverage ratio
should be at least three percent. The RMAL also provides the BRSB the power to establishes
a different leverage ratio and consolidated leverage ratio by considering the internal
systems, asset and financial structures of banks, the implementation of different ratio on the
basis of the bank and change the calculation and reporting periods.
As explained in EC2, some aspects of the regulation set by the BRSA are more rigorous than
the Basel framework. Turkish legislation, for instance, applies a more conservative approach
in assigning risk weights based on ratings for the exposures to corporates. The BRSA also
applies a parallel 12% capital adequacy ratio requirement.
EC5 The use of banks’ internal assessments of risk as inputs to the calculation of regulatory
capital is approved by the supervisor. If the supervisor approves such use:
a) such assessments adhere to rigorous qualifying standards;

TURKEY
b) any cessation of such use, or any material modification of the bank’s processes and
models for producing such internal assessments, are subject to the approval of the
supervisor;
c) the supervisor has the capacity to evaluate a bank’s internal assessment process in
order to determine that the relevant qualifying standards are met and that the bank’s
internal assessments can be relied upon as a reasonable reflection of the risks
undertaken;
d) the supervisor has the power to impose conditions on its approvals if the supervisor
considers it prudent to do so; and
e) if a bank does not continue to meet the qualifying standards or the conditions imposed
by the supervisor on an ongoing basis, the supervisor has the power to revoke its
approval.
Description and Currently there is no bank in Turkey authorized to use modeling approaches to calculate
findings re EC5 the Pillar 1 capital charge.
The use of internal models for calculating regulatory capital requirements is subject to BRSA
approval (RCA, Articles 4, 9 and 24). The approval process to use internal assessments for
various risk types are set out in related communiqués such as CIRB, CAMA, CMR-RMM.
Some large domestic banks and subsidiaries of international banks, are already using
models for their internal risk management and lending process. These banks are in the
process of calibrating and adjusting those models in order to appropriately capture the
risks of the local market, before submitting them for regulatory approval by the BRSA.
Some banks are expected to apply for the IRB approach.
The regulatory framework set out numerous requirements for banks utilizing internal
models approaches. CIRB, CAMA and CMR-RMM set qualifying standards for credit risk,
operational risk and market risk in accordance to the Basel II framework. The BRSA has a
number of risk management specialists that are able to provide support during the
authorization process.
According to the regulation, material modifications to the risk system after the
authorization process require new BRSA approval. If a bank does not continue to meet the
qualifying standards or the conditions imposed by the BRSA on an ongoing basis, the BRSA
has the power to revoke its approval according to CIRB, CAMA, and CMR-RMM.
EC6 The supervisor has the power to require banks to adopt a forward-looking approach to
capital management (including the conduct of appropriate stress testing).43 The supervisor
has the power to require banks:
a) to set capital levels and manage available capital in anticipation of possible events or
changes in market conditions that could have an adverse effect; and
43“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses
and reverses stress testing.

TURKEY
b) to have in place feasible contingency arrangements to maintain or strengthen capital

positions in times of stress, as appropriate in the light of the risk profile and systemic
importance of the bank.
Description and RICAAP Articles 46-62 have detailed provisions concerning the ICAAP processes and
findings re EC6 reporting of banks. In particular, banks should have a risk based, comprehensive and
forward-looking capital assessment processes which should include all the risks on a
consolidated basis.
In particular, as discussed in EC3, banks are required to hold a capital planning buffer that is
based on stress tests. Banks are required to project the evolution of their RWA and capital
for the following three years under different stress scenarios. The methodology generates a
capital charge associated with the lowest capital buffer in any one of these years.
Finally, banks are required to discuss and provide information on contingency

arrangements to maintain their capital positions in times of stress as part of the ICAAP
reports (GICAAPR).
AC1 For non-internationally active banks, capital requirements, including the definition of
capital, the risk coverage, the method of calculation, the scope of application and the
capital required, are broadly consistent with the principles of the applicable Basel standards
relevant to internationally active banks.
Description and
findings re AC1
AC2 The supervisor requires adequate distribution of capital within different entities of a
banking group according to the allocation of risks.44
Description and
findings re AC2
Principle 16
Comments The BRSA has adopted the various components of Basel II, 2.5 and III according to the
framework established by the Basel Committee. Capital is calculated on a consolidated and
solo basis for all banks and the BRSA has the authority to impose additional capital
requirements on individual banks, as deemed necessary. The BRSA has applied the three
Basel ratios (common equity tier 1, tier 1 and total capital) as well as countercyclical capital
requirements, systemic important bank capital add-ons and a “capital planning buffer” that
provides a forward looking nature to the capital regulation.
Going forward, as the BRSA gain experience with the ICAAP, it should consider
simplifications to the framework to improve its enforceability and reduce banks compliance
burden, particularly for non-systemic important banks. Simplifications that could be

TURKEY
considered include restrictions on diversification benefits and use of models for credit,
market and operational risk that have not been authorized for the Pillar 1 capital charge.
The BRSA should also evaluate the interaction with other requirements such as the 12%
parallel capital charge and the Basel capital buffers to prevent the effectiveness of the Pillar
2 regime from being damaged by another more stringent requirement that in practice
makes the Pillar 2 charges redundant.
Principle 17 Credit risk.45 The supervisor determines that banks have an adequate credit risk
management process that takes into account their risk appetite, risk profile and market
and macroeconomic conditions. This includes prudent policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate credit risk46 (including
counterparty credit risk)47 on a timely basis. The full credit lifecycle is covered including
credit underwriting, credit evaluation, and the ongoing management of the bank’s loan
and investment portfolios.
Essential criteria
EC1 Laws, regulations or the supervisor require banks to have appropriate credit risk
management processes that provide a comprehensive bank-wide view of credit risk
exposures. The supervisor determines that the processes are consistent with the risk
appetite, risk profile, systemic importance and capital strength of the bank, take into
account market and macroeconomic conditions and result in prudent standards of credit
underwriting, evaluation, administration and monitoring.
Description and Article 23 of the BL assigns direct responsibility to the board of directors for “ensuring the
findings re EC1 establishment, functionality, appropriateness, and adequacy of internal control, risk
management, and internal audit inconformity with the applicable legislation; securing
financial reporting systems; and specification of the powers and responsibilities within the
bank”. The Article 29 of the BL states that the banks are obliged to establish and operate
adequate and efficient internal control, risk management and internal audit systems that
are in harmony with the scope and structure of their activities.
The definition of a “loan” is provided articles 48 and article 50 and provides a

comprehensive list of the prudential standards and limitations for extending loans to the
risk group of the bank. Article 51 and article 52 of the BL includes the framework
regarding credit administration and monitoring.
Standards of credit underwriting, evaluation, administration and monitoring are further

enumerated in the Guideline on Credit Management of Banks (GCM). It states that the
processes should be consistent with the risk appetite, risk profile, systemic importance and
45 Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
46Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and
advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading
activities.
47 Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.

TURKEY
capital strength of a bank; that the processes should take market and macroeconomic
conditions into account and result in prudent standards of credit underwriting, evaluation,
administration and monitoring. Additionally, there is a separate Guideline on Counterparty
Credit Risk Management (GCPRM).
In addition to the credit risk management provisions described above, the GCM defines
‘credit management’. It includes the areas of credit marketing, credit granting, and credit
monitoring. The GCM states that certain organizational structures in the credit area should
avoid conflicts of interest that may be caused by units reporting to the same vice general
manager that are involved in credit monitoring and tracking together with credit
marketing and credit granting. The GCM also addresses certain MIS requirements,
conformity with limits, and management of collateral. The following provides a description
of the organization of the 2 functions of (credit) risk management and credit monitoring
as conveyed to the assessor team.
Credit Risk Oversight Organization
Credit oversight is laid out in a two-fold manner.
1. (Credit) Risk Management
The board is charged with effective risk management and organizationally, such a unit
must fall directly under it. As such, the unit falls under the audit committee as an
extension of the board.
The “legal” independence of this unit is expected via RICAAP which enumerates in detail
the responsibilities of the board including determining its organizational structure,
strategies, as well as human resource considerations. In this regard the board is
responsible for the appointment and dismissal of unit managers and training of staff.
This unit conducts a variety of risk management activities including credit

portfolio/exposure surveillance. However, it does not conduct evaluation of individual
credits to determine their internal classification status (standard, special mention,
substandard, doubtful, loss). It takes this information generated from the “risk
management function”, a management line function, as source data from which to
calculate relevant trend information. It adds to that other analysis to monitor higher level
trends and issues that management and the board should receive. Some of the
information generated at this level includes:
 Internal limits and ratios
 Legal limits and ratios
 Individual borrower limits
 Sector concentration limits
 NPLs figures (received from the credit review department)

TURKEY
 Recent trends and developments in the portfolio(s) taking into account market and
macroeconomic information
This type of information, at this level, will first go to the audit committee and then to the
full board.
Among other things, this department is also typically responsible for monitoring the
overall risk trends in the bank, designing the risk rating system used by the
management/business lines, policies and procedures, model development for credit
approval processes, review of model validations conducted elsewhere in the bank, etc.
However, no work or analysis is conducted at the individual credit level.
2. Credit Monitoring Function (line management department/unit)
This unit is a management line function as are the marketing and underwriting functions.
The later 2 are involved in credit origination, analysis, approvals (according to delegated
loan authorities and controls), and administration.
The credit monitoring function represents management’s execution of their responsibility

to monitor the business risk they put on the books of the bank. The business line (should
be) is the party responsible for first identifying and flagging credit risk deterioration. If
accomplished in a timely manner, this allows early intervention and possible rectification
of potential credit problems.
Credit risk monitoring starts as soon as the subject loan is granted and consists of
monitoring:
 Past due status of the borrowers
 Change in system generated risk ratings
 Collateral status and coverage
 Customer limits
 Risk Center monitoring for developing borrower(s) trends
 Opines on restructuring loans
 Deteriorating credit as detected from past due information
In general, once a credit hits NPL status, it is sent to the loan work-out unit for more active
management.
This unit provides the source data on, intern alia, individual deteriorating/NPL credits and
NPL trend data on homogeneous credits to the board via the risk management function
described above. Such data are management reports which may have more current (and
different) classifications of credit than the system generates due to the timing of
information input to the system.
The BRSA also conveyed that the internal audit function plays an important role in the
credit risk management framework. Audits in the credit areas are intended to determine

TURKEY
whether the credit process is consistent with board approved policies and procedures and
the accuracy of management reports, and board and audit committee reports. As
well, the BRSA added that loan review is the most prevalent activity in the internal
audit plan(s).
According to REPL, banks are required to review their loan portfolio in terms of
classification at least quarterly and they are required to document those reviewed
for the largest 200 loans (or the ones above 250.000 TL). The BRSA indicated that
the loan review documentation for the largest 200 loans is usually prepared by
internal audit.
The BRSA, in its credit portfolio reviews, determines the extent to which internal bank
ratings are automatically generated, both the homogeneous portfolios as well as the
larger, individual credit exposures. The examiners review and use both management
problem loan reports and the system generated reports during portfolio inspections.
The credit risk management oversight (line management function) and credit risk
management function and the organization therein create loopholes in the independence
and integrity of credit risk monitoring and reporting to bank boards and the BRSA. Key
observations on the credit risk oversight organization:
 Based on this design, which may vary in practice from institution to institution, the
board has indeed established a (credit) risk management unit that complies with the
letter of the law. Through this mechanism, the unit is able to provide high level trend
and other analysis information.
However, there is no ongoing, independent credit risk monitoring of large individual

exposures or homogeneous portfolios. Important source data (identification of
deteriorating credits that have not yet reached an NPL status—as well as special mention
credit and status of NPLs) is generated by the credit monitoring unit which is a business
line management function. This information is also reported to the BRSA for monitoring
and examination purposes.
 There is no independent verification (i.e., independent loan review function)

that determines that 1) management identification processes are accurate
and timely, 2) management, itself, is accurately recognizing its business risk,
and 3) timely borrower intervention is activated.
 This critical input forms the basis of important MIS going to the board.
 Examiners, through their inspection process, have identified important, clearly

inaccurate classifications of credit that could easily indicate key issues with 1-3 above.
However, the significance of these inaccurate classifications was not clear from the
examination samples reviewed. Consistently, there was no indication of the size of the
sample of reviewed credits, how significant the aggregate, inaccurately classified
credit was to the total portfolio, and if such findings could be extrapolated to the
entire portfolio.

TURKEY
GCM Principle 9 presents the activities of units included in the bank’s internal systems
(internal audit, risk management, compliance). Banks are to make “internal controls”
(internal audits) with the objective to assess credit management processes, determine
compliance with legal and bank limits, and to avoid deterioration in the credit portfolio.
Activities, at a minimum, include: periodically assess the largest 200 credits of the bank
which have the highest risks, test adequacy of collateral, assess the adequacy and accuracy
of credit files; test non-performing loan identification; and assess the risk arising from
exceptional operations. The activity also is to determine compliance with credit policies
and procedures including authorizations, maturity, quality, and reporting to senior
management.
Results of internal systems’ (risk management, internal audit) reviews are to be shared with
senior management and the audit committee. The GCM goes on to indicate that banks
establish an internal ratings system to manage credit risk. Retail customers are monitored
through behavioral models. Corporate credits must be rated once a year (the REPL
requires quarterly). Board of directors and senior management of the bank should be
regularly informed about rating results.
The CAMEL rating process/GAR module lays out specific review processes for evaluating
the credit risk management processes. For example, questions aim to check whether
banks have the necessary policies and procedures regarding the credit risk management,
risk appetite and CCR.
The BRSA undertakes special examinations that target certain banking activities/credit
portfolios according to the risk evaluations conducted at the beginning of a bank’s
supervisory cycle. The assessor team reviewed a sample of 4 such examinations in the
credit portfolio area. See EC 3 for detail of observations.
EC2 The supervisor determines that a bank’s Board approves, and regularly reviews, the credit
risk management strategy and significant policies and processes for assuming,48
identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating
credit risk (including counterparty credit risk and associated potential future exposure) and
that these are consistent with the risk appetite set by the Board. The supervisor also
determines that senior management implements the credit risk strategy approved by the
Board and develops the aforementioned policies and processes.
Description and GCM Principle 1 requires that the board of directors to determine, in writing, and approve
findings re EC2 the credit strategies in light of market conditions, the bank’s financial condition, risk
appetite, etc. It goes on to direct that the board of directors periodically reviews the
financial and economic indicators used in establishing the credit strategy and make the
necessary changes in the strategy and practices. Implementation of the credit risk strategy
48“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or
counterparty risk associated with various financial instruments.

TURKEY
by the senior management or another related unit of the bank is also addressed
throughout the GCM.
Principle 2 requires banks to establish marketing, credit-granting and monitoring policies

in line with their credit volume and complexity of activities. According to paragraph 13,
those policies are approved by the board of directors and reviewed annually (Paragraph
15). Credit procedures are established in writing by senior management or the board of
directors according to Paragraph 25.
GCPRM directs that the board of directors must approve counterparty credit risk (CCR)
management strategies. The level of risk appetite should be reviewed periodically and the
frequency and scope of this review should be determined according to CCR level and
complexity of the bank. A sound CCR management framework shall include the
identification, measurement, management, approval and internal reporting of CCR. The
Guideline details requirements for the measurement, monitoring, and reporting of CCR to
the board and senior management. Parameters for CCR risk mitigation practices are
enumerated as well.
The BRSA conducts onsite review of credit risk management and the attendant strategies,
policies and controls through its CAMELS review/GAR methodology process. During this
process, the examiners may decide to conduct specialty examinations targeting areas such
as corporate loans, commercial loans, SME loans etc. These activities provide the
opportunity for the examiners to test management implementation of board established
risk appetite and strategies and current bank practices.
For more detailed description of the credit examination process, see EC 3 below.
EC3 The supervisor requires, and regularly determines, that such policies and processes
establish an appropriate and properly controlled credit risk environment, including:
a) a well-documented and effectively implemented strategy and sound policies and

processes for assuming credit risk, without undue reliance on external credit
assessments;
b) well defined criteria and policies and processes for approving new exposures
(including prudent underwriting standards) as well as for renewing and refinancing
existing exposures, and identifying the appropriate approval authority for the size and
complexity of the exposures;
c) effective credit administration policies and processes, including continued analysis of
a borrower’s ability and willingness to repay under the terms of the debt (including
review of the performance of underlying assets in the case of securitization
exposures); monitoring of documentation, legal covenants, contractual requirements,
collateral and other forms of credit risk mitigation; and an appropriate asset grading
or classification system;
d) effective information systems for accurate and timely identification, aggregation and
reporting of credit risk exposures to the bank’s Board and senior management on an
ongoing basis;

TURKEY
e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk
profile and capital strength, which are understood by, and regularly communicated to,
relevant staff;
f) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board where necessary; and
g) effective controls (including in respect of the quality, reliability and relevancy of data
and in respect of validation procedures) around the use of models to identify and
measure credit risk and set limits.
Description and Requirements addressing the above are contained in the BL, REPL, and GCM. REPL
findings re EC3 (Regulation on Procedures and Principles for Determination of Qualifications of Loans and
other Receivables and Provisioning) has been revised and is awaiting publishing in the
official Gazette. As relevant, the provisions in the new document are included.
a) policies for assuming credit risk w/o undue reliance on external assessments.
Article 52(1) of BL requires banks to measure credit risk; regularly analyze and monitor the
financial standing of the counterparty; obtain the necessary information and documents;
and establish the relevant procedures.
Principles 1-3 of the GCM require banks to establish credit strategies, credit policies and
credit procedures. Specifically, principle 17 presents selected guidelines for determining
customer limits, indebtedness, and solvency upon which to base credit granting – which
relies on internal bank analysis. Principle 14 requires that banks obtain adequate
information in order to assess the risk profile of the borrower and that (principle 13) banks
have established assessment and approval functions for credit management and
approvals.
b) procedures for new, renewed, and refinanced exposures; structured approval

authorities.
Principles 11, 13 and 23 of GCM present parameters for approving new exposures, for
renewing and refinancing existing exposures, and identifying the appropriate approval
authority for the size and complexity of the exposures. Principle 13 requires banks to
establish assessment and approval functions for an effective credit management.
Requirements and standards for restructured credit are enumerated in principle 23.
Restructured Credit
The current REPL, Article 11, goes further in addressing terms for restructuring credit.
Credits experiencing a temporary liquidity problem may be restructured in order to
provide (reasonable) assurance that the debt will be repaid. The article requires
monitoring of restructured credits for at least six months in the Third (substandard),
Fourth (doubtful), Fifth (loss) groups of loans and other receivables. During this period,
provisions are continued to be set aside for the said receivables at the rates of special
provisions applied on the relevant group. Credits may be restructured twice, the second
time providing that 20% of the existing principal is collected each year. The draft REPL is

TURKEY
silent on the maximum number of times a loan may be restructured but prescribes rather
extensive “probation periods” for classification of special mention credits to be upgraded
to standard (one year). When a substandard loan is subject to forbearance (restructuring),
it can only be upgraded to special mention if certain conditions are met (including
performing as agreed for one year). If a restructured special mention credit goes past due
30 days, then it must be classified substandard. However, the draft REPL prescribes a
rather extensive timeframe for writing off such a substandard credit that hits the loss
classification. It states that once a restructured credit falls into the substandard category
and is past due for one year, it will be classified in the 5th group (loss) and the bank will
be required to write-off the uncollateralized portion within a maximum period of one year.
Further, the regulation allows restructuring of loans in the loss category. Credits in this
loan classification generally should not have the opportunity to be restructured as they
are, by definition, permanently impaired and considered “nonbankable” assets. In some
systems, such credits are prohibited from being restructured. (The draft REPL is silent on
this, but, in fact, should offer guidance here as silence may indicate approval of previously
allowed (imprudent) restructuring of loss credit.)
Restructured credit facilities may be transferred and posted to the “Account of Loan
Facilities Renewed and Subject to Redemption Plan” at the end of this period, providing
that at least fifteen percent (15%) of the total amount of receivables is repaid, and they are
traced and pursued in the same group for at least six months, and the repayments are not
delayed. (The draft REPL extends the monitoring period to one year before consideration
of a classification change.)
Discussions with the BRSA indicated that reports on a host of credit issues are received by
the offsite department, including information on restructured credits. Examiners indicated
that restructured credit is, in fact, reviewed when special credit examinations are
conducted – as a part of the relevant portfolio.
c) continued analysis of a borrower’s ability and willingness to repay under the terms of
the debt; monitoring of documentation, legal covenants, contractual requirements,
collateral and other forms of credit risk mitigation; and an appropriate asset grading or
classification system.
Article 52 of the BL requires banks to “measure (loan exposures); regularly analyze and
monitor the financial standing of the counterparty; obtain the necessary information and
documents; and establish the relevant procedures”. GCM principles 1-3 and principles 15,
17, 24, 25 and 26 detail the parameters regarding the monitoring of documentation, legal
covenants, contractual requirements, collateral and other forms of credit risk mitigation;
and an appropriate asset grading or classification system. The Communique on Credit Risk
Mitigation Techniques (CCRM) sets down procedures and principles relating to credit risk
mitigation techniques to be used by banks in calculation of regulatory capital requirement.
REPL presents the terms and conditions for asset classification.
Loan Classification System

TURKEY
REPL enumerates loan classification requirements. The Second Part of the regulation
directs that loans are categorized/classified based on the state of borrower
creditworthiness and/or delinquency status. The following presents the minimum for
credit classification. Still, much of the classification process by the banks and examiners is
driven by the past due status of the given credit(s).
 Special Mention (“close monitoring”) – > 30 up to 90 days
 Substandard (“limited collectability”) - > 90 up to 180 days (provisioning: 20%)
 Doubtful - > 180 days to 1 year (50%)
 Loss - > over 1 year (100%)
 Credits classified substandard and worse are considered nonperforming.
Review of special examinations of loan portfolios, mutually agreed by the BRSA and the
BCP team identified a number of key issues which are further discussed in BCP 18 Problem
Assets, Provisions, and Reserves. However, the issues identified with REPL content are
presented in here.
Classification categories enumerated and required by REPL are internationally used.

However, the definitions for the classifications themselves are unclear and substantially
overlapping. This is particularly the case for the special mention and substandard
categories.
Special mention includes, according to the REPL, credits that:
 are required to be monitored closely due to such reasons as observation of negative

developments in solvency or cash flow of the debtor, or suspecting of such
developments, or the borrower’s bearing a substantial and material financial risk
 These elements indicate that, on a financial basis, the current sound worth and paying
capacity of the borrower is exhibiting well defined credit weaknesses – the concrete
definition of substandard.
 The substandard definition reflects very similar parameters and goes on to state:
 (credits) which fully have a limited collectability due to inadequacy of shareholders’

equity or guarantees of the borrower in repayment of debts on due dates thereof, and
which may probably cause damages and losses if the observed problems are not
corrected or remedied; or
 creditworthiness of the borrower weakened and which is accepted to have been

weakened
Review of the sample portfolio examinations clearly indicated that both the banks and the
examiners are blurring the use of these 2 classification categories, although more so the
banks in the examples seen. Furthermore, the examples highlighted that banks also are
maintaining “watch lists” which can be considered precursors to special mention
classifications (or worse). Reviews by the examiners accurately identified credits in this

TURKEY
group that rightly deserved to be in substandard or worse categories. This may be, in part
due to the nature of the special mention category (as well as the desire to avoid additional
provisioning and disclosure). (It should be noted that, in their loan portfolio special
examinations, examiners typically do not dive into the accuracy of credits already classified
as NPL, but focus on those that are carried on management’s “watch list” and special
mention credits.) The impact of this is further discussion in BCP 18. However, the
definitions and use of the classifications require clarification and strengthening. Review of
the draft REPL indicated much the same issue with the definitions.
The framework for loan loss provisions and observations therein are provided in BCP 18.
d) MIS for accurate and timely identification, aggregation and reporting of credit risk
exposures to the bank’s Board and senior management on an ongoing basis In addition
to the general requirements regarding information systems of banks in RICAAP Article
11, Principles 6-8 of the GCM include the provisions for the documentation and
information systems for credit risk. Principle 6 requires that information and
documents concerning credits for each customer should be easily accessible, principle
7 requires banks to establish effective information systems with respect to the credit
management. Moreover, in accordance with Principle 8 banks should design
information systems in line with the size and complexity of their operations. Also in
line with paragraph 56, results of internal system analysis will be shared regularly with
senior management and audit committee regarding their importance.
e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk profile
and capital strength, which are understood by, and regularly communicated to, relevant
staff The RICAAP, specifically Article 5, requires that boards set an appropriate risk
appetite and that risk limits are established commensurate with the risk appetite,
capital, and management resource of the bank. The regulation requires effective
communication of the risk appetite and limit structures through the bank.
f) exception tracking and reporting processes that ensure prompt action at the appropriate
level of the bank’s senior management or Board where necessary.
In accordance with paragraph 14 of the GCM, credit policies should address identifying
and reporting exceptions to credit policy. Paragraph 59 of GCM require risk management
units to assess and report the frequency of such credit exceptions.
g) effective controls (including in respect of the quality, reliability and relevancy of data
and in respect of validation procedures) around the use of models to identify and
measure credit risk and set limits.
BCP 27, EC 3 details the BRSA’s requirements for model validation as per the GFVM. For
CCR, Paragraph 7 of GCPRM stipulates that where the bank is using an internal model for
CCR, senior management must be aware of the limitations and assumptions of the model
used.

TURKEY
From the IT point of view, banks’ information systems must meet the standards set in
RITEA. For example, according to article 25 (2)(b) of RITEA banks’ processes regarding
retail and corporate loans are audited by external auditors and results of this audit are
submitted to BRSA. If any deficiencies regarding standards laid down in RITEA are
observed during the IT audits conducted by external auditors those deficiencies are taken
into account within the scope of regular on-site examinations.
BRSA Credit Examination Process
The management and risk control over the credit operations of a bank are evaluated
through both the CAMELS review/GAR methodology. During this process, the examiners
may decide to conduct specialty examinations targeting areas such as corporate loans,
commercial loans, SME loans etc. It is during the specialized examination process that the
examiners have the opportunity to assess the effectiveness of the bank’s credit
underwriting, monitoring, early identification and classification processes as well as the
risk management oversight mechanisms. Further comments on the adequacy of the
examination process are offered in the rating comments below and in BCP 18.
EC4 The supervisor determines that banks have policies and processes to monitor the total
indebtedness of entities to which they extend credit and any risk factors that may result in
default including significant unhedged foreign exchange risk.
Description and Banks are required to have policies and processes to monitor the total amount of
findings re EC4 customer indebtedness held by the bank. According to Article 107 of GCM, the foreign
exchange risk exposure of customers in other banks is also taken into consideration in
effective credit administration process.
In the CAMELS risk assessment process, GAR process directs examiners to have
information about total indebtedness of firms in the market. Reviews of 4 sample
examinations showed that aggregate customer indebtedness (on and off-balance sheet) is
also gathered during certain specialized examinations and classified consistent with the
borrower classification. However, the manner in which the examiners present and write up
the credits that they review during the special examination does not clearly depict the
nature and volume of other related exposures (in the given bank) which, if presented,
would help put the overall borrower relationship in context.
EC5 The supervisor requires that banks make credit decisions free of conflicts of interest and
on an arm’s length basis.
Description and Article 50 of the BL requires banks that the loan conditions cannot vary from the loans
findings re EC5 made available to other persons and groups and from market conditions, in favor of the
borrower. It explicitly states that all loans should be extended on an arm’s length basis.
Please also see BCP 20, Related Parties.
EC6 The supervisor requires that the credit policy prescribes that major credit risk exposures
exceeding a certain amount or percentage of the bank’s capital are to be decided by the

TURKEY
bank’s Board or senior management. The same applies to credit risk exposures that are
especially risky or otherwise not in line with the mainstream of the bank’s activities.
Description and According to Article 5(1) of Regulation on Credit Transactions by Banks (RCT), the powers
findings re EC6 for extension of credit in a bank basically rest with the board of directors and the board
may delegate its powers for extension of credit to a credit committee or headquarters.
According to Article 5(2) the maximum amounts the board of directors can delegate to
credit committee or headquarters are up to 10 percent and up to 1 percent of own funds
respectively.
EC7 The supervisor has full access to information in the credit and investment portfolios and to
the bank officers involved in assuming, managing, controlling and reporting on credit risk.
Description and Articles 65, 66, 95 and 96 of the BL grant the right to the BRSA to have full access to
findings re EC7 information in the credit and investment portfolios and to the bank officers involved in
assuming, managing, controlling and reporting on credit risk. The institutions under the
scope of BL and their activities shall be subject to supervision of the BRSA. The BRSA may
send representatives to the meetings of the general assemblies of banks, for observation
purposes. The institutions should keep their information and documents regarding their
internal control, risk management and internal audit systems, accounting and financial
reporting units, financial statements and reports as well as loans extended to risk groups,
as ready and appropriate for consolidated supervision.
EC8 The supervisor requires banks to include their credit risk exposures into their stress testing
programs for risk management purposes.
Description and According to Article 43(4) of RICAAP, banks are required to have stress testing program
findings re EC8 which requires, an overall firm-wide stress testing, in addition to each material risk type,
including credit risk.
According to principle 27 of GCM, banks should perform stress testing and scenario
analysis in monitoring and measuring risks arising from credit portfolio. Banks are required
to make analysis on the current and future capital requirements for credit risk. Banks are
required to conduct stress testing on an individual risk level and also on a firm-wide basis.
GCPRM principle 7 also gives guidance on counterparty credit risk stress testing program.
For a more expanded discussion on stress testing parameters and observations, see BCP 8
EC 5.

Principle 17
Comment The legal framework for credit risk is generally comprehensive. It establishes the
responsibility of the board in this area, requires a framework for the credit business of
banks, as well as prescribes properly controlled credit risk environment. However, several
issues exist within the framework which compromise the effectiveness of this framework
and its application.

TURKEY
As prescribed in regulation and organized in practice (verified through review of credit

portfolio special examinations presented by the BRSA during the assessment) the credit
risk management oversight (line management function) and credit risk management
function and the organization therein create loopholes in independence and integrity of
credit risk monitoring and reporting to bank boards and the BRSA:
1. The framework design does not require ongoing, independent (from the business
line) credit risk monitoring of large individual exposures or homogeneous portfolios.
Important source data (e.g., identification of deteriorating credits, level of (accurately)
classified assets, status of restructured credits, etc.) is generated by a line management
function (credit monitoring) without independent verification that 1) management
identification processes are accurate and timely, 2) that management, itself, is well
informed of the risk it is running and is upholding board prescribed underwriting
standards, and therefore, accurately conveying its business risk, and that 3) timely
borrower intervention is activated.
2. This (unverified) information generated by the line function is source data used by
the risk management functions for audit committee and board reporting and is also likely
the information also reported to the BRSA for monitoring and examination purposes.
Although the internal audit function plays an important role in ensuring a strong control
environment, the function itself is not designed to play an ongoing surveillance role such
as the independent credit risk management unit. It cannot replace the need to have such a
function within the bank(s).
Highlighting the issues surrounding this organizational environment, examiners, through

their inspection process, have identified important, clearly inaccurate classifications of
credit that could easily indicate the existence of 1 and 2 above. However, the significance
of these inaccurate classifications was not clear from the examination samples reviewed.
Consistently, there was no indication of the size of the sample of reviewed credits, how
significant the aggregate, inaccurately classified credit was to the total portfolio, and if
such findings could be extrapolated to the entire portfolio.
Credit classification definitions, particularly in the special mention and substandard

categories are overlapping. Evidence demonstrates that both the examiners, but especially
the bankers, fluidly move credits among these categories which compromises the picture
of the bank’s risk profile which accurate classification is intended to depict. As well, such
movement and less rigorous classification impacts provisioning levels and ultimately, the
accuracy of the bank’s financial statement.
The REPL explicitly allows restructuring of loss credit which is considering in many systems
to be outright imprudent activity as such loans are, by definition, permanently impaired
and considered “nonbankable” assets. In some systems, such credits are prohibited from
being restructured. The draft REPL is silent on this issue but theoretically would allow this
practice. This practice should be explicitly addressed (disallowed).

TURKEY
The manner in which the examiners present and write up the credits that they review
during the special examination does not clearly depict the nature and volume of other
related exposures (in the given bank) which, if presented, would help put the overall
borrower relationship in context.
Principle 18 Problem assets, provisions and reserves.49 The supervisor determines that banks have
adequate policies and processes for the early identification and management of problem
assets, and the maintenance of adequate provisions and reserves.50
Essential criteria
EC1 Laws, regulations or the supervisor require banks to formulate policies and processes for
identifying and managing problem assets. In addition, laws, regulations or the supervisor
require regular review by banks of their problem assets (at an individual level or at a
portfolio level for assets with homogenous characteristics) and asset classification,
provisioning and write-offs.
Description and Articles 52 and 53 of the BL stipulate the rules that banks must follow for loan evaluation.
findings re EC1 In particular, Article 52 of the BL requires banks to regularly analyze and monitor the
financial standing of their borrowers and borrowers are obliged to provide the necessary
information to the banks on both solo and consolidated basis. Article 53 requires banks to
establish, implement, and regularly review the policies regarding the monitoring of the
loans under follow-up and their loan loss provisions. In addition, the Regulation on the
Procedures and Principles for the Evaluation of Loans and Other Receivables (REPL) sets
the rules on classification of loans (into five groups) and the criteria for loan loss
provisioning.
Article 12(9) of REPL requires banks to prepare an exclusive report containing views about
the loans that exceed TL 250,000 and, in any case, the largest top 200 loans, on a quarterly
basis or in case of occurrence of any risk event.
The article 16(10) and (12) of the Communiqué on Financial Statements and Their
Disclosures to be Announced to Public by Banks (CPD) requires banks to disclose the
amounts of write-offs as well as their policies and procedures on write-offs respectively.
On the other hand, the REPL does not include parameters for write-offs. The draft REPL
specifies write-off criteria in relation to IFRS 9 requirements.
Additionally, in GCM, principle 28 states that banks should have written policies
concerning the management of non-performing loans and receivables. The processes of
credit monitoring and liquidation should be established in a way to secure collection
efficiency. As well, banks should establish a unit apart from credit assessment and
marketing units for the management of NPLs. Banks should identify the criteria
49Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
50Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required
by a supervisor in addition to provisions (“above the line” charges to profit).

TURKEY
concerning the determination and reporting of problematic loans which need to be

monitored closely, classified into a different group, and which require provisioning and/or
additional remedial measures.
The proper implementation of REPL is assessed during the on-site examinations and the
data on Performing Loans, Non-Performing Loans, Restructured Loans and Provisions for
Non-Performing Loans, Solo and Consolidated Compliance of Banks to Credit Limits are
monitored offsite by means of call reports sent by banks on a monthly/quarterly basis.
Furthermore, audit committee reports and meetings are analyzed in terms of credit
classification and provisioning. Management committee meetings and board decisions
about the policies and strategies established for the management of problem assets are
also evaluated during the on-site examination process.
Of note, the BRSA prepared a new draft REPL for which the responses of the stakeholders
haves been received during the public consultation phase. Draft REPL is currently awaiting
publication in the official gazette. The BRSA informed the BCP team that the draft takes
into account IFRS 9 for provisioning purposes and keeps five group classification of the
current regulation. Additionally;
* the entry and exit criteria of sub-groups are elaborated,
* the definition of non-performing loans is linked to the Basel II default definition and the
stage 3 of the IFRS 9,
* forbearance is defined as a cross-cutting category based on EBA ITS dated 20.02.2015.
* criteria for reclassification from non-performing to performing loans is determined,
* write-off criteria are laid down by considering IFRS 9 requirements,
* expected loan loss provisions are required to be recognized in compliance with the IFRS
9, and
* Banks are required to review loans on a quarterly basis or in case of occurrence of any
risk event for re-classification purposes. Also, the banks are required to document their
assessments regarding the largest 200 loans or the loans exceeding TL 500.000.
EC2 The supervisor determines the adequacy of a bank’s policies and processes for grading
and classifying its assets and establishing appropriate and robust provisioning levels. The
reviews supporting the supervisor’s opinion may be conducted by external experts, with
the supervisor reviewing the work of the external experts to determine the adequacy of
the bank’s policies and processes
Description and The on-site examiners assess the objectivity and adequacy of internal procedures and
findings re EC2 internal controls necessary for an independent inspection of bank lending activities. The
SMCEP directs that this assessment as well as the assessment of the adequacy of a bank’s
policies and processes for grading, classifying, and provisioning its assets are made taking
into account several factors such as:

TURKEY
 The effectiveness of the internal rating system of the bank,
 Whether the internal procedures as well as the MIS system of the bank allow for the
board and management to obtain timely and appropriate information on the
condition of the loan portfolios,
 Whether the internal procedures of the bank established for monitoring the loan
portfolios and classification of the loans are in compliance with the relevant
legislation,
 Whether the findings of the internal audit and internal control groups about the
problem assets are sufficiently taken into account by the bank’s management,
 Robustness of the collateral data used for capital adequacy calculations,
 The adequacy of the provisioning levels of the bank in relation to regulatory

requirements and with respect to the risk profile and quality of the credit risk
management system of the bank,
 The accuracy of loan classification based on a sufficiently large examination sample of

loans.
During the full scope examinations, with reference to SMCEP, the on-site team assesses a
cross section of a significantly large sample of individual loans, including the highest risk
exposures. In particular, loans are selected on the basis of different sources and criteria
including, inter alia,
 the loan reports produced by the bank,
 list of loans categorized in the second group (special mention) pursuant to REPL,
 list of loans past due,
 the report of potential problem loans produced by the off-site team,
 previous examination reports produced by the BRSA with respect to the loan portfolio
of the bank,
 list of obligors classified in the 2nd group (special mention) by other banks pursuant
to the REPL,
 list of restructured/rescheduled loans.
 the selection of the sample of individual loans pays particular attention to the
significance of the individual loan in the portfolio and to the fact that the examination
sample adequately represents the total loan portfolio of the bank. In every instance,
on-site team examines at least the 200 firms/obligors having the highest level of risk
in the total loan portfolio.
Furthermore, notes to financial statements prepared according to the CPD and audited by
external auditors, include various information on issues such as grading and classification
of assets, and the loan loss provisioning levels. This information is also reviewed with

TURKEY
respect to their consistency with the information provided by the bank and where
appropriate, used as an input during the on-site examination process.
As well, examiners pay particular attention to the loans classified as special mention since
these loans have a potential to be classified as NPL in the future. In that context,
according to the SMCEP, on-site examiners take into account several factors including the
following:
- whether the debtor is classified in the special mention group by other banks,
- whether the debtor has been refinanced by the bank under examination or by
any other bank in the sector,
- whether the debtor has any reimbursed non-cash loans in the bank under
examination or in any other bank in the sector,
- whether the debtor has any NPL in the bank under examination or in any other
bank in the sector in the past.
Assessor Observations:
The BCP team reviewed special examinations of credit portfolios, mutually agreed by the
assessors and the supervisors. The reviews focused on the process of the examination
team, findings and subsequent supervisory response/corrective actions. The examination
findings were thorough and demonstrated application of many of the above outlined
objectives. At the same time, the review identified the following key points which are
embedded in the analysis and results process:
 Of the credits reviewed, written up, and featured in the examination reports, the
exam team did, in fact, identify important deficiencies in the subject bank’s classification
and the (lack of) accuracy therein.
 Review of the examination report highlighted several issues:
o Size and significance of the group credits sampled and reviewed was not
enumerated.
o A number of credits were re-classified by the examiners.
 There was no indication of the relative significance of the findings relative to the
total portfolio, especially given some of the critical classification issues identified. No
indication if the findings could be extrapolated to the rest of the portfolio.
 No indication if, based on the findings, expansion of the credit sample was
warranted to support findings about the condition of the portfolio.
 The loan write-ups themselves were not complete enough to convey the nature
of the credit relationship and any connected customer relationships/exposures. Total
indebtedness did not break out the various, more significant on/off balance sheet
extensions; context of the total credit relationship was not provided, i.e., payment history:
number of times the credit—and associated credits—had been renewed or restructured, if

TURKEY
interest was capitalized, if the credit was on nonaccrual, what the collateral position was
and integrity of estimated values, etc.
 As a result of limited information in the write up, it was difficult to assess if the
final classification was accurate or not.
 Provisioning impact was not presented.
 There was no documentation retained on the review of the “standard” loans in

order to substantiate the reasonableness of maintaining the standard classification.
 Overall conclusions focused on internal control issues rather than higher level
implications on the condition and management of the credit portfolio under examination.
 As a result, the examination exercise missed opportunity to identify very

important linkages with and conclusions on:
o Management’s understanding of their business and credit risk, ability to identify

deterioration proactively – thereby allowing for early intervention.
o Implications for internal systems => function, role, and independence of credit
risk management – thereby validating the systems that both the bank’s board and the
BRSA depends upon in order to effectively oversee the institution. As well, these systems
are key to the exercise of risk based supervision by the BRSA.
o Inputs to evaluate corporate governance of the bank.
o Accuracy of information conveyed to the board and the BRSA
Drawing such conclusions and linkages to management adequacy and internal systems
then, is critical to validating the systems risk based supervision depends upon. Also, it
would provide the basis for supervisory response and, as required, corrective actions by
the BRSA.
During discussions with the BCP team, the BRSA conveyed that although such linkages are
not explicitly presented in the reports themselves, they are, indeed, very important inputs
to the CAMELS risk rating process as well as to the risk matrix and profile. These
instruments then convey the level of supervisory priority and serve as an input for future
supervisory activities.
EC3 The supervisor determines that the bank’s system for classification and provisioning takes
into account off-balance sheet exposures.51
Description and With reference to article 48 of the BL, the REPL covers the rules for classification and
findings re EC3 provisioning of all off-balance sheet items. The draft regulation also covers the rules for
classification and provisioning of all off-balance sheet items.
51It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally
cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning), and
those that cannot be unilaterally cancelled.

TURKEY
On-site examiners evaluate the adequacy of the classification of and provisioning for off-
balance items, with respect to REPL, taking into account several factors such as
- whether the obligor has reimbursed non-cash loans,
- the ratio of reimbursed non-cash loans to total non-cash loan portfolio of the
bank,
- past due days of the obligor with respect to cash loans,
- the level of concentration risk in off-balance sheet items.
EC4 The supervisor determines that banks have appropriate policies and processes to ensure
that provisions and write-offs are timely and reflect realistic repayment and recovery
expectations, taking into account market and macroeconomic conditions.
Description and The minimum provisioning rates are determined according to the loan categories. Articles
findings re EC4 6(3) and 6(4) of the REPL require banks to consider financial and macroeconomic factors
including sectoral and firm specific conditions and to base their calculations on
reasonable and supportable assumptions. Additionally, article 10(8) of the REPL allows
banks to make higher provisions than the minimum rates stipulated in the article 8 of the
REPL. REPL authorizes BRSB to set higher levels of general and special provisions taking
into account the risks in different sectors and countries.
The draft REPL requires banks to recognize their loan loss provisions consistent with IFRS
9. The BRSB is authorized to increase general and special provisioning levels both for a
specific bank or a specific loan type for the whole banking sector.
As mentioned in EC1, the REPL does not include a rule on write-offs. However, write-off
criteria are laid down in draft Regulation on the Procedures and Principles for Accounting
Practices and Retention of Documents by Banks (RAP) by considering IFRS 9 requirements
which was opened for public consultation. In that context, article 10(A) of the draft RAP
requires banks to write-off the uncollateralized portion of their non-performing loans
within a maximum period of one year after their classification in the 5th group.
In addition to the above mentioned draft regulations, the BRSA will publish a guideline in
alignment with the Guidance on Credit Risk and Accounting for the Expected Credit Loss
(GACL) published by the BCBS so that the GACL will be incorporated into the national
regulatory framework. As a result, within the context of IFRS 9 and the GACL, forward
looking information and macroeconomic factors are to be taken into account by banks in
provisioning.
The current provisioning requirements are as follows:

TURKEY
Asset Classification Past Due Period Provisioning (Net of Collateral for special
provisions)
Loans Off-balance Sheet
Group 1/Standard52 up to 30 .5% - 5.0%53 O% - .20%
Retail w/extension 10%54 0% - .20%
Group 2/Special 30 - 90 2% .4%

Mention
Retail 10% .4%
Group 3/Substandard 90 - 180 20% 20%
Group 4/Doubtful 180 - 360 50% 50%
Group 5/Loss  360 100% 100%
In addition to the provisioning requirements above, specific provisions are made net of
collateral values. REPL assigns a haircut to collateral values depending on the item.
Requirements for valuation of collateral are specified in CCRM and GFVM. The BCP team
was informed that banks ensure that adequate collateral underpins the preponderance of
their credit exposures, sometimes to the extent of over-collateralizing. Real estate
composes the majority of the collateral. Banks use firms approved by the BRSA to value
real estate. Underlying collateral must be revalued once a credit exposure is classified as
NPL. In general, banks have approximately 75% loan loss coverage on current NPL levels.
Several observations are made on the provisioning for NPLs, special mention, and the
general portfolio. The historical and statistical support for standard (general) and special
mention loan categories is not substantiated by accumulated experience. It is not clear if
appraised values, within a range, are being realized upon the sale of the properties or if
provisioned amounts are adequately covering loss experience on classified loans. Clear
parameters should be established for periodic valuation of underlying collateral on NPL
exposures.
52 Export trade 0%.

53generalprovision is 2.5% for group SME credits that have had their loans extended, for group-cash commercial
corporate = 5%.
54Retail loans carry a higher provisioning rate due to efforts to slow credit growth in this area. General provisions for
retail loans excl mortgages and credit cards = 4%. Provisioning requirements go up to 10% for group retail loans that
have been extended.

TURKEY
The on-site examination teams assess the adequacy of the provisioning levels of the bank
with respect to regulatory requirements stipulated in REPL. Write-offs and loan sales are
also considered in the context of the examination of NPL portfolio of the bank. In that
context, on-site examiners analyze the internal policies, procedures and practices of the
bank with respect to write-offs and asset sales.
Off-site supervision makes analysis complementary to the on-site work and produces
early warning information regarding the loan portfolio. In that context, a Report on
Potentially Problematic Loans on a semiannual basis is produced and sent to on-site
examination teams. In that report, a loan is considered to be potentially problematic if it
meets one of the following criteria:
- if the loan is classified as NPL by any bank,
- if the loan is classified as NPL by any non-bank financial institution,
- based on the information received from on-site supervision function, if it is

classified as NPL by the on-site examination team,
- if the loan is transferred to an asset management company.
With regard to provisions of the SMCEP, on-site examiners to take into account the above
mentioned report in their analysis of the loan portfolio and in the selection of the loan
sample to be examined.
EC5 The supervisor determines that banks have appropriate policies and processes, and
organizational resources for the early identification of deteriorating assets, for ongoing
oversight of problem assets, and for collecting on past due obligations. For portfolios of
credit exposures with homogeneous characteristics, the exposures are classified when
payments are contractually in arrears for a minimum number of days (e.g., 30, 60, 90
days). The supervisor tests banks’ treatment of assets with a view to identifying any
material circumvention of the classification and provisioning standards (e.g., rescheduling,
refinancing or reclassification of loans).
Description and Please refer to EC 1 and 4 for relevant regulations and credit portfolio review processes.
findings re EC5 The draft REPL states that loans that have an immaterial balance and that have
homogenous characteristics with regard to the type, credit grading/scores, collateral,
effective date, date to maturity, geographical location of the debtor and loan to value
ratio can be assessed on a group basis.
Examiners review homogenous credits based on various inputs including delinquency

status, trends in the portfolio and market, and review of banks’ internal risk rating models,
if used.
EC6 The supervisor obtains information on a regular basis, and in relevant detail, or has full
access to information concerning the classification of assets and provisioning. The
supervisor requires banks to have adequate documentation to support their classification
and provisioning levels.

TURKEY
Description and REPL requires banks to record, classify, monitor, and asses their loans in alignment with
findings re EC6 Article 4 of the REPL. Banks are obliged to prepare an exclusive report containing views
about the loans that exceed TL 250,000 and, in any case, the largest top 200 loans, on a
quarterly basis or in case of any significant risk event.
The draft REPL also requires banks to maintain adequate documentation to support their
asset classification and provisioning levels. Banks are required to review their loans on a
quarterly basis or in case of occurrence of any risk event for re-classification purposes.
Banks are required to document their assessments regarding the largest 200 loans or the
loans exceeding TL 500.000.
Regarding the reports received by the BRSA with regard to classification of assets and
provisioning, banks are obliged to submit off-site call reports on asset classification, asset
quality and provisioning. The monthly detailed loan report (KR202AS) provides customer
level details of each loan, including, loan classification, loan type (cash, non-cash), sector,
collateral, date of default, and provision amount.
The BRSA also has access to the more detailed CRB data which also includes scoring
information of debtors. In the BRSA reporting sets, asset management companies are also
required to report their acquired portfolios (corporate, retail or other) on a quarterly basis.
Moreover, supervisors always have access to banks’ records and staff when required.
EC7 The supervisor assesses whether the classification of the assets and the provisioning is
adequate for prudential purposes. If asset classifications are inaccurate or provisions are
deemed to be inadequate for prudential purposes (e.g., if the supervisor considers
existing or anticipated deterioration in asset quality to be of concern or if the provisions
do not fully reflect losses expected to be incurred), the supervisor has the power to
require the bank to adjust its classifications of individual assets, increase its levels of
provisioning, reserves or capital and, if necessary, impose other remedial measures.
Description and In case on-site supervisors determine that asset classifications are inaccurate or provisions
findings re EC7 are deemed to be inadequate for prudential purposes (based on the classification criteria
in Article 4 of REPL) then the bank is instructed to reclassify those assets and/or set aside
additional provisions. Additionally, insufficient provisioning or misclassification of assets
are breaches that lead to financial penalty according to Article 146(1)(i) and 148(1)(b)
respectively.
Furthermore, pursuant to Articles 67 and 68 of the BL, the BRSA is authorized to require
banks, as a part of corrective measures, to set aside higher provisions if, among other
things, the quality of assets have deteriorated in such a manner that its financial structure
will weaken.
As well, article 37 of BL states that, in cases where it is determined that the financial
statements have been mispresented, the BRSB also can take necessary measures. So, if
provisioning level of a bank presented on financial statements approved by external

TURKEY
auditors is determined as insufficient by the BRSA examiners, the BRSB may require banks
to set aside additional provisions.
Under the draft REPL the BRSB is authorized to increase general and special provisioning
levels both for a specific bank or a specific loan type for the whole banking sector.
On-site examiners assess the accuracy of the loan classifications and adequacy of
provisioning levels with respect to REPL as well as the risk profile of the bank and the
quality of its credit risk management system.
Please refer to EC2, EC3, EC4 and EC5 for further details.
EC8 The supervisor requires banks to have appropriate mechanisms in place for regularly
assessing the value of risk mitigants, including guarantees, credit derivatives and
collateral. The valuation of collateral reflects the net realizable value, taking into account
prevailing market conditions.
Description and Articles 9 and 10 of REPL set forth the requirements pertaining to collateral including
findings re EC8 valuation and applicable haircuts when computing special provisions to be made by
banks. Accordingly, the valuation of the collaterals is based on TAS. On the other hand,
REPL lays down specific requirements to value real estate, lien on properties. Banks are
also required to assess the value of the collateral in the incidence of a risk event or within
reasonable intervals according to the article 10(1)(c).
The CCRM enumerates a number of guidelines on valuation of collateral. Additionally,

Guideline on Fair Value Measurement (GFVM) provides principles for calculating the fair
value of financial instruments which are classified as risk mitigants, credit derivatives or
collaterals. As well, banks must have monitoring and control procedures and processes
including valuation and risk of loss of effectiveness of credit risk mitigation.
Credit risk mitigation techniques are regulated in CCRM in order to set down procedures
and principles to be used by banks in calculation of risk-weighted amount under the
scope of Standardized Approach and risk weighted exposure amounts and expected loss
under the scope of Foundation IRB Approach.
The draft REPL requires banks to value loan collateral, for calculation of the loan loss
provisions, based on the net realizable value of the collateral. Since net realizable values
takes into account the fair value, prevailing market conditions are factored into the
valuation. In addition, valuations of real estate collateral is subject to principles set out in
the RCA. Real estate collateral must be revalued at the time loans are classified as NPL.
EC9 Laws, regulations or the supervisor establish criteria for assets to be:
a) identified as a problem asset (e.g., a loan is identified as a problem asset

when there is reason to believe that all amounts due, including principal and
interest, will not be collected in accordance with the contractual terms of the
loan agreement); and

TURKEY
b) reclassified as performing (e.g., a loan is reclassified as performing when all

arrears have been cleared and the loan has been brought fully current,
repayments have been made in a timely manner over a continuous
repayment period and continued collection, in accordance with the
contractual terms, is expected).
Description and See EC 1-4 above. REPL defines problem assets taking into account past due days and
findings re EC9 credit worthiness of the obligor. As well, the draft REPL links the Basel II default definition
and the stage 3 of the IFRS 9the to definition of non-performing loans. As such, although
the regulation considers loans classified as special mention performing loans, banks are
required to recognize life-time expected loss for this group of loans since they are
mapped to 2nd stage of the IFRS 9. Additionally, banks are required to establish relevant
systems for closely monitoring 2nd group loans pursuant to Article 18(4) of the draft
regulation.
EC10 The supervisor determines that the bank’s Board obtains timely and appropriate
information on the condition of the bank’s asset portfolio, including classification of
assets, the level of provisions and reserves and major problem assets. The information
includes, at a minimum, summary results of the latest asset review process, comparative
trends in the overall quality of problem assets, and measurements of existing or
anticipated deterioration in asset quality and losses expected to be incurred.
Description and On-site examiners evaluate whether the MIS and internal procedures of the bank allow for
findings re EC10 the sufficient level of information flow to bank’s board so as to obtain timely and
appropriate information with regard to the classification of loans, the provisioning levels
and problem assets.
Please refer to EC2 for further details.
EC11 The supervisor requires that valuation, classification and provisioning, at least for
significant exposures, are conducted on an individual item basis. For this purpose,
supervisors require banks to set an appropriate threshold for the purpose of identifying
significant exposures and to regularly review the level of the threshold.
Description and Banks are obliged to prepare an exclusive report containing views about the loans that
findings re EC11 exceed TL 250,000 and, in any case, the largest top 200 loans, on a quarterly basis or in
case of occurrence of any risk event according to the article 12(9) of the REPL. In the draft
REPL, banks will be required to document their assessments of the largest 200 loans or
loans exceeding TL 500.000.
EC12 The supervisor regularly assesses any trends and concentrations in risk and risk build-up
across the banking sector in relation to banks’ problem assets and takes into account any
observed concentration in the risk mitigation strategies adopted by banks and the
potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers
the adequacy of provisions and reserves at the bank and banking system level in the light
of this assessment.

TURKEY
Description and Credit concentration risk and trends across the banking sector are monitored by loan
findings re EC12 types, geography and industry by off-site supervision department through monthly
banking sector overview presentations and loan reports. Non-performing loans by
segment, sectors, and provisioning rates as well as loans under follow up and restructured
loans are also monitored.
Overview of the banking sector, risk concentrations and trends are presented to the BRSA
Board and some committees such as FSC and CC where necessary actions will be
discussed and initiated. Macro prudential measures on consumer loans such as credit
restrictions (increasing minimum payment ratios of credit cards, maturity restriction for
consumer loans, loan to value ratio for housing and vehicle loans etc.), increasing risk
weights for capital adequacy, increasing general provision ratios in order to curb credit
growth and risk accumulation may be given as recent examples.
Furthermore, stress tests are used for estimating following 2 years loan growth, NPL
growth (PD and LGD for economic capital) under both baseline and adverse scenarios
(please refer to CP 9 EC5 for further details).

Principle 18
Comments The framework for credit classification and provisioning is generally adequate. However,
the accuracy asset classification by banks, and therefore the integrity reporting to boards
and the BRSA is called into question given the nature of reclassifications assigned by
onsite examiners and the lack of documentation therein. Loan write ups require more
support and context as well as need to present nature of collateral and provision impact.
Examination conclusions focus more on internal control issues rather than higher level
implications for the condition and management of the credit portfolio under examination.
Given the lack of (documented) focus on the implications of important bank processes,
the examination exercise missed opportunity to identify very important linkages with and
conclusions on:
 Management’s understanding of their business and credit risk, ability to identify

deterioration proactively – thereby allowing for early intervention.
 Implications for internal systems => function, role, and independence of credit risk
management – thereby validating the systems that the bank’s board and the BRSA
depends upon in order to effectively oversee the institution. As well, these systems
are key to the exercise of risk based supervision by the BRSA.
 Inputs to evaluate corporate governance of the bank.
 Accuracy of information conveyed to the board and the BRSA
As well, the historical and statistical support for standard (general) and special mention
loan categories is not substantiated by accumulated experience. It is not clear if appraised
values, within a range, are being realized upon the sale of the properties or if provisioned

TURKEY
amounts are adequately covering loss experience on classified loans. Clear parameters
should be established for periodic valuation of underlying collateral on NPL exposures.
Principle 19 Concentration risk and large exposure limits. The supervisor determines that banks have
adequate policies and processes to identify, measure, evaluate, monitor, report and
control or mitigate concentrations of risk on a timely basis. Supervisors set prudential
limits to restrict bank exposures to single counterparties or groups of connected
counterparties.55
Essential criteria
EC1 Laws, regulations or the supervisor require banks to have policies and processes that
provide a comprehensive bank-wide view of significant sources of concentration risk.56
Exposures arising from off-balance sheet as well as on-balance sheet items and from
contingent liabilities are captured.
Description and Article 48 of the BL contains a very comprehensive definition of a loan which includes
findings re EC1 both on and off balance sheet exposures. RICAAP article 35(4) requires banks to have
effective risk management systems for key risks, based on their level of importance,
including concentration risks. Further, the banks shall have a mechanism through which to
evaluate the integrity of the risk management process including how large loans and risk
concentrations are overseen.
GMCR is a principle based guideline which explains the best practices expected from
banks in the area of management of concentration risk within the framework of RICAAP.
Banks are to have a system of identifying exposures to single or connected counterparties
in the same markets, sectors, supply chains, partnerships, guarantor relationship and
geographic region or activity fields and capture both on-balance sheet and off-balance
sheet positions as well as assets and liabilities, both on consolidated and non-
consolidated basis. Banks are required to specify personnel and units responsible for the
management of concentration risk and have written policies and procedures for active
monitoring, control and mitigation of concentration of risk.
GCM directs that credit risk management processes should address concentration risk and
diversification therein in the banks’ credit strategies and policies. As appropriate, banks
should mitigate increases in credit risk concentrations using various management tool
such as product price differentiation.
55Connected counterparties may include natural persons as well as a group of companies related financially or by
common ownership, management or any combination thereof.
56 This includes credit concentrations through exposure to: single counterparties and groups of connected
counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a
single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties
whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures
(including guarantees and other commitments) and also market and other risk concentrations where a bank is overly
exposed to particular asset classes, products, collateral, or currencies.

TURKEY
Concentration risk is an important focus of the CAMELS review/GAR methodology

process. As well, it is captured in the ICAAP process and the supervisory review.
Supervisory evaluation of concentration risk also feeds into the risk matrix prepared as a
part of the supervisory cycle.
EC2 The supervisor determines that a bank’s information systems identify and aggregate on a
timely basis, and facilitate active management of, exposures creating risk concentrations
and large exposure57 to single counterparties or groups of connected counterparties.
Description and GCM Principle 8, directs that banks must have information systems which can monitor
findings re EC2 exposures by customer, group, sub-portfolios and all portfolio. GMCR Principle 3 requires
banks to have adequate data management systems to identify concentrations across
business lines and firm-wide and on an on- and off-balance sheet basis. Such
concentrations must be reported to senior management and to relevant business units to
support decision making.
Special examinations provide the opportunity for examiners to evaluate aggregation

systems for concentrations of risk. More specifically, during on-site examinations of credit
portfolios, examiners are required to pick up total customer relationship exposures in
order to evaluate credit quality on an individual exposure basis. Through this, as the
assessors review of a sample of special inspections revealed, the examiners are able to
pick up issues with the subject bank’s system. The CAMELS review/GAR methodology
requires supervisors to address concentration risk in counterparty, product, sector and
geographical region groupings.
From the IT point of view, banks’ information systems are required to meet the standards
set in RITEA. Banks’ retail and corporate loans systems (including monitoring loan limits)
are audited by external auditors and results of this audit are submitted to BRSA. Identified
deficiencies are taken into account during regular on-site examinations.
EC3 The supervisor determines that a bank’s risk management policies and processes establish
thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk
profile and capital strength, which are understood by, and regularly communicated to,
relevant staff. The supervisor also determines that the bank’s policies and processes
require all material concentrations to be regularly reviewed and reported to the bank’s
Board.
Description and Concentration risk is addressed by banks through setting strategic planning and business
findings re EC3 objectives, establishing and monitoring counterparty specific, portfolio, product and other
limit structures and position objectives, and risk oversight mechanisms. These elements
57 The measure of credit exposure, in the context of large exposures to single counterparties and groups of
connected counterparties, should reflect the maximum possible loss from their failure (i.e., it should encompass
actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel
capital standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were
devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could
significantly underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).

TURKEY
are addressed, in part, in GMCR which requires banks to set limits in order to manage
concentration risks.
Paragraphs 47 and 48 of GMCR require banks to have a system to report concentration

risk timely, accurately and comprehensively to senior management, boards, and related
units ensuring effective decision-making in the management of concentration risk.
RICAAP requires the bank’s system of limits, risk appetite, etc. to be communicated
throughout the bank.
Risk concentrations are captured in the ICAAP process which is reviewed by the BRSA.
A framework for risk concentration control and management is provided through

regulation and the RICAAP process. However, review of the onsite examination
process for credit risk (CP 17, 18) where issues surrounding risk identification as well
as questions surrounding the implications of findings on the broader risk
management processes were cited could have a bearing on the supervisory process
for concentration risk identification, monitoring and control.
EC4 The supervisor regularly obtains information that enables concentrations within a bank’s
portfolio, including sectoral, geographical and currency exposures, to be reviewed.
Description and The surveillance call reports received from banks include details of sector, geography and
findings re EC4 currency information and risk concentration on customer basis (KR202AS-monthly).
Monthly basis summary call reports on country risk and currency concentration (UL200AS,
UL211AS) enable off-site supervisors to evaluate the extent of on and off-balance sheet
concentration risk in banks. Single and group exposures (close to or in excess of 20% of
regulatory capital for related party and 25% for other individual or group exposure); large
exposures; top 25, 50 and 100 exposures are also received.
Supervision reports and reviews include concentrations including loan portfolio, sectoral,
geographical, currency accumulations. Findings are compared against peer group and
sector positions and used in banks’ risk assessment reports.
There are minimum regulatory requirements for loan concentrations which are closely
monitored. These, which are determined by laws and regulations, include, inter alia, banks
own risk group, major owners, large exposures (KS100AS and KS100UK, exposure limits
consolidated and non-consolidated), real estate (GS100AS, real estate limits).
Furthermore, Article 12(9) of REPL requires banks to prepare an exclusive report

containing views about the loans that exceed TL 250,000 and, in any case, the largest top
200 loans, on a quarterly basis or in case of occurrence of any risk event.
EC5 In respect of credit exposure to single counterparties or groups of connected

counterparties, laws or regulations explicitly define, or the supervisor has the power to
define, a “group of connected counterparties” to reflect actual risk exposure. The
supervisor may exercise discretion in applying this definition on a case by case basis.

TURKEY
Description and Article 49 of the BL defines the following four risk groups (a) group of counterparties
findings re EC5 unconnected with the bank, (b) related parties (those connected with the bank), (c) group
of connected counterparties of state owned banks and (d) group of connected
counterparties of state owned non-bank enterprises. The Article states that the “the BRSA
shall set the principles and procedures of implementation of this Article and principles
and procedures to be applicable to the identification of the (natural) and legal persons to
be included in the same risk group ....”. The BRSA has covered these elements in the RCT,
which prescribes the norms for identifying risk groups and aggregating various types of
cash and noncash exposures. Article 49 of the BL requires banks to include in the same
risk group, real (natural) and legal persons that have surety, guarantee or similar
relationships where the insolvency of one will lead to the insolvency of the other.
EC6 Laws, regulations or the supervisor set prudent and appropriate58 requirements to control
and constrain large credit exposures to a single counterparty or a group of connected
counterparties. “Exposures” for this purpose include all claims and transactions (including
those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-
balance sheet. The supervisor determines that senior management monitors these limits
and that they are not exceeded on a solo or consolidated basis.
Description and Article 54 of the BL set limits to the amount of loans to be granted to a single or group of
findings re EC6 connected counterparties. Article 48 provides a comprehensive definition of a loan, both
on and off balance sheet. Article 49 provides a comprehensive definition of “risk group” or
group of connected parties.
The total amount of loans to be extended by a bank to a real or a legal person or a risk
group shall not be more than 25 %of its own funds. For the bank’s own risk group, the
limit shall be set at 20%. The Board may increase this rate up to 25% or to lower it back
down to the legal limit. For further limitations on a bank’s own risk group, see BCP 20.
Loans made available to a real or legal person or a risk group that are equal to or exceed
10% of own funds shall be considered large loans and the total of such loans shall not
exceed 8 times of the own funds according to the article 54(4).
Pursuant to Article 43 of the BL, all ratios and limits in the BL are required to be calculated
by parent banks on a solo and consolidated basis. Article 54 of the BL states that these
limits are calculated on consolidated basis by parent banks.
Article 20 of the GMCR requires banks to measure, monitor, and report concentrations of
risk.
As explained in EC 3, in GAR; supervisor examines thresholds and specific limits for all
types of exposures including off-balance sheet risks, regarding concentrations of sector,
product, customer, risk group, shareholders, reviews reporting to senior management, and
reviews compliance with bank policies and internal and regulatory limits. The General Risk
58Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of
September 2012, a new Basel standard on large exposures is still under consideration.

TURKEY
Limits (KS100AS-KS100UK) reports are used for monitoring the compliance with the above
mentioned limits and if any deficiencies are observed, the necessary actions are taken by
BRSA depending on the nature of incompliance.
EC7 The supervisor requires banks to include the impact of significant risk concentrations into
their stress testing programs for risk management purposes.
Description and RICAAP 43 requires banks to establish and operate a stress testing program in order to
findings re EC7 measure their material risks and vulnerabilities in general terms. GST Principle 12 requires
banks to stress test their portfolios and business units to identify risk concentrations that
may arise across their book. GMCR Principle 3 emphasizes the importance of
concentration risk stress testing, including to identify and measure various hidden
concentrations.
See BCP 8, EC 5 for further expansion on stress testing.
Additional
criteria
AC1 In respect of credit exposure to single counterparties or groups of connected

counterparties, banks are required to adhere to the following:
a) ten per cent or more of a bank’s capital is defined as a large exposure; and
b) twenty-five per cent of a bank’s capital is the limit for an individual large exposure to
a private sector non-bank counterparty or a group of connected counterparties.
Minor deviations from these limits may be acceptable, especially if explicitly temporary or
related to very small or specialized banks.
Description and
findings re AC1
Principle 19
Comments The legal framework addressing concentration risk and large exposures limits is generally
in line with international standards. The definition of connected parties is comprehensive.
The BRSA examines and monitors various exposures including, inter alia, large exposures,
concentrations by sector, product, customer, and risk group.
Principle 20 Transactions with related parties. In order to prevent abuses arising in transactions with
related parties59 and to address the risk of conflict of interest, the supervisor requires
59 Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their
subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the
bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related
interests, and their close family members as well as corresponding persons in affiliated companies.

TURKEY
banks to enter into any transactions with related parties60 on an arm’s length basis; to
monitor these transactions; to take appropriate steps to control or mitigate the risks; and
to write off exposures to related parties in accordance with standard policies and
processes.
Essential criteria
EC1 Laws or regulations provide, or the supervisor has the power to prescribe, a
comprehensive definition of “related parties”. This considers the parties identified in the
footnote to the Principle. The supervisor may exercise discretion in applying this definition
on a case by case basis.
Description and The definition of related parties is sufficiently comprehensive to capture relevant real and
findings re EC1 legal persons within the scope of the bank.
According to BL article 49 a bank and its qualified shareholders, members of its board of
directors and its general manager as well as the undertakings they control individually or
jointly, directly or indirectly or participate with unlimited responsibility or where they are
members of board of directors or general manager constitute a risk group including the
bank. Jointly-controlled undertakings shall be included in the risk group of each
shareholder that controls together these undertakings. Risk groups include real and legal
persons who have such relationships (surety, guarantee or similar relationships) where the
insolvency of one will lead to the insolvency of the other. By the authority given in this
article, BRSA may extend the risk group definition to include legal or real persons that
may have material effects on the solvency of the risk group.
Article 50 of the BL prohibits banks from granting cash or non-cash (OBS) loans,
purchasing bonds or similar securities to:
a) members of the board of directors, general manager, deputy general managers and
employees that are authorized to extend loans; their spouses and children under their
custody; and the undertakings where they individually or jointly own twenty-five
percent or more of the capital,
b) employees other than those mentioned in sub-paragraph (a) and their
spouses and children under their guardianship,
c) funds, associations, unions or foundations established by or for their employees.
Article 50 further directs that the prohibitions above will not apply to the loans made
available to the board members and employees and family members thereof of the bank
that do not exceed 5 times their monthly total net remuneration and credit in the form of
60 Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as,
dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative
transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only
transactions that are entered into with related parties but also situations in which an unrelated party (with whom a
bank has an existing exposure) subsequently becomes a related party.

TURKEY
check book and credit cards may not be granted over 3 times monthly total net
remuneration. The total of these loans is very small in size.
For banks who are majority owned, separately or jointly by the Treasury Undersecretariat,
Privatization Administration or the administrations subject to the general budget or an-
nexed budget (i.e., State owned), are considered a risk group, together with their affiliated
companies. The non-bank state economic enterprises or other public institutions and
enterprises that are majority owned by the Privatization Administration shall constitute a
risk group together with companies in which they own or influence management and
supervision.
EC2 Laws, regulations or the supervisor require that transactions with related parties are not
undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees,
amortization schedules, requirement for collateral) than corresponding transactions with
non-related counterparties.61
Description and BL article 50 of the BL directs that loans to natural and legal persons in the bank’s risk
findings re EC2 group requires approval of two thirds majority of the board of directors’ members and
that the loan conditions shall not differ from the loans made available to other persons
and groups and from market conditions, in favor of the borrower. Additionally, in order to
ensure that credit to related parties are not undertaken on more favorable terms and to
prevent conflict of interests the principle 3, paragraph 28 of the GCM states that, the
approval processes and work flows for credits which are extended to the bank risk group
should be separately determined.
While Article 48 of the BL provides a comprehensive definition of “loan”, it does not

include other non-credit transactions within the limitations addressing related parties.
Legislation should be expanded to explicitly capture all transactions, including loans,
within the parameters of related party limits and requirements.
EC3 The supervisor requires that transactions with related parties and the write-off of related-
party exposures exceeding specified amounts or otherwise posing special risks are subject
to prior approval by the bank’s Board. The supervisor requires that Board members with
conflicts of interest are excluded from the approval process of granting and managing
related party transactions.
Description and Article 50 of the BL stipulates that the decisions for loan extensions to natural and legal
findings re EC3 persons in the bank’s risk group are required to be made by two thirds majority of the
board of directors’ members and that the loan conditions should not differ from the loans
made available to other persons and groups and from market conditions, in favor of the
borrower.
There is no explicit provision that requires prior approval of related party transactions by
the bank’s board. No explicit provision requires approval (prior or post) of write-off of
61 An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g., staff
receiving credit at favorable rates).

TURKEY
related party transactions. The assessor team was informed that no such write offs have
occurred in the recent past.
According to Article 51 of the BL, bank personnel authorized to extend loans cannot take
part in the evaluation and decision-making phases for the loan transactions involving
themselves, their spouses, children or their related risk group. Additionally, in order to
ensure that transactions with related parties are not undertaken on more favorable terms
and to prevent conflicts of interest the principle 3, paragraph 28 of GCM requires banks to
separate, independent approval processes and work flows for credits extended to the
bank’s risk group.
EC4 The supervisor determines that banks have policies and processes to prevent persons
benefiting from the transaction and/or persons related to such a person from being part
of the process of granting and managing the transaction.
Description and See also EC 2 above.

findings re EC4
Article 7(2) (s) of RICAAP requires the bank’s audit committee to monitor whether
personnel receiving bank credit participates in the decision making process. This includes
any related credit extended to the person’s risk group. Appropriate communication
channels must exist for reporting these issues to the audit committee.
According to GCM paragraph 78, the board of directors establishes the structure and
practices which will prevent the shareholders, bank management or other relevant parties
from intervening credit assessment process.
Additionally, in line with the principle 26, paragraph 156 of GCM, banks should assign
qualified staff for monitoring the credits. These monitoring activities cover the conditions
related to collaterals and guarantees for credits. In assigning this staff, banks are required
to establish a monitoring structure which will not cause any potential conflicts of interest.
RCT, which regulates the procedures and principles for the credits extended by the banks,
has also provisions for identification of natural persons and legal entities to be included in
the bank’s risk group.
Related party exposures are examined as part of the loan review process during CAMELS
on-site supervision.
EC5 Laws or regulations set, or the supervisor has the power to set on a general or case by
case basis, limits for exposures to related parties, to deduct such exposures from capital
when assessing capital adequacy, or to require collateralization of such exposures. When
limits are set on aggregate exposures to related parties, those are at least as strict as
those for single counterparties or groups of connected counterparties.
Description and Article 50 establishes limitations on lending to a bank’s related parties. See EC 1 for the
findings re EC5 specific language. Thereafter, that allowable exposure is monitored and addressed within
the context of legislation addressing credit exposures overall.

TURKEY
According to BL article 54(1), the total amount of loans to be extended by a bank to a

natural or legal person or a risk group shall not exceed 25% of the bank’s own funds. This
rate shall be applied as 20 % for the bank’s risk group. The BRSB may increase this rate up
to 25% or to lower it down to the legal limit. The loans made available to an
unincorporated undertaking shall be considered as made available to partners in
proportionate to their responsibilities. (In practice, no such increase in a bank’s limit
threshold to 25% has been granted by the BRSA.)
In any event paragraph 54 limits the total of loans extended by banks to all shareholders
who have more than 1% share in the capital of banks, irrespective of whether they are
controlling owners or whether they own qualified shares, and to persons who constitute a
risk group with such persons, to no more than 50% of own funds.
In cases violations of the relevant law, articles 50 and 51 authorize the BRSA to deduct the
excesses from a bank’s own funds or to require the bank to obtain additional own funds
equal to the amount of such loans.
RCT article 13 of RCT directs that calculation of credit exposures for purposes of
application of the limits to risk groups shall be on a consolidated basis – including the
financial institution’s affiliates subject to consolidation.
EC6 The supervisor determines that banks have policies and processes to identify individual
exposures to and transactions with related parties as well as the total amount of
exposures, and to monitor and report on them through an independent credit review or
audit process. The supervisor determines that exceptions to policies, processes and limits
are reported to the appropriate level of the bank’s senior management and, if necessary,
to the Board, for timely action. The supervisor also determines that senior management
monitors related party transactions on an ongoing basis, and that the Board also provides
oversight of these transactions.
Description and Legislation largely addresses lending to related parties (the bank’s risk group) within the
findings re EC6 context of lending parameters in general. The BL specifically assigns responsibility to the
board for implementing strong internal systems within the bank which includes effective
risk management and internal audit processes. It is within this scope of activity that the
monitoring of related party transactions occurs. Within this context, according to Article
51 of the BL, bank personnel authorized to extend loans cannot take part in the evaluation
and decision-making phases for the loan transactions involving themselves, their spouses,
children or their related risk group. (As stated in EC 5 above, lending to board members is
currently prohibited except on very restricted terms.)
Additionally, in order to ensure that transactions with related parties are not undertaken
on more favorable terms and to prevent conflicts of interest the principle 3, paragraph 28
of GCM requires banks to separate, independent approval processes and work flows for
credits extended to the bank’s risk group.
Article 7(2) (s) of RICAAP requires the bank’s audit committee to monitor whether
personnel receiving bank credit participates in the decision making process. This includes

TURKEY
any related credit extended to the person’s risk group. Appropriate communication
channels must exist for reporting these issues to the audit committee.
See also BCP 17/18 for credit risk monitoring and management. See also EC 3 above for
the board approval processes for undertaking credit exposures to a bank’s risk group.
During the CAMELS review/GAR methodology, related party exposures are examined as
part of the loan review process. As well, examiners evaluate thresholds and specific limits
for all types of exposures including related party exposures. Moreover, FSAID 2914 aims
to review the level of ratio of loans extended to related parties to the regulatory capital.
And this assessment affects the asset quality component of the CAMELS rating system.
It should be noted, however, that review of the onsite examination process for credit risk
(CP 17, 18) where issues surrounding risk identification as well as questions surrounding
the implications of findings on the broader risk management processes were cited could
have a bearing on the supervisory process for related party transactions.
EC7 The supervisor obtains and reviews information on aggregate exposures to related parties.
Description and Exposures to related parties are closely monitored by off-site supervisors by means of
findings re EC7 monthly call reports. Banks shall regularly report and update the names of all real and
legal persons in their own risk group (KR105AS), their shareholders (HS200AS) and their
affiliates and subsidiaries (IS200AS) on a monthly basis. Loans extended to related party
(KR202AS), transactions with related party in financial sector (MS200AS), derivative
transactions with related party (BD101GS), related party risk limits (exposure to bank’s
own risk group shall not exceed 20% of regulatory capital-KS100AS) are the main
surveillance call reports which are used for reviewing aggregate exposures to related
parties. In addition to that banks disclose the information about transactions with their
own risk group in the external audit reports quarterly as it is required by article 22 of CPD.
As well, banks prepare an intragroup transactions report annually for consolidated

supervision. Supervision teams assess that report in their examination processes. The
report covers transactions with financial/nonfinancial parties that the bank controls
directly or indirectly, transactions of affiliate financial/nonfinancial parties amongst
themselves of which bank is not a part, transactions of the bank and its
financial/nonfinancial affiliates with the controlling shareholder, transactions of the bank
and its financial/nonfinancial parties with the controlling shareholder’s other partnerships.

Principle 20
Comments The legal and regulatory framework for related parties is generally comprehensive. The
offsite department receives and regularly monitors reporting from banks. Examiners
evaluate related party exposures during the onsite review. Offsite monitoring is
comprehensive.

TURKEY
There is no explicit provision that requires prior approval of related party transactions by
the bank’s board. As well, no explicit provision requires approval (prior or post) of write-
off of related party transactions.
As well, while Article 48 of the BL provides a comprehensive definition of “loan” and

related party limitations address such, legislation does not include other non-credit
transactions within the limitations addressing related parties. Legislation should be
expanded to explicitly capture all transactions, including loans, within the parameters of
related party limits and requirements.
The assessment team was informed that a draft revision of the BL is being prepared by the
BRSA. Within this context, article 50 (a and b) may be revoked to allow board member
borrowing from the bank. It will also address related party “transactions” as well. The
assessment team cautions the BRSA on relaxing related party risk parameters. There are
countries that continue to rigorously restrict extension of credit, as well as transactions
with, related parties of the bank, including board members. This is an area which
historically has proven consistently problematic in distressed bank situations. Therefore,
the team advises caution in widening the scope for such exposures.
Principle 21 Country and transfer risks. The supervisor determines that banks have adequate policies
and processes to identify, measure, evaluate, monitor, report and control or mitigate
country risk62 and transfer risk63 in their international lending and investment activities on
a timely basis.
Essential criteria
EC1 The supervisor determines that a bank’s policies and processes give due regard to the
identification, measurement, evaluation, monitoring, reporting and control or mitigation
of country risk and transfer risk. The supervisor also determines that the processes are
consistent with the risk profile, systemic importance and risk appetite of the bank, take
into account market and macroeconomic conditions and provide a comprehensive bank-
wide view of country and transfer risk exposure. Exposures (including, where relevant,
intra-group exposures) are identified, monitored and managed on a regional and an
individual country basis (in addition to the end-borrower/end-counterparty basis). Banks
are required to monitor and evaluate developments in country risk and in transfer risk and
apply appropriate countermeasures.
Description and GCRM is a principle based guideline which explains the best practices expected from
findings re EC1 banks regarding the management of country risk within the framework of RICAAP Article
62Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than
sovereign risk as all forms of lending or investment activity whether to/with individuals, corporate, banks or
governments are covered.
63Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will
be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions
imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics –
Guide for compilers and users, 2003.)

TURKEY
35 which determines purpose of risk management and implementation of risk

management systems including country and transfer risks. Country and transfer risks are
defined in this guideline as well as contagion risk, indirect foreign-exchange risk, indirect
country risk, macroeconomic risk and sovereign risk. According to the guideline, banks
should establish country risk management processes in accordance with their risk profile,
systemic importance and risk appetite after identifying market and macroeconomic
conditions and scope and depth of their country risk exposure.
GCRM Paragraph 3 draws a framework for adequate country risk management structure
both on consolidated and non-consolidated basis considering the size and complexity of
bank's activities including senior management surveillance, strategy, policy and
procedures, risk analysis, measurement, monitoring and controlling.
GCRM Paragraph 6-13 requires sovereign risk, transfer risk, contagion risk, and the
categories of indirect exchange risk, macroeconomic risk and indirect country risk to be
taken into account in management of country risk. A risk management process should be
established in accordance with risk profile, systemic importance and risk appetite after
identifying market and macroeconomic conditions, scope and depth of risk exposure.
Country risk exposures must be identified, measured, monitored and managed on the
basis of each country and country groups (considering the borrower on ultimate position
and other counterparties), subsidiaries and participations. Emerging developments in
relevant countries must be monitored.
GCRM Principle 1 states that banks should clearly identify the country risk strategy, policy
and procedures and document them. Senior management is responsible for
implementing, however the board of directors has the ultimate responsibility in
establishing country risk strategy, policy and procedures.
BRSA examines the risks regarding Pillar II in terms of definition, measurement,

assessment, surveillance, reporting, modelling, back testing and supervision of risks in on-
site examination of banks. Country and transfer risk is one of the significant part of that
examination. Management of country and transfer risk policies and procedures of banks
are being examined within the scope of ICAAP.
One of the most significant objectives of supervision is assessment of risks and

determination of risk profiles of the banks. SMRAC is the framework which is used to
prepare the risk matrix all relevant risks. As one of the essential part of the supervision
cycle, country and transfer risk is described in SMRAC to be considered in examination of
the banks.
SMGAR requires examiners to consider country risk in assessment of banks. Supervisor

assesses whether the bank has made an analysis evaluating the necessity of using a model
for measurement of country and transfer risk within the scope of ICAAP (FSAID 2459) and
examines validation/backtesting results in modelling policies for measuring required
capital (FSAID 2466) and at the same time oversees the recognition of those results in
decision making processes (FSAID 2471).

TURKEY
Through the CAMELS review/GAR methodology process, the examiners review the bank’s
oversight and management process; oversight of country risks arising from bank’s
partnerships, shareholders and shareholder’s partnerships; the volume of activity of its
clients abroad, etc.
EC2 The supervisor determines that bank’ strategies, policies and processes for the
management of country and transfer risks have been approved by the banks’ Boards and
that the Boards oversee management in a way that ensures that these policies and
processes are implemented effectively and fully integrated into the banks’ overall risk
management process.
Description and GCRM Principle 1 requires banks to identify the country risk strategy, policy and
findings re EC2 procedures, and to have them approved by the board of directors in order to ensure to be
considered in all decision processes. Moreover, senior management is responsible for
implementing these strategy, policy and procedures. Paragraph 17 also declares that
board of directors shall regularly review the bank's country risk exposure. Paragraph 38
requires country risk limits to be approved by the Board. As well, paragraph 38 requires
that relevant limits should be approved by the board and linked to capital.
Through the CAMELS review/GAR methodology the examiners verify that the proper
board approvals for policies and strategies have been given as well as the reports
provided the board. The BRSA requires banks to have an effective organizational structure
regarding management, limitation and supervision of country and transfer risks and
allocation of authorized staff.
EC3 The supervisor determines that banks have information systems, risk management
systems and internal control systems that accurately aggregate, monitor and report
country exposures on a timely basis; and ensure adherence to established country
exposure limits.
Description and GCRM Principle 6 requires banks to have an information system, a risk management
findings re EC3 system and an internal control system that monitor and report country risks. Moreover,
banks should regularly review IT systems to enable country limits to be monitored on a
timely basis, to ensure appropriate measures to be taken where necessary, and to ensure
adherence to established country exposure limits. The GCRM requires setting limits on an
individual country basis and a system for establishing, controlling, monitoring and
reporting country limits and risks.
Through the CAMELS review/GAR process, the examiner evaluates the country risk
management process and verifies that internal audit addresses the key aspects of country
risk management and internal controls.
It should be noted, however, that review of the onsite examination process for credit risk
(CP 17, 18) where issues surrounding risk identification as well as questions surrounding
the implications of findings on the broader risk management processes were cited could
have a bearing on the supervisory process for country and transfer risk.

TURKEY
EC4 There is supervisory oversight of the setting of appropriate provisions against country risk
and transfer risk. There are different international practices that are all acceptable as long
as they lead to risk-based results. These include:
a) The supervisor (or some other official authority) decides on appropriate minimum
provisioning by regularly setting fixed percentages for exposures to each country
taking into account prevailing conditions. The supervisor reviews minimum
provisioning levels where appropriate.
b) The supervisor (or some other official authority) regularly sets percentage ranges for
each country, taking into account prevailing conditions and the banks may decide,
within these ranges, which provisioning to apply for the individual exposures. The
supervisor reviews percentage ranges for provisioning purposes where appropriate.
c) The bank itself (or some other body such as the national bankers association) sets
percentages or guidelines or even decides for each individual loan on the appropriate
provisioning. The adequacy of the provisioning will then be judged by the external
auditor and/or by the supervisor.
Description and BRSA implements the method (c). The Articles 7(9) and 8(4) of the REPL give authority to
findings re EC4 the BRSA to increase general and specific provisions for banks by considering country risk.
The draft REPL Article 10(2) and 11(2) requires banks to make additional provisions for
country and transfer risks above the minimum amount determined for general and
specific provisions.
GCRM Paragraph 13 directs a bank to reserve capital or make provisions for country risk
exposures by considering its portfolio structure, size and emerging developments. Banks
may apply various risk-based methods accepted in this context.
GCRM Paragraph 14 requires the written policies and procedures of a bank on country
risk management shall include system, policy, methodology and processes applied in
making provision or reserving capital.
During the ICAAP review, the examiners review the management process surrounding
country risk management and the adequacy of provisioning for exposures therein.
EC5 The supervisor requires banks to include appropriate scenarios into their stress testing
programs to reflect country and transfer risk analysis for risk management purposes.
Description and RICAAP 43 requires banks to establish and operate a stress testing program in order to
findings re EC5 measure its material risks and vulnerabilities. GCRM Principle 5 requires banks to perform
stress tests for country risk analysis including using sufficiently severe scenarios to
adequately analyze the nature of exposures.
The examiners evaluate stress testing programs in the context of the ICAAP review and
during examination of country and transfer risks when and as appropriate for the level
and nature of the bank’s exposures.

TURKEY
EC6 The supervisor regularly obtains and reviews sufficient information on a timely basis on
the country risk and transfer risk of banks. The supervisor also has the power to obtain
additional information, as needed (e.g., in crisis situations).
Description and The article 96(1) of the BL provides authority to the BRSA to request any related
findings re EC6 information from banks and related parties indicated in this article. By using this power,
the BRSA can demand all needed document and information from banks.
Country risks are closely monitored through monthly basis two call reports: “UL200AS,
Country And Foreign Currency Risks- Balance Sheet Accounts” and “UL211AS, Country
And Foreign Currency Risk—Off-Balance Sheet Accounts”. Moreover, call reports such as
Loans-detailed (KR202AS), “Transactions with Financial Sector (MS200AS) and “Cross
Border Organizations Reporting Set” are used for country risk analysis. “Country Risk
Report” and “Cross Border Organizations of the Banks Established in Turkey report” are
the final off-site supervision products about country risks.
Additionally, reports or notes are prepared when needed in special cases or crisis (e.g.,
recent special notes on Greece Risks, Russian Risks). In these cases ad-hoc information
other than regular call reports can always be gathered in a very short time from banks.
Principle 21
Comments BRSA guidance adequately captures country and transfer risk as well as other relevant
risks. Banks are expected to establish country risk parameters as well as systems for
monitoring exposures, including indirect foreign-exchange risk and indirect country risk.
Country risk is evaluated through the CAMELS review process and via the risk matrix of
the bank.
Principle 22 Market risk. The supervisor determines that banks have an adequate market risk
management process that takes into account their risk appetite, risk profile, and market
and macroeconomic conditions and the risk of a significant deterioration in market
liquidity. This includes prudent policies and processes to identify, measure, evaluate,
monitor, report and control or mitigate market risks on a timely basis.
Essential criteria
EC1 Laws, regulations or the supervisor require banks to have appropriate market risk
management processes that provide a comprehensive bank-wide view of market risk
exposure. The supervisor determines that these processes are consistent with the risk
appetite, risk profile, systemic importance and capital strength of the bank; take into
account market and macroeconomic conditions and the risk of a significant deterioration
in market liquidity; and clearly articulate the roles and responsibilities for identification,
measuring, monitoring and control of market risk.
Description and The Article 29 of the BL requires banks to implement adequate and efficient internal
findings re EC1 control, risk management and internal audit systems that are commensurate with the
scope and structure of their activities, that can respond to changing conditions and that

TURKEY
cover all their branches and undertakings subject to consolidation in order to monitor and
control risks that they encounter. Foreign exchange risk is the primary market risk of
banks in the Turkish system.
The overall framework of risk management is defined in RICAAP. Article 5 and 38 directly
assigns responsibility to the board to establish the risk appetite and ensure fluid
communication lines through the bank. The board is responsible for determining the
organizational structure, policies, procedures, authorities of the units, etc. It further
requires in article 38 that risk limits are established in relation to allocated capital and risk
appetite. Responsibilities for identification, measuring, monitoring and control of each risk
has been given to risk management unit of banks according to article 37. Management
responsibilities and duties are articulated in article 41.
Banks shall manage their market risk according to the provisions of this Regulation beside
the principles and procedures stated in the Guideline on Market Risk Management
(GMRM) within the frame of principle of proportionality. GMRM is a principle based
guideline explaining the best practices and processes expected from banks regarding the
management of market risk. It advises a proportionality approach in which banks adopt
processes in relation to the size and complexity of their activities. GMRM Principle 2
requires banks to establish a sound and comprehensive risk management framework,
systems through which to concerning measure, monitor, and control market risk and to
execute their business in accordance with them. Minimum factors to be included in the
framework and processes regarding the measurement, monitoring, and controlling of the
market risk are stated in this principle in detail.
GMRM Paragraph 8 states that banks should also take into account the general market
and macroeconomic conditions in which they operate in their assessment and
management of risks and their loss absorbing capacity. Moreover, Paragraph 23 clarifies
that all significant risks should be measured and aggregated on a bank-wide basis. As
well, policies should be applied on a consolidated and non-consolidated basis and should
clearly determine the lines of responsibilities of the Board, senior management, units
within the internal systems and other personnel responsible for managing market risk as
well as identifying processes of reviewing or updating policies in cases of considerable
changes occurred in the bank’s market risk profile.
During the CAMELS rating process/GAR methodology, examiners use GMRM as a manual
for market risk supervision. Therefore, each principle and paragraph in GMRM determines
the on-site supervision framework for market risk.
Examiners also assess the level of risks and risk profiles of the banks according to SMRAC
which guides the preparation of the risk matrix. SMRAC has a special chapter for
determining the risk level and the management quality of market risk. According to
SMRAC, examiners determine risk profile and assess the adequacy of policies and
procedures, the level of risk appetite, and the quality of risk measuring, monitoring and
control functions including the roles and responsibilities.

TURKEY
The BRSA evaluates the level and management of market risk through the onsite GAR
methodology. The process includes evaluating the bank’s related strategies and policies,
risk appetite and risk tolerance. Examiners are further directed to check policies,
strategies, limit structures, and valuation processes. The result of these steps feeds into
the risk matrix and profile documents prepared at the end of the supervisory cycle. Banks’
foreign exchange exposures and business are regularly evaluated along with activity in the
securities and other relevant areas. Two “test” specific examinations were conducted to
pilot new questions and the implied processes within the context of the GAR
methodology and for the draft GRMR. Conclusions were drawn and presented to the
respective banks. As a matter of course, consolidated risk governance is reviewed during
the ICAAP process.
EC2 The supervisor determines that bank’ strategies, policies and processes for the
management of market risk have been approved by the banks’ Boards and that the
Boards oversee management in a way that ensures that these policies and processes are
implemented effectively and fully integrated into the banks’ overall risk management
process.
Description and See also EC 1 above.

findings re EC2
RICAAP provides the parameters for the risk management process under which market
risk falls. GMRM principle 1 requires banks to establish written strategies, policies, and
procedures with the Board’s approval. The Board charges senior management with
monitoring and controlling the risk in accordance with the strategies, policies, and
procedures and fully integrating market risk processes into the bank’s overall risk
management function (paragraph 17).
The adequacy of policies and board approvals are addressed through the CAMELS rating
process/GAR methodology which is conducted onsite as well, on a higher level, through
the ICAAP review process. Examiners are directed to check board approval of risk appetite
and risk tolerance, board approval of strategies, board approval for policies, procedures
and workflows, roles and responsibilities in policies, procedures and workflows, board
approval of the definition of trading book, board oversight of the risk levels, consolidated
level of market risk, periodic reports to board and senior management about risk
management, and board oversight of implementation of policies, procedures and
strategies.
EC3 The supervisor determines that the bank’s policies and processes establish an appropriate
and properly controlled market risk environment including:
a) effective information systems for accurate and timely identification, aggregation,

monitoring and reporting of market risk exposure to the bank’s Board and senior
management;
b) appropriate market risk limits consistent with the bank’s risk appetite, risk profile and
capital strength, and with the management’s ability to manage market risk and which
are understood by, and regularly communicated to, relevant staff;

TURKEY
c) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board, where necessary;
d) effective controls around the use of models to identify and measure market risk, and
set limits; and
e) sound policies and processes for allocation of exposures to the trading book.
Description and RICAAP addresses the elements of a strong risk management function that must be in
findings re EC3 place along with the calculation and support of a well-defined internal capital allocation
process. The Regulation requires banks to establish information systems, control of
transactions and control of communication channels and information systems which are
to be performed within the internal control function. It is the duty of internal audit system
to audit risk measurement models used in the bank.
As indicated in EC 1 above, GMRM paragraph 21 articulates the factors for effective

market risk framework and processes, inter alia:
a) a framework to identify risks;

b) an appropriately detailed structure of market risk limits that are consistent with the
institution’s risk appetite, risk profile and capital strength, and which are understood
by, and regularly communicated to, relevant staff;
c) guidelines and other parameters established by the bank and used to govern market
risk-taking;
d) rules and criteria for allocation of positions to the trading book;
e) appropriate management information system (MIS) for accurate and timely
identification, aggregation, monitoring, controlling, and reporting of market risk,
including transactions between the bank and its affiliates, to the institution’s Board
and senior management;
f) exception tracking and reporting processes that ensure prompt action at the Board or
senior management level, where necessary;
g) effective controls around the use of models to identify and measure market risk;
h) valuation policies, including policies and processes for considering and making
appropriate valuation adjustments for uncertainties in determining the fair value of
assets and liabilities (concentrated or less liquid positions); and
i) action plans for possible concentrated risks (pricing differences, keeping more capital,
more frequent reporting, etc.).
The Regulation on Calculation and Implementation of Net General Position of Foreign

Exchange Over Own Funds Ratio for Banks on Non-Consolidated and Consolidated Basis
(RNFER) sets standards/rules for forex risk. It requires banks to calculate their on- and off-
balance sheet forex positions on a daily basis. The net aggregate position method is used
to calculate the overall forex position. The net general forex position should not exceed
±20 percent of own funds. The BRSA is empowered to determine different ratios for
different banks and banking groups, but has not exercised this power to date. The BRSA
has not prescribed regulatory limits for other elements of market risk. These are generally
left to bank managements’ discretion.

TURKEY
GMRM Paragraph 21 identifies the check points in for use during the CAMELS rating/GAR
GAR methodology process. Besides the GMRM, the GAR methodology directs supervisors,
according to the level and nature of a bank’s market risk activities, to specifically address
accurate and timely identification and monitoring of risk through management
information systems, other checks in addition to regulatory limits and definitions, internal
models on market risk, back testing and validation for internal models on market risk,
measurement methods under ICAAP, controls around measure of market risk, tracking
systems for internal control and audit, the oversight of the of audit committee in this area,
internal controls and audit on market risk, valuation of derivative positions, valuation of
financial assets, valuation policies, business continuity plans, and concentration of risks
within trading book.
Supervisors address this guidance, as relevant, in the CAMELS/GAR process, however as

stated in EC 1 above, market risk otherwise would be captured in conjunction with the
ICAAP review process and overall risk management reviews. (See also BCP # 15 above)
Currently, individual, special market risk examinations have not been conducted, as a
matter of routine. Two targeted market risk examinations were conducted in order to
determine how this risk is measured and managed as well as the level of compliance with
the GMRM regulation. Results of these exams were presented to the banks.
EC4 The supervisor determines that there are systems and controls to ensure that banks’
marked-to-market positions are revalued frequently. The supervisor also determines that
all transactions are captured on a timely basis and that the valuation process uses
consistent and prudent practices, and reliable market data verified by a function
independent of the relevant risk-taking business units (or, in the absence of market prices,
internal or industry-accepted models). To the extent that the bank relies on modeling for
the purposes of valuation, the bank is required to ensure that the model is validated by a
function independent of the relevant risk-taking businesses units. The supervisor requires
banks to establish and maintain policies and processes for considering valuation
adjustments for positions that otherwise cannot be prudently valued, including
concentrated, less liquid, and stale positions.
Description and Please refer to BCP Principle 27, EC 3 for a full discussion on valuation and model
findings re EC4 validation.
RCA Annex 3 regulates principles and procedures for prudent valuation and management
of the trading book for market risk regulatory capital requirement calculations.
GMRM Paragraph 26 states that banks should ensure that transactions are captured on a
timely basis and that marked-to-market positions are revalued frequently. Valuation of
market risk positions should be robust and independent of the risk-taking function. The
valuation process should use reliable market data verified independently of the business
line. In the absence of market prices, internal or industry-accepted models should be
used. Models and supporting statistical analyses used in valuations should be appropriate,
consistently applied, and have reasonable assumptions. These should be independently
validated before deployment. Staff involved in the validation process should be

TURKEY
adequately qualified and independent of those who assume market risks and develop
models. Models should be periodically reviewed. More frequent reviews may be necessary
if there are changes in models or in the assumptions resulting from developments in
market conditions. It should be ensured that these changes are cautiously taken into
consideration by the model.
Additionally, there is a separate Guideline On Fair Value Measurement (GFVM), which

explains the best practices expected from banks regarding the banks’ processes to
measure the fair value of financial instruments and banks’ risk management and control
processes related to fair valuation. In paragraph 23 of GFVM it is also emphasized that a
valuation model must be validated before the implementation as well as after the
implementation by an independent, suitably qualified group prior to usage, with periodic
reviews to ensure the model remains suitable for its intended use. Details regarding a
validation processes is also given in paragraphs 24-28.
GMRM Paragraph 21(h) points out that risk management framework should possess
valuation policies, including policies and processes for considering and making
appropriate valuation adjustments for uncertainties in determining the fair value of assets
and liabilities (concentrated or less liquid positions). GMRM Paragraph 35 states that each
of foreign exchange rates should be considered as a different risk factor in measurement
of foreign exchange risk within market risk. The measurement should also consider the
risks arising from changes in values or asset-liability mismatch.
Valuation adjustments and independent price verification processes are defined in GFVM
paragraph 5(b) and (a). Paragraph 7 requires banks to establish and maintain governance
structures and controls sufficient to provide prudent and reliable valuation estimates.
Principle 6 of GFVM states that banks should have a rigorous and consistent process to
determine valuation adjustments for risk management, regulatory and financial reporting
purposes, where appropriate.
According to Principle 2 of GFVM, a bank should have adequate capacity, including during
periods of stress, to establish and verify valuations for instruments in which it engages.
Senior management should ensure that the bank has the resources and capabilities to
estimate appropriately the inherent risks and the value of financial instruments, including
complex and illiquid instruments. It is also stated that, for exposures that represent
material risk, a bank should have the capacity to produce valuations using alternative
methods in the event that primary inputs and approaches become unreliable, unavailable
or not relevant due to market discontinuities or illiquidity or in stressed market conditions.
GMRM Paragraph 26 and Paragraph 21 point (h) identify the check points for supervisory
review. Besides the GMRM, the CAMEL risk rating/GAR methodology have targeted
questions for valuation including questions on fair value computations, on senior
management oversight about valuation practices, on internal or external audits about
valuation practices and management conducts about the findings, and on quality of risk
management policies, systems and controls about valuation. Market risk is reflected in the
CAMELS rating “S” and determined through GAR, risk matrix, and risk profile processes. As

TURKEY
well, the offsite supervision department receives and monitors regulatory reporting
information on a regular basis, including stress testing results on market risk (FX)
positions.
The assessor team reviewed several examples of special examinations which had as a part
of the process market risk elements. Conclusions, in fact, cited certain issues dealing
transactional deficiencies in the market risk area such as lack of independence in the
model validation process, etc. As well, the team reviewed selected GAR (onsite) activities
in this area which reflected selected market risk exam steps and related documentation.
EC5 The supervisor determines that banks hold appropriate levels of capital against
unexpected losses and make appropriate valuation adjustments for uncertainties in
determining the fair value of assets and liabilities.
Description and RICAAP Article 60(4) states that in case the Agency, within the scope of supervision and
findings re EC5 surveillance activities, detects the probability that the bank cannot meet the internal
capital requirement ratio for the bank's risk profile or detects the probability that the bank
does not hold sufficient capital for each important risk type, it takes the measures deemed
necessary, including directing the bank to increase capital. A Communique on the
“Calculation of Market Risk Measurement Models and Assessment of Risk Measurement
Models” (CMR-RMM) requires BRSA approval for any market risk models used in the
specific calculation of related capital. The BRSA approval is not required if banks chose to
use models for internal risk management or capital management purposes. However,
requests for market risk capital calculation models have not been made to date.
GMRM Paragraph 10 states that the level of market risk and stop/loss thresholds should
be set relative to the amount of market risk capital set aside against unexpected losses. As
well, banks are required to establish the processes of determination of appropriate capital
levels against unexpected losses.
GMRM Paragraph 21(h) and 21(i) require banks to implement valuation policies, including
policies and processes for considering and making appropriate valuation adjustments for
uncertainties in determining the fair value of assets and liabilities (concentrated or less
liquid positions) and action plans for possible concentrated risks (pricing differences,
keeping more capital, more frequent reporting etc.). Paragraph 26 directs that in the
absence of market prices, internal or industry-accepted models should be used. Models
and supporting statistical analyses used in valuations should be appropriate, consistently
applied, and have reasonable assumptions. These should be validated before deployment.
Staff involved in the validation process should be adequately qualified and independent
of those who assume market risks and develop models. Models should be periodically
reviewed.
The abovementioned regulations represent check points for the CAMELS review/on-site
supervision. Besides the GMRM, the CAMEL risk rating process/GAR methodology has
specific questions for valuation and additional capital needs.

TURKEY
In practice, several large banks are using models internally for managing market risks.
A responsibility of the independent risk management function (one of the 3 elements of

internal systems) is to assure model validation. Model validation must be performed by a
department separate from the unit using the model. In some cases, a bank my hire an
external party to conduct the validation process. The BRSA reviews the model validations
as a part of its GAR process but does not deploy specialist expertise to review the integrity
of the validations. No bank has yet formally applied for using market risk models for
capital adequacy purposes which would require BRSA approval.
EC6 The supervisor requires banks to include market risk exposure into their stress testing
programs for risk management purposes.
Description and RICAAP article 43 regulates general requirements that banks must follow for their stress
findings re EC6 testing programs. Article 43(1) requires banks to establish and operate a stress testing
program in order to measure their material risks and vulnerabilities which may arise from
both negative developments peculiar to the bank and the developments in stressed
economic and financial environment. Article 43(4) requires overall firm-wide stress testing
in addition to each material risk type. Article 43(5) states that stress tests on market and
counterparty risk as well as bank's total liquidity risk shall be made simultaneously once a
month or more frequently and results are monitored closely by the top management.
The Guideline On Stress Testing To Be Used By Banks In Capital And Liquidity Planning
(GST) also provides parameters for banks’ stress testing activities and has special
provisions for stress testing on market risk. Paragraphs 91 to 97 deal with stress testing on
market risk. Banks can consider a range of exceptional, but realistic, market shocks or
scenarios for their trading book positions. The Guideline also addresses back testing and
scenario analysis. Tests should be conducted on a bank-wide basis.
The CAMELS rating process/GAR methodology includes evaluation of market risk stress
testing and scenario analysis as well as board and senior management oversight
principles. Currently, the BRSA reviews market risk stress testing in the context of the
overall stress testing conducted for/presented in the ICAAP process. As a part of the GAR
review process, the market risk stress tests may be reviewed, however, specialist expertise
is not deployed to evaluate the scenarios or calculation details of the process.
See also stress testing comments in CP8 EC5.
Principle 22
Comments The BRSA has adopted comprehensive regulation and guidance through which to direct
banks to identify, measure, and monitor their market risk exposures. This includes
parameters for valuation, stress testing, and model use. For examination purposes, these

TURKEY
elements are largely addressed through the CAMELS rating/GAR methodology review
process, and on an overall basis, during the ICAAP review.
Of note, currently, specialist expertise is not deployed to evaluate the scenarios or

calculation details of the stress testing exercises. Examiners review the models used to
measure market risk. However, they also depend substantially on the banks’ model
validation process. To deepen the work and enhance the forward looking aspect, the BRSA
could consider deploying trained specialists to assess stress test approaches and
mathematical integrity and to leverage resulting advice/input on specialized exams. As
well, enhanced examiner expertise in the area of model evaluation could provide added
assurance to the BRSA on the integrity of bank models used.
Principle 23 Interest rate risk in the banking book. The supervisor determines that banks have
adequate systems to identify, measure, evaluate, monitor, report and control or mitigate
interest rate risk64 in the banking book on a timely basis. These systems take into account
the bank’s risk appetite, risk profile and market and macroeconomic conditions.
Essential criteria
EC1 Laws, regulations or the supervisor require banks to have an appropriate interest rate risk
strategy and interest rate risk management framework that provides a comprehensive
bank-wide view of interest rate risk. This includes policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate material sources of interest
rate risk. The supervisor determines that the bank’s strategy, policies and processes are
consistent with the risk appetite, risk profile and systemic importance of the bank, take
into account market and macroeconomic conditions, and are regularly reviewed and
appropriately adjusted, where necessary, with the bank’s changing risk profile and market
developments.
Description and RICAAP article 35(4) directs that banks are obliged to establish and implement an effective
findings re EC1 risk management system for material risks including interest rate risk in the banking book.
Regulation on Measurement and Assessment of the Interest Rate Risk Stemming from the
Banking Book with Standardized Shock Method (RIRRBB) requires banks to have an
appropriate interest rate risk strategy and interest rate risk management framework that
provides a comprehensive bank-wide view of interest rate risk. The Guideline For Interest
Rate Risk Management (GIRRM) enumerates the best practices and processes expected
from banks regarding the management of interest rate risk.
GIRRM directs that interest rate risk (IRR) management systems should include: i) senior
management surveillance, ii) in-bank policy and procedures concerning risk management
which are approved by the board, iii) the process of adequate risk measurement,
monitoring and controlling, and iv) controlling activities. The principles are to be applied
64Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book.
Interest rate risk in the trading book is covered under Principle 22.

TURKEY
on a consolidated and unconsolidated basis and consistent with the size and complexity
of bank’s activities.
GIRRM Principle 4 requires that interest rate risk measurement systems assess the effects
of interest rate changes on earnings and economic value. According to paragraph 30,
banks measurement systems should address all material sources of IRR including re-
pricing, yield curve, basis and option risk components.
GIRRM is also used as a guide during the (GAR) on-site supervision framework.
Furthermore, the GAR methodology includes addressing interest rate risk strategies, risk
appetite, and risk tolerance.
Examiners also assess the level of risks and risk profiles of the banks according to SMRAC
which guides preparation of the risk matrix (level and management of risk). SMRAC has a
special chapter for determining the risk level and the management quality of interest rate
risk in the banking book. According to SMRAC, examiners determine risk profile and
assess the adequacy of policies and procedures, the level of risk appetite, and the quality
of risk measuring, monitoring and control functions including the roles and
responsibilities. The questions in SMRAC are, in general, a subset of the GAR annex. This
process is an output of the CAMELS/GAR methodology. IRR is also monitored regularly by
the offsite monitoring process.
EC2 The supervisor determines that a bank’s strategy, policies and processes for the
management of interest rate risk have been approved, and are regularly reviewed, by the
bank’s Board. The supervisor also determines that senior management ensures that the
strategy, policies and processes are developed and implemented effectively.
Description and RICAAP draws general framework for all internal systems and GIRRM gives specific
findings re EC2 requirements for IRRBB. RICAAP article 5(2) defines the responsibilities of the Board which
includes determination and approval of policies, procedures, strategy for each risk type
and also identification of risk appetite. Article 8(2) also gives the responsibility and duty to
senior management to implement the strategies and policies approved by the Board.
In addition, GIRRM Principle 1 requires banks to have a written strategy, policy and
procedures concerning the interest rate risk management approved by the board of
directors. The board approves and regularly assesses (through the internal systems and
audit committee functions) the relevant IRR activities, strategies and policies. The board
oversees that senior management takes the necessary steps to monitor and control the
risks consistent with the approved strategies and policies. The board is to periodically
review the adequacy of action plans and the results, measurement system and
assumptions concerning stress tests.
Principle 2 requires senior management to ensure that the level of bank's interest rate risk
is effectively managed. They should establish necessary processes to ensure to control
and to keep the risk within limits and enable required resources are available for
performing these processes. They are responsible for maintaining risk limits, establishing
effective internal controls for risk, etc. Paragraph 15 states that senior management

TURKEY
periodically review the policies and procedures concerning the management of interest
rate risk and report the necessary changes to the board of directors with their reasons.
GIRRM Paragraph 22 sets that the policies and procedures of interest rate risk should be
reviewed periodically.
Besides the GIRRM, as part of the CAMEL review/GAR methodology requires the
supervisor to address: board approval for limits on interest rate risk; board and senior
management oversight for interest rate risk; board approval of risk appetite, risk tolerance,
strategies, and policies. It further requires the examiner to check roles and responsibilities
in policies, procedures and workflows and implementation therein.
In practice, the supervisor covers elements of interest rate risk through the GAR process,
as described in EC 1 above, which is conducted onsite but not to the depth of what a
special examination would require. However, specialized examinations of this area are not
yet conducted. There were two targeted reviews in two banks which focused on how IRR
is measured and managed and tested compliance with GIRRBB. Also, off-site analysis is
conducted on all banks to identify the treatment of IRRBB within the scope of
ICAAP.
EC3 The supervisor determines that banks’ policies and processes establish an appropriate and
properly controlled interest rate risk environment including:
a) comprehensive and appropriate interest rate risk measurement systems;

b) regular review, and independent (internal or external) validation, of any models used
by the functions tasked with managing interest rate risk (including review of key
model assumptions);
c) appropriate limits, approved by the banks’ Boards and senior management, that
reflect the banks’ risk appetite, risk profile and capital strength, and are understood
by, and regularly communicated to, relevant staff;
d) effective exception tracking and reporting processes which ensure prompt action at
the appropriate level of the banks’ senior management or Boards where necessary;
and
e) effective information systems for accurate and timely identification, aggregation,
monitoring and reporting of interest rate risk exposure to the banks’ Boards and
senior management.
Description and a) GIRRM Principle 4 states that banks should establish interest rate risk measurement
findings re EC3 systems that include all significant sources of interest rate risk, that assess the effects
of interest rate changes on earnings and economic value, and that are consistent with
the scope and complexity of their activities. The minimum aspects of the system are
presented paragraph 28. GIRRM paragraph 38 requires risk managers and senior
management to review the assumptions in interest rate risk management system at
least annually. Paragraph 41 directs that all the assumptions used in interest rate risk
measurement system are comprehensively justified, are approved by risk
management unit and senior management, and are reviewed at least annually.

TURKEY
b) Paragraph 68 of the GIRRM directs that the frequency and extent to which a bank
should re-evaluate its risk measurement methodologies and models depend, in part,
on the particular interest rate risk exposures created by holdings and activities, the
pace and nature of market interest rate changes, and the pace and complexity of
innovation with respect to measuring and managing interest rate risk. Further, banks
should have measurement, monitoring and control functions that are reviewed
regularly. The staff carried out the independent review should ensure that risk
measurement system include all the important components of interest rate risk
management arising from on and off balance sheet positions. Reviewing process
should include, inter alia, the accuracy and relevancy of modelling assumptions. See
also BCP Principle 27, EC 3.
RICAAP, the overall guiding risk management document, Article 58(1) states that an
independent team shall validate the risk measurement methodology used in economic
or/and regulatory capital management process within the ICAAP process. Independence
means that the team should be independent from the units that developed the models or
the executive units. Moreover, RICAAP Article 58(2) points out that banks can use external
expertise in case there is insufficient scope for internal validation.
c) c) Principle 6 gives directions regarding the interest rate risk limits. Banks should
determine interest rate risk limits appropriate to the internal risk management
policies and implement these limits. Limits should be consistent with the overall
approach to measuring interest rate risk. These limits should be established in
conformity with the bank’s size nature and capital adequacy. The responsible senior
manager should immediately be informed about the limit exceptions. Risk tolerance
should be identified. Paragraph 19 requires banks to identify the specific actions
necessary for exceptions to limits.
GIRRM Principle 9 requires banks to establish adequate and effective internal control
systems for the interest rate risk management process. Internal control systems should
include an independent review and assessment that will be carried out by internal audit
unit to measure the effectiveness of system regularly and to ensure the improvement of
internal control if necessary.
d) d) GIRRM paragraph 32 points out that banks should establish reliable management
information systems to measure, monitor, control and report interest rate risk. The
results of risk monitoring and measuring concerning interest rate risk should be
reported to the board of directors, senior management and relevant business line
managers in time. Paragraphs 61 and 62 articulates the content of the necessary
reporting.
The CAMELS review/GAR methodology addresses elements of re-pricing risk, yield curve
risk, basis risk and optionality risk; interest rate risk ratios; behavioral analysis of
optionality; effect of interest rate risk on income; interest rate risk in the banking book
under ICAAP; model validation for interest rate risk under ICAAP; internal control and
audit for interest rate risk; the effect of interest rate risk on capital; reporting to board and

TURKEY
senior management; internal models or approaches for measurement and monitoring of

interest rate risk; independent evaluation of internal models and approaches; effectiveness
of management information systems for interest rate risk; and consolidated monitoring
techniques for interest rate risk.
From the IT point of view, banks’ information systems must meet the standards set in
RITEA. For example, according to article 25 (2)(c) of RITEA banks’ processes regarding
accounting processes regarding interest rate income and expenditure are audited by
external auditors and results of this audit are submitted to BRSA. If any deficiencies
regarding standards laid down in RITEA are observed during the IT audits conducted by
external auditors those deficiencies are taken into account within the scope of the
CAMELS review/examinations.
EC4 The supervisor requires banks to include appropriate scenarios into their stress testing
programs to measure their vulnerability to loss under adverse interest rate movements.
Description and See also BCP 8, EC 5 for comments on stress testing integrity.
findings re EC4
RICAAP article 43 directs that banks shall establish and operate a stress testing program in
order to measure its material risks and vulnerabilities which may arise from both negative
developments peculiar to the bank and the developments in stressed economic and
financial environment. More specific guidance to stress testing of interest rate risk is given
in GIRRM and GST.
GIRRM Principle 7 states that banks should measure the effects of losses that may arise
under certain stress conditions including that the assumptions considered in interest rate
risk measurement may not reflect the truth.
GIRRM Paragraph 35 indicates that banks should use multiple scenarios including the
possible interactions (for example yield curve risk and basis risk) across different interest
rates as well as for changes in the overall level of interest rates. GIRRM paragraph 36
directs that projected/possible shifts in customer behavior—and potential responses to
those shifts by the bank—should also be stressed/modeled. Also, GIRRM paragraph 37
states that banks consider the expectations concerning the possible path of interest rate
in the future. Banks should use their own as well as the BRSA’s designated scenarios to
determine shocks per material each currency on the bank’s books.
The CAMELS review/GAR methodology directs review of scenario analysis, simulations and
stress testing for interest rate risk.
Additional
criteria
AC1 The supervisor obtains from banks the results of their internal interest rate risk
measurement systems, expressed in terms of the threat to economic value, including
using a standardized interest rate shock on the banking book.

TURKEY
Description and
findings re AC1
AC2 The supervisor assesses whether the internal capital measurement systems of banks
adequately capture interest rate risk in the banking book.
Description and
findings re AC2
Principle 23
Comments BRSA supervision of interest rate risk is addressed through several activities. It is reviewed
as a part of the overall ICAAP review process and captured as an input in the stress testing
conducted therein. As well, the supervisor covers elements of interest rate risk through the
GAR process, as described in EC 1 above, which is conducted onsite but not to the depth
of what a special examination would require. However, specialized examinations of this
area are not yet conducted.
The BRSA should develop specialized examination procedures for interest rate risk where
it identifies increasing or high risk areas. The BRSA should use specialized expertise with
which to evaluate scenarios and assumptions used for more complex stress testing as well
as to review model validations during onsite examinations or, as an offsite exercise.
Principle 24 Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which
can include either quantitative or qualitative requirements or both) for banks that reflect
the liquidity needs of the bank. The supervisor determines that banks have a strategy that
enables prudent management of liquidity risk and compliance with liquidity requirements.
The strategy takes into account the bank’s risk profile as well as market and
macroeconomic conditions and includes prudent policies and processes, consistent with
the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or
mitigate liquidity risk over an appropriate set of time horizons. At least for internationally
active banks, liquidity requirements are not lower than the applicable Basel standards.
Essential criteria
EC1 Laws, regulations or the supervisor require banks to consistently observe prescribed
liquidity requirements including thresholds by reference to which a bank is subject to
supervisory action. At least for internationally active banks, the prescribed requirements
are not lower than, and the supervisor uses a range of liquidity monitoring tools no less
extensive than, those prescribed in the applicable Basel standards.
Description and The BRSA has set up a comprehensive framework for liquidity regulation, monitoring, and
findings re EC1 bank responsibilities. The framework is grounded in the provisions of the BL and are
further expanded in regulation and guidance. The requirements contained therein as well
as the requirements under development are consistent with, and in some cases, more

TURKEY
strict than international standards. A wide range of monitoring tools are in place at the
BRSA for monitoring banks’ liquidity positions and funding experience.
According to the Article 46 (Adequacy of Liquidity) of the BL, banks are required to
calculate, achieve, perpetuate and report the minimum liquidity level in accordance with
the principles and procedures to be set by the BRSB which are put forward in the
Regulation on Measurement and Evaluation of Liquidity Adequacy of Banks (RLA) in 2006.
The objective of this Regulation is to regulate banks’ procedures and principles for
achievement and maintenance of adequate levels of liquidity in order to meet their
liabilities with their assets.
In March 2014, in compliance with the Basel III LCR document65, BRSA issued a Regulation
on Liquidity Coverage Ratio (RLCR). The aim of RLCR is to determine the procedures and
principles regarding banks’ having high quality liquid assets stock at a sufficient level to
cover their net cash outflows in order to designate a minimum liquidity level, both at a
consolidated and solo basis in terms of FX and total. After in-depth analysis, in line with
the Basel framework, BRSB approved that deposit banks would calculate and achieve at
least 60% LCR and 40% FX LCR throughout 2015 and these ratios would increase 10 basis
points each year until 2019 and be 100% and 80% respectively unless otherwise indicated.
Right now, for 2016, deposit banks are required to achieve at least 70% LCR and 50% FX
LCR. Until January 1, 2017, consolidated LCR and FX LCR may be calculated as of the last
day of the month. Beginning from 2017, consolidated LCR and FX LCR may be computed
for each day and monthly arithmetic average is calculated. This approach is also in
compliance with the Basel III LCR document as well as Basel III LCR disclosure document.
On the other hand, BRSB decided that until an appropriate LCR is determined for
investment and development banks, they would calculate and report their LCRs to the
BRSA but they do not have to meet the required LCR. On the other hand, those banks
would continue to be subject to the provisions of RLA until otherwise approved by the
BRSB.
Basel III LCR document set the minimum factors, cash outflow and inflow rates. This
means that jurisdictions are entitled to set the factors and rates which would not be less
than the international requirements. The Annex 1 and Annex 2 of RLCR, where factors,
cash outflow and cash inflow rates for each high quality liquid asset and other items are
explicitly stated, were designed after in depth analysis of the banking sector. Areas where
Turkish LCR rules are stricter than the Basel standards are as follows:
 The Basel standard allows supervisors to determine inflow percentages for other
contractual cash inflows, as appropriate for each type of inflow. The BRSA has set 0%
inflow rate for other contractual cash inflows.
65Reference Document: Basel III: The Liquidity Coverage Ratio and liquidity risk monitoring tools, January 2013, BCBS.

TURKEY
 Even though Basel standards require LCR standard and monitoring tools to be
applied to internationally active banks, BRSA requires RLCR provisions to be applied
by all banks except for investment and development banks until an appropriate level
for LCR is determined. There is ongoing work to determine an appropriate LCR for
investment and development banks.
 The BRSA requires banks to calculate, report and disclose FX liquidity coverage ratio
on both solo and consolidated basis as a regulatory standard ratio. Moreover, total
LCR is also calculated, reported and disclosed on solo basis.
BRSB will decide when the first implementation date will be (2017 or 2019) as well as
whether gradual approach would be preferred for those banks after reviewing the LCRs
and banks’ risk profiles.
In addition to the minimum standard for the LCR, the Basel III LCR document also outlines
the metrics to be used to monitor liquidity risks (“the monitoring tools”). The monitoring
tools supplement the LCR standard and are a cornerstone for supervisors in assessing the
liquidity risk of a bank. A list of the monitoring tools prescribed in the BCBS Basel III LCR
document and the most important corresponding monitoring tools, their preparation and
submission frequencies prescribed by the BRSA is given below:

TURKEY
BCBS BRSA’s corresponding Effective since Frequency of Frequency of

monitoring reporting template preparation submission to the
tool BRSA
1 Contractual Statement of liquidity 6 December Weekly Within 3 business

. maturity risk analysis – 2013 days
mismatch According to cash flow
2 Concentration Statement of deposits Introduced in Monthly Within 18 business

. of funding – According to the 2006, revised in days
size, type, number of 2010, last
customers revision 1 March
2013
Introduced in
Statement of securities
2002, revised in Within 18 business
issuances Monthly
2014 days
27 December
Statement of repo 2002
transactions Within 3 business
Weekly days
27 December
Statement of cross- 2002
border liabilities Within 3 business
Weekly days
3 Available Statement of securities Introduced in Daily Daily

. unencumbere – detailed 2002, revised in
d assets 2007
27 December
Statement of
2002 Weekly Within 3 business
securities – weekly days
4 LCR by FX LCR 1 January 2014 Weekly Within 3 business

. significant days
currency

TURKEY
There are two more monitoring tools. First one is market-related monitoring tools (where
supervisors can monitor market-wide information, information on the financial sector,
bank-specific information). For the market-related monitoring tools, as proposed by the
Basel standard both BRSA and CBRT use several market wide information as early warning
indicators in monitoring potential liquidity difficulties at banks. Market-wide information
and information on the financial sector are monitored by both BRSA and CBRT.
Of note, in 2015 the BRSA underwent a Regulatory Consistency Assessment of its Basel III
LCR regulations for which it received a “compliant” rating.
As for the bank-specific information, BRSA prepares regular off-site surveillance reports
on banks liquidity position and shares these with on-site supervisors. On the other hand,
BRSA conducts liquidity stress tests depending on market conditions when needed. In
addition to that, banks are required to monitor market related information on equity
prices, CDS spreads, money-market trading prices, the situation of roll-overs and prices
for various lengths of funding according to Guideline on Liquidity Risk Management
(GLRM).
The second one is Basel guidance on monitoring tools for intraday liquidity management.
The BCBS issued a guidance on monitoring tools for intraday liquidity management in
April 2013. In compliance with the requirements of this guidance, the BRSA has initiated a
study and consulted the industry in 2015 on its proposal to implement in Turkey.
Throughout 2015, meetings have taken place between the BRSA, CBRT and the banks to
discuss the implementation of this new reporting requirement. BRSA’s goal is to
implement the intraday liquidity management in Turkey before the end of 2016, prior to
the time limit set by the BCBS of January 2017.
In addition to BL, RLCR and RLA, a best practice guideline on liquidity risk management is
issued which is based on Article 35 of RICAAP. GLRM is a principle based comprehensive
guideline explaining the best practices and processes expected from banks regarding the
management of liquidity risk. It is prepared based on the paper “Principles for Sound
Liquidity Risk Management and Supervision” of BCBS and countries’ best practices.
Liquidity is reflected in the “L” in CAMELS. However, there is no concretely defined

threshold that triggers supervisory action. However, supervisory concern is elevated if
negative trends are detected through off-site monitoring or the GAR process. This may
trigger further review of liquidity levels and management in a specialized examination. See
EC 4 for further detail on the supervisory process.
EC2 The prescribed liquidity requirements reflect the liquidity risk profile of banks (including
on- and off-balance sheet risks) in the context of the markets and macroeconomic
conditions in which they operate.
Description and According to RICAAP Article 35(4) banks are obliged to establish and implement an
findings re EC2 effective risk management system for material risks including liquidity risk.

TURKEY
The GLRM, paragraph 22, 23 directs that a bank’s board should approve liquidity risk
management strategies, policies and procedures established by senior management and
review the approved strategy at an acceptable frequency within the economic, financial
and operational standards and general strategy of bank (GLRM, Paragraph 23).
Further, GLRM Paragraph 16 states that banks should determine their vulnerabilities by
using the quantitative measures about concentration of funding in various maturity,
contingent liquidity obligations arising from off-balance sheet activities, maturity and
currency mismatches, and liquid asset holdings.
GLRM Principle 3 states that the liquidity risk appetite approved by the board of directors
should reflect the banks’ willingness under both normal and stressed economic
conditions. In addition, GLRM Principle 1 points out that the liquidity risk framework of a
bank should include a liquidity cushion that ensures it maintains sufficient liquidity in all
economic conditions.
The above requirements are part and parcel to the CAMELS review/GAR process. The
criteria contained therein plus the elements included in the GLRM are part and parcel to
the review.
For further expansion of the supervisory process, see EC 1 above and EC 4 below.
EC3 The supervisor determines that banks have a robust liquidity management framework that
requires the banks to maintain sufficient liquidity to withstand a range of stress events,
and includes appropriate policies and processes for managing liquidity risk that have been
approved by the banks’ Boards. The supervisor also determines that these policies and
processes provide a comprehensive bank-wide view of liquidity risk and are consistent
with the banks’ risk profile and systemic importance.
Description and GLRM Principle 1 requires banks to establish a robust liquidity risk management
findings re EC3 framework including the strategy, policy and procedures that ensure they maintain their
businesses soundly.
GLRM paragraph 6 states that banks should establish liquidity risk management
framework considering that it can maintain its business positively under periods of
liquidity stress the source of which may be bank-specific or market-wide and it can meet
the daily liquidity needs.
According to GLRM Paragraph 13, while establishing a risk appetite, the board of directors
should consider different factors including business objectives, strategic direction,
financial structure, share in financial system, funding capacity and overall risk appetite. In
addition, (GLRM, Paragraphs 17 and 18) the board is also responsible for establishing a
liquidity risk management structure appropriate for the bank's activities, scale, complexity,
and size and for reviewing the appropriateness of the liquidity risk management structure
in the light of developments and changes in scope of bank’s business. Another
responsibility of the board in this sense, is establishing a structure to ensure that internal

TURKEY
audit should regularly review the implementation and effectiveness of liquidity risk
management.
The CAMELS review/GAR process directs the supervisor to evaluate, inter alia, board
approval for policies, procedures and workflows; management roles and responsibilities in
policies, procedures and workflows; board oversight of implementation; and board
approval of strategies. In addition, the supervisor will review the ICAAP process as it
pertains to liquidity and also the LCR level and trends.
As stated, stress testing is required by the GLRM. Overall institutional stress testing is
conducted as a part of the ICAAP process. More specifically, banks are required to stress
their liquidity positions and the BRSA will review how those stress tests are used in the
management process.
EC4 The supervisor determines that banks’ liquidity strategy, policies and processes establish
an appropriate and properly controlled liquidity risk environment including:
a) clear articulation of an overall liquidity risk appetite that is appropriate for the banks’
business and their role in the financial system and that is approved by the banks’
Boards;
b) sound day-to-day, and where appropriate intraday, liquidity risk management
practices;
c) effective information systems to enable active identification, aggregation, monitoring
and control of liquidity risk exposures and funding needs (including active
management of collateral positions) bank-wide;
d) adequate oversight by the banks’ Boards in ensuring that management effectively
implements policies and processes for the management of liquidity risk in a manner
consistent with the banks’ liquidity risk appetite; and
e) regular review by the banks’ Boards (at least annually) and appropriate adjustment of
the banks’ strategy, policies and processes for the management of liquidity risk in the
light of the banks’ changing risk profile and external developments in the markets
and macroeconomic conditions in which they operate.
Description and The BRSA’s liquidity framework addresses each of the elements enumerated above. Please
findings re EC4 also refer to EC 1-3 above. Liquidity is comprehensively addressed through both the
offsite and onsite (CAMELS review/GAR process) supervisory processes as well as through
any specialized examinations deemed necessary. See the description below of the
supervisory practice in this area.
As mentioned in paragraph 13 of GLRM; the board of directors should develop their

liquidity risk appetite in light of the bank's business objectives, strategic direction,
financial structure, size in financial system, funding capacity and overall risk appetite.
GLRM Paragraph 29 determines that the liquidity risk management policy should take
account of a bank's liquidity needs under normal and stressed conditions and cover, at a
minimum, the following key aspects:

TURKEY
 Liquidity risk appetite established by the board of directors;
 Liquidity risk management strategy—set out the general approach to liquidity

(including goals and objectives ) and the liquidity risk management policies on
particular aspects;
 Liquidity risk management responsibilities including clearly defined authority and

responsibilities of staff /unit /committee;
 Liquidity risk management systems: the systems and tools for measuring, monitoring
and controlling liquidity risk:
a) the setting of various liquidity limits and ratios (e.g., target liquidity ratio, maturity and
currency mismatch limits, loan to deposit ratio, concentration risk limits),
b) the framework for conducting cash-flow analysis under normal and stressed
economic conditions, including the techniques and behavioral assumptions used, and
c) reporting system of monitoring liquidity risk management;
 Contingency plan: the approach and strategies for dealing with various types of
liquidity crisis;
 The new product approval process, liquidity costs in pricing and performance
measuring, risks and profits (Liquidity Transfer Pricing).
According to GLRM Paragraph 24, the board of directors should be informed immediately
of new and emerging concerns mentioned below:
 increasing funding costs over thresholds,
 the growing size of a funding gap in different maturities,
 concentrations in funding sources,
 negative developments in the markets from which significant funding provided,
 drying up of alternative funding sources,
 material or persistent breaches of limits,
 a significant change/decline in the cushion of unencumbered, highly liquid assets,
 increasing additional margin calls arising from the potential decline in the market
price of collateral assets, and
 changes in external market conditions which should signal future difficulties.
a) GLRM Principle 5 states that a bank should have a sound process for identifying,
measuring, monitoring and controlling liquidity risk including projecting cash flows
arising from assets, liabilities and off-balance sheet items over an appropriate set of
time horizons. GLRM Paragraphs 34 to 43 articulate the details of liquidity metrics and
measurement tools, risk limits, and early warning indicators.

TURKEY
b) GLRM Principle 10 is about Intraday Liquidity Risk Management and requires banks to
actively manage their intraday liquidity to meet payment and settlement obligations
on a timely basis under both normal and stressed economic conditions (paragraphs
169-175).
In addition to GLRM Paragraph 6, various paragraphs require banks to manage liquidity

on a daily basis including monitoring funding requirements and measuring daily cash
flows (Paragraphs 52, 57, 59, 94, 147, and 172)
c) GLRM Paragraph 44 states that banks should have a reliable management

information system designed to provide the board of directors, senior management
and other responsible staff with timely and forward-looking information. From GLRM
Paragraph 45 (what the information systems enable banks to do) to Paragraph 51,
many aspects of information systems are listed including its importance in
securitizations or other financial instruments (Paragraph 46), its help for statistical or
behavioral analysis (Paragraph 47), reporting purposes (Paragraphs 48 and 49).
In practice, BRSA reviews liquidity adequacy of banks and assesses the quality of liquidity
management as well as banks’ internal liquidity assessments through several means. As
mentioned above, the ongoing offsite monitoring process is comprehensive. As well,
evaluation of liquidity, both the level and management of, is a part of the CAMELS
review/GARS process conducted each supervisory cycle. Through this process, the
supervisors review any changes in the bank’s stated risk appetite, policies and procedures,
level of risk, and any changes in the bank’s overall business strategy. If elevated liquidity
risk is identified, then the supervisors will initiate a more detailed review of the area. Two
such specialized examinations were conducted in 2015.
A more detailed review of liquidity management through specialized examinations was

reviewed to test implementation. Such specialized reviews begin with the IRA process
(identified risk assessment). Relevant regulatory ratios will be reviewed, recent cost of
funds trends (in light of the interest rate environment), any previous actions or
observations. This helps feed the scope of the specialized examination.
In the specialized examination, the supervisor looks at the funding base and the mix of
sources (for example, deposits, repurchase agreements, borrowings including securities
issued, etc.). Large deposits (concentrations of funds providers) will be reviewed, rates
paid, deposit volume and rates, available collateral, as well as the liquidity coverage ratio
calculated by the bank. Scenarios can cover variable deposit outflows, movement in
correspondent bank accounts, change in loan volume and off-balance sheet
commitments, etc. Any relevant subsidiaries and their potential cash needs will be
included. MIS will be reviewed as well as processes which might deserve increased internal
control or internal audit involvement (such as manually prepared reports, monitoring
tools, or transactions). If the bank has an oversight committee such as a Liquidity Risk

TURKEY
Committee, the supervisors may review its function. Contingency funding/liquidity plans
will also be evaluated.
However, issues were identified, similar to those cited in CP 17, regarding the need for
examiners to go further with their evaluations to assess the implications on internal
systems and the bank(s) governance processes. For instance, the impact of a bank’s
funding positions, and shifts therein, relative to the configuration of the balance sheet
(high asset growth, nature and risk of growth, overall credit quality, loan: deposit ratio,
etc.) should be evaluated and clearly presented. Linkages to conclusions on management
and internal systems should be more explicitly provided.
EC5 The supervisor requires banks to establish, and regularly review, funding strategies and
policies and processes for the ongoing measurement and monitoring of funding
requirements and the effective management of funding risk. The policies and processes
include consideration of how other risks (e.g., credit, market, operational and reputation
risk) may impact the bank’s overall liquidity strategy, and include:
a) an analysis of funding requirements under alternative scenarios;

b) the maintenance of a cushion of high quality, unencumbered, liquid assets that can
be used, without impediment, to obtain funding in times of stress;
c) diversification in the sources (including counterparties, instruments, currencies and
markets) and tenor of funding, and regular review of concentration limits;
d) regular efforts to establish and maintain relationships with liability holders; and
e) regular assessment of the capacity to sell assets.
Description and The GLRM addresses each of the funding parameters listed above. For example:
findings re EC5
Paragraph 12 requires that senior management and the board of directors should have an
adequate understanding of the close links between funding liquidity risk and market
liquidity risk as well as how other risks (e.g., credit, market, operational and reputation
risks) interact with liquidity risk and affect the liquidity risk management strategy.
According to GLRM Paragraph 52, banks should adopt a cash-flow approach in liquidity
management that includes conducting regular cash-flow analysis on a range of stress
scenarios. Net funding requirements are detailed in paragraphs 57-62. GLRM (Paragraphs
131, 135, and 137) states that banks should analyze the funding requirements under
various stress scenarios including bank-specific scenarios, general market crisis scenarios,
and combined scenarios.
GLRM Paragraph 91 requires banks to identify alternative funding sources that may be
used to generate liquidity in case of needs, and assess the effectiveness of using such
sources in different situations. Banks should assess the effectiveness of selling assets
under various situations.
GLRM Principle 8 requires banks to maintain a cushion of unencumbered, high quality

liquid assets to be held as insurance against a range of liquidity stress scenarios including
those that involve the loss or impairment of unsecured and typically available secured

TURKEY
funding sources. Paragraphs 144 to 157 clarify the properties of liquidity cushion
including size and composition of cushion, characteristics of liquid assets, and operational
requirements.
GLRM has a separate chapter for funding diversification and market access. Principle 6
says that banks should establish a liquidity strategy to diversify the funding sources and
maturity effectively and be in a sound relationship with fund providers and strengthen
presence in chosen funding markets in order to ensure funding diversification.
Paragraph 79 requires banks to determine the concentration limits for each funding
sources, assets and maturity segments. In determining the concentration limits, banks
should take into account the type of asset and market; the nature of counterparty, issuer
and fund provider; maturity; currency; geographical location and economic sector. Banks
should avoid any potential concentrations in their reliance on particular funding markets
or sources.
GLRM Paragraph 97 states that banks should identify and build strong relationships with
current and potential investors and providers, even in funding markets facilitated by
brokers and other third parties.
In Paragraph 92 the importance of market access is emphasized, senior management is

made responsible to ensure that market access is being actively managed, monitored and
tested by appropriate staff or unit. The following paragraphs 93-96 are related to market
presence where the banks are asked to review their established systems and test their
presence by borrowing funds even without need.
The CAMELS review/GAR process covers a host of issues addressing funding capacity,
planning and stress testing. In addition, the sample specialized examination described in
EC 4 above specifically evaluated the funding mix, shifts, contingency plans, and
alternative sources of funding. Concentrations of funding were evaluated as was overall
pricing and any potential shifts in market access.
EC6 The supervisor determines that banks have robust liquidity contingency funding plans to
handle liquidity problems. The supervisor determines that the bank’s contingency funding
plan is formally articulated, adequately documented and sets out the bank’s strategy for
addressing liquidity shortfalls in a range of stress environments without placing reliance
on lender of last resort support. The supervisor also determines that the bank’s
contingency funding plan establishes clear lines of responsibility, includes clear
communication plans (including communication with the supervisor) and is regularly
tested and updated to ensure it is operationally robust. The supervisor assesses whether,
in the light of the bank’s risk profile and systemic importance, the bank’s contingency
funding plan is feasible and requires the bank to address any deficiencies.
Description and GLRM has a separate chapter for contingency funding plan (CFP) which is defined in
findings re EC6 article 3 and explained in detail in article 13 of RICAAP. GLRM, Principle 12 requires banks
to have a formal CFP that clearly sets out the strategies for addressing liquidity shortfalls

TURKEY
in emergency situations. GLRM Paragraph 184 points out that the board of directors
should approve the CFP.
GLRM Paragraph 186 states that the CFP should contain a set of policies, procedures and
action plans that prepare a bank to deal with the relevant liquidity stress events assumed
in the stress tests with clearly established lines of responsibility and invocation and
escalation procedures. GLRM Paragraph 187 ensures that the CFP should be
commensurate with a bank's complexity, risk profile, scope of operations and role in the
financial system. The design of a CFP, including its action plans and procedures, should be
closely integrated with the bank's ongoing analysis of liquidity risk, and with the results of
the scenarios and assumptions used in stress tests.
GLRM Paragraph 189 points out that the CFP should articulate available potential
contingency funding sources, along with the estimated amount of funds that can be
derived from these sources, their expected degree of reliability, under what conditions
these sources should be used and the lead time needed to tap additional funds from each
of the sources.
GLRM Paragraphs 193 and 194 state that lender of last resort support should be
considered as secondary sources of liquidity and banks should not assume that such
support is automatically available to them during a crisis even if they have the eligible
collateral.
GLRM Paragraph 196 says that the CFP should contain clear policies and procedures
enabling a bank's management to make timely and appropriate decisions, communicate
the decisions effectively and execute contingency measures swiftly and proficiently.
Additionally, the roles and responsibilities and internal procedures for crisis management
should be defined.
GLRM Paragraph 200 points out that banks should develop a communication plan to
deliver on a timely basis clear and consistent communication to internal and external
parties including the central bank, the agency, correspondents and custodians, relevant
local or overseas public authorities, major counterparties and customers, payment systems
and other relevant parties.
GLRM Paragraph 202 states that the CFP should be subject to regular testing to ensure its
effectiveness and operational feasibility, particularly in respect of the availability of the
contingency sources of funding listed in it. GLRM Paragraph 205 ensures that senior
management should review and update the CFP regularly, at an acceptable frequency or
more often as business or market circumstances change, to ensure that it remains robust
over time. Also, any changes to the CFP should be properly documented and approved by
the board of directors.
The CAMELS review/GAR process directs the examiner to consider the following when
evaluating the CFP including capital for liquidity risk under ICAAP; roles and
responsibilities under contingency plan; operational risks emerged from deposit and
money market operations; funding risk concentrations and impact on the contingency

TURKEY
plan. Contingency funding plans are reviewed during the CAMELS process and as a part of
any specialized examinations in this area.
EC7 The supervisor requires banks to include a variety of short-term and protracted bank-
specific and market-wide liquidity stress scenarios (individually and in combination), using
conservative and regularly reviewed assumptions, into their stress testing programs for
risk management purposes. The supervisor determines that the results of the stress tests
are used by the bank to adjust its liquidity risk management strategies, policies and
positions and to develop effective contingency funding plans.
Description and According to article 43 of RICAAP, banks shall establish and operate a stress testing
findings re EC7 program in order to measure its material risks and vulnerabilities which may arise from
both negative developments peculiar to the bank and the developments in stressed
economic and financial environment. More specific guidance to stress testing of liquidity
risk is given in GLRM and GST.
GLRM has a separate section for stress tests. Principle 7 states that banks should conduct
stress tests on a regular basis for a variety of short-term and protracted institution-specific
and market-wide stress scenarios individually or in combination, to identify sources of
potential liquidity strain and to ensure that current on- and off-balance sheet positions
remain in accordance with banks' established liquidity risk appetite. The outcomes should
be used to adjust liquidity risk management strategies, policies and positions and to
develop effective contingency plans. Paragraph 101 ensures that banks should evaluate
the impact of scenarios of stressed economic conditions on consolidated and
unconsolidated basis.
Additionally, GST has a special reference to liquidity risk. Paragraphs 140 to 149 deal with
stress testing on liquidity risk.
As mentioned above, review of a bank’s stress tests are an important part of the ICAAP
review process (which includes important liquidity considerations), the liquidity review
under CAMELS, and as a part of any targeted specialized examinations. The examiners
review the scenarios used by the bank and determine if the results are used for
management purposes. They also evaluate how results are factored into the contingency
plan.
EC8 The supervisor identifies those banks carrying out significant foreign currency liquidity
transformation. Where a bank’s foreign currency business is significant, or the bank has
significant exposure in a given currency, the supervisor requires the bank to undertake
separate analysis of its strategy and monitor its liquidity needs separately for each such
significant currency. This includes the use of stress testing to determine the
appropriateness of mismatches in that currency and, where appropriate, the setting and
regular review of limits on the size of its cash flow mismatches for foreign currencies in
aggregate and for each significant currency individually. In such cases, the supervisor also
monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s

TURKEY
ability to transfer liquidity from one currency to another across jurisdictions and legal
entities.
Description and GLRM has a separate section for Foreign Currency Liquidity Management. Paragraph 69
findings re EC8 points out that banks should have adequate systems in place for measuring, monitoring
and controlling their liquidity positions in each major currency in which they have
significant activity or exposure. Paragraph 71 states that banks should formulate liquidity
strategies and policies for all significant currencies and the effectiveness of such strategies
and policies should be regularly reviewed. Paragraph 73 clarifies that banks should assess
aggregate foreign currency liquidity needs under both normal and stressed business
conditions and control currency mismatches within acceptable levels. According to
paragraph 75, banks should set and regularly review the limits to control the size of
cumulative net mismatches over particular time bands (one day, seven days and one
month) for significant currencies.
Moreover, GLRM paragraph 103 ensures that stress tests should be performed for
separately for significant currencies as well as for all currencies in aggregate.
Many banks in the system run large USD banking books and have meaningful foreign
currency exposures. To a large extent, these exposures are hedged, though the hedges
may be of shorter maturities than the exposures, creating roll over risk which it is
important to assess and to manage. The supervisory process, both in the CAMELS
review/GAR methodology process and in the specialized examinations as well as through
offsite monitoring, is required to address foreign currency exposure management.
Additional
criteria
AC1 The supervisor determines that banks’ levels of encumbered balance-sheet assets are
managed within acceptable limits to mitigate the risks posed by excessive levels of
encumbrance in terms of the impact on the banks’ cost of funding and the implications
for the sustainability of their long-term liquidity position. The supervisor requires banks to
commit to adequate disclosure and to set appropriate limits to mitigate identified risks.
Description and
findings re AC1
Principle 24
Comments The BRSA has set up a comprehensive framework for liquidity regulation, monitoring, and
assignment of bank responsibilities. Regulation is in some cases more rigorous than
international benchmarks. A wide range of tools is in place for monitoring banks’ liquidity
positions and funding experience. The CAMELS review/GAR methodology addresses
liquidity, and specialized examinations are conducted when a change in trends or strategy
is detected. As well, the BRSA underwent a Regulatory Consistency Assessment of its Basel
III LCR regulations for which it received a “compliant” rating.

TURKEY
However, review of onsite documents indicated that conclusions regarding liquidity,

funding stability, and management processes stopped short of considering other areas of
the balance sheet, growth trends, asset quality, and management processes, etc to
support conclusions. Such issues are critical to the overall review process and should be
captured and clearly conveyed in examination documents to supported supervisory
observations. This is particularly important given that some banks may have tight liquidity
positions including relatively high loan to deposit ratios.
The central bank has taken a number of steps in recent years to support the strengthening
of foreign currency funding. There appears to be an opportunity to strengthen liaison
between the BRSA and the CBRT on the monitoring and management of foreign liquidity
risk. Given the potential foreign exchange roll over risk residing in banks’ positions,
consideration could be given to increasing the ultimate target for the FX LCR from 80% to
100% to further strengthen the management of liquidity risk.
Principle 25 Operational risk. The supervisor determines that banks have an adequate operational risk
management framework that takes into account their risk appetite, risk profile and market
and macroeconomic conditions. This includes prudent policies and processes to identify,
assess, evaluate, monitor, report and control or mitigate operational risk66 on a timely
basis.
Essential criteria
EC1 Law, regulations or the supervisor require banks to have appropriate operational risk
management strategies, policies and processes to identify, assess, evaluate, monitor,
report and control or mitigate operational risk. The supervisor determines that the bank’s
strategy, policies and processes are consistent with the bank’s risk profile, systemic
importance, risk appetite and capital strength, take into account market and
macroeconomic conditions, and address all major aspects of operational risk prevalent in
the businesses of the bank on a bank-wide basis (including periods when operational risk
could increase).
Description and BRSA published GORM, 2015, that is prepared based on “Principles for the Sound
findings re EC1 Management of Operational Risk” and other countries’ best practices. The principles
contained in this guideline present a comprehensive approach to addressing operational
risk within banks. It is prepared as a reference to effectively implement and establish
operational risk management systems. As with all regulatory issuances, GORM is intended
to be adapted to each bank’s level of size, activity and complexity.
Principle 6 of GORM requires banks to have a risk management process and appropriate
means to be able to regularly identify, measure, assess, monitor and control the
operational risk exposure due to their products, activities, processes and systems.
66The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. The definition includes legal risk but excludes strategic and
reputational risk.

TURKEY
According to Principle 1 of GORM, a bank’s operational risk management framework

should determine that operational risks are consistently and comprehensively identified,
assessed, controlled, mitigated, monitored and reported. BRSA requires banks to
implement the operational risk management framework considering; i) organizational
structure (board oversight, senior management, business lines, independent corporate risk
management unit, internal control and internal audit), ii) risk culture iii) operational risk
management strategies, policies and procedures (including written work flow diagram)
and iv) operational risk management process (the processes to identify, assess, monitor,
control, mitigate and report operational risk ) and declare the framework in a written
document.
Section VI of GORM gives requirements for building strategy, policies and procedures
regarding operational risk as well as an example of determining operational risk strategy,
policies and procedures and corporate strategy of a bank. Article 35 requires that,
operational risk management process begins with the determination of the overall
strategies and long-term objectives of a bank. Once determined, the bank can identify the
associated inherent risks in its strategy and objectives, and thereby establish an
operational risk management strategy and develop an operational risk management
framework appropriate to all these strategies. Article 36 requires all business units67 to
develop supplementary policies and procedures specific to their business based on and in
consistence with the corporate operational risk management framework. It has great
importance to establish written work flow diagrams within the procedures.
According to paragraph 4 of the GORM, banks should consider these principles in

accordance with their capital adequacy, risk profile and risk appetite. As well, a bank’s
operational risk management should be commensurate with the organizational structure,
size, complexity, risk profile and business line.
According to RICAAP Article 53(2) all banks are required to implement a measurement
and assessment process to cover Pillar 1 risks including operational risk. Bank reporting to
the board of directors on operational risk is detailed in GORM paragraph 45.
The level of operational risk in the system is considered moderate by the BRSA. The team
was informed that the major sources of operational losses revolve largely around fraud
and human error. The sophistication of the operational risk management systems in a
bank is considered by the BRSA in relation to the size, complexity, and nature of a bank’s
activities and systems. Banks are required to track their loss history over time. Operational
loss history/risk must be conveyed through banks’ ICAAP reports. Banks are using either
the BIA or STA approach to calculate capital charges.
Overall operational risk is assessed largely through the CAMELS review/GAR process. The
examiners review all relevant policies, processes and strategies pertaining to operational
risk across each relevant unit in the given bank. During this review a range of factors,
including, banks size, nature, complexity, capital strength, risk appetite and risk profile are
67 Business units imply basic units such as corporate financing, retail banking etc.

TURKEY
taken into consideration. Operational risk is a specific focus element in the preparation of
the risk matrix, using the SMRAC procedures.
EC2 The supervisor requires banks’ strategies, policies and processes for the management of
operational risk (including the banks’ risk appetite for operational risk) to be approved
and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board
oversees management in ensuring that these policies and processes are implemented
effectively.
Description and RICAAP regulates general framework for all internal systems and GORM gives
findings re EC2 requirements that is only specific for operational risk. Article 5(2) of RICAAP defines
responsibilities of the Board which includes determination and approval of policies,
procedures, strategy for each risk type (including operational risk) and also identification
of risk appetite. Article 8(2) also gives the responsibility and duty to senior management
to implement the strategies and policies approved by the Board. Furthermore, the board
of directors is responsible for approving and reviewing a risk appetite and tolerance
statement on the basis of general and sub factors (e.g., business line, product, unit) for
operational risk that articulates the nature, types and levels of operational risk that the
bank is willing to assume and establish the system and processes for implementing these
functions (GORM Principle 3).
The board of directors are required to oversee that the policies, processes and systems are
implemented effectively at all decision levels. For example, GORM paragraph 45 requires
regular reporting to the Board on overall status of operational risk in the bank, any
particular risk areas or weaknesses, likely impact of major events on the bank’s operational
risks, etc. As well, boards should be informed about operational risks that may arise with
the introduction of new products.
As part of the routine supervision cycle, BRSA determines whether there is a reporting and
monitoring process that enables Board of Directors to review limits, policies, procedures
and processes concerning operational risk. The GAR process requires the examiners to
evaluate whether policies, procedures and work flow diagrams are up to date and
approved by Board of Directors.
EC3 The supervisor determines that the approved strategy and significant policies and
processes for the management of operational risk are implemented effectively by
management and fully integrated into the bank’s overall risk management process.
Description and As stated in EC2, the Board of Directors are required to establish, approve and periodically
findings re EC3 review the operational risk framework (GORM Principle 2). Strategies, policies and
procedures are a part of operational risk framework according to the GORM paragraph 7.
Operational risk management process begins with the determination of the overall
strategies and long-term objectives of a bank. Once determined, the bank can identify the
associated inherent risks in its strategy and objectives, and thereby establish an
operational risk management strategy and develop an operational risk management
framework appropriate to all these strategies. The risk appetite of the bank and basic

TURKEY
elements regarding its management should be determined and documented in the

operational risk management frame work (GORM 35). GORM presents an operational
example of what such a process may be in paragraph 36.
Monitoring process of the operational risk, should be integrated with the bank’s routine
activities and in this context the operational risk potential of each business line should be
assessed, in this assessment process the frequency and nature of changes in the operating
environment should also be taken into account (GORM 44).
Banks are required to give detailed information regarding identification, measurement,

control and risk appetite of operational risk within their ICAAP reports. These sections are
assessed through the CAMELS review/GAR methodology and off-site BRSA audit teams.
EC4 The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery
and business continuity plans to assess their feasibility in scenarios of severe business
disruption which might plausibly affect the bank. In so doing, the supervisor determines
that the bank is able to operate as a going concern and minimize losses, including those
that may arise from disturbances to payment and settlement systems, in the event of
severe business disruption.
Description and RICAAP Article 13 is about business continuity management and plan. Banks must
findings re EC4 establish a business continuity management structure approved by the board of directors
in order to ensure the sustainability of activities in case of an interruption or to save them
on time to minimize operational, financial, legal and reputational costs.
According to GORM Principle 10, banks need to have a business continuity plan to be able
to continue their activities on an ongoing basis and limit losses in the event of severe
business disruption. Negative condition scenarios created by the bank should be assessed
for their financial, operational and reputational impact and the resulting risk assessment
should be the foundation for recovery priorities and objectives (GORM paragraph 71).
Each bank should establish business continuity plans considering their size, activity nature,
and complexity of their processes. These plans should outline possible responses
according to different types of likely or plausible scenarios to which the bank may be
vulnerable. Some of the possible events may include incidents that damage or render
accessibility to the bank’s facilities, telecommunication or information technology
infrastructures, or events that affect human resources as well as broader disruptions to the
financial system altogether (GORM Paragraph 70). Continuity plans should be tested
periodically including preparation of an impact analysis (GORM paragraph 71).
All the disaster recovery and business continuity plans are tested at least once in a year
according to RICAAP article 13. These tests are reviewed by BRSA on-site examination
teams during the GAR process once a year. Examiners are required to determine if there is
a business continuity plan approved by Board of Directors and if this plan is tested by the
bank. As well, they check to see if the business continuity plan contains the policies,
responsibilities and duties during business disruption cases.

TURKEY
EC5 The supervisor determines that banks have established appropriate IT policies and
processes to identify, assess, monitor and manage technology risks. The supervisor also
determines that banks have appropriate and sound IT infrastructure to meet their current
and projected business requirements (under normal circumstances and in periods of
stress), which ensures data and system integrity, security and availability and supports
integrated and comprehensive risk management.
Description and BRSA uses framework explained in CP9/EC3 for identifying, assessing, monitoring and
findings re EC5 managing technology risks.
Also GORM has a special section on ‘IT capacity and security and change of IT systems,
facilities and equipment’ provisions being explained in paragraphs 59-62.
Regarding IT, the BRSA requires banks to receive an IT audit every 2 years by the bank’s
external auditor. The team was informed that most internal audit departments in banks
have some resource in this area. The BRSA has IT specialists who review external audit’s IT
reports, conduct their own examinations, and participate in the CAMELS onsite
examinations as needed. On occasion, they may participate in MIS reviews conducted by
the commercial examiners. They evaluate the external audits and also conduct their own
examinations. The questions contained in GAR are relatively high level for which answers
are derived primarily from the external audit IT report or are referred to the BRSA’s IT
department.
EC6 The supervisor determines that banks have appropriate and effective information systems
to:
a) monitor operational risk;

b) compile and analyze operational risk data; and
c) facilitate appropriate reporting mechanisms at the banks’ Boards, senior management
and business line levels that support proactive management of operational risk.
Description and BRSA uses framework explained in CP9/EC3 for identifying, assessing, monitoring and
findings re EC6 managing technology risks. As well, see EC 2 above for requirements for board reporting.
In RICAAP Article 21(3) requires internal audit system of banks to review information
systems including electronic information system and electronic banking services and it
also evaluates the accuracy and reliability of accounting records and financial reports.
Additionally, RICAAP Article 57 (1) internal audit system should review the adequacy of
the system and processes and accuracy of the data used in the ICAAP Reports and send
their findings to BRSA according to Article 63 (5).
Also GORM has a special section on ‘IT capacity and security and change of IT systems,
facilities and equipment provisions being explained in paragraphs 59-62.
EC7 The supervisor requires that banks have appropriate reporting mechanisms to keep the
supervisor apprised of developments affecting operational risk at banks in their
jurisdictions.

TURKEY
Description and Section IV of RCA is about calculation of RWA for operational risk for regulatory capital.
findings re EC7 The calculations are submitted to BRSA via two annual supervisory reports
(OR500YS/OR500YK).
The reporting mechanisms for operational risk are viewed through the CAMELS review
process/GAR methodology by on-site BRSA examiners as well. During relevant special
examinations, examiners are required to evaluate certain systems and reporting. For
example, examiners are required to determine if there is a system for reporting
operational risks on SME, corporate, commercial loans (regarding incorrect operations,
abuse, suspicious financial transactions). During the review of sample special
examinations, the team observed issues and deficiencies in these areas cited and
communicated in the reports and to bank management.
It is required that banks send their ICAAP reports to BRSA once in a year since 2013. Banks
have to provide sufficient information about both Pillar 1 and Pillar 2 risks at ICAAAP
report. In this context all banks have to give information about identification,
measurement, management, control, risk appetite and risk limits. All ICAAP reports are
evaluated by BRSA. Banks also must report their operational loss history to the BRSA.
EC8 The supervisor determines that banks have established appropriate policies and processes
to assess, manage and monitor outsourced activities. The outsourcing risk management
program covers:
a) conducting appropriate due diligence for selecting potential service providers;

b) structuring the outsourcing arrangement;
c) managing and monitoring the risks associated with the outsourcing arrangement;
d) ensuring an effective control environment; and
e) establishing viable contingency planning.
Outsourcing policies and processes require the bank to have comprehensive contracts
and/or service level agreements with a clear allocation of responsibilities between the
outsourcing provider and the bank.
Description and According to the Article 35 of BL, the banks will, before outsourcing certain allowable
findings re EC8 activities, prepare a written report to be submitted to the Agency if and when it is
required, containing the probable risks of outsourcing services to be received, and
management of such risks, as well as the expected benefits and costs thereof.
The Article 5 (1) of Regulation on Receiving Outsourcing Services by Banks (RROS) states
that banks contracting outsourcing services are obliged to:
a) Identify needed outsourcing services in each relevant area;

b) Studies for necessary transformation, internal regulation, infrastructure and training at
the stage of transition to outsourcing services,
c) Coordination of responsibilities concerning the issues of supervision, measurement

and evaluation, reporting and security in connection with outsourcing services

TURKEY
d) Risks that may have arisen from receiving outsourcing activities and a contingency
plan to be implemented in case of any interruptions or delays in services in any
manner along with the management of these risks and substitutability of received
outsourcing services
e) The impact of outsourced areas on the internal control, internal audit, and risk
management to be done by the bank for operations and process that are related to
thereof.
According to the Article 7 of RROS it is obligatory that the contracts to be signed between
the banks and of outsourcing service providers must explicitly state issues such as the
subject matter, scope and term of outsourcing services, fees to be paid for services and
responsibilities of the parties.
Within the scope of the above mentioned rules, BRSA examines compliance to these
regulations. There is a specific question about this EC in the annex of GAR module. FSAID
2495 requires BRSA on-site examination teams to asses if there is an effective monitoring
and controlling system of operational risk arising from outsourcing activities. While
answering the question above-mentioned BRSA examiners sources are indicated in GAR
module as below;
 Due diligence activities,
 Outsourcing contracts,
 Activities to manage and monitor the risk arising from outsourcing activities,
 Contingency plans to be implemented in unexpected cases.
 Policies and processes about outsourcing activities.
Additional
criteria
AC1 The supervisor regularly identifies any common points of exposure to operational risk or
potential vulnerability (e.g., outsourcing of key operations by many banks to a common
service provider or disruption to outsourcing providers of payment and settlement
activities).
Description and
findings re AC1
Principle 25
Comments Oversight of operational risk is anchored in RICAAP and further expanded in the GORM
which comprehensively addresses relevant aspects of this risk. The supervisory process
explicitly addresses this risk through the evaluation of the ICAAP process and reports
submitted by banks as well as through the GAR process and as a part of MIS evaluation
and controls during specialized examinations.

TURKEY
Principle 26 Internal control and audit. The supervisor determines that banks have adequate internal
control frameworks to establish and maintain a properly controlled operating
environment for the conduct of their business taking into account their risk profile. These
include clear arrangements for delegating authority and responsibility; separation of the
functions that involve committing the bank, paying away its funds, and accounting for its
assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and
appropriate independent68 internal audit and compliance functions to test adherence to
these controls as well as applicable laws and regulations.
Essential criteria
EC1 Laws, regulations or the supervisor require banks to have internal control
frameworks that are adequate to establish a properly controlled operating
environment for the conduct of their business, taking into account their risk
profile. These controls are the responsibility of the bank’s Board and/or senior
management and deal with organizational structure, accounting policies and
processes, checks and balances, and the safeguarding of assets and investments
(including measures for the prevention and early detection and reporting of
misuse such as fraud, embezzlement, unauthorized trading and computer
intrusion). More specifically, these controls address:
a) organizational structure: definitions of duties and responsibilities, including

clear delegation of authority (e.g., clear loan approval limits), decision-making
policies and processes, separation of critical functions (e.g., business
origination, payments, reconciliation, risk management, accounting, audit and
compliance);
b) accounting policies and processes: reconciliation of accounts, control lists,
information for management;
c) checks and balances (or “four eyes principle”): segregation of duties, cross-
checking, dual control of assets, double signatures; and
d) safeguarding assets and investments: including physical control and
computer access.
Description and Mainly, the BL and RICAAP regulate the issues regarding internal control and audit
findings re EC1 systems. In addition to these two, RCGB establishes the responsibilities of the board and
senior management with respect to corporate governance to ensure that there is effective
control over a bank‘s entire business.
Article 23, 29 of the BL states that banks are obliged to establish and operate adequate
and efficient internal control, risk management and internal audit systems that are in
harmony with the scope and structure of their activities, that can respond to changing
68 In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of
interest in the performance measurement of staff in the compliance, control and internal audit functions. For
example, the remuneration of such staff should be determined independently of the business lines that they oversee.

TURKEY
conditions and that cover all their branches and undertakings subject to consolidation in
order to monitor and control the risks that they encounter. These systems should be
compliant with relevant legislation, secure financial reporting systems, and assign
authorities and responsibilities in the bank. These duties are further expanded in RICAAP.
Further, BL article 30 requires that banks:
(i) ensure the execution of their activities in compliance with the legislation, bank’s internal
regulations and banking ethics;
(ii) secure the integrity and reliability of accounting and reporting systems and timely
accessibility of information through continuous control activities to be complied with and
performed by the personnel at any level;
(iii) ensure the functional separation of the duties and the sharing of powers and
responsibilities regarding the payments of funds, the reconciliation of bank‘s transactions,
safeguarding assets and controlling liabilities;
(iv) identify and evaluate any risk encountered and prepare the infrastructure required for
managing such risks; and
(v) construct an adequate network for information exchange.
Pursuant to the same article, internal control checks are required to be carried out by the
internal control department; the internal control personnel must work under the board of
directors. RICAAP further establishes reporting to the BRSA expands the obligations and
requirements of BL article 30 cited above including requirements for independent internal
audit and compliance functions to test adherence to these controls.
The BRSA follows a dynamic supervisory approach with a risk-focused point of view in
order to ensure the efficiency, continuity and adequacy of the supervision process and
efficient usage of supervision resources. Article 5 of the RAA defines the risk focused
supervision approach. The RFS approach aims to configure the scope and intensity of the
supervision as well as the allocation of supervision resources and supervision activities
taking into consideration the risk profile, the existence and adequacy of internal control
and risk management systems of the institutions subject to the regulation and supervision
of the BRSA.
During the ICAAP examinations, the BRSA reviews the quality of the bank’s risk
management, internal control and internal audit functions pursuant to section 4 of the
GAA.
The CAMELS review/GAR process addresses internal systems, controls and internal audit in
various areas. Special inspections also involve checks of internal controls as relevant.
Internal Systems is defined as one of the main activity fields to be examined if it is
assessed as a risky field by the on-site examination teams. However, see BCP principle
14/15 for issues on conclusions drawn during the supervisory process.

TURKEY
EC2 The supervisor determines that there is an appropriate balance in the skills and resources
of the back office, control functions and operational management relative to the business
origination units. The supervisor also determines that the staff of the back office and
control functions have sufficient expertise and authority within the organization (and,
where appropriate, in the case of control functions, sufficient access to the bank’s Board)
to be an effective check and balance to the business origination units.
Description and On-site examination teams review and determine whether the personnel responsible for
findings re EC2 control functions have sufficient skills and expertise. For example, questions in the GAR
process address the sufficiency, effectiveness and frequency of the training activities
surrounding anti-money laundering control activities. As well, steps in the GAR process
direct the examiner to evaluate the follow-up mechanism for deficiencies cited in internal
control and audit reports including to what extent the findings in these reports are
corrected by relevant business units. Evaluation of the control functions and back office
activities are guided by the GAR process as well as tested during special inspections. For
example, review of several special inspection reports and procedures revealed
shortcomings in the areas of internal controls and reporting. As well the GAR process
directs examiners to determine if the performance of internal systems personnel is
assessed by the board and not by the executive units of the bank. This is to provide the
basis for assessing the independence of the internal systems personnel. During these
processes, shortcomings and staffing issues with internal control staff as well as
operational staff are able to be identified.
During the preparation of the risk matrix (one of the end products of the supervisory
cycle), guided by SMRAC, requires input on internal control and audit functions.
Please also refer to EC1 for regulations regarding the internal systems of banks.
EC3 The supervisor determines that banks have an adequately staffed, permanent and
independent compliance function69 that assists senior management in managing
effectively the compliance risks faced by the bank. The supervisor determines that staff
within the compliance function is suitably trained, have relevant experience and have
sufficient authority within the bank to perform their role effectively. The supervisor
determines that the bank’s Board exercises oversight of the management of the
compliance function.
Description and Pursuant to Article 5(1) of the RICAAP, the board of directors has the ultimate
findings re EC3 responsibility for the establishment and sufficient and effective functioning of the internal
systems.
Article 4(2) of RICAAP requires banks to establish their internal systems directly linked to
the board of directors. In other words, in order to ensure the independency of the units in
69The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in
operating business units or local subsidiaries and report up to operating business line management or local
management, provided such staff also have a reporting line through to the head of compliance who should be
independent from business lines.

TURKEY
the internal systems of banks including compliance function, these units should not be
established under business lines within the organizational structure of the bank. Although
they are not obliged to according to RICAAP regulation, banks generally have separate
compliance units directly connected to the Board of Directors. On-site examination teams
assess the compliance of the bank’s internal systems with this regulation.
Please refer to EC1 for the assessments regarding the skills and training of the internal
systems staff.
EC4 The supervisor determines that banks have an independent, permanent and effective
internal audit function70 charged with:
a) assessing whether existing policies, processes and internal controls (including risk
management, compliance and corporate governance processes) are effective,
appropriate and remain sufficient for the bank’s business; and
b) ensuring that policies and processes are complied with.
Description and All banks are required to have independent and adequately functioning internal audit
findings re EC4 departments. As mentioned in EC2 and EC3, the BRSA evaluates the independence,
permanence and effectiveness of the internal systems of the bank. All these assessments
are valid for internal audit function as well. As a result, guided by the GAR methodology,
on-site examination teams assess the independence of internal audit function as they
assess the independence of internal systems. As well, examiners determine whether
internal audit activities are effectively and sufficiently covered on a consolidated basis.
The GAR process also directs review of reports submitted to the board (audit committee).
On-site examiners take into consideration the effectiveness of policies, process and
internal controls while responding to these questions.
EC5 The supervisor determines that the internal audit function:
a) has sufficient resources, and staff that are suitably trained and have relevant
experience to understand and evaluate the business they are auditing;
b) has appropriate independence with reporting lines to the bank’s Board or to
an audit committee of the Board, and has status within the bank to ensure
that senior management reacts to and acts upon its recommendations;
c) is kept informed in a timely manner of any material changes made to the bank’s risk
management strategy, policies or processes;
d) has full access to and communication with any member of staff as well as full access
to records, files or data of the bank and its affiliates, whenever relevant to the
performance of its duties;
e) employs a methodology that identifies the material risks run by the bank;
70The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small
banks to implement a system of independent reviews, e.g., conducted by external experts, of key internal controls as
an alternative.

TURKEY
f) prepares an audit plan, which is reviewed regularly, based on its own risk assessment
and allocates its resources accordingly; and
g) has the authority to assess any outsourced functions.
Description and With respect to (a); Article 5(2)(ç) of RICAAP requires the board of directors to ensure the
findings re EC5 allocation of sufficient resources for the units in internal systems of the bank. Additionally,
RICAAP 22(3) (c) states that the manager of the internal audit unit is obliged to assess
whether the internal auditors have the qualifications required by their powers and
responsibilities, prepare training programs to improve their professional knowledge, skills
and abilities, and monitor whether they are performing their duties independently and
objectively with the necessary professional diligence and attention.
With respect to b), the BRSA legislation involves several provisions on the independence
of internal auditors. As previously mentioned, the internal audit function, being a part of
the internal systems of the bank, shall be directly under the board of directors. Further,
Article 23(1) of RICAAP stipulates that the internal auditors are required to perform their
duties and responsibilities objectively and independently. To this end, they shall not be
accountable to anyone in the bank management other than the manager of the internal
audit unit, the relevant internal systems manager and the board of directors and, in the
performance of their duties, they are required to be free from any conflicts of interest
stemming from reasons such as personal or family relations or their position within the
bank. Audit findings are submitted to the audit committee and to the board of directors
through the audit committee as well as the follow-up of the corrective actions pursued by
the department subject to the audit.
With respect to (c), article 26(5) of RICAAP, states that the risk evaluations shall be
regularly reviewed. Events that may affect the risk evaluations such as new products, new
systems, changes to the Law and other applicable legislation, and changes in organization
or personnel in important positions, vertical changes in volume and amount of activities
shall be communicated by unit managers to the internal audit unit, which shall in turn
review the risk evaluations in the light of such changes.
With respect to (d), Article 23(3) of RICAAP requires the board of directors to ensure that
the internal auditors are properly authorized to access all units of the bank, to obtain
information from any personnel of the bank, and to have access to all records, files and
data of the bank, so that they may effectively perform their duties and responsibilities.
With respect to (e), Article 26 of the ICAAP requires banks to effectively perform their
internal audit activities following a risk focused approach, based on the risk assessments
of the internal audit unit. In that context, risk assessments, made on an annual basis,
requires the utilization of risk measurement and rating systems to assess the activity and
control risks in significant business units and products and to determine their materiality.
With respect to (f), Article 27 of the RICAAP include provisions on internal audit plans. In
that context, internal audit plans are required to be prepared on the basis of the risk
assessments made pursuant to Article 26 and to allocation of resources of the internal

TURKEY
audit department. The internal audit plans can be reviewed and updated by the assent of
the board of directors.
With respect to (g) Article 7(2)(o) of the RICAAP stipulates that members of the audit
committee are responsible for making risk assessments about the support services
received by the bank, for submitting their assessments to the board of directors and,
monitoring the sufficiency of the support service provided to the bank.
Internal audit is assessed by the on-site examination teams through the CAMELS
review/GAR methodology during the course of the supervisory cycle. Among the aspects
evaluated in this area, the examiners i) review audit plans in comparison to previous years
plans as well as relative to the understood risks of the bank; ii) review audit reports
(including loan audits, branch reports, etc.); iii) staff adequacy and turnover as well a
budget sufficiency; iv) training received; iv) audit access to business units and internal
functions, etc. Observations and views on internal audit are factored into the CAMELS
ratings process through the “M”.
Principle 26
Comments The legal framework is comprehensive in this area, both as it is articulated in the
requirements for internal systems and separately as requirements specifically directed to
the internal audit function. Review of the internal audit process is an important part of the
onsite (GAR) process covered each supervisory cycle. However, targeted or specialized
examinations of the internal audit process, leveraging the GAR results as well as
specialized examination results as partial inputs, could enhance the validation of this
important function. Such validation by the BRSA is important in order for it to maintain or
increase the degree of confidence (and therefore, dependence) it can place in audit
outputs as early warning indicators of shifting risk.
Principle 27 Financial reporting and external audit. The supervisor determines that banks and
banking groups maintain adequate and reliable records, prepare financial statements in
accordance with accounting policies and practices that are widely accepted internationally
and annually publish information that fairly reflects their financial condition and
performance and bears an independent external auditor’s opinion. The supervisor also
determines that banks and parent companies of banking groups have adequate
governance and oversight of the external audit function.
Essential criteria
EC1 The supervisor71 holds the bank’s Board and management responsible for ensuring that
financial statements are prepared in accordance with accounting policies and practices
71In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for
ensuring that financial statements are prepared in accordance with accounting policies and practices may also be
vested with securities and market supervisors.

TURKEY
that are widely accepted internationally and that these are supported by recordkeeping
systems in order to produce adequate and reliable data.
Description and BL article 39 requires the financial reports prepared by banks to be signed, with names,
findings re EC1 surnames and titles indicated, by the chairman of the board of directors, the members of
the audit committee, general manager, deputy general manager responsible for financial
reporting as well as the relevant unit manager or equivalent authorities, declaring that the
financial report is in compliance with the legislation pertaining to financial reporting and
with the accounting records.
Additionally, BL article 37 requires banks, in line with the principles and procedures to be
determined by the Board in consultation with POA and associations of institutions, to
account all transactions in an accurate manner and to present financial reports in a clear,
reliable, and comparable way. In cases where it is determined that the financial statements
have been mispresented, the BRSB shall be authorized to take necessary measures.
Based on the BL, the RAP brings the Turkish banking system‘s accounting practices in line
with the TFRS which are issued by the POA as the Turkish translations of the IFRS. There
are 2 notable differences in the implementation of TFRS in banks and financial institutions
with IFRS: 1) a bank group’s consolidated accounts capture the financial subsidiaries but
not the nonfinancial subsidiaries, and 2) loan loss provisions reflect the BRSA’s
requirements. Banks will be required to implement the upcoming IFRS 9 for provisioning
in line with the timeframe specified by the standards.
EC2 The supervisor holds the bank’s Board and management responsible for ensuring that the
financial statements issued annually to the public bear an independent external auditor’s
opinion as a result of an audit conducted in accordance with internationally accepted
auditing practices and standards.
Description and According to BL article 39 (2), the annual financial reports to be presented by banks to
findings re EC2 their general assembly, are required to be approved by independent audit firms. Article 4
(2) of the REAB requires independent auditing firms to conduct their audits in banks in
alignment with the principles and procedures stipulated in the Turkish Auditing Standards
(TSAs) which are issued as Turkish translation of International Standards of Audit (ISAs). In
addition, article 4(4) of the REAB requires banks to have their quarterly financial
statements audited by independent audit firms in compliance with the provisions laid
down in REAB as well as the TSAs. In that context, financial statements of banks are
required to be subject to interim limited audit as of the end of March, June and
September and to annual full-scope audit as of the end of December.
EC3 The supervisor determines that banks use valuation practices consistent with accounting
standards widely accepted internationally. The supervisor also determines that the
framework, structure and processes for fair value estimation are subject to independent
verification and validation, and that banks document any significant differences between
the valuations used for financial reporting purposes and for regulatory purposes.

TURKEY
Description and BRSA published GFVM in order to explain the best practices for determining the fair value
findings re EC3 of financial instruments as well as the associated risk management and internal
procedures. Banks are required to classify and report financial instruments in their
financial reports in alignment with relevant accounting and regulatory reporting
requirements.
Further, GFVM paragraph 23 that any models used in the valuation process (internally
developed or purchased from external sources), including any material changes made in
the model, are required to be validated and regularly reviewed by an independent expert,
both before it is used initially as well as during its use. The independent validation team
should have reporting lines independent of risk taking units. The GFVM goes on to
provide baseline parameters that should be addressed as a part of the validation process.
GFVM paragraph 29 also requires internal and external audit to review the control
environment, the availability and reliability of information used in the valuation process,
and the reliability of estimated fair values. External and internal audit should include the
price verification processes and testing valuations of significant transactions. Audit
programs should also evaluate whether the disclosures about fair values made by the
bank are in accordance with the applicable accounting standards.
Paragraph 35 of GFVM states that any significant differences between fair values included
in financial reporting and those used for risk management purposes or used in regulatory
reporting, should be reported to the senior management. In cases where there is material
uncertainty surrounding the valuation practices, the BRSA may consider conducting tests
on portfolio valuations.
As a part of its supervisory process, the BRSA evaluates a bank’s financial instruments
valuation practices incorporating relevant governance, risk management, and control
practices and takes these evaluations into consideration when assessing capital adequacy.
This includes an evaluation of the process of valuation including reviewing the pricing
information used in the process, surrounding control environment, and determining the
impact of the valuations on capital adequacy. The examiners also verify audit coverage of
the processes and management’s response to any cited deficiencies. On-site examination
teams also assess whether bank management adequately understands the valuation
methodologies and calculations. The examiners also assess if computer systems are used
in the valuation of banks’ securities and derivatives portfolios are validated by
independent teams.
In addition, the assessment team reviewed an example of a special check on valuation and
transaction activity the BRSA conducted. The objective of the review was to determine the
propriety and risk involved in certain business areas. Thorough review of the valuation
process was conducted.
EC4 Laws or regulations set, or the supervisor has the power to establish the scope of external
audits of banks and the standards to be followed in performing such audits. These require

TURKEY
the use of a risk and materiality based approach in planning and performing the external
audit.
Description and In general terms, the scope of external audit of banks is set by Article 4 of the REAB.
findings re EC4 Accordingly, external audit of banks is to be carried out in accordance with the TSAs which
is the Turkish version of the ISAs, to provide a fair assurance on reliability and accuracy of
financial statements as well as accounting and recording systems, including assessment of
compliance, adequacy and effectiveness of banks’ internal and financial reporting systems.
Also, BRSA is authorized to require banks or external auditors to initiate a special purpose
external audit on specific matters regulated in the BL and related regulations, or on
specific subjects of importance to be determined by BRSA.
TSA 32072, Turkish version of ISA 320, Materiality in Planning and Performing an Audit,
regulates the responsibility of auditors to apply the concept of materiality in planning and
performing an audit of financial statements. Paragraph 5 of the annex of TSA 320 states
that “The concept of materiality is applied by the auditor both in planning and performing
the audit, and in evaluating the effect of identified misstatements on the audit and of
uncorrected misstatements, if any, on the financial statements and in forming the opinion
in the auditor’s report.” and materiality and audit risk is explained in paragraph A1.
EC5 Supervisory guidelines or local auditing standards determine that audits cover areas such
as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading
and other securities activities, derivatives, asset securitizations, consolidation of and other
involvement with off-balance sheet vehicles and the adequacy of internal controls over
financial reporting.
Description and See also EC 1 & 2 enumerating use of TFRS and TSA standards in the auditing and
findings re EC5 accounting process. Article 4 of the REAB stipulates that the external audit of banks is
conducted with the purpose of providing an opinion with regard to the accuracy and
reliability of the accounts, records and financial statements of banks as well as their
compliance with all relevant regulations issued pursuant to the BL. Article 17 covers the
issues related to the assessment of the adequacy of internal controls over financial
reporting of banks. As a consequence, external audit covers all areas mentioned in EC5.
As well, in the process of scoping and conducting CAMELS review/GAR methodology

process, the external auditors’ IT audit reports and consolidated and non-consolidated
audit reports are used as important inputs.
EC6 The supervisor has the power to reject and rescind the appointment of an external auditor
who is deemed to have inadequate expertise or independence, or is not subject to or
does not adhere to established professional standards.
72 Link to Turkish version of TSA 320: https://www.kgk.gov.tr/contents/files/BDS/BDS_320.pdf

TURKEY
Description and The POA sets financial reporting and auditing standards in compliance with international
findings re EC6 standards. BL articles 15 and 33 empower the BRSA to authorize or terminate the
appointment of banks’ external audit firms.
BL article 15, 33 authorizes the BRSA to evaluate and publish the names of audit firms
deemed acceptable to conduct audits in banks. The BRSB has the power to remove the
external audit firm from the list when it is deemed to have inadequate expertise or
independence, or when it is not subject to or does not adhere to established professional
standards.
EC7 The supervisor determines that banks rotate their external auditors (either the firm or
individuals within the firm) from time to time.
Description and Article 26 (1) (ç) of the Regulation on Independent Audit (RIA73) issued by the POA states
findings re EC7 that external audit firms and auditors are not allowed to undertake the audits for the
entities for which they have conducted the audit activity for seven years within the last ten
years for audit firms and five years within the last seven years for auditors, including the
ones employed at an audit firm, prior to the extinction of a three-year period following
the date of the last audit.
EC8 The supervisor meets periodically with external audit firms to discuss issues of common
interest relating to bank operations.
Description and The BRSA started meeting with external auditors last year. The first meeting was held
findings re EC8 February 2015 and included 4 international firms and two domestic external auditing
firms. Prior to that, BRSA had, on occasion, met with selected firms when important issues
of common interest arose. As well, on-site examination teams meet with external auditing
teams in the bank(s) frequently to discuss the issues of common interest. These meetings
are arranged by on-site examiners when necessary.
EC9 The supervisor requires the external auditor, directly or through the bank, to report to the
supervisor matters of material significance, for example failure to comply with the
licensing criteria or breaches of banking or other laws, significant deficiencies and control
weaknesses in the bank’s financial reporting process or other matters that they believe are
likely to be of material significance to the functions of the supervisor. Laws or regulations
provide that auditors who make any such reports in good faith cannot be held liable for
breach of a duty of confidentiality.
Description and BL article 33 (2) directs “If, during their audits, external audit firms detect any matter that
findings re EC9 may endanger the existence of the bank or an evidence demonstrating that their
managers have severely violated the Law or the articles of association, the external audit
firms shall promptly notify the BRSA thereof. Such notification does not mean the
73 http://www.kgk.gov.tr/eng/contents/files/Pdf/Bagimsiz-Denetim-Yonetmeligi_eng.pdf

TURKEY
violation of the professional confidentiality principles and agreements or the obligations

pertaining to confidentiality”.
Principles and procedures related to this obligation are also regulated in more detail in
the Article 17 (3), (4), (5), (6) and (7) of the REAB.
Additional
criteria
AC1 The supervisor has the power to access external auditors’ working papers, where
necessary.
Description and
findings re AC1
Principle 27
Comments Procedures surrounding financial reporting and external audit are well established.
Accounting standards closely follow IFRS and provisioning standards are set to dovetail
with the implementation of IFRS 9. Valuation procedures for financial assets are
comprehensive. BRSA conducts review of valuation procedures and of valuation models as
a part of the onsite examination process. Parameters for banks’ external audit process are
well established.
Principle 28 Disclosure and transparency. The supervisor determines that banks and banking groups
regularly publish information on a consolidated and, where appropriate, solo basis that is
easily accessible and fairly reflects their financial condition, performance, risk exposures,
risk management strategies and corporate governance policies and processes.
Essential criteria
EC1 Laws, regulations or the supervisor require periodic public disclosures74 of information by
banks on a consolidated and, where appropriate, solo basis that adequately reflect the
bank’s true financial condition and performance, and adhere to standards promoting
comparability, relevance, reliability and timeliness of the information disclosed.
Description and According to the BL article 37 banks are required to prepare their financial reports which
findings re EC1 include financial statements and disclosure in accordance with TASs and TFRSs (Turkish
version of IASs and IFRSs) published by the POA. Article 10 of the RAP states that the
year-end financial report includes financial statements, supplemental information required
by the BRSA, and the external audit report. Article 14 of the RAP regulates rules and
procedures on publication of banks’ financial reports. Additionally, pursuant to Articles 1
and 4(4) of the CPD, banks are required to prepare their public disclosures on a solo and
consolidated basis quarterly and annually.
74For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting,
stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.

TURKEY
EC2 The supervisor determines that the required disclosures include both qualitative and
quantitative information on a bank’s financial performance, financial position, risk
management strategies and practices, risk exposures, aggregate exposures to related
parties, transactions with related parties, accounting policies, and basic business,
management, governance and remuneration. The scope and content of information
provided and the level of disaggregation and detail is commensurate with the risk profile
and systemic importance of the bank.
Description and Pursuant to BL article 40, banks are required to prepare annual reports that contain
findings re EC2 information about banks’ status, management and organization structures, human
resources, activities, financial situations, assessment of the management and expectations
from the future; together with financial statements, summary of board of directors’ report
and external auditing report. These annual reports are utilized during the planning phase
of on-site supervision.
As well, other parameters for disclosure are covered in the RPPAP (Regulation on
Principles and Procedures Concerning the Preparation and Publishing of Annual Reports),
RAP (Regulation for Accounting Practices), CPD (Communique on Financial Statements
Disclosed to the Public by Banks), and CDRM (Communique on Disclosures about Risk
Management).
CPD article 4 stipulates the composition of financial statements: balance sheet, off balance
sheet items, income statement, table concerning the income and expenses items
recognized as equity, statement of changes in equity, statement of cash flow, and
statement of profit distribution.
The structure of the bank and its basic business lines are required to be disclosed
including the structure of the bank and the consolidated organization, capital structure of
the parent bank and others, activities of the parent bank, risk exposures, transactions with
related parties, and accounting policies. Risk disclosures are governed by articles 7-15.
RPPAP and RAP require banks to prepare and disclose annual reports and interim reports
(quarterly). RPPAP article 6 (1) (b) addresses additional, nonfinancial information to be
disclosed such corporate governance practices within the bank, intra-company
transactions, etc.
CDRM, entering into force March 2016 focuses on the individual and consolidated risk
management information to be disclosed by banks. This Communiqué is prepared in
alignment with Basel Pillar III disclosure requirements. Risk management disclosure
requirements in this Communiqué are complementary to the other disclosure
requirements stated in the third section of CPD.
Remuneration disclosures laid out by GBCP should be provided as a part of Pillar III
disclosures required by CDRM in accordance with the general principles and procedures
set out in that Communiqué. Banks other than systemically important banks should
implement mentioned requirements proportionately.

TURKEY
The CAMELS review/GAR methodology directs examiners, inter alia, to review various
elements of banks’ annual reports and remuneration. As well, on-site examiners are to
analyze the banks’ policies about disclosure and through the GAR process.
EC3 Laws, regulations or the supervisor require banks to disclose all material entities in the
group structure.
Description and According to CCFS, banks are required to prepare consolidated financial statements and
findings re EC3 announce them in their web sites. The scope/exemptions of this consolidation are laid
down in article 5.
CPD article 4 (2) requires the disclosure of the information about the capital structure of
the parent bank and direct and indirect parties who influence the management or
supervision of the parent bank. Parent banks are required to disclose information on the
name/commercial title of the natural or legal persons holding their qualified shares and
information about the entities and the scope of consolidation. Banks are also required to
give information on related parties consistent with TAS 24.
EC4 The supervisor or another government agency effectively reviews and enforces
compliance with disclosure standards.
Description and As of December 2015, there are 52 banks in Turkey and 16 of them are publicly traded.
findings re EC4 These 16 banks’ disclosure standards are reviewed by Public Disclosure Platform which is a
governmental agency.
Furthermore, the Communiqué on Material Events Disclosure,75 issued by the CMB, sets
forth the principles and procedures related to public disclosure of information, events and
development which may affect the value or price of securities or the investment decisions
of investors. These disclosures are submitted to the Public Disclosure Platform via Borsa
Istanbul, published in the web-site of the bank and kept in the web-site for 5 years.
BRSA regularly evaluates the timeliness and content of external audit/annual reports for
compliance with regulatory parameters. It is within this context that the BRSA would
review Pillar III disclosures.
EC5 The supervisor or other relevant bodies regularly publishes information on the banking
system in aggregate to facilitate public understanding of the banking system and the
exercise of market discipline. Such information includes aggregate data on balance sheet
indicators and statistical parameters that reflect the principal aspects of banks’ operations
(balance sheet structure, capital ratios, income earning capacity, and risk profiles).
Description and BRSA has been quarterly publishing “Main Banking Indicators” series via internet since
findings re EC5 June 2014. The BRSA website also includes interactive daily, weekly and monthly bulletins
75 http://www.cmb.gov.tr/apps/teblig/displayteblig.aspx?id=501&ct=f&action=displayfile

TURKEY
and facilitates users’ requests for information by tailor made reports. (Please see the link
in the footnote)76.
Additional
criteria
AC1 The disclosure requirements imposed promote disclosure of information that will help in
understanding a bank’s risk exposures during a financial reporting period, for example on
average exposures or turnover during the reporting period.
Description and
findings re AC1
Principle 28
Comments Banks are required to disclose their financial statements according to TFRS and TAS, the
Turkish version of IFRS and IAS, on both a solo basis and consolidated basis. Disclosure
requirements for nonfinancial information are adequate. BRSA regularly evaluates the
timeliness and content of external audit/annual reports for compliance with regulatory
parameters and Pillar III disclosures.
Principle 29 Abuse of financial services. The supervisor determines that banks have adequate policies
and processes, including strict customer due diligence (CDD) rules to promote high ethical
and professional standards in the financial sector and prevent the bank from being used,
intentionally or unintentionally, for criminal activities.77
Essential criteria
EC1 Laws or regulations establish the duties, responsibilities and powers of the supervisor
related to the supervision of banks’ internal controls and enforcement of the relevant laws
and regulations regarding criminal activities.
Description and The Turkish regime against money laundering is governed by the Law no. 5549 on
findings re EC1 Prevention of Laundering Proceeds of Crime (AML Law). The last revision of the act was
made in 2014. There is a separate Law no. 6415 on the Prevention of Financing of Terrorism
(TF Law) adopted on 16.02.2013. The money laundering offense is set forth in the Article
282 of the Turkish Criminal Law.
The role of the Financial Intelligence Unit (FIU):
76 http://www.bddk.org.tr/WebSitesi/english/Statistical_Data/Statistical_Data.aspx
77 The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU),
rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations
regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the
context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8
and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the
criteria mentioned in this Principle.

TURKEY
Turkey has established a FIU called MASAK. The duties and powers of MASAK are
determined in the Article 19 of the AML Law and Article 16 of the TF Law.
MASAK is the main supervisory authority for AML/CFT related issues. Duties and powers of
MASAK include developing policies and implementation strategies, preparing legislation,
collecting and analyzing data, receiving suspicious transaction reports and deciding on and
coordinating inspections regarding AML/CFT issues.
The supervision of AML/CFT obligations is exercised by different sector supervisors from the
BRSA, Treasury and CMB on behalf of MASAK.
The role of the BRSA:
According to article 11 of the AML Law, on-site inspections are conducted by the MASAK
through different sector supervisors including the bank examiners and experts of the BRSA.
The BRSA serves as the “technical arm” of the MASAK for AML/CFT supervisory matters. The
MASAK examination teams are formed according to the MASAK requirements on a case by
case basis.
However, in addition to the inspections required by the MASAK, as a part of the on-site
supervision of banks, the BRSA oversee AML/CFT compliance in the banking industry. In
that context, the on-site teams examine and evaluate the adequacy and effectiveness of
banks’ policies, procedures, work-flows, human resources management and internal control
systems in relation to the relevant regulations. The GAR Module of the BRSA has specific
questions on AML/CFT related issues.
In this context, AML/CFT policies, implementation procedures, human resources and control
systems are examined by the BRSA. These examinations are mostly done during the ratings
process assessing the following issues:
- Whether the bank employs relevant number of personnel charged for AML/CFT
issues commensurate with its scale and operations and whether they are sufficiently
qualified, whether bank’s personnel is subject to an adequate level of training with respect
to AML/CFT issues and whether the frequency of training is commensurate with the scale
and operations of the bank,
- Whether the bank uses an adequately structured IT framework with regard to

AML/CFT issues commensurate with the scale and operations of the bank,
- Whether the criteria underlying the above mentioned IT framework are regularly
reviewed, and updated where it is deemed necessary,
- Whether the authorization and responsibilities of the compliance officer is

documented and is adequate,
- Whether the bank has a policy document regarding the AML/CFT issues approved
by the Board of Directors and whether this document is adequate,
- Whether the bank has written criteria for detection of suspicious transactions,

TURKEY
- Whether the bank has adequately established procedures regarding the

authorization of the relevant personnel for incorporating revisions to the IT framework
established for the detection of suspicious transactions,
- Whether the bank has documented its CDD policies, including issues on
documents to be demanded from the customers and procedures for verification of the
accuracy of these documents,
- Whether the internal controls with regard to the effectiveness and applicability of
cross controls are adequate,
- Whether the internal audit unit of the bank has special audits on AML/CFT issues,
- Whether the findings of the internal audit are followed up by the bank’s
management,
- Whether the bank has an adequate internal assessment report about the AML/CFT
issues,
- In the context of consolidated supervision, whether the parent company of the

bank has written policy documents on AML/CFT issues,
- Whether the home country of the parent company is subject to the supervision of
an FIU.
These assessments are then incorporated into the CAMELS rating methodology under the
“Management” component.
Recently, the BRSA has established a Commission, composed of 4 senior bank examiners,
responsible for coordinating AML/CFT examinations. These examinations will be conducted
starting from the second half of 2016. For that purpose, the Commission prepared a
Supervisory Manual on AML/CFT Issues (SMAMLCFT) approved by the Chairman.
According to this manual on-site examiners are initially required to make an AML/CFT
related risk assessment of the bank. The manual includes analysis and assessments under 8
sections: Organizational Structure, Compliance, Training of the Personnel, Internal and
External Audit, Reporting Requirements, Process Audits, Retention of Documents, Secrecy.
EC2 The supervisor determines that banks have adequate policies and processes that promote
high ethical and professional standards and prevent the bank from being used, intentionally
or unintentionally, for criminal activities. This includes the prevention and detection of
criminal activity, and reporting of such suspected activities to the appropriate authorities.
Description and The supervisory requirements on policies and processes to prevent institutions from being
findings re EC2 used for criminal activities are contained in the AML Law, TF Law and subsequent sub-
regulations, namely the Regulation on Measures Regarding Prevention of Laundering
proceeds of Crime and Financing of Terrorism (ROM), Regulation on Program of
Compliance with Obligations of Anti-Money Laundering and Combating the Financing of
Terrorism (ROC) and Regulation on the Procedures and Principles Regarding the
Implementation of Law on the Prevention of Financing of Terrorism (ROT). Furthermore, the

TURKEY
MASAK prepared a formal supervision manual in 2010 called “Guidance on the Supervision
of Obligation”. This guidance involves check-lists for the obligors to provide examiners with
formal supervisory tools.
AML general compliance inspections aim at preventing and detecting criminal activities in
banks. As mentioned in EC1, the inspections are planned and coordinated by the MASAK
using banking experts of the BRSA. The inspections follow a risk-based approach focusing
on risk factors determined by the MASAK and relevant supervisory authorities. When
elaborating the annual supervisory plans, the MASAK coordinates with the supervisory
authorities the time frame and availability of human resources to AML/CFT supervision.
The examinations conducted in banks regarding AML/CFT issues by BRSA and MASAK
during the last two years are summarized in the following table:
Number of Banks
Year Examined Examination Type
General Compliance with laws and regulations regarding

2014 23 AML/CFT
General Compliance with laws and regulations regarding

2015 11 AML/CFT
Examinations related to violations of Suspicious

Transactions Reporting, CDD, Training-Internal Systems-
2014 18 Other Measures
Examinations related to violations of Suspicious

Transactions Reporting, CDD, Training-Internal Systems-
2015 16 Other Measures
The findings of these examinations are followed up by MASAK and shared with BRSA’s
management along with the other related information when requested.
Banks obligation to report suspicious activities related to money laundering or terrorist

financing activities are clearly established in article 4 of the AML Law and ROM, chapter 4.
The obligation is to report these activities to the MASAK only.
EC3 In addition to reporting to the financial intelligence unit or other designated authorities,
banks report to the banking supervisor suspicious activities and incidents of fraud when
such activities/incidents are material to the safety, soundness or reputation of the bank.78
Description and Banks are required to report only to the MASAK any suspicious activities pursuant to the
findings re EC3 Article 4 of the AML Law.
78Consistent with international standards, banks are to report suspicious activities involving cases of potential money
laundering and the financing of terrorism to the relevant national centre, established either as an independent
governmental authority or within an existing authority or authorities that serves as an FIU.

TURKEY
EC4 If the supervisor becomes aware of any additional suspicious transactions, it informs the
financial intelligence unit and, if applicable, other designated authority of such transactions.
In addition, the supervisor, directly or indirectly, shares information related to suspected or
actual criminal activities with relevant authorities.
Description and Pursuant to the Article 40 of the ROM, the BRSA informs the MASAK when it becomes
findings re EC4 aware of any suspicious transactions or criminal activity. The MASAK is responsible for
transmitting the information to judicial and other relevant authorities.
EC5 The supervisor determines that banks establish CDD policies and processes that are well
documented and communicated to all relevant staff. The supervisor also determines that
such policies and processes are integrated into the bank’s overall risk management and that
there are appropriate steps to identify, assess, monitor, manage and mitigate risks of
money laundering and the financing of terrorism with respect to customers, countries and
regions, as well as to products, services, transactions and delivery channels on an ongoing
basis. The CDD management program, on a group-wide basis, has as its essential elements:
a) a customer acceptance policy that identifies business relationships that the bank will
not accept based on identified risks;
b) a customer identification, verification and due diligence programme on an ongoing
basis; this encompasses verification of beneficial ownership, understanding the purpose
and nature of the business relationship, and risk-based reviews to ensure that records
are updated and relevant;
c) policies and processes to monitor and recognize unusual or potentially suspicious
transactions;
d) enhanced due diligence on high-risk accounts (e.g., escalation to the bank’s senior
management level of decisions on entering into business relationships with these
accounts or maintaining such relationships when an existing relationship becomes
high-risk);
e) enhanced due diligence on politically exposed persons (including, among other things,
escalation to the bank’s senior management level of decisions on entering into
business relationships with these persons); and
f) clear rules on what records must be kept on CDD and individual transactions and their
retention period. Such records have at least a five year retention period.
Description and Supervisory determinations on CDD policies and processes are mostly defined in the ROM
findings re EC5 and the ROC. As mentioned in EC1, the BRSA examines CDD and AML/CFT polices and
process of banks under the management component of the ratings process. Regarding the
essential elements of the CDD management program:
a) customer acceptance policy is not explicitly mentioned in the regulation;

b) customer identification, verification and due diligence program, including beneficial
ownership are covered by the ROM, mostly on chapter 3.
c) policies and processes to monitor and recognize unusual or potentially suspicious
transactions are covered by the RoM, chapter 4.

TURKEY
d) escalation to the senior management level of decisions on entering into business

relationships with high-risk accounts is covered in articles 12 and 13 of the RoC.
e) enhanced due diligence on politically exposed persons is not defined in the regulation.
The BRSA and MASAK explained that since PEPs are involved in high risk groups, they
are indirectly subject to also the other obligations such as the obligation to pay special
attention to certain transactions, the obligations concerning new technologies or risky
countries (the Articles 18, 20 and 25 of the ROM, respectively).
f) rules on what records must be kept on CDD are established by article 8 of the AML Law.
The obliged parties (including banks) should maintain the documents, books and
records for eight years from the last record date, and must keep identification
document for eight years from the last transaction date.
EC6 The supervisor determines that banks have in addition to normal due diligence, specific
policies and processes regarding correspondent banking. Such policies and processes
include:
a) gathering sufficient information about their respondent banks to understand fully the
nature of their business and customer base, and how they are supervised; and
b) not establishing or continuing correspondent relationships with those that do not have
adequate controls against criminal activities or that are not effectively supervised by the
relevant authorities, or with those banks that are considered to be shell banks.
Description and Article 23 of the ROM provides the measures to be taken by financial institutions with
findings re EC6 regard to correspondent banking and payable-through accounts. Financial institutions are
obliged to apply enhanced due diligence measures in their correspondent banking
relationships and assess the AML and terrorist financing system of the respondent financial
institution.
More specifically, article 23 of the ROM states that financial institutions are required to take
necessary measures in foreign correspondent relationships in order to obtain, by making
use of publicly available resources, reliable information on whether the respondent financial
institution has been subject to a money laundering and terrorist financing investigation and
been punished, its business field, reputation and the adequacy of supervision on it. Banks
are also required to assess AML and terrorist financing system of the respondent financial
institution and to ascertain that the system is appropriate and effective. Financial
institutions must also obtain approval from a senior manager before establishing new
correspondent relationships.
According to Article 23 of the ROM, it is forbidden for financial institutions to establish

correspondent relationship with shell banks and financial institutions about which they
cannot be sure that these institutions do not permit their accounts to be used by shell
banks.

TURKEY
EC7 The supervisor determines that banks have sufficient controls and systems to prevent,
identify and report potential abuses of financial services, including money laundering and
the financing of terrorism.
Description and In addition to broad regulation on internal controls issued by the BRSA, including IRCAAP,
findings re EC7 the ROM requires financial institutions to establish appropriate risk management systems to
follow up permanently the transactions made by their customers and analyze the
compatibility of these transactions with the profile of the customer in order to identify and
report potential suspicious transactions. Furthermore, ROC, chapter 7, establishes
requirements for internal controls related to AML/CFT.
The BRSA assesses on a regular basis, as part of the ratings process, whether banks internal
systems and controls are appropriately addressing AML/CFT issues. These inspections
include, but are not limited to the adequacy of the IT framework, internal controls and
bank’s policy and internal audit function in relation to AML/CFT. Furthermore, MASAK
coordinates compliance inspections with AML/CFT regulation. Please refer to EC1.
EC8 The supervisor has adequate powers to take action against a bank that does not comply
with its obligations related to relevant laws and regulations regarding criminal activities.
Description and The MASAK is the only authority empowered to sanction financial institutions in case of
findings re EC8 non-compliance with the AML/CFT requirements.
Articles 13 and 14 of the AML Law specify the administrative fines and judicial penalties in
failure to comply with obligations prescribed in the law. Furthermore, the Article 39(2) of
the ROM, extends the administrative fines applicable for failure to comply with the CDD and
suspicious transaction reporting obligations. Administrative fines are imposed by the
MASAK.
The Article 14 of the TF Law stipulates that MASAK will monitor the compliance of
institutions and persons holding assets with the freezing measures and the Article 15 of the
TF Law sets out the penal sanctions applicable for failure to comply with freezing decisions.
The MASAK is also authorized to take any violation of Articles 4(2), 7 and 8 of the AML Law
to the public prosecutor in order to allow the violating bank to be subjected to judicial
penalty. (Article 4(2) is on disclosing the information in the suspicious transaction reports.
Article 7 is on providing all kinds of information requested by MASAK. Article 8 is on the
obligation of obliged parties to retain the documents, books and records for eight years.)
Although the powers of BRSA set out under the BL are not directly related to money
laundering or terrorist financing crimes, the BRSA is authorized by law to implement
administrative penalties to a bank that does not comply with its duties. The BRSA is also
empowered to take any criminal activity by a bank to the public prosecutor. Among those
criminal activities are failure to submit data and documents, failure to comply with the
obligation of records keeping, false statement, non-recording transactions, non-factual
accounting and embezzlement.

TURKEY
EC9 The supervisor determines that banks have:
a) requirements for internal audit and/or external experts79 to independently evaluate the
relevant risk management policies, processes and controls. The supervisor has access to
their reports;
b) established policies and processes to designate compliance officers at the banks’
management level, and appoint a relevant dedicated officer to whom potential abuses
of the banks’ financial services (including suspicious transactions) are reported;
c) adequate screening policies and processes to ensure high ethical and professional
standards when hiring staff; or when entering into an agency or outsourcing
relationship; and
d) ongoing training programs for their staff, including on CDD and methods to monitor
and detect criminal and suspicious activities.
Description and a) The requirements for internal audit are established in the RICAAP and are assessed by
findings re EC9 the on-site examiners of the BRSA. Please also refer to CP 26 on internal control and
audit.
b) Requirements for establishing compliance programs are prescribed in the ROC. The
regulation includes requirements regarding the adoption of policies and procedures,
the establishment of monitoring processes and controls and the appointment of a
compliance officer to whom potential abuses of the bank’s financial services are
reported.
c) MASAK regulation includes provisions to ensure high ethical and professional
standards when hiring staff but those measures only address the screening of senior
management.
d) Chapter 6 of the ROC includes provisions on the training of the staff on AML/CFT
matters.
EC10 The supervisor determines that banks have and follow clear policies and processes for staff
to report any problems related to the abuse of the banks’ financial services to either local
management or the relevant dedicated officer or to both. The supervisor also determines
that banks have and utilize adequate management information systems to provide the
banks’ Boards, management and the dedicated officers with timely and appropriate
information on such activities.
Description and MASAK (ROM) requires banks to report suspicious transactions (STR) via their compliance
findings re EC10 officers. The ROC, particularly chapter two, requires the establishment of institutional
policies and procedures related to STR. Chapter 7 provides guidance on the internal
controls.
Obliged parties send their institutional policies to MASAK that evaluate their adequacy.
Additionally, articles 24 and 28 of the ROC requires the obligors to report detailed
79 These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.

TURKEY
information on staff training and the works carried out in the scope of internal control
activities.
General compliance inspections are carried out by the BRSA on behalf of MASAK. Please
also refer to EC2.
EC11 Laws provide that a member of a bank’s staff who reports suspicious activity in good faith
either internally or directly to the relevant authority cannot be held liable.
Description and A member of a bank’s staff who reports suspicious activity in good faith will be protected
findings re EC11 under article 10 of the AML Law. According to this article, natural and legal persons fulfilling
their obligations in accordance with this Law will not be subject to civil and criminal liability.
EC12 The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign
financial sector supervisory authorities or shares with them information related to suspected
or actual criminal activities where this information is for supervisory purposes.
Description and MASAK is authorized to exchange views and information on the subjects within the scope
findings re EC12 of its duties. In that manner, MASAK may exchange information and documents with
foreign counterparts and sign MoU (art. 12 of the AML law) establishing the basis for
cooperation.
MASAK has been a member of the Egmont Group of FIUs since 1998. As member, MASAK is
able to exchange information related to money laundering, and predicate offenses resulting
in money laundering, with other members of the Egmont Group using the Egmont Secure
Web and in accordance with the “Statements of Purpose of the Egmont Group and its
Principles for Information Exchange.
The BRSA is also authorized by Article 98 of the BL to cooperate and exchange information
regarding financial institutions and financial markets with any counterpart supervisory
authority. Please refer to CP13.
MASAK and BRSA have signed a protocol on information exchange and working
arrangements. Please also refer to EC2.
EC13 Unless done by another authority, the supervisor has in-house resources with specialist
expertise for addressing criminal activities. In this case, the supervisor regularly provides
information on risks of money laundering and the financing of terrorism to the banks.
Description and As explained in EC1, the MASAK is the main supervisory authority for AML/CFT related
findings re EC13 issues pursuant to the Articles 11 and 9(1) (i) of the AML Law. Duties and powers of the
MASAK include developing policies and implementation strategies, preparing legislation,
collecting and analyzing data, receiving suspicious transaction reports and coordinating
inspections on AML/CFT issues.
The MASAK conducts training activities for the obligors as well as the relevant regulatory
and supervisory authorities. Within this framework, the MASAK conducted 6 workshops in
2014 with 64 participants from the Tax Inspection Board, Customs and Trade Ministry
Inspection Board, BRSA, Comptrollers Board of the Treasury, Insurance Supervision Board of

TURKEY
the Treasury and Capital Markets Board. Additionally, 5 workshops were conducted with
490 participants from the obligors including banks, insurance and pensions corporations
and Islamic banks.
The BRSA also maintains a team of experts on AML/CFT issues in charge of inspections,
drafting manuals and disseminate the expertise.
Finally, the MASAK provides information on risks of money laundering and the financing of
terrorism to the banks in the form of handbooks, workshops and frequent contacts and
discussions.

Principle 29
Comments The scope of the assessment of this principle was limited to the applicable regulation and
the BRSA activities. It did not include MASAK coordinated inspections and other activities.
The AML law and related regulations forms the framework to prevent the abuse of financial
services. The framework includes customer due diligence (CDD) rules and procedures to
report suspicious transactions but have shortcomings that need to be addressed. In
particular, the CDD requirements should include a customer acceptance policy that
identifies business relationships that the bank will not accepted based on identified risks
and enhanced due diligence on politically exposed persons. The framework should also
require banks to report to the BRSA suspicious activities and incidents of fraud when such
activities/incidents are material to the safety and soundness or reputation of the bank.

TURKEY
SUMMARY COMPLIANCE WITH THE BASEL CORE

PRINCIPLES
Core Principle Grade Comments
1. Responsibilities, objectives LC The BL provides a broadly appropriate framework for
and powers regulating and supervising banks. It also provides clear
responsibilities and adequate powers to the BRSA.
However, the lack of appropriately defined hierarchy
among the objectives of financial stability and
development of the financial sector may cause potential
conflicts and be harmful to the safety and soundness of
banks. The assessors noted that some BRSA decisions (e.g.,
differentiations in loan loss provisions and loan
restructuring rules) might be interpreted as rules that aim
primarily to support financial development objectives. Such
measures might affect the reputation of the supervisors
and convey the message of forbearance. In order to be
fully compliant with this principle the objective of
development of the financial sector should be explicitly
subordinated to financial stability in the BL
2. Independence, accountability, MNC The legal protection of the supervisor is broadly adequate.
resourcing and legal protection Nonetheless the institutional framework contains
for supervisors shortcomings that should be improved.
The BL establishes the BRSA as an independent body but

it contains provisions that might undermine
independence in practice. There are several channels of
interaction between the BRSA and the government that,
considered together, may accommodate political
influence: i) the appointments of the Chair and Board
members are made by the Council of Ministers without
any confirmation process by any other independent body;
ii) before putting into force regulatory procedures the BRSA
needs, by law, to consult the related Ministry; iii) the Prime
Minister approves the removal of members of the Board,
if conditions specified in the BL are met, without
publishing the reasons; iv) the relevant minister may
permit lawsuit against board members; and v) the BL
allows the relevant ministry to file a lawsuit for the
cancelation of the Boards regulatory decisions (art. 105).
These possible channels of political influence over the
Agency, particularly considering the large role played by

TURKEY

state-owned banks in Turkey, might cause conflicts of
interest that might undermine financial stability.
The authorities should therefore amend the legislation to

limit the cases that require the Minister’s involvement. In
particular, it seems appropriate to establish a third party
to perform a stronger role in the checks and balances
framework such as, making regulatory consultation
procedures more transparent, so that BRSA proposals and
Ministry comments are published, introducing a process
for appointments for the BRSA to be confirmed by a non-
executive government body and removing the related
minister permission for lawsuits for the cancelation of the
BRSB regulatory decisions.
There also seems to be room for improving the

accountability framework. Despite the periodic briefings
from the BRSA to the Council of Ministers, the assessors
did not see evidence of a third party aiming to ensure that
the powers delegated to the BRSA are exercised
appropriately and that its operations are effective and in
line with its mandate and objectives.
Finally, in relation to resourcing, entry conditions to the

BRSA are not attractive for the hiring of mid-career
professionals and provide practical constraints in the
event of a shortfall in experience levels.
3. Cooperation and collaboration C Legal provisions as well as operational frameworks for

cooperation and collaboration with domestic and foreign
authorities are in place. Protections on confidentiality
appear appropriate. Regarding the lack of processes for
recovery and resolution planning, the assessors do not
see their absence as reflecting a lack of collaboration
between authorities. See also CP9.
4. Permissible activities C The BL provides clear definitions of activities that are only
permitted to be conducted by registered banks, including
taking deposits from the public.
5. Licensing criteria LC Provisions in the laws and regulations related to licensing

and the process followed by the BRSA provide a
comprehensive framework to assess the adequacy of new
registrations for banks, including foreign bank branches.
The BRSA seems to have a broadly sound process to

TURKEY

assess applications in practice. However, in order to
maintain a licensing process fully compliant with the
principle, the BRSA needs to additionally: i) impose
requirements and assess if the bank’s board has a
collectively sound knowledge of the material activities the
bank intends to pursue; and ii) for cross-border banking
operations, determine whether the home supervisor
practices global consolidated supervision.
6. Transfer of significant C The power given to the supervisor by laws and regulations
ownership as well as the current procedures provide broadly sound
control and oversight regarding significant ownership of a
bank and a controlling company.
7. Major acquisitions C The regulatory framework subjects major acquisitions and

investments by banks and controlling companies to prior
approval by the BRSA. The BRSA also has well established
supervisory practices to limit and monitor risks arising
from such activities. Going forward, supervisors should
consider more extensively and formally the effectiveness
of supervision in host countries.
8. Supervisory approach MNC  The BRSA has an established and comprehensive

methodology to supervise banks. This methodology is
documented in a number of manuals and leverages
comprehensive databases and a broadly appropriate
regulatory framework. Nevertheless, the practical
implementation of the process is subject to
shortcomings that needs to be addressed:
 The inspections need to develop a more profound

and forward-looking risk assessment nature,
producing a clear view of the risks faced by and
posed by the bank. Current conclusions tend to focus
mostly on compliance issues and do not identify and
make clear if there is need for broader and more
forceful supervisory action. Supervisors also need to
derive and highlight the implications of the specific
findings for the broader risk assessment of the bank.
 The BRSA should not take excessive comfort from the

fact that issues are analyzed during the ratings
process. By its own nature, and as currently applied
by the BRSA, the ratings process is not deep enough

TURKEY

to generate firm and actionable conclusions. From
time to time, the scope of special inspections needs
to encompass issues that are currently addressed only
during the ratings phase.
 The BRSA needs to enhance the forward-looking

components of its assessments. Results of the ICAAP
need to be more thoroughly analyzed and discussed
with banks. Stress tests results should play a larger
role in the assessment framework. In addition, the
ratings methodology could explicitly incorporate the
expected trend for each component.
 Banks, particularly the systemically important ones,

should be required to develop recovery plans and the
BRSA should assess their resolvability.
 The assessors understand that the BRSA is already

developing actions to address some of the above
issues and encourage the authorities to keep working
to improve the efficiency of the process.
9. Supervisory techniques and LC The BRSA employs an array of tools and techniques to
tools carry out its supervisory responsibilities. On-site and off-
site functions are relevant and well developed. The
different departments also share their findings with each
other, but their work seems to be conducted in parallel
with little coordination. The departments do not seem to
have joint projects and supervisors do not exchange views
beyond written reports. As required by EC1, it is important
for the BRSA to develop policies and processes to assess
the effectiveness and integration of on-site and off-site
functions, and to address any weaknesses that are
identified. Increasing the rotation between on- and off-
site supervisors could also help the integration of the
areas.
Communication with banks could also be improved. The

BRSA should consider setting policies establishing at least
one annual meeting between supervisors and the board
of the bank. The end of the CAMELS rating process, when
the supervisor summarizes its opinion of the bank, might
be an appropriate occasion to explain to the board the
views and concerns of the BRSA. The assessors

TURKEY

understand that this is frequently done, but not
systematically with all banks. Additionally, other important
analyses done by the BRSA, such as the stress testing
exercises could also be more clearly discussed with banks.
10. Supervisory reporting C The regulatory framework requires banks and controlling
companies to periodically submit a broad range of
information. Regulatory and supervisory processes exist to
ensure accuracy and comparability of submitted returns.
Developed procedures for analyzing collected information
and feeding into supervisory activities are in place.
Going forward the BRSA could consider formalizing the

process of periodically review of the information
collected, to determine that it remains appropriate and
satisfies its needs.
11. Corrective and sanctioning LC The BRSA has available an appropriate range of
powers of supervisors supervisory tools to use when, in the supervisor’s
judgment, a bank is not complying with the regulations or
represents a risk for the financial sector. Nevertheless, in
practice, the remedial and corrective actions provided for
in the law are rarely used at an early stage as a
preventative measure. The BRSA seems to rely more
heavily on administrative fines whose scope of application
is more clearly defined in the BL than on taking actionsat
an early stage to address unsafe and unsound practices
that require supervisory judgment.
The assessors were presented evidence of BRSA actions

requiring banks to make adjustments to practices and
processes. Nevertheless, such action had a scope limited
to specific issues such as the classification of particular
loan operations. Evidence was not observed of supervisors
addressing broader concerns about the risks posed and
faced by banks from a deepening and expansion of the
initial review, a point reinforced in the comments of
banks.
The supervisory review process within the BRSA also

seems to play a role towards limiting the issues that
supervisors raise with banks. Although reviews of
supervisory reports are necessary, the current process
seems relatively skewed towards validation of compliance

TURKEY

processes and thus constrains active supervisory
judgments and decisions. Consideration could also be
given to integration of supervision and enforcement,
particularly in terms of communication with financial
institutions, which might support a more risk focused and
less compliance based supervisory approach.
In order to become fully compliant with this principle the

BRSA needs to incorporate the results of forward looking
tools more heavily in its decision making process and act
at an early stage to restore weak banks and correct
examples of unsound practices, even if formal prudential
ratios haven’t been breached.
12. Consolidated supervision LC The regulatory and reporting framework provides a

broadly appropriate structure for monitoring and
assessing risks to banks from non-banking and foreign
banking operations in banking groups. However, the
current limitations of the CAMELS rating and ICAAP
process, the BRSA should make further effort to monitor
and manage risks arising from nonbanking and foreign
activities or parent entities of a financial group. In this
regard, as described in CP 8 and 9, the BRSA should
deepen the analyses and strengthen its techniques, such
as group-wide stress testing, to monitor and assess these
risks. It is important to further improve the group-wide
strategic view of the banking group operations and risks.
Authorities should further improve the recovery and
resolution planning of large banking groups particularly
once the necessary power is given to the supervisor by
the expected new legislation. Such planning should also
consider scenarios where shocks originate from non-
banking entities or parent groups. Taking into account
that these shortcomings have already been reflected in
other principles, particularly CP 8 and 9, the assessors
considered this principle compliant.
13. Home-host relationships LC The BRSA has made vast efforts to improve home-host
relationship during the last few years. Among several
initiatives the agency has started organizing colleges,
signed a number of important MoUs and removed
obstacles that weakened the supervision of Turkish banks’
operations in several countries. Nevertheless, considering

TURKEY

that some Turkish banks hold material operations abroad,
it is important to improve the relationship even further. In
particular, it is essential to develop a framework for cross-
border crisis coordination with relevant host authorities
and the development of resolution plans that pay special
attention to cross border issues.
14. Corporate governance MNC The legal framework surrounding the corporate
governance framework for banks is extensive, but very
heavily focused on board responsibilities regarding
internal systems (risk management, internal control,
internal audit). Examination processes (GAR and
specialized examinations) have required steps to check
board approvals, internal structures, and processes which
reflect on the governance function. The BRSA approves
board and senior management appointments. In this way,
the BRSA reviews the appointments process of the bank.
However, the results of special examinations and

supervisory processes consistently stop short of drawing
conclusions, in analytical, narrative form, on the
implications the findings have for critical areas that are
directly linked to the examined area. These critical areas
reflect directly on the corporate governance effectiveness
of the bank (such as management oversight of business
areas, adequacy of risk management and internal audit’s
role in the subject areas, integrity of MIS that goes up to
the board level, and ultimately, board oversight). As a
result, supervisory observations are not easily collected in
order to form a more cross-cutting, substantiated view on
corporate governance and the adequacy of internal
systems. Therefore, validation of the manner in which such
internal systems and governance operates is not well
supported. This impacts the degree to which the BRSA
should place confidence in the systems that inform the
board and itself, as well as the systems’ ability to generate
early warning indicators of deterioration.
There is no requirement for the majority of the board to

be composed of non-executive members which could
result in, potentially, boards being composed of a majority
of executive directors with only the 2 nonexecutives as
currently required by the legal framework. However,

TURKEY

practically speaking, 10 out of 53 banks are listed and
must fall under the CMB Communique on governance
which requires a majority of independent directors.
Consideration should be given to upgrading legislation
requiring the board to be composed of a majority of
nonexecutive members, and ideally, with a certain
minimum of independent individuals. (The definition of
“independent” should be consistent with that used by the
CMB in its Communiqué on Corporate Governance.)
Audit committee membership should be expanded. While

some bank boards in the system have populated this
committee with more members, a minimum of 2 members
is considered too few in order to execute the duties
assigned to it in a robust and effective manner. This is
particularly so since the audit committee is considered an
extension of the board and is assigned the task of internal
systems oversight which includes risk management. In
addition, the chair of this committee, in some banks, is
also the chairman of the board which does not reflect best
practice and potentially represents a conflict of interest.
This committee should be expanded and should be
composed of all independent directors. As well, legislation
directs that audit committees have oversight responsibility
for internal systems which includes risk management.
Under the current audit committee structures, proper
oversight of both critical areas is difficult at best. Risk
management oversight responsibility should be separated
from the audit committee, particularly in the more
complex institutions (it was noted that one bank, in fact,
constituted a separate risk management committee).
While three special examinations of governance elements

have been conducted, there is a need to more regularly
conduct cross-cutting assessments of corporate
governance in a holistic manner which would, in part,
leverage recent examination results and relevant offsite
information as well as information generated from any
enforcement actions. Consideration could be given to
introducing such a review in order to enhance and better
substantiate conclusions on the adequacy of a bank’s
corporate governance.

TURKEY

Given the observations cited in the above ECs (board
membership/objectivity, board nominations process,
board committee structure and membership,
management oversight and performance evaluation,
succession planning, “know your structure requirements”,
internal code of conduct, etc.) the BRSA should develop a
more comprehensive corporate governance regulation
that completes the elements of governance that already
exist in guidelines and regulation. This type of instrument
could be a focal point of supervisory corporate
governance reviews in the future.
15. Risk management process LC The RICAAP forms a part of the core of the BRSA’s
regulatory framework for risk management. Given that the
ICAAP is a relatively recent requirement, banks’ are still
developing their approach and implementing important
systems. The BCP team’s review of supervisors’ working
papers and discussion with banks indicated that banks as
well as supervisors are, in fact, in a learning phase. The
quality of banks reports and the scrutiny of the reports by
supervisors will need to develop further before the results
can be more reliably and more extensively used.
Commensurate with their size and complexity of

operations, banks should be specifically required to have
qualified CROs with sufficient stature, position and
authority within the organization to oversee risk
management activities. The level of senior manager may
not provide the necessary stature necessary to challenge
high level risk decisions and processes.
As well, while there are comprehensive requirements for

the evaluation of new products, parameters should be
expanded to explicitly address material modifications to
existing products and major acquisitions. It should also
direct banks to restrict such products or activities if they
do not have the necessary controls, management, and
resources to manage related risks.
16. Capital adequacy C The BRSA has adopted the various components of Basel II,
2.5 and III according to the framework established by the
Basel Committee. Capital is calculated on a consolidated
and solo basis for all banks and the BRSA has the
authority to impose additional capital requirements on

TURKEY

individual banks, as deemed necessary. The BRSA has
applied the three Basel ratios (common equity tier 1, tier 1
and total capital) as well as countercyclical capital
requirements, systemically important bank capital add-
ons and a “capital planning buffer” that provides a
forward looking nature to the capital regulation.
Going forward, as the BRSA gain experience with the

ICAAP, it should consider simplifications to the framework
to improve its enforceability and reduce banks’
compliance burden, particularly for non-systemically
important banks. Simplifications that could be considered
include restrictions on diversification benefits and use of
models for credit, market and operational risk that have
not been authorized for the Pillar 1 capital charge. The
BRSA should also evaluate the interaction with other
requirements such as the 12% parallel capital charge and
the Basel capital buffers to prevent the effectiveness of
the Pillar 2 regime from being damaged by another more
stringent requirement that in practice makes the Pillar 2
charges irrelevant.
17. Credit risk MNC The legal framework for credit risk is generally
comprehensive. It establishes the responsibility of the
board in this area, requires a framework for the credit
business of banks, as well as prescribes a properly
controlled credit risk environment. However, several issues
exist which compromise the effectiveness the framework
and its application.
As prescribed in regulation and organized in practice

(verified through review of credit portfolio special
examinations presented by the BRSA during the
assessment) the credit risk management oversight (line
management function) and credit risk management
function and the organization therein create loopholes in
independence and integrity of credit risk monitoring and
reporting to bank boards and the BRSA:
1. The framework design does not require ongoing,

independent (from the business line) credit risk
monitoring of large individual exposures or homogeneous
portfolios. Important source data (e.g., identification of
deteriorating credits, level of (accurately) classified assets,

TURKEY

status of restructured credits, etc.) is generated by a line
management function (credit monitoring) without
independent verification that 1) management
identification processes are accurate and timely, 2) that
management, itself, is well informed of the risk and that it
is running and is upholding board prescribed
underwriting standards, and therefore, accurately
conveying its business risk, and that 3) timely borrower
intervention is activated.
2. This (unverified) information generated by the

line function is source data used by the risk management
functions for audit committee and board reporting and is
also likely the information also reported to the BRSA for
monitoring and examination purposes.
Although the internal audit function plays an important

role in ensuring a strong control environment, the
function itself is not designed to play an ongoing
surveillance role such as the independent credit risk
management unit. It cannot replace the need to have such
a function within the bank(s).
Highlighting the issues surrounding this organizational

environment, examiners, through their inspection process,
have identified important, clearly inaccurate classifications
of credit that could easily indicate the existence of 1 and 2
above. However, the significance of these inaccurate
classifications was not clear from the examination samples
reviewed. Consistently, there was no indication of the size
of the sample of reviewed credits, how significant the
aggregate, inaccurately classified credit was to the total
portfolio, and if such findings could be extrapolated to
the entire portfolio.
Credit classification definitions, particularly in the special

mention and substandard categories are overlapping.
Evidence demonstrates that both the examiners, but
especially the bankers, fluidly move credits among these
categories which compromises the picture of the bank’s
risk profile which accurate classification is intended to
depict. As well, such movement and less rigorous

TURKEY

classification impacts provisioning levels and ultimately,
the accuracy of the bank’s financial statement.
The REPL explicitly allows restructuring of loss credit

which is considering in many systems to be imprudent
activity as such loans are, by definition, permanently
impaired and considered “nonbankable” assets. In some
systems, such credits are prohibited from being
restructured. The draft REPL is silent on this issue but
theoretically would allow this practice. This practice
should be explicitly addressed (disallowed).
The manner in which the examiners present and write up

the credits that they review during the special
examination does not clearly depict the nature and
volume of other related exposures (in the given bank)
which, if presented, would help put the overall borrower
relationship in context.
18. Problem assets, provisions, MNC The framework for credit classification and provisioning is
and reserves generally adequate. However, the accuracy of asset
classification by banks, and therefore the integrity of
reporting to boards and the BRSA is called into question
given the nature of reclassifications assigned by onsite
examiners and the lack of documentation therein. Loan
write ups require more support and context as well as
need to present nature of collateral and provision impact.
Examination conclusions focus more on internal control
issues rather than higher level implications for the
condition and management of the credit portfolio under
examination.
Given the lack of (documented) focus on the implications

of important bank processes, the examination exercise
missed the opportunity to identify very important linkages
with and conclusions on:
 Management’s understanding of their business and

credit risk, ability to identify deterioration proactively
– thereby allowing for early intervention.
 Implications for internal systems => function, role,

and independence of credit risk management –
thereby validating the systems that the bank’s board
and the BRSA depends upon in order to effectively

TURKEY

oversee the institution. As well, these systems are key
to the exercise of risk based supervision by the BRSA.
 Inputs to evaluate corporate governance of the bank.
 Accuracy of information conveyed to the board and

the BRSA
The historical and statistical support for standard (general)

and special mention loan categories is not substantiated
by accumulated loss experience. It is not clear if appraised
values, within a range, are being realized upon the sale of
the properties or if provisioned amounts are adequately
covering loss experience on classified loans. Clear
parameters should be established for periodic valuation of
underlying collateral on NPL exposures.
19. Concentration risk and large C The legal framework addressing concentration risk and
exposure limits large exposures limits is generally in line with international
standards. The definition of connected parties is
comprehensive. The BRSA examines and monitors various
exposures including, inter alia, large exposures,
concentrations by sector, product, customer, and risk
group.
20. Transactions with related LC The legal and regulatory framework for related parties is
parties comprehensive. The offsite department receives and
regularly monitors reporting from banks. The onsite
review process for related parties is well structured;
related party exposures and the controls and board
processes therein are reviewed during the onsite
processes.
However, there is no explicit provision that requires prior

approval of related party transactions by the bank’s
board. As well, no explicit provision requires approval
(prior or post) of write-off of related party transactions.
While Article 48 of the BL provides a comprehensive

definition of “loan” and related party limitations address
such, legislation does not include other non-crediting
transactions within the limitations addressing related
parties. Legislation should be expanded to explicitly
capture all transactions, including loans, within the
parameters of related party limits and requirements.

TURKEY

The assessment team was informed that a draft revision of
the BL is being prepared by the BRSA. Within this context,
article 50 (a and b) may be revoked to allow board
member borrowing from the bank. It will also address
related party “transactions” as well. The assessment team
cautions the BRSA on relaxing related party risk
parameters. There are countries that continue to
rigorously restrict extension of credit, as well as
transactions with, related parties of the bank, including
board members. This is an area which historically has
proven consistently problematic in distressed bank
situations. Therefore, the team advises caution in
widening the scope for such exposures.
21. Country and transfer risks C BRSA guidance adequately captures country and transfer
risk as well as other relevant risks. Banks are expected to
establish country risk parameters as well as systems for
monitoring exposures, including indirect foreign-
exchange risk and indirect country risk. Country risk is
evaluated through the CAMELS review process and via the
risk matrix of the bank.
22. Market risk C The BRSA has adopted comprehensive regulation and
guidance through which to direct banks to identify,
measure, and monitor their market risk exposures. This
includes parameters for valuation, stress testing, and
model use. For examination purposes, these elements are
largely addressed through the CAMELS rating/GAR
methodology review process, and on an overall basis,
during the ICAAP review.
Of note, currently, specialist expertise is not deployed to

evaluate the scenarios or calculation details of the stress
testing exercises. Examiners review the models used to
measure market risk. However, they also depend
substantially on the banks’ model validation process. To
deepen the work and enhance the forward looking aspect,
the BRSA could consider deploying trained specialists to
assess stress test approaches and mathematical integrity
and to leverage resulting advice/input on specialized
exams. As well, enhanced examiner expertise in the area
of model evaluation could provide added assurance to
the BRSA on the integrity of bank models used.

TURKEY

23. Interest rate risk in the C BRSA supervision of interest rate risk is addressed through
banking book several activities. It is reviewed as a part of the overall
ICAAP review process and captured as an input in the
stress testing conducted therein. As well, the supervisor
covers elements of interest rate risk through the GAR
process, as described in EC 1 above, which is conducted
onsite but not to the depth of what a special examination
would require. However, specialized examinations of this
area are not yet conducted.
The BRSA should develop specialized examination

procedures for interest rate risk where it identifies
increasing or high risk areas. The BRSA should use
specialized expertise with which to evaluate scenarios and
assumptions used for more complex stress testing as well
as to review model validations during onsite examinations
or, as an offsite exercise.
24. Liquidity risk C The BRSA has set up a comprehensive framework for
liquidity regulation, monitoring, and assignment of bank
responsibilities. Regulation is in some cases more rigorous
than international benchmarks. A wide range of tools is in
place for monitoring banks’ liquidity positions and
funding experience. The CAMELS review/GAR
methodology addresses liquidity, and specialized
examinations are conducted when a change in trends or
strategy is detected. As well, the BRSA underwent a
Regulatory Consistency Assessment of its Basel III LCR
regulations for which it received a “compliant” rating.
However, review of onsite documents indicated that

conclusions regarding liquidity, funding stability, and
management processes stopped short of considering
other areas of the balance sheet, growth trends, asset
quality, and management processes, etc. to support
conclusions. Such issues are critical to the overall review
process and should be captured and clearly conveyed in
examination documents to supported supervisory
observations. This is particularly important given that
some banks may have tight liquidity positions including
relatively high loan to deposit ratios.
The central bank has taken a number of steps in recent

years to support the strengthening of foreign currency

TURKEY

funding. There appears to be an opportunity to
strengthen liaison between the BRSA and the CBRT on the
monitoring and management of foreign liquidity risk.
Given the potential foreign exchange roll over risk
residing in banks’ positions, consideration could be given
to increasing the ultimate target for the FX LCR from 80%
to 100% to further strengthen the management of
liquidity risk.
25. Operational risk C Oversight of operational risk is anchored in RICAAP and

further expanded in the GORM which comprehensively
addresses relevant aspects of this risk. The supervisory
process explicitly addresses this risk through the
evaluation of the ICAAP process and reports submitted by
banks as well as through the GAR process and as a part of
MIS evaluation and controls during specialized
examinations.
26. Internal control and audit C The legal framework is comprehensive in this area, both
as it is articulated in the requirements for internal systems
and separately as requirements specifically directed to the
internal audit function. Review of the internal audit
process is an important part of the onsite (GAR) process
covered each supervisory cycle. However, targeted or
specialized examinations of the internal audit process,
leveraging the GAR results as well as specialized
examination results as partial inputs, could enhance the
validation of this important function. Such validation by
the BRSA is important in order for it to maintain or
increase the degree of confidence (and therefore,
dependence) it can place in audit outputs as early warning
indicators of shifting risk.
27. Financial reporting and C Procedures surrounding financial reporting and external
external audit audit are well established. Accounting standards closely
follow IFRS and provisioning standards are set to dovetail
with the implementation of IFRS 9. Valuation procedures
for financial assets are comprehensive. BRSA conducts
review of valuation procedures and of valuation models as
a part of the onsite examination process. Parameters for
banks’ external audit process are well established.
28. Disclosure and transparency C Banks are required to disclose their financial statements
according to TFRS and TAS, the Turkish version of IFRS

TURKEY

and IAS, on both a solo basis and consolidated basis.
Disclosure requirements for nonfinancial information are
adequate. BRSA regularly evaluates the timeliness and
content of external audit/annual reports for compliance
with regulatory parameters and Pillar III disclosures.
29. Abuse of financial services LC The scope of the assessment of this principle was limited
to the applicable regulation and the BRSA activities. It did
not include MASAK coordinated inspections and other
activities.
The AML law and related regulations form the framework

to prevent the abuse of financial services. The framework
includes customer due diligence (CDD) rules and
procedures to report suspicious transactions but have
shortcomings that need to be addressed. In particular, the
CDD requirements should include a customer acceptance
policy that identifies business relationships that the bank
will not accept based on identified risks and enhanced
due diligence on politically exposed persons. The
framework should also require banks to report to the
BRSA suspicious activities and incidents of fraud when
such activities/incidents are material to the safety and
soundness or reputation of the bank.

TURKEY
RECOMMENDED ACTIONS AND AUTHORITIES’

COMMENTS
Recommended Actions
Recommended Actions to Improve Compliance with the Basel Core Principles and the
Effectiveness of Regulatory and Supervisory Frameworks
Reference Principle Recommended Action
Principle 1 Subordinate the objective of development of the financial sector to the

objective of financial stability in the BL.
Principle 2 Review the legislation to limit the cases that require the Minister’s
involvement with BRSA activities.
Improve the accountability framework to enhance the scrutiny of the

activities of the agency in relation to its objectives.
Create alternative arrangements that facilitate the possibility of hiring

experienced experts when needed.
Principle 5 Impose requirements and assess if the bank’s board has a collective
sound knowledge of the material activities the bank intends to pursue.
Determine whether the home supervisor practices global consolidated
supervision, for cross-border banking operations.
Principle 8 Develop a more profound risk assessment nature for the inspections.
Produce a clear view on the risks faced by and posed by the bank.
Derive implications of the specific findings for the broader risk
assessment of the bank.
Incorporate within the scope of special inspections issues that are

currently addressed only during the ratings phase.
Enhance the forward-looking components of the assessments: results of

the ICAAP need to be more thoroughly analyzed and discussed with
banks; stress tests results should play a larger role in the assessment
framework and; the ratings methodology could explicitly incorporate
the expected trend for each component.
Require banks to develop recovery plans.
Assess the resolvability of the banks.
Principle 9 Develop policies and processes to assess the effectiveness and

integration of on-site and off-site functions, and address any

TURKEY
weaknesses that are identified. Consider the case for integrating the
supervisory and enforcement functions.
Improve communication with banks. The BRSA should consider setting

policies establishing at least one annual meeting between supervisors
and the board of the bank. Important analyses done by the BRSA, such
as the stress testing exercises could also be more clearly discussed with
banks.
Principle 11 Incorporate the results of forward looking tools more heavily in the
BRSA decision making process and act at an early stage to restore weak
banks and correct unsound practices, even if formal prudential ratios
have not been breached.
Principle 12 Make further efforts to monitor and manage risks arising from
nonbanking and from foreign activities or parent entities of a financial
group. Deepen the analyses and strengthen BRSA techniques, such as
group-wide stress testing, to monitor and assess these risks.
Improve the recovery and resolution planning of large banking groups

particularly once the necessary power is given to the supervisor by the
expected new legislation. Consider scenarios where shocks originate
from nonbanking entities or parent groups in such planning.
Principle 13 Develop a framework for cross-border crisis coordination with relevant

host authorities and the development of resolution plans that pay
special attention to cross border issues.
Principle 14 Develop a more comprehensive corporate governance regulation

(and/or introduce changes to primary law) that completes the elements
of governance that already exist in guidelines and regulation. Utilize this
type of instrument as a focal point for supervisory corporate
governance reviews in the future.
Expand the qualifications of the collective board by requiring the

majority to be composed of independent directors. Provide a
comprehensive definition of independent.
Expand the minimum number of (independent) directors on the audit

committee.
As bank activities warrant, separate risk management responsibilities

from the audit committee and require that banks establish risk
management committees.
Enhance examination conclusions in special reviews by extending

conclusions to comment upon the integrity and independent of

TURKEY
relevant internal systems, the quality of management oversight and

capacity, MIS and board reporting, etc.
Develop a cross-cutting, more holistic assessment methodology for

corporate governance which would, in part, leverage GAR and special
examination results and relevant offsite information as well as
information generated from any enforcement actions. Introduce such a
review in order to enhance and better substantiate conclusions on the
adequacy of a bank’s corporate governance.
Principle 15 See P 8 recommendation on further strengthening the ICAAP process.
Require banks, commensurate with their size and activities, to have

qualified CROs with sufficient stature, position and authority within the
organization to oversee risk management activities, as the current level
of senior manager as head of risk management (as enumerated in law)
may not provide the stature necessary to challenge high level risk
decisions and processes.
Principle 17 Evaluate and revise the relevant legislative and practical aspects of
banks’ credit risk monitoring and risk management organizational
arrangements. Address the independence and integrity of the internal
credit risk rating process and the need for independent verification of
line management ratings and actions and the functions’ ability to
generate early warning information. Evaluate the implications of the
current structure on the integrity and accuracy of monitoring and
reporting to bank boards and the BRSA.
Evaluate and revise the definition of credit classifications, particularly

the special mention and substandard categories, making them more
concise and clear cut, thereby enhancing their application by bankers
and BRSA.
Enumerate the BRSA’s position on rebooking of charged off credit in

the REPL.
Principle 18 Upgrade written conclusions and write ups of credits classified during
the examination process in order to more clearly substantiate the
context of the classified credits and implications of findings on other
areas, including management oversight and capacity, risk management
process and accuracy, and ultimately corporate governance and
financial statement accuracy.
Present additional relevant information in examiner loan write ups to

further substantiate the overall credit relationship, the creditworthiness

TURKEY
of the borrower and its impact on the overall credit exposure, and
further support for the credit re-classification.
Substantiate findings in credit areas where no re-classifications were

determined necessary by the examiner(s).
Develop historical and statistical support for required provisioning

levels, documenting whether amounts are adequately covering loss
experience on standard, special mention, and classified loans.
Develop clear parameters for periodic valuation of underlying collateral

on NPL exposures.
Principle 20 Enumerate explicit legal provisions that require *prior* approval of

related party transactions by the bank’s board as well as board approval
of related party exposures that are written off the bank’s books.
Expand the requirements surrounding related parties to capture all

transactions with related parties, not just loans.
Exercise caution on relaxing related party risk parameters and possible

revocation of parameters surrounding board member borrowings.
Principle 22 Deploy trained specialists to assess banks’ stress test approaches and
the mathematical integrity therein and to leverage resulting
advice/input on specialized exams.
Enhance examiner expertise in the area of model evaluation to provide

added assurance to the BRSA on the integrity of models used by banks.
Principle 23 Develop specialized examination procedures for interest rate risk in the
banking book.
Deploy specialized expertise with which to evaluate scenarios and

assumptions used for more complex stress testing as well as to review
model validations during onsite examinations or, as an offsite exercise
Principle 24 Expand written analysis during liquidity/funding risk examinations to

capture the impact of and relation to of other areas of the balance
sheet, growth trends, asset quality, and management processes, etc. to
support higher level conclusions.
Strengthen liaison between the BRSA and the CBRT on the monitoring
and management of foreign liquidity risk. Consider increasing the
ultimate target for the FX LCR from 80% to 100% to further strengthen
the management of liquidity risk.

TURKEY
Principle 29 Include in the CDD framework a customer acceptance policy that

identifies business relationships that the bank will not accept based on
identified risks and enhanced due diligence on politically exposed
persons.
Require banks to report to the BRSA suspicious activities and incidents

of fraud when such activities/incidents are material to the safety and
soundness or reputation of the bank.
Authorities’ Response to the Assessment80

25. The BRSA of Turkey would like to thank the IMF, the World Bank, and the FSAP
mission team for their BCP assessment work. It must be noted that the whole FSAP mission
brought forward essential value added to the effectiveness of the supervisory process. BRSA intends
to fully utilize the assessment outcome as an opportunity to further improve and strengthen
Turkey’s banking regulation and supervision. BRSA will take into account and carefully consider
recommendations drafted by the FSAP mission team both within the scope of the actions that BRSA
has already started to take and for future arrangements towards increasing compliance with the
Basel Core principles for effective banking supervision. In fact, BRSA has already started on some of
the mission team’s recommendations and plans to work on the remaining recommendations under
an appropriate timetable.
26. It must be noted that since the assessments conducted in 2006 and 2011, the bar of
the standards has been raised by BCBS (the BCP methodology was revised in 2012). This
assessment, consequently, is not appropriate for comparison with either previous assessments or
other countries’ assessments.
27. BRSA has prepared a list of action points towards increasing compliance with the Basel
Core principles for effective banking supervision. BRSA also would like to express additional
arguments for some of the CPs in order to bring greater balance to the FSAP mission team’s
assessment.
Responsibilities, Objectives and Powers; Independence and Accountability (Principle 1-2):
28. Although there is no explicit statement in the BL regarding financial safety and
soundness is being the primary objective, it is implied in BRSA’s regulatory and supervisory
functions. All regulations and sub-regulations as well as supervisory manuals issued stress the
financial safety and soundness objective of BRSA. Nevertheless, BRSA will review the current
objectives and consider subordinating the objective of development of the financial sector to the
objective of financial stability in BL.
80If no such response is provided within a reasonable time frame, the assessors should note this explicitly and
provide a brief summary of the authorities’ initial response provided during the discussion between the authorities
and the assessors at the end of the assessment mission (“wrap-up meeting”).

TURKEY
29. Regarding the limiting of the related ministry’s involvement with BRSA’s activities,
there is an ongoing process of drafting an amendment to BL that proposes the revocation of
article 105 which enables related ministry to file a lawsuit to revoke BRSB’s regulatory
decisions.
30. BRSA will review its alternatives regarding the transparent scrutiny of its activities in
relation to its objectives and responsibilities without hindering its independence and
autonomy.
Supervisory Approach, Techniques and Tools (Principle 8-9):
31. BRSA would like to note that within the current framework of supervision, all risks
that banks are exposed to as well as the financial safety and soundness of banks are
adequately supervised and BRSA has a well understanding of both individual banks and
banking industry as a whole. However, BRSA agrees with the assessment that supervision products
need to have explicit and clear narratives about supervisory view on the risks faced by banks. In this
respect, BRSA has already developed actions and started to revise its supervisory manuals and
processes as part of an established ongoing improvement framework.
32. BRSA will enhance forward-looking components of its supervisory framework by

incorporating an expected trend element for each CAMELS component and risk type within its
ratings and risk assessment methodology. Furthermore, BRSA is planning to fully incorporate the
results of ICAAP and stress tests to its supervisory framework and to increase the depth of the
current analysis conducted on stress test and ICAAP results.
33. In 2013, BRSA and SDIF have jointly established a working group to conduct a self-
assessment of current resolution procedures with respect to the FSB Key Attributes. Based on
the recommendations of this working group, a draft legislation has been prepared to align the
national framework with the above mentioned international standards. Currently, joint task group
established by BRSA and the SDIF has been reviewing the technical details to finalize the mentioned
draft, which includes the principles of recovery planning and resolvability assessment. BRSA will
continue its efforts to decrease the gaps in its regulatory and supervisory framework regarding
recovery planning and resolvability assessments.
34. In the organization of BRSA, on-site and off-site examination functions are organized
under different departments. Nevertheless, there are both formal and informal communication
channels between on-site and off-site functions in order to ensure effective supervision of banks.
Periodic bank-specific surveillance reports and sector-wide reports are sent to on-site examiner, and
off-site function is notified about the on-site supervision findings continuously. Enforcement
departments, which are responsible for formal correspondence of supervisory findings, are also
organized separate from on-site and off-site functions to serve as a mean for internal review and
evaluation of examination products. All of the supervisory findings stated in reports are
communicated to bank without exception formally by enforcement departments.

TURKEY
35. BRSA will review its alternatives in order to further improve coordination and
integration among its on-site, off-site examination and enforcement functions.
36. On-site examiners are in constant dialogue with banks management during the
regular examinations. In addition to entry and exit meetings held with senior management and
audit committee members, on-site examiners hold several meetings with banks managers and
directors, when needed. Furthermore, BRSA management also hold meetings with bank managers
and directors (especially the audit committee members) when there is an issue to discuss, although
there is no periodic meetings held with the whole board of directors. On the other hand, if there are
serious issues regarding bank and the actions stated in article 68, 69 and 70 are required, the
instructions are directed to BOD of the bank. In order to further improve the communication with
banks, BRSA will consider establishing periodic meetings between supervisors and the board of the
bank.
Corporate Governance (Principle 14)
37. The Turkish banking legislation is based on one-tier structure where the members of
the board who do not have any management responsibilities are non-executive members. In
practice except the general manager (CEO) who is a natural member of the board, the members
generally do not have management responsibilities in the bank. In order to ensure the existence of
non-executive members in the boards the BL has imposed banks to have minimum 2 non-executive
board members while in practice the majority of domestic systemically important banks do have
more than 2 independent members in the board. This regulation is in line with the paragraph 47 of
“Guideline on Corporate Governance Principles of Banks”, issued by the Basel Committee on
Banking Supervision in July 2015, stating that board of the bank should be comprised of a sufficient
number of independent directors”. Furthermore, current executives (except general manager) of
banks cannot be elected as board members according to BRSB resolution.
38. Besides, RICAAP Article 6 defines the non-executive members in a way that is very
similar to the definition of independence given in the CMB Communiqués. Therefore, the non-
executives are expected to be objective and independent from the influence of other parties
according to this sub-regulation.
39. CMB’s Communiqué on Corporate Governance (CMB’s Communiqué), which is

applicable to publicly traded companies including banks, requires that (1) majority of board
of directors should consist of non-executive directors, (2) there should be independent
directors who are able to perform their tasks without any influence from the third parties, (3)
the number of independent board members should correspond to at least one thirds of the
total number of members. Also, CMB’s Communiqué elaborates the required qualifications of the
independent board members, which are very similar to the ones mentioned for non-executive
members given in RICAAP.
40. Since 10 deposit banks in Turkish Banking Industry are publicly traded (6 of them are
large scale banks), they are subject to CMB’s Communiqué. As a result, a publicly traded bank
with 5 members of the board of directors is required to have at least 3 independent directors.

TURKEY
41. According to CMB’s Communiqué, these banks are required to include the Corporate
Governance Principles Compliance Report as a separate section in their annual reports. These
reports should involve explanations about the proper adoption of the CMB corporate governance
principles (as articulated in the Communiqué) and the conflicts of interest resulting from not wholly
adopting these principles. Furthermore, in these reports, banks are required to disclose the structure
of their board of directors, with reference to the number of non-executive as well as the number of
independent directors.
42. According to the above mentioned corporate governance compliance reports, number
of board members of the large scaled publicly traded banks range between 9 and 14. Five of
these banks have 2 members and one of them has 5 members in their audit committee. In addition
to the independent members, who are also non-executive and members of the audit committee,
publicly traded banks have additional independent members in order to meet the requirements of
the CMB’s Communiqué. In that context, five of the large scaled publicly traded banks have 3 and
one of them has 5 independent members. All of these banks have the non-executive directors
corresponding to the majority of the total number of members, the number of non-executive
directors ranging between five and ten. In all cases, the chairman of the board of directors is non-
executive.
43. With regard to the independency and objectivity of the board, principle 3 of the RCGP
requires the board of directors to be able to make independent evaluations about the
operations of the bank. In that context, the board of directors should make objective
recommendations and should consist of a sufficient number and composition of members providing
the basis for a decision making process free of any influence from other parties and free of conflicts
of interest.
44. Furthermore, BRSA has communicated its expectations to banks regarding corporate
governance principles through RICAAP, RCGB and the best practice guidelines issued recently.
45. Nevertheless, for following the recommendations of FSAP mission team, BRSA will
review its current regulatory framework for Corporate Governance and will consider
expanding the qualifications of the collective board, reviewing its definition of “non-
executive/independent member”, expanding the minimum number of directors on the audit
committee and explicitly requiring banks to establish risk committees.
46. Currently, governance structures of banks are examined in detail within the scope of
Special Inspections conducted for Organization, Management and Strategy. In fact, in 2014 and
2015 three Special Examinations were conducted in three banks and those examinations focused on
corporate governance issues. Besides, effectiveness and efficiency of corporate governance structure
is also assessed during CRRE process based on a number of criteria under the component of
“M”anagement. This assessment mainly focuses on effectiveness of board oversight, capabilities of
board of directors, board meetings, implementation of policies and procedures approved by board,
treatment of exceptions to limits or policies and procedures, contents of Board MIS. The conclusions
from this assessment affect the Management component rating and the final rating of the bank.

TURKEY
47. Furthermore, during Special Inspections conducted in other areas like loan portfolio or
liquidity, if examiners identify an issue that may be an indicator for a serious weakness in
corporate governance structure of bank, it is most certainly included in report in writing and
it is communicated to the bank immediately before the examination is finalized.
48. In order to further improve its supervisory framework for corporate governance, BRSA
will enhance its examination procedures for corporate governance issues in order to
incorporate clear narratives on implications of supervisory findings over integrity of internal
systems, quality of management oversight and capacity, MIS. BRSA will also consider
conducting holistic assessment for corporate governance in an appropriate time frame.
Credit Risk, Problem Assets, Provisions and Reserves (Principle 17-18)
49. In Turkey, organization of Credit Risk Management in banks, which is governed by

RICAAP and GCM, has four key parts: active board and senior management oversight over
credit function, adequate loan policies and procedures, adequate credit risk measurement,
monitoring and MIS, adequate internal control and internal audit functions over loan
activities.
50. Risk Management Unit within internal systems and credit monitoring departments are
parts of the credit risk management framework together with credit operations (back office),
financial control, internal control and internal audit functions etc.
51. According to GCM, loan activities of banks should be organized in a way that enables
functional segregation of duties and prevents any conflict of interest. In practice, in line with
the principles stated in GCM, loan activities of banks are organized under three main functions
generally: marketing, underwriting and monitoring, which are all line management functions. GCM
requires banks to establish these three functions separately without causing any conflict of interest.
52. Banks are required to have information systems that enable credit monitoring
department to conduct those functions on the basis of customer, group, and portfolio.
According to GCM Principle 7, banks’ information systems related to credit monitoring are required
to be based on reliable data and should be validated periodically.
53. Besides to credit monitoring departments, internal audit is also an important function
in credit risk management framework. According to GCM, loan activities of banks are reviewed
regularly by internal systems units. Accuracy and reliability of reports submitted to the board of
directors and the audit committee is also reviewed by internal audit units according to RICAAP
article 21.
54. According to REPL, banks are required to review their loan portfolio in terms of
classification at least quarterly and they are required to document those review for the largest
200 loans (or the ones above 250.000 TL). The loan review documentation for the largest 200

TURKEY
loans is usually prepared by internal audit. Besides, internal audit units conduct loan review within
the scope of regular audit activities.
55. The adequacy of banks’ credit risk management is assessed regularly by on-site
examinations both in Special Inspections and CRRE process. Loan activities are frequently
subjected to Special Inspections. In fact, in 2014 and 2015, 70 Special Inspections were conducted in
27 banks. During Special Inspections, both size of the credit risk and the adequacy of the credit risk
management are assessed. If any weakness is identified during these special inspections, the issues
are communicated to banks both during the inspections and the formal correspondence stage.
Furthermore, the conclusions from special inspections are fed into CRRE process in which the final
rating of the bank is assigned.
56. Therefore, banks in Turkey have generally well established credit risk monitoring
structures and these structures are adequately supervised by BRSA. Nevertheless, following the
recommendations drafted by FSAP mission team, BRSA will review regulatory and practical aspects
of credit risk monitoring and risk management organizational arrangements in order to further
improve the independence, effectiveness and efficiency of the credit risk management organizations
in banks. Also, BRSA is planning to increase the standardization in examiner loan write-up so that
they include all relevant information needed to further substantiate the overall credit relationship,
the creditworthiness of the borrower and its impact on the overall credit exposure, and to
incorporate clear narratives in loan review reports regarding implications of findings on other areas
such as management oversight and capacity, risk management process and corporate governance.
57. Furthermore, BRSA will consider reviewing current definition of credit classifications in
order to make them more concise and clear cut.
58. To conclude, BRSA has recently issued an extensive number of best practice guidelines
and made numerous changes in regulations in order to increase compliance level of its
regulatory framework to international best practices. Although there is a natural time gap
between regulations and implementations, BRSA has committed itself to increasing compliance level
of its regulatory and supervisory framework and will take the remaining recommendations of FSAP
mission in the Report into consideration for future arrangements towards increasing compliance
with the Basel Core principles for effective banking supervision.

Bankacılık Sektörü (Basel Prensiplerine Uyumu, BCP) (8 Şubat 2017)

Uploaded by

Copyright:

Available Formats

Bankacılık Sektörü (Basel Prensiplerine Uyumu, BCP) (8 Şubat 2017)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bankacılık Sektörü (Basel Prensiplerine Uyumu, BCP) (8 Şubat 2017)

Uploaded by

Copyright:

Available Formats

IMF Country Report No.

Copies of this report are available to the public from

International Monetary Fund  Publication Services

International Monetary Fund

© 2017 International Monetary Fund

Prepared By This report was prepared in the context of a joint

INTERNATIONAL MONETARY FUND THE WORLD BANK

LIST OF REGULATIONS ___________________________________________________________________________ 5

INSTITUTIONAL AND MARKET STRUCTURE—OVERVIEW ___________________________________ 10

PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION __________________________________ 15

DETAILED ASSESSMENT ________________________________________________________________________ 18

SUMMARY COMPLIANCE WITH THE BASEL CORE PRINCIPLES _____________________________ 222

RECOMMENDED ACTIONS AND AUTHORITIES’ COMMENTS_______________________________ 239

1. A Bank Dominated Financial Sector ___________________________________________________________ 12

1. Turkey Financial Soundness Indicators (FSI) ___________________________________________________ 14

2 INTERNATIONAL MONETARY FUND

INTERNATIONAL MONETARY FUND 3

TAS Turkish Accounting Standards

4 INTERNATIONAL MONETARY FUND

BL Banking Law No. 5411

Communiqué on Principles and Procedures Concerning the Activities of Representative

CCFS Communiqué on Preparation of Consolidated Financial Statements of Banks

CCRM Communiqué on Credit Risk Mitigation Techniques

CDRM Communiqué on Disclosures About Risk Management to be Announced to Public by Banks

Communiqué on Bank Information Systems and Banking Procedures Audits Performed by

Communiqué on Principles of Information Systems Management by Information Exchange

Communiqué on the Calculation of Market Risk by Risk Measurement Models and

Communiqué on the Financial Statements and Their Disclosures to be Announced to Public

CPITMB Communiqué on the Principles of Information Systems Management by Banks

Communiqué on the Calculation of Risk Weighted Exposure Amount Related to

CSP Communiqué on Structural Position

CUCA Communiqué on The Uniform Chart of Accounts and its Prospectus

EBL Enforcement and Bankruptcy Law

Guideline on The Assessment Criteria Considered in the Audits to be Performed by the

INTERNATIONAL MONETARY FUND 5

Guidelines on Assessment and Validation of Internal Rating Based Approaches and

GBCP Guideline on Best Compensation Practices

GCM Guideline on Credit Management of Banks

GCPRM Guideline on Counterparty Risk Management

GCRM Guideline on Country Risk Management

GFVM Guideline on Fair Value Measurement

GICAAPR Guideline on ICAAP Report

GIRRM Guideline on Interest Rate Risk Management

GLRM Guideline for Liquidity Risk Management

GMCR Guideline on The Management of Concentration Risk

GMRM Guideline on Market Risk Management

GORM Guideline on Operational Risk Management

GRRM Guideline for Reputational Risk Management

Regulation on Principles and Procedures Concerning the Audit to be performed by the

RCA Regulation on Measurement and Assessment of Capital Adequacy of Banks

RCB Regulation On Capital Conservation and Countercyclical Capital Buffers

RCGB Regulation on the Corporate Governance Principles of Banks

RCT Regulation on Credit Transactions by Banks

REAB Regulation on the External Audit of Banks

REOAMC Regulation on Establishment and Operation of Asset Management Companies

RFHC Regulation on Financial Holding Companies

6 INTERNATIONAL MONETARY FUND

RIA Regulation on Independent Audit

Regulation on Bank Information Systems and Banking Procedures Audits Performed by

RLA Regulation on Measurement and Assessment of Liquidity Adequacy of Banks