Risk appetite statement on the management of compliance risks

“Risk” is defined as the possibility of benefiting from the services provided by the company for the purpose of laundering the proceeds of crime or financing of terrorism, failure to fully comply with our obligations pursuant to Law No. 5549 and its secondary legislation, or the possibility of financial or reputational damage which might be incurred by the employees of the institution.

The risk perception of the institution is determined according to the globalized and digitalized financial services and is updated with a proactive methodology based on a risk-oriented approach. In this context, the four basic elements that constitute our risk perception are as follows:

What Aklease may encounter during its activities:

• Legal Compliance Risk: The risk arising from the company's inadequacies and delays in complying with legal regulations.
• Operational Risk: Implementation weaknesses in the company's programs, ineffective control procedures, and failure in customer review practices.
• Reputational Risk: Getting the wrong impression in the public about the company's activities and losing confidence in the whole system.
• Concentration Risk: The risk of concentrations in the customer portfolio of the company in terms of sectors, countries and customer groups.

in the risk-based know-your-customer approach to be applied in order to eliminate such situations; it determines effective criteria in order to monitor and keep under control the issues specified in the Group Risk Perception, and establishes monitoring and control systems, taking into account that all these risks are interrelated in practice.

The management of the aforementioned risks by Aklease is based on the Risk Appetite Classification specified below and determined at the Financial Group level.

Chart-2: Risk Appetite Classification*

* Simplified measures cannot be applied to customer groups assessed as high risk; strengthened know-your-customer principles are applied for these customers.

Technological solutions are used in order to keep the above-mentioned activities under control without causing reputational and legal risks. Aklease Compliance Officer is responsible for determining the parameters related to technological solutions, preparing and applying scenarios, and reviewing them according to the findings obtained at regular intervals. The Group Compliance Officer is ultimately responsible for confirming the suitability of these prepared technological solutions before all institutions within the Financial Group.
The business relationship is terminated if, as a result of monitoring and control activities, the existence of persons and organizations that will not be accepted as customers is detected. For this purpose, business units responsible for establishing customer relations are informed and necessary action is taken.
The common purpose of risk management activities at the Company is the determination and implementation of measures and principles for the identification, rating, monitoring, evaluation and reduction of possible risks within the framework of the Law No. 5549 and its secondary legislation.

The transactions that are monitored in minimum and ensured continuity of control within the scope of risk management activities are as follows:

• Customers and transactions in the high-risk group,
• Transactions with risky countries,
• Complex and unusual transactions,
• Transactions that are incompatible with the customer profile,
• Taken together, related transactions exceeding the amount in total that requires identification,
• Information and documents required to be obtained from customers,
• The up-to-dateness and validity of the information and documents obtained from the customers,
• Information on the suitability of the transaction with client's profession or activity, risk profile and funding sources,
• Transactions carried out using systems that enable non-face-to-face transactions,
• Services that may become vulnerable to abuse due to newly introduced products and technological developments.

Customer Risk Assessment and Management

Financial institutions within the Group, beyond the know your customer process, standard detection and confirmation methods for identification, is responsible for ensuring the recognition of the customer considering the following:

• The source of the customer's money and financial assets,
• The purpose of establishing a business relationship and the nature and justification of the desired transactions,
• Determination of the final beneficiary,
• The customer's financial profile, financial behavior and preferences, products and services used,
• Transaction frequency, number and number of transactions, preferred channels for transactions,
• Transaction types, international nature, diversity and depth of transactions,
• Identification of those who are inconvenienced in mediating their business and transactions in the context of sanction regimes,
• Identification of customers who may be Politically Exposed Person (PEP) and Prominent Public Figures (PPF) and the application of additional tightened measures for these individuals,
• Implementation of measures for the diagnosis and prevention of intermediation in transactions and transactions originating from bribery and corruption crimes, and ensuring compliance with the regulations within this scope,
• Showing the necessary care and attention in the customer relationship within the framework of financial crimes within the scope of international conventions in the context of international law and the provisions of domestic law arising from them, and the antecedent crimes that determine them,
• Demonstrating the care and attention that is assumed by international agreements within the context of international private and commercial law and covers the management of the customer relationship,
• Protection of public interest by preventing risky transactions related to tax crimes such as tax evasion, tax irregularities and corruption, including international tax treaties and regulations,
• Follow-up of compliance risk issues and control areas committed in contracts to which Aklease is a party due to its international transactions,
• Management of operational, legal, compliance and reputational risks that Aklease may face indirectly.

While establishing the know-your-customer processes, which are specified in Aklease's Corporate Policy and Corporate Procedure, both national and international legislation are taken into account. These norms in national and international legislation basically indicate that a risk-oriented approach should be taken as a basis in the process of customer identification. In national legislation, the legal obligations in the Law No. 5549 on the Prevention of Laundering Proceeds of Crime and the Regulation on Measures Regarding the Prevention of Laundering Proceeds of Crime and the Financing of Terrorism are taken into account as the main regulation regarding the identification of the customers. Within the scope of international regulations, the principles in the “Customer Due Diligence” and “BASEL Committee on Banking Supervision” document, which are included in the 10th recommendation of the FATF (Financial Action Task Force) Recommendations, include the methods to be followed in the processes of knowing your customer on the international platform.

In this context, the processes related to the identification of the customer have been established within the framework of the risk-oriented approach described in the document, taking into account the elements in the national and international legislation.

Customer acceptance, according to the risk it has, done within the framework of three different methods:

• Standard
• Simplified
• Tightened