Journal Issue
Share
Article

Turkey

Author(s):
International Monetary Fund. Monetary and Capital Markets Department
Published Date:
February 2017
Share
  • ShareShare
Show Summary Details

List of Regulations

AbbreviationName of the Regulation or Guideline
BLBanking Law No. 5411
CAFBDTSThe Communiqué on the Principles and Procedures for the Administrative Fines to be Imposed on Reportings Made within the Scope of Banking Data Transfer System
CAMACommuniqué on Calculation of the Risk Weighted Exposure Amount for Operational Risk by Advanced Measurement Approach
CAROTCommuniqué on Principles and Procedures Concerning the Activities of Representative Offices in Turkey
CCFSCommuniqué on Preparation of Consolidated Financial Statements of Banks
CCRMCommuniqué on Credit Risk Mitigation Techniques
CDRMCommuniqué on Disclosures About Risk Management to be Announced to Public by Banks
CIRBCommuniqué on Calculation of the Risk Weighted Exposure Amount for Credit Risk by Internal-rating based Approaches
CITEACommuniqué on Bank Information Systems and Banking Procedures Audits Performed by External Audit Firms
CITIECCCommuniqué on Principles of Information Systems Management by Information Exchange Firms, Custody Firms, and Clearing Firms and on Examination of Business Process and Information Systems
CMROCommuniqué on the Calculation of Capital Requirement for Market Risk of Options, Using Standardized Approach
CMR-RMMCommuniqué on the Calculation of Market Risk by Risk Measurement Models and Assessment of Risk Measurement Model
CPDCommuniqué on the Financial Statements and Their Disclosures to be Announced to Public by Banks
CPITMBCommuniqué on the Principles of Information Systems Management by Banks
CSECommuniqué on the Calculation of Risk Weighted Exposure Amount Related to Securitization
CSPCommuniqué on Structural Position
CUCACommuniqué on The Uniform Chart of Accounts and its Prospectus
EBLEnforcement and Bankruptcy Law
GAAGuideline on The Assessment Criteria Considered in the Audits to be Performed by the Agency
GAPAGuidelines on the Application Process of Internal Rating Based Approaches and Advanced Measurement Approach
GAVAGuidelines on Assessment and Validation of Internal Rating Based Approaches and Advanced Measurement Approach
GBCPGuideline on Best Compensation Practices
GCMGuideline on Credit Management of Banks
GCPRMGuideline on Counterparty Risk Management
GCRMGuideline on Country Risk Management
GFVMGuideline on Fair Value Measurement
GICAAPRGuideline on ICAAP Report
GIRRMGuideline on Interest Rate Risk Management
GLRMGuideline for Liquidity Risk Management
GMCRGuideline on The Management of Concentration Risk
GMRMGuideline on Market Risk Management
GORMGuideline on Operational Risk Management
GRRMGuideline for Reputational Risk Management
GSTGuideline on Stress Testings to be Used by Banks in Capital and Liquidity Planning
RAARegulation on Principles and Procedures Concerning the Audit to be performed by the Banking Regulation and Supervision Agency
RAAVFRegulation on the Principles regarding the Authorization and Activities of Valuation Firms
RAPRegulation on the Procedures and Principles for Accounting Practices and Retention of Documents by Banks
RCARegulation on Measurement and Assessment of Capital Adequacy of Banks
RCBRegulation On Capital Conservation and Countercyclical Capital Buffers
RCGBRegulation on the Corporate Governance Principles of Banks
RCTRegulation on Credit Transactions by Banks
REABRegulation on the External Audit of Banks
REOAMCRegulation on Establishment and Operation of Asset Management Companies
REPLRegulation on the Procedures and Principles for the Evaluation of loans and other receivables and Provisions
RFHCRegulation on Financial Holding Companies
RGABCSRegulation on Grants and Aids by Banks and Other Institutions Included in Consolidated Supervision
RIARegulation on Independent Audit
RICAAPRegulation on Internal Systems and Internal Capital Adequacy Assessment Process of Banks
RIRRBBRegulation on Measurement and Assessment of Interest Rate Risk in the Banking Book by Standard Shock Method
RITEARegulation on Bank Information Systems and Banking Procedures Audits Performed by External Audit Firms
RLARegulation on Measurement and Assessment of Liquidity Adequacy of Banks
RLCRRegulation on Calculation of Liquidity Coverage Ratio of Banks
RMALRegulation on Measurement and Assessment of Leverage Level of Banks
RMSDERegulation on Merger, Sale, Disintegration, and Exchange of Shares
RNFERRegulation on Calculation and Implementation of Net General Position of Foreign Exchange Over Own Funds Ratio for Banks on Non-Consolidated and Consolidated Basis
ROFRegulation on Own funds of Banks
RPCRegulation on Principles of Professional Conduct to be Observed by the Members of the BRSB and by the Staff of the BRSA
RPMCPRegulation on Principles and Procedures Concerning the Trading Precious Metals and the Disposal of Commodity and Property Acquired due to Receivables
RPPAPRegulation on Principles and Procedures Concerning the Preparation and Publication of Annual Report
RPPDRegulation on the Procedures and Principles for Acceptance, Withdrawal and Time Limitation of Deposits and Participation Funds
RRARegulation on the Principles regarding the Authorization and Activities of Rating Agencies
RROSRegulation on Receiving Outsourcing Services by Banks
RRRRTBRegulation on Repo and Reverse Repo Transactions of Banks
RSMODRegulation on Declaration of the Whom to be Appointed to Managerial Position, Oath and Declaration of Property, and Holding Docket
RTSPIORegulation on Transactions Subject to Permission and Indirect Share Ownership
RVLBRegulation on Voluntary Liquidation of Banks
SMBSPSupervisory Manual on Banking Supervision Process
SMCEPSupervisory Manual on Credit Examination Procedures
SMAMLCFTSupervisory Manual on AML/CFT Issues
SMGARSupervisory Manual on General Assessment Report
SMIRASPSupervisory Manual for Identifying Risky Areas and Supervision Planning
SMRACSupervisory Manual on Risk Assessment Criteria

Introduction1

1. This assessment of the current state of implementation of the Basel Core Principles for Effective Banking Supervision (BCPs) in Turkey has been completed as a part of a Financial Sector Assessment Program (FSAP) undertaken by the International Monetary Fund (IMF) and the World Bank during 2016. It reflects the regulatory and supervisory framework in place as of the date of the completion of the assessment. It is not intended to represent an analysis of the state of the banking sector or the crisis management framework, which have been addressed in the broad exercise.

2. The Banking Regulation and Supervisory Authority (BRSA) as a member of the Basel Committee on Banking Supervision (BCBS), is committed to the adoption of international standards and sound practices promulgated by the BCBS, as well as other relevant international standard-setting bodies. The BRSA has implemented, or is in the process of implementing, all of the BCBS standards, most notably those related to capital adequacy and liquidity with a high level of compliance. The BRSA is to be commended for its ongoing commitment to adhering to the highest standards for supervision and regulation.

3. Since the previous assessment conducted in 2011, the BRSA has made several significant improvements to its supervisory framework. Turkey has built a good foundation for banking supervision. The Banking Law (BL) provides a broadly appropriate supervision framework with clear responsibilities and necessary supervisory powers. The established methodology for banking supervision is comprehensive and grounded on extensive databases and on regulation largely in compliance with international standards. The BRSA has also made vast efforts to improve consolidated supervision, organizing supervisory colleges, signing a number of important Memorandum of Understanding (MoUs) and removing obstacles for the supervision of Turkish banks operations in foreign countries.

4. There are areas that still warrant improvement. These include, among others, addressing legal provisions that undermines supervisory independence, providing a deeper risk assessment focus to supervisory inspections and follow up, enhancing the forward looking component of the assessments, streamlining risk management and corporate governance requirements, strengthening the asset quality examination process and the accuracy of classification therein, strengthening the supervisory enforcement regime, demanding recovery plans, developing group resolution plans and increasing the ability to act at an early stage to address unsafe and unsound practices.

5. The Assessment has been conducted in accordance with the revised BCP assessment methodology approved by the Basel Committee. The Turkey supervisory regime was assessed and rated against the Essential Criteria (EC). The methodology requires that the assessment be based on (i) the legal and other documentary evidence; (ii) the work of the supervisory authority; and (iii) its implementation in the banking sector. Full compliance requires that all these prerequisites are met. The guidelines allow that a country may fulfill the compliance criteria in a different manner from those suggested, as long as it can prove that the overriding objectives of each Core Principle (CP) are achieved. Conversely, countries may sometimes be required to fulfill more than the minimum standards, such as in the event of structural weaknesses in that country. The methodology also states that the assessment is to be made on the factual situation of the date when the assessment is completed. However, where applicable, the assessors made note of regulatory initiatives that have yet to be completed or implemented.

6. The conclusions are based on extensive discussions with staff members of the BRSA and a review of related regulation and internal supervisory documents. The mission reviewed the BCP self-assessment undertaken by BRSA preceding this assessment, and detailed responses to a questionnaire addressing supervisory issues. The mission also reviewed a number of laws governing banking supervision powers and activities, including the BL and a number of regulations and decisions addressing prudential standards and risk management requirements. Special attention was given to inspection reports. The mission also held meetings with senior officials of local banks, an external auditing firm and a credit rating agency. A representative from the Turkish Treasury was present at all meetings.

7. An assessment of compliance with the CP is not, and is not intended to be, an exact science. Reaching conclusions require judgments by the assessment team. Banking systems differ from one country to another, as do domestic circumstances. Also, banking activities are changing rapidly around the world after the crisis and theories, policies and best practices are evolving rapidly. Nevertheless, by adhering to a common agreed methodology, the assessment should provide the Turkish authorities with an internationally consistent measure of quality of their banking supervision relative to the 2012 revision of the Core Principles, which are internationally recognized as minimum standards.

8. The assessors appreciated the cooperation received from the BRSA. The team sincerely thanks the staff of the BRSA for their high professionalism, for the spirit of active cooperation and for making enormous efforts to attend the information requests of the team.

Institutional and Market Structure—Overview

9. The Turkish financial sector is supervised by three main regulatory and supervisory authorities. The BRSA is the regulatory and supervisory authority for the banking industry as well as financial leasing, factoring, financial holding companies, electronic money institutions, consumer financing, some payment systems institutions and asset management companies; the Capital Markets Board of Turkey (CMB) is the regulatory and supervisory authority for the securities markets; the General Directorate of Insurance and the Insurance Supervisory Board operating under the Undersecretariat of Treasury (Treasury) are responsible for the insurance sector. The other authorities that have a role in the regulation and supervision of the banking system are the Central Bank of the Republic of Turkey (CBRT) as the monetary authority, the Financial Crimes Investigation Board (MASAK) as the authority for anti-money laundering (AML) and combating financing of terrorism (CFT); and the Savings Deposit Insurance Fund (SDIF) as the deposit insurance and bank resolution authority.

10. Banks, holding over 90 percent of the financial system by asset ownership, are vital to financial stability in Turkey. Nonbank financial institutions (NBFIs) are small by peer emerging market levels, with insurance and pension fund assets constituting less than two percent each of the sector (Figure 1). Capital market intermediation remains small. The overall financial system is about 122 percent of 2015 gross domestic product (GDP) by assets and has been growing significantly faster than GDP since 2008.

11. The banking system is of average size, although the proportion of credit financed by non-deposit channels is larger than in peer emerging markets(Figure 2, panels A—B). Concentration is not significant and market share is equally distributed among private domestic, foreign-owned, and state-owned banks (Figure 2; panels C—D). Acquisition-based entry by foreign banks in recent years has led to a substantial increase in their asset ownership share. By the end of December 2015, there are 34 deposit taking banks, 5 participation banks and 13 development and investment banks under the BRSA’s supervision.

12. Capital adequacy has declined over the past five years but remains relatively high in relation to international standards(Table 1). As nonperforming loans (NPLs) have been broadly constant around some 3 percent of gross lending since 2012, the deterioration in capital adequacy and returns owes to a combination of rapid balance-sheet expansion with a reorientation of lending towards lower margin corporate lending and a policy induced squeeze on retail credit margins.

Figure 1.A Bank Dominated Financial Sector

Source: EDSS, WEO, IMF FSI Annex, and World Bank FinStats

Notes: A)-(B) Financial sector assets-to-GDP; (C) Assets-to-total financial sector assets; (D) Pension fund assets-to-GDP; (E) Life insurance premiums-to-GDP; (F) Non-life insurance premiums-to-GDP.

Figure 2.A Mid-sized Banking System Characteristics

Source: World Bank FinStats and BRSA.

Table 1.Turkey Financial Soundness Indicators (FSI)
201020112012201320142015
Balance SheetPercent of GDP
Total Assets91.693.896.7110.5114.1118.1
o/w Gross Loans47.952.656.166.871.074.4
Liabilities79.482.783.998.2100.9105.0
o/w Deposits56.253.654.560.360.262.4
Shareholders’ Equity12.211.112.812.413.313.1
Asset QualityPercent
NPLs / Gross Loans3.72.72.92.82.93.1
Provisions / Gross NPLs83.879.475.276.373.974.6
Credit Growth (YoY) 1/33.929.916.431.818.519.7
Profitabiity
Total Interest Income / Interest Bearing Assets (Avg.)2/3/9.28.29.17.67.97.8
Interest Margin / Gross Income62.565.264.465.468.175.3
Non-interest Expenses / Gross Income46.346.541.751.649.852.1
ROAA 3/2.51.71.81.61.31.2
ROAE 3/20.115.515.714.212.311.3
Funding and Liquidity
Loan-to-Deposit ratio85.298.2102.9110.7117.9119.2
Loan-to-Deposit ratio (TL)88.5105.4113.1126.7133.2141.6
Loan-to-Deposit ratio (FX)77.484.182.083.891.989.0
Leverage Ratio 4/5/6.25.35.05.25.75.3
Liquid Assets / Assets28.226.226.024.323.321.6
Liquid Assets / Short Term Liabilities79.772.076.072.177.473.8
Capital Adequacy
CAR19.016.617.915.316.315.6
CT1R17.014.915.113.013.913.2
RWA / Assets72.078.480.284.383.483.5
FX Risk
FX Assets / FX Liabilities (on-balance sheet) 6/84.083.785.982.582.884.5
NOP / Regulatory Capital0.10.42.0−0.6−2.21.3
NOP before hedging / Regulatory Capital−15.6−21.2−14.0−28.9−28.5−30.0
House Price Index (THPL 2010=100)100.0110.2123.1138.7158.8188.0
Sources: IMF FSI, BIS, and IMF staff calculations.

Non FX adjusted.

Net of NPL provisions.

As provided by BRSA.

Current year data are annualized using 12 months rolling sums.

Proxied by T1 Capital over last 2 months average balance sheet assets and average off-balance sheets exposures (> 3 percent).

Including FX-indexed assets and liabilities.

Sources: IMF FSI, BIS, and IMF staff calculations.

Non FX adjusted.

Net of NPL provisions.

As provided by BRSA.

Current year data are annualized using 12 months rolling sums.

Proxied by T1 Capital over last 2 months average balance sheet assets and average off-balance sheets exposures (> 3 percent).

Including FX-indexed assets and liabilities.

Preconditions for Effective Banking Supervision

Macroeconomic and Financial Sector Policies

13. The financial sector operates in an uncertain economic environment. Growth is dependent on external finance. During 2016, domestic demand and growth are expected to remain relatively robust due to a 30 percent minimum wage increase, relaxation of macro prudential regulations, and accommodative monetary and fiscal policies. Nevertheless, the domestic savings rate is low, creating a dependence on external funds and making the economy vulnerable to external shocks. Inflation has also remained high and above target.

14. External imbalances demand attention. While the oil price decline and economic slowdown have attenuated the current account deficit, it is expected to rise again if these factors reverse going forward. It may rise also if term premia and funding costs decompress as the U.S. begins monetary policy normalization. Against this backdrop, the external position demands attention. External debt is high (at about 60 percent of GDP) and concentrated in private sector hands, annual financing needs are high (about 27 percent of GDP), capital inflows are mainly short-tenor and debt creating, the net international investment position (NIIP), at about -50 percent of GDP is weak by international standards, and net foreign exchange (FX) reserves, at US$29 billion, are low.

15. Macroprudential policies are coordinated through the Financial Stability Committee (FSC). The FSC is composed of the heads of all the major agencies having a stake in the maintenance of financial stability; viz., the Undersecretary of Treasury and the heads of the CBRT, BRSA,CMB and SDIF, under the chairmanship of the Deputy Prime Minister in charge of the Undersecretariat of the Treasury. The 2015 Financial Stability Board (FSB) Peer Review concluded that the FSC has helped to promote information sharing and the exchange of views as well as to coordinate some policy measures among its member institutions. Importantly, the authorities have a broad range of tools at their disposal and have used them in a proactive and flexible manner in recent years to slow down the rise in household leverage and to encourage banks to increase core funding. At the same time, further steps were identified to strengthen the framework in a number of areas such as integrating the systemic risk assessment and policy framework and improving institutional arrangements and public communication.

Public Infrastructure

16. Business laws are based on the Civil Law, dated 8/2001 and the New Turkish Commercial Code (TCC), dated July, 2012. The Code of Obligations, 2011, and the Competition Law, No. 4054, 1994, also form the framework of business laws as do the Law on the Protection of the Consumer No. 6502, 2014, and the Execution and Bankruptcy Code (EBC) of 1932 (amended 2003/4).

17. The New TCC was promulgated 2012. The New TCC aims to harmonize the Turkish and European Union Laws in order to strengthen foreign economic relations. One of the new features increased transparency by requiring stock companies to create a website dedicated to publishing all data relevant for shareholders, such as annual and interim financial statements and audit reports. The new TCC also aimed to reinforce the rights of shareholder and corporate governance.

18. The basic principles of the independence of courts and security of judges and public prosecutors are provided in the Constitution. The Turkish legal system does not provide for special courts for dealing with bank or financial sector related cases, however in some big cities specific courts are identified to deal only with banking related cases.

19. All listed and non-listed companies are obliged to apply financial reporting standards issued by the Public Oversight Accounting and Auditing Standards Authority (POA). POA issues Turkish Accounting Standards (TAS) and Turkish Financial Reporting Standards (TFRS) which correspond, respectively, to the International Accounting Standards (IAS) and the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB). The authorities explained that the main difference between the implementation of IFRS and TFRS in Turkish banks is in loan loss provisioning. For loan loss provisioning, the Turkish banks apply the BRSA’s REPL instead of the impairment requirements of TAS 39 or IAS 39. The BRSA is planning to apply IFRS 9, including the provision rules, from 1 January 2017. By 2017, Turkish banks will be able to recognize provisions for credit losses in accordance with TFRS 9 which is considered by the Turkish authorities to be fully compliant with the IFRS 9 with the option of the recent amendments to the REPL. The last amendment entitles the banks to use existing provisions of the REPL or to apply TFRS 9. The auditing of companies is carried out in compliance with international auditing standards by independent auditors who meet the professional competence requirements.

20. The companies which are subject to independent audit are determined in the TCC. In addition, the companies which fall under the Capital Markets Law or the BL are automatically subject to the independent auditing requirement, whereas the companies such as the license holding companies operating under the regulations of the Energy Market Regulatory Authority and public companies under the Capital Markets Law are subject to the independent auditing requirement only if they meet certain criteria. The external auditing firms which meet the required criteria are authorized by POA. On the other hand, external audit activities conducted in banks and other financial institutions are also subject to the BL and REAB.

21. Payment and settlement systems in Turkey are well developed with a sound legal and regulatory framework and with the roles of regulators and overseers clearly established. The Overseers of the FMIs in Turkey are the CBRT and the CMB. In addition, the BRSA has responsibility for payment services, payment institutions, and electronic money. The authorities have been systematically reforming the National Payments System in Turkey covering implementation of the necessary infrastructure, internal organization arrangements and strengthening the legal and regulatory framework, and have achieved several critical National Payments System (NPS) objectives—most notably, as the result of on-going modernization efforts. A conducive legal and regulatory framework and the core components of the NPS are in place.

22. There is one credit bureau operating in Turkey. The Credit Registry Bureau, (CRB-KKB) was founded in 1995 as a private enterprise with the initiative of The Banks Association of Turkey (BAT) and partnership of 11 leading banks of the sector to facilitate the exchange of information and documents between credit institutions and financial institutions. Banking Law no: 5411 Article 73/4 grants special permission to the CRB to collect information from member institutions and to facilitate exchange of this information. In order to gather risk information about customers of credit institutions and other financial institutions, the Risk Center was established as a part of BAT in 2012. BAT and CRB signed a service contract, with the approval of the BRSA, in order to carry out all operations of the Risk Center in December 2012.

23. Statistical information availability is extensive in the Turkish banking system. The BRSA publishes regularly (weekly, monthly, quarterly, annual) data on bank and non-bank financial institutions. Data cover balance sheet, income statement, loans, consumer loans, SME loans, as well as deposits by type and maturity. Also fees and commissions faced by financial customers are also published on BRSA’s web site as a tool to strengthen market discipline. Deposit interest rates and price quotes about financial markets are available on a daily basis and are provided by related monetary, banking and financial market regulators.

24. The banking supervisor works closely with the deposit insurer and central bank on crisis management issues. The previous FSAP mission highlighted the broad range of measures that the BRSA has at its disposal to mitigate bank vulnerabilities, found the CBRT’s framework for the provision of emergency liquidity to be sound and characterized the SDIF as broadly conforming to best international practice. The 2015 FSB Peer Review for Turkey,2 found that the absence of certain resolution powers—such as bridge banks, bail-in powers and temporary stays of early termination rights—may make it difficult for the authorities to resolve the largest banks in the system in a timely and cost-effective manner. The review also pointed out that, impediments to cross-border cooperation can challenge the effective resolution of banks with cross-border operations, while a lack of recovery and resolution planning requirements undermines resolution preparedness. The Turkish authorities have informed the mission that they are currently working to align the Turkish resolution framework with the FSB Key Attributes for Resolution Regimes.

Detailed Assessment

A. Supervisory Powers, Responsibilities, and Functions

Principle 1Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.3 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.4
Essential criteria
EC1The responsibilities and objectives of each of the authorities involved in banking supervision5 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1The Banking Law No. 5411 (BL) establishes the BRSA as being responsible for the supervision and regulation of the banking industry as well as financial leasing, factoring and consumer financing companies in Turkey.



The other authorities that have a role in the regulation and supervision of the financial system are:
  • - CBRT as a monetary authority;
  • - MASAK as a specialized anti-money laundering entity established to prevent money laundering and to detect anti-money laundering offences;
  • - Treasury as the insurance supervisor;
  • - SDIF, as the responsible for deposit insurance and banking resolution;
  • - CMB, as responsible for the securities industry and the mortgage finance corporations (MFCs).


Responsibilities of each entity are well established with small room for overlap or regulatory gap.
EC 2The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2Article 93 of the BL establishes that the BRSA is responsible “for the establishment of confidence and stability in financial markets, the sound operation of the credit system, the development of the financial sector and the protection of the rights and interests of depositors”. The BL also obligates the BRSA “to prevent any transaction and practice that could endanger the rights of the depositors and the sound and safe operation of banks and severely damage the economy; and to take and implement the decisions and measures in order to ensure the efficient operation of the credit system”.



The concept of “sound operation of the credit system” is not further developed. Nevertheless, considering the role of the BRSA in the development of the financial sector, article 94 of the BL states that the BRSA should ensure the profitable, efficient and rational operation of banks; ensure competitiveness of the financial system; closely following up the status of international banks in terms of supervision; ensure the integration of professional in the financial market; and prepare the regulations pertaining to financial markets.



The BL does not distinguish among the objectives and seems to assign the same hierarchy to the financial stability and development of the financial sector objectives. The assessors noted that some BRSA decisions (e.g., loan loss provisions for some products, loan restructuring rules) might be interpreted as rules that aim primarily to support financial development objectives, despite the fact that the BRSA considers that some of them are within the scope of macroprudential policy.
EC3Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile6 and systemic importance.7
Description and findings re EC3The BL empowers BRSA to set and enforce minimum prudential standards. The BL (art. 43) also states that the Board is authorized to set more cautious different minimum or maximum standard ratios or limits from those set for each bank or banking groups or to change the calculation and reporting periods, or to set ratios or limits that have not been set in general terms. This provision is applicable both on a consolidated and non-consolidated basis. Please refer to CP16 for example of practical application of these powers.



According to article 7 of Regulation On The Procedures And Principles For The Audit To Be Made By The Banking Regulation And Supervision Agency (RAA) and also the RICAAP the Board of BRSA has the power to publish guidelines to inform on best practices expected from banks and on the evaluation criteria that will be considered on examinations carried out by the agency. These guidelines follow the principle of proportionality in the sense that banks are expected to implement the principles according to the banks’ own scales, risk profiles, activities, volume, nature and complexity of their business and transactions.
EC4Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4The BL was established in 2005 and has been updated several times. The BRSA is authorized to issue regulations and communiqués through Board decisions to ensure that all rules and regulations remain effective and relevant to changing industry and regulatory practices. The agency has done so frequently to implement international standards, including Basel II/III, and update the regulation appropriately.



According to the BL, the drafts of the secondary legislation (regulation and communiqués) prepared by the BRSA need to be made public for a minimum seven days consultation period to inform the public opinion and collect suggestions. In practice the period is usually longer.
EC5The supervisor has the power to:
  • a) have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations;
  • b) review the overall activities of a banking group, both domestic and cross-border; and
  • c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5On access to banks, the BL (art. 43, 93, 95) empowers the BRSA to have access to banks and banking group’s information for supervisory purposes. Banks are required to provide the BRSA, timely and properly, any consolidated and non-consolidated information, document, report or financial statements. The documents should be consistent with their accounts and record keeping systems, within the framework set forth by the BRSB. BRSA supervisors also have access to the staff of the banks including the board of directors.



On review the overall activities of the banking group, reporting and supervision requirements prescribed in the regulations covers consolidated activities of banks, including their cross-border activities. According to article 96 of the BL, the regulated institutions and their shareholders and subsidiaries shall provide the BRSA with any information and document, including those classified as confidential, if requested by the BRSA. The requirements include parent banks as well as their domestic and foreign subsidiaries, their jointly-controlled undertakings, their branches and representative offices.



On the supervision of foreign banks, Turkish banking legislation, does not separate regulatory and supervisory framework according to ownership. In this context, foreign banks established and operating in Turkey are subject to the same prudential, supervisory and regulatory rules applied to domestic banks.
EC6When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to:
  • a) take (and/or require a bank to take) timely corrective action;
  • b) impose a range of sanctions;
  • c) revoke the bank’s license; and
  • d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6The BL provides the BRSA a broad range of tools that can be applied according to the severity of the situation. The definitions of situations when corrective actions can be taken allow for timely supervisory action. Actions that could be taken include revoking the bank’s license and triggering resolution. There are protocols that allow supervisors to coordinate with resolution authorities.



Article 67 of the BL establishes that remedial action shall be taken against a bank when:
  • a) Its assets are likely not to meet its obligations in terms of maturity or that the bank does not comply with the provisions pertaining to liquidity,
  • b) Its profitability is not at level that is sufficient to reliably perform its activities, due to impaired balance and relations between revenues and expenses,
  • c) Its own funds is inadequate pursuant to the provisions pertaining to capital adequacy, or such case is likely to occur,
  • d) The quality of its assets have deteriorated in such a manner that its financial structure will weaken,
  • e) Its decisions, transactions and practices are in violation of the BL and the applicable regulations,
  • f) It cannot establish its internal audit, internal control and risk management systems or cannot operate these systems efficiently or there is a factor that impedes supervision, and
  • g) Due to the incompetence of the management, the risks and the applicable legislation have increased remarkably or have concentrated in such a manner that they may weaken the financial standing.
If the BRSA identifies any of the situations described above, the agency may call on the board of directors of relevant banks to increase the amount of the bank’s own funds or to suspend the distribution of profits temporarily and transfer such to the reserves; or to increase the provisions, or to stop extending loans to shareholders; or to ensure liquidity by selling off assets; or to restrict or stop new investments; or to restrict payment of fees and other types of payments; or to stop long-term investments. It can also call on eliminating the violations, reviewing the loan policies and avoiding and stopping risky transactions, as well as taking the necessary measures to mitigate the maturity, exchange rate or interest rate risks encountered. These measures or other measures deemed appropriate by the BRSA, needs to be implemented by banks within a time period set by the BRSA.



When the bank fails to implement the determined corrective measures the agency may require the bank’s board of directors to take and promptly implement any measure, including the following:
  • a) to correct the financial structure, to raise one or both of the capital adequacy or liquidity levels, to sell off long-term or fixed assets, to restrict operational and management expenditures, to stop any payments to employees other than the regular payments and to restrict or prohibit the provision of cash or non-cash loans to certain persons, institutions, risk groups or sectors,
  • b) to eliminate violations; to call on the general assembly to convene extraordinarily to change one or several or all of the members of board of directors or to appoint new members or to remove from office the responsible employees; to prepare short, medium and long-term plans to be approved by the Board.
The BRSA can also impose restrictive measures when banks fail to take the measures laid down above, or if the situation is judged severe enough by the Board. In those cases, the BRSA board shall require the bank to take and implement one or more of the following measures:
  • a) Restrict or temporarily suspend its activities, as inclusive of all the organization of the relevant activity, or the domestic or overseas branches to be deemed necessary or the relations with correspondent banks;
  • b) Impose any restriction or limitation pertaining to the collection and extension of funds, including interest rates and maturity limitations;
  • c) Dismiss some or all of the general manager, deputy general managers, relevant unit and branch directors including board of directors and obtain the approval of the Agency for persons to be appointed or selected in place of the persons removed from office;
  • d) Provide long-term loans to an extent that is not more than the amount of deposit or participation funds that is subject to insurance, with adequate guarantee to be provided from the shares of dominant partners and other assets;
  • e) Restrict or suspend the activities that are causing losses and liquidate the low-efficient and inefficient assets;
  • f) Merge with another willing bank or banks;
  • g) Find new shareholders to be deemed appropriate, in order to increase own funds; and
  • h) Deduct the arising loss from the own funds.
Finally, according to Article 71 of the BL when the BRSA determines that the conditions for intervention are met in relation to a bank, it has two options: to revoke the bank’s operating permission (Article 106 of the BL) or to transfer the shareholder rights and its management and control to the SDIF (Article 107 of the BL). The conditions defined in the BL for intervention are the following:
  • a) The bank has not taken, either partially or completely, the requested restrictive measures within the appropriate period or, even if having taken these measures, the financial structure has not been strengthened or, it is considered that it cannot be strengthened;
  • b) The continuation of the bank’s activities will endanger the rights of the owners of depositors and participation funds as well as the security and stability of the financial system;
  • c) The bank has not fulfilled its obligations as they fall due;
  • d) The total value of the liabilities of the bank exceeds the total value of its assets; and
  • e) The dominant partners or managers of the bank fraudulently use the resources of the bank directly or indirectly in their own or others’ favor in such a manner that the sound operation of the bank will be at stake, thus causing a loss for the bank;
There is regular exchange of information between the BRSA and the SDIF that enables the SDIF to access supervisory information on individual banks. A Coordination Committee has been established between the two institutions. This Committee meets at least once every three months to further promote the exchange of information and high-level cooperation between the two institutions. Furthermore, the BL determines that the BRSA and the SDIF shall have access to jointly-agreed databases of each other within the principles of confidentiality.



In addition, according to protocol signed between the BRSA and the SDIF, the BRSA notifies the SDIF that a bank has been required to take corrective, rehabilitative, or restrictive measures (Articles 68, 69, and 70). The timely notification allows SDIF to develop a Resolution Action Plan. Please also refer to CP3.



Please also refer to CP11 for additional discussion on the use of these powers in practice.
EC7The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7The BL provides powers for the BRSA to supervise both banks and controlling parents of the bank. Supervision is performed on a consolidated and non-consolidated basis. Article 96 of the BL includes among those obligated to provide information the shareholders of the banks and banking groups therefore including parent companies.
Assessment of Principle 1Largely Compliant.
CommentsThe BL provides a broadly appropriate framework for regulating and supervising banks. It also provides clear responsibilities and adequate powers to the BRSA. However, the lack of appropriately defined hierarchy among the objectives of financial stability and development of the financial sector may cause potential conflicts and be harmful to the safety and soundness of banks. The assessors noted that some BRSA decisions (e.g., differentiations in loan loss provisions and loan restructuring rules) might be interpreted as rules that aim primarily to support financial development objectives. Such measures might hinder the reputation of the supervisors and convey the message of forbearance. In order to be fully compliant with this principle the objective of development of the financial sector should be explicitly subordinated to financial stability in the BL.
Principle 2Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1Article 82 of the BL explicitly states that the BRSA:



- has been established as a public legal person with administrative and financial autonomy;



- shall independently perform and use the regulatory and supervisory duties and rights assigned thereto by the BL and the applicable legislation, under its own responsibility;



− shall independently use the financial resources allocated thereto within the framework of the related laws, to the extent its duties and powers necessitate within the framework of the principles and procedures set out in its own budget;



- shall employ adequate number of personnel with required qualifications in order to efficiently fulfill its duties and powers.



However, the BL also establishes a few provisions that might undermine independence in practice. Article 93 requires the BRSA to consult the related Ministry (Deputy Prime Minister), before putting into force regulatory procedures other than internal regulations, in order to check the harmony with the sector strategy and policies. Furthermore, the BL also allows the relevant ministry to challenge BRSA’s regulatory decisions, allowing it to file a lawsuit for the cancelation of the BRSA Boards’ regulatory decisions (art. 105). The BRSA has informed the assessors that there is a draft amendment to the BL proposing the revocation of article 105.



On accountability and governance, the BRSA must brief the Council of Ministers regarding its policies every six months. The Agency must also inform the Plans and Budget Commission of the Turkish Grand National Assembly about its activities annually. The BL (art. 97) also determines the BRSA to publish quarterly reports regarding the developments in the financial sector as well as regular reports regarding the aggregated performance of the financial institutions. Nevertheless, the assessors did not see evidence of transparent scrutiny of the BRSA activities in relation to its goals and responsibilities, i.e., a third part aiming to ensure that the powers delegated to the BRSA are exercised appropriately and that its operations are effective and in line with its mandates and objectives.
EC2The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2The governing body of the BRSA is the board (BRSB) whose seven members including one Chairman, (also the Chairman of the BRSA), and one Deputy Chairman (co-Chairman) who are appointed by the Council of Ministers.



The BL (Art. 84) establishes requirements for appointment of the members of the Board. Board members should broadly meet the same conditions required for the founders of a private bank and, additionally, cannot hold shares of the entities related to the sectors which are under the regulatory and supervisory scope of the BRSA, engage in commerce, carry out stock exchange transactions or to be directors or members of the board of auditors of any company (Art. 86). Detailed obligations, prohibitions, incompatibilities, and liabilities are established in the Regulation on Principles of Professional Conduct to be Observed by the Members of the Banking Regulation and Supervision Board and by the Staff of the Banking Regulation and Supervision Agency, which binds the BRSB members and the BRSA employees by rules on impartiality, conflicts of interest, confidentiality, compatible activities outside the BRSA, acceptance of gifts as well as principles to be observed while leaving the BRSA.



The chairman and/or members of the BRSB are appointed for a 5 years term that can be renewed once (BL, art. 85). The conditions for board members being removed from office are established in the BL and cover issues such as medical conditions or not being able to meet conditions for appointment. The removal depends upon approval of the Prime Minister, but the law does not require the disclosure of the reasons.
EC3The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.8
Description and findings re EC3According to Article 88 of the BL, the BRSB is responsible for determining the strategic plan, performance criteria, goals and objectives of the BRSA. The planning process comprises of the determination of the goals, objectives and methods of the institution including the human and financial resources. The resulting plan is published every three years.



The accountability arrangements are established in the BL. The BRSA must prepare and submit an annual report of its activities to the Council of Ministers (art. 97). The report that covers goals, organizational structure, regulatory and supervisory activities and agency resources among other issues should be published in conjunction to its audit final accounts. The BRSA is also required to inform the Plans and Budget Commission of the Turkish Grand National Assembly about its activities once a year. As explained in EC1, the assessors did not see evidences of independent and transparent scrutiny of the BRSA activities.
EC4The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4The BL establishes the BRSB as the decision-making organ of the BRSA. The Board main duties and powers are:



- take corrective, rehabilitating and restrictive measures against banks;



- revoke the operation permission of Banks;



-prepare the secondary legislation in harmony with the international standards and principles regarding the sector or area which they are authorized to regulate and supervise and take decisions to this effect;



- set the strategic plan, performance criteria, goals and objectives and service quality standards of the Agency; to establish the human resources and working policies; to provide suggestions regarding the Agency’s service units and their duties;



- debate and decide on the proposed budget of the Agency that is prepared in tune with the Agency’s strategic plan and goals and objectives;



The chairman, who is the top rank manager of the Agency, is responsible for administering and representing the Agency. The Chairman may assign some of his duties and powers, which are not related to the Board, to his subordinates, provided that the boundaries of such assignment are clearly put down in writing.



In practice, important decisions such as granting or revoking a bank’s license, significant changes in a bank’s ownership structure and imposing severe measures to a bank are taken by the BRSA Board. The level of the decisions to be taken is determined in the BL and in sub regulations.



Operationally, all supervisory findings that might demand an action by the BRSA are sent to the enforcement department which analyzes the available evidence and suggests an action to the Board or other competent body.



Please refer to EC2 to information on conflict of interest.
EC5The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5Board members and agency personnel are subject to regulation on Professional and Ethical Principles that aims to ensure professionalism and integrity. The principles provide, for example, rules regarding impartiality, conflicts of interest, confidentiality, compatible activities outside the BRSA, acceptance of gifts as well as principles to be observed while leaving the BRSA.



Additionally, the BL states that the Board chairman and other personnel shall not disclose confidential information regarding the Agency to any person even if they leave the office. Also according to Article 92 professional staff cannot assume for at least two years any duty in a bank where they conducted on-site and off- site supervision process or practice during the past two years.



Banks expressed their respect for the professionalism and integrity of the BRSA staff.
EC6The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes:
  • a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised;
  • b) salary scales that allow it to attract and retain qualified staff;
  • c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks;
  • d) a budget and program for the regular training of staff;
  • e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and
  • f) a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6The expenses of the BRSA are financed from contributions paid by the supervised institutions. The amount collected as contribution cannot exceed three per ten thousand of the total assets of the institutions. Excess revenues of the Agency at the end of the financial year are transferred to the general budget. The ratio, decided by the BRSA board, is substantially below the limit, given the agency room for maneuvering.



The BRSA staff on supervisory functions number grew from approximately 220 in 2013 to 265 in 2015 mainly due to the creation of the Department of Information Systems Compliance and the Department of Data and System management. Also refer to CP 9.



BRSA personnel can be hired under contract or permanent position. Senior management, including Vice chairmen, department heads, directors, chairman’s advisors and the professional staff are employed under contracts signed for their positions. This arrangement exempts their remuneration from following the Civil Servants Law.



Board Chairman shall be paid a monthly salary that is equal to the amount of financial and social rights paid to the Prime Ministry Undersecretary. The remuneration of Board members is equal to ninety-five percent of the Board Chairman. The salaries and other social and financial rights of the permanent contracted personnel of the Agency are determined by the Board, on the condition that they will not be more than the maximum amount indicated to the chairman.



BRSA non contractual personnel follow the public sector salary scales. The salary level tends to be lower than the private sector especially for the middle and upper management levels. The average compensation at the entry level is higher than the private sector.



The BRSB is empowered to hire new employees observed the limits fixed by the BL. The BL limits are reasonably higher than the current staff, allowing room for additional staff if the Agency consider necessary. Entry conditions are not attractive for mid-career professionals that provides practical constraints to the hiring of experienced staff. In practice new hires are mostly recently graduate professionals that are trained in the agency. The absence of an effective option to recruit mid-career staff might represent a challenge particularly if the agency loses a substantial number of experienced staff.



The BRSA has a budget and a program for regular training of the staff. Records show a comprehensive number of trainings activities in terms of topics and number of participants that were developed domestically and abroad.



Technology expenditures are made to keep the staff equipped with the tools needed to supervise the banking industry. BRSA has memberships at online learning environments, market data providers (Reuters, Bloomberg and etc.) and buys specialized hardware and software (about reporting systems, risk measurement tools etc.) to supervise the industry.



The BRSA explained that the travel budget is adequate for their supervisory work and cooperation initiatives with other supervisors. As an example, it mentioned that BRSA staff represents BRSA in a number of committees and subgroups of the Financial Stability Board and the Basel Committee. The BRSA also claimed that adequate resources are allocated for the participation in supervisory colleges and on-site supervision of subsidiaries abroad.
EC7As part of their annual resource planning exercise, over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7BRSA board is responsible for defining the strategic plan for the agency. The plan sets three years goals and objectives and discusses the availability of human and financial resources.



Training needs to bridge gaps are assessed annually during the development of the BRSA Annual Training Plan. The process collects training needs from the different departments and proposes events to address them. The plan is discussed with the Human Resources Committee and the Chairman.



When additional human resources are considered necessary, head of departments make a request to the Human Resources Committee. After an evaluation, the final decision for hiring new personnel is made by the chairmanship.
EC8In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8The BRSA determines its supervisory plan with a dynamic risk focus approach. Resources are allocated mainly based on the sector share of bank’s total risk (Credit, Market and Operational) and the bank’s rating determined by the supervisory team. A larger amount of resources are allocate to more risky and systemic important banks. See detailed discussion in CP8.



The supervisory plan is continuously revised, which may change the allocation of resources during the year. These are discussed constantly between the frontline analyst teams and the BRSA’s senior management.
EC9Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9The BL provides legal protection for the supervisors. Article 104 estates that lawsuits against the Chairman, Board members and staff for actions taken in good faith in the exercise of their responsibilities are subject to the permission of relevant Minister for the Chairman and Board members and the permission of the Chairman for the Agency staff.



The law also establishes that for the initiation of any investigation of offenses alleged to have been committed by the chairman, Board members and Agency personnel in connection with their duties there must be a clear and solid evidence indicating that such members or personnel have acted for acquiring interests for themselves or third persons and for causing damages on the Agency or third persons and have acquired interests for themselves or third persons and caused damages as a result of their acts.



The law also establishes a framework to protect staff from the costs of litigation connected to their duties in the BRSA even if they have left office. The legal fees for such lawsuits as well as the attorney’s fees are financed from the budget of the Agency.



Finally, the law provides protection against legal action for compensation of damages, payment of receivables and executive proceedings. As long as the action is connected with the duties of the Agency, both during and after the staff terms in office, the legal action should be considered to have been taken against the Agency. There were no civil law cases against officers and managers of the BRSA within the scope of this provision in the last five years.
Assessment of Principle 2Materially Non-compliant
CommentsThe legal protection of the supervisor is broadly adequate. Nonetheless the institutional framework contains shortcomings that should be improved.



The BL establishes the BRSA as an independent body but it contains provisions that might undermine independence in practice. There are several channels of interaction between the BRSA and the government that, considered together, may accommodate political influence: i) the appointments of the Chair and Board members are made by the Council of Ministers without any confirmation process by other independent body; ii) before putting into force regulatory procedures the BRSA needs, by law, to consult the related Ministry; iii) the Prime Minister can approve the removal, if the conditions specified in the BL are met, of members of the Board without publishing the reasons; iv) the relevant minister may permit lawsuit against board members; and v) the BL allows the relevant ministry to file a lawsuit for the cancelation of the Boards regulatory decisions (art. 105). These possible channels of political influence over the Agency, particularly considering the large role played by state owned banks in Turkey, might cause conflicts of interests that might undermine financial stability.



The authorities should therefore review the legislation to limit the cases that require the Minister’s involvement. In particular, it seems appropriate to establish a third party to perform a stronger role in the checks and balances framework such as, making regulatory consultation procedures more transparent, so that BRSA proposals and Ministry comments are published, introducing a process for appointments for the BRSB to be confirmed by a nonexecutive government body and removing the related minister permission for lawsuits for the cancelation of the BRSB regulatory decisions.



There also seems to be room for improving the accountability framework. Despite the periodic briefings from the BRSA to the Council of Ministers, the assessors could not see evidence of a third part aiming to ensure that the powers delegated to the BRSA are exercised appropriately and that its operations are effective and in line with its mandate and objectives.



Finally, in relation to resourcing, entry conditions to the BRSA are not attractive for the hiring of mid-career professionals and provide practical constraints in the event of a shortfall in experience levels.
Principle 3Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.9
Essential criteria
EC1Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1There are several arrangements in place for cooperation between domestic authorities.



The FSC composed of the Treasury and the heads of the CBRT, BRSA, CMB, and SDIF under the chairmanship under the chairmanship of the Deputy Prime Minister in charge of the Undersecretariat of the Treasury was created in 2011. The FSC aims to identify and mitigate emerging systemic risks and coordinate macroprudential policy actions. In order to further strengthen and support the FSC’s activities, the authorities established the Systemic Risk Assessment Group (SRAG) in October 2012. The SRAG was established by a protocol signed by the FSC members and its main mandate is to identify potential systemic risk areas, alert the FSC about potential systemic risks and improve coordination between member institutions for timely and consistent responses. The SRAG members are the FSC member institutions’ deputies, with the BRSA acting as the secretariat. The SRAG meets at least four times a year, and the minutes and outcomes of the meetings are reported to the FSC.



The Financial Sector Commission (FSEC), consisting of the representatives of BRSA, Ministry of Finance, the Treasury, CBRT, CMB, SDIF, Competition Board, SPO, Istanbul Gold Exchange, securities stock exchanges, Futures and Options Markets and the associations of institutions is responsible for establishing and ensuring confidence, stability and the development of the financial markets. This Commission is meant to ensure exchange of information, cooperation and coordination among institutions and propose joint policies. It meets once every six months and shall brief the Council of Ministers regarding the results of its meetings.



The article 98 of the BL, also determines the BRSA, Treasury Undersecretary, State Planning Organization Undersecretary, the SDIF and CBRT to exchange views regarding the implementation of monetary, credit and banking policies. Article 98 also contains provisions allowing the BRSA, SDIF and the CBRT to have access to the jointly-agreed databases of each other.



The Coordination Committee (CC) composed by the BRSA and the SDIF aims to ensure cooperation in bank resolution. The committee meets quarterly to exchange views about the banking sector and other common issues.



Particularly relevant for the supervision of conglomerates are protocols signed for information sharing between BRSA and other local authorities. These authorities includes the Treasury, CMB, SDIF, CBRT, General Directorate of Criminal Registration and Statistics, MASAK, Republic of Turkey Social Security Institution; TÜRKSAT A.Ş., Central Registration Institution and Turkish Competition Authority.



There is evidence that these arrangements have been operating and discussing relevant issues. Bilateral protocols like the one signed by the BRSA and the Treasury seem particular relevant for exchange of information such as summaries of inspection reports between supervisors while committees such as the FSC and FSEC focus on more broad issues.
EC2Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2The legal basis for formal cooperation and information sharing by the BRSA with other foreign supervisory authorities is found in Article 98 of the BL.



The BRSA has signed MoUs with supervisory authorities of 34 countries. According to these agreements supervisors commit themselves to use their best endeavors to cooperate in routine supervisions and to notify and provide each other relevant information in a prompt and timely manner regarding any material supervisory concerns. Discussions on MoUs are underway with authorities of 5 additional countries.



Article 98 of the BL authorizes the BRSA to cooperate with foreign supervisory authorities even in the absence of an MoU. In this case, eventual requests from foreign authorities are subject to BRSB’s approval considering the principle of reciprocity.



The BRSA conducts on-site inspections in foreign jurisdictions in which Turkish banks and their subsidiaries operate and foreign supervisors conduct inspections in Turkey on the basis of reciprocity. When BRSA supervisors conduct on-site examination of banks in a foreign jurisdiction, findings are always shared with foreign supervisory authorities through official correspondence or meetings.



Turkish supervisors also participate in supervisory colleges in foreign jurisdictions upon invitation. The BRSA, as a host supervisor authority, is an observer in some supervisory colleges of the global banks which also operate in Turkey.



There is evidence of collaborative work. Refer to CP 13 for additional discussion.
EC3The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3The framework for the protection of confidential information is established in the article 73 of the BL that lays down the restrictions not only for domestic authorities but also foreign supervisors. In essence all data obtained by the BRSA by virtue of its supervisory activity are covered by professional secrecy.



Nevertheless, the BL establishes several working arrangements that allow the exchange of information with other domestic and foreign authorities as long as the principle of confidentiality is appropriately maintained (see EC1 and EC2 above). The BRSA requires other supervisors to commit themselves to protect the information, including signing memorandums of understanding with specific confidentiality clauses. According to the BL, the agency does not share confidential information if it has any reason to believe that the counterparties will not maintain the confidentiality. The BL also forbids the BRSA to share confidential information with anyone who is not authorized by the BL or may use the information for own benefit
EC4The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4According to the article 73 of the BL, the BRSB is responsible for keeping the confidentiality of information and documents obtained within or outside the scope of MoUs. Confidential information and documents obtained by the Agency may be used for the purposes of licensing, supervision, monitoring compliance with legislation and for administrative lawsuits filed against the decisions of the Board. The confidential information and documents obtained by the BRSA cannot be disclosed to any person or entity, other than the public prosecutors and criminal courts if and when needed in the course of criminal proceedings and prosecutions.



Additionally, protocols on information exchange that the BRSA has signed with other domestic authorities contain provisions establishing the confidentiality clauses of the BL. As explained in EC3, all data obtained by the BRSA by virtue of its supervisory activity are covered by professional secrecy.



MoUs with foreign authorities contain clauses stating that the provided information is subject to confidentiality and should be used only for supervisory purposes. These clauses also establish that when the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor.
EC5Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5The Turkish resolution authority for credit institutions, including the branches and subsidiaries of foreign banks established in Turkey, participation banks (“Islamic banks”) and financial holding companies is the SDIF. The role of the BRSA in the resolution process is to initiate the resolution and decide on the transfer of a failed bank to the SDIF either by revoking its operating license or by transferring its management and control as defined in the article 71 of the BL. As described in EC1, the CC created by the BL ensures coordination between the two authorities on bank resolution.



Following the notification of the BRSA that a bank is asked to take corrective, rehabilitative, or restrictive measures the SDIF develops a bank-specific Resolution Action Plan. The Resolution Action Plan includes alternative bank-specific resolution plans, a verification process for determining the amount of insured deposits to be covered and plans for the rapid deployment of the personnel for the purpose of safeguarding the information technology (IT) systems and data of the bank.



However, there is no framework for ex ante recovery and resolution planning in Turkey. The BRSA and the SDIF have formed a joint working group that is currently in the process of developing policy proposals and necessary amendments to the legislation.
Assessment of Principle 3Compliant
CommentsLegal provisions as well as operational frameworks for cooperation and collaboration with domestic and foreign authorities are in place. Protections on confidentiality appear appropriate. Regarding the lack of processes for recovery and resolution planning, the assessors do not see their absence as reflecting a lack of collaboration between authorities. See also CP9.
Principle 4Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1The term “bank” is defined in the BL Article 3 as deposit banks, participation banks and development and investment banks.



Deposit banks are defined as the institutions operating primarily for the purpose of accepting deposit and granting loan in their own names and for their own accounts. Participation banks are those operating primarily for the purposes of collecting fund through special current accounts and participation accounts and granting loan. Finally, development and investment banks are those operating primarily for the purposes of granting loan or to fulfill the duties assigned by their special laws, other than accepting deposit or participation funds.
EC2The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2The BL defines the activities that banks are permitted to perform and prohibited to carry out.



According to article 4, banks may perform a broad range of activities including accepting deposits or participation funds, granting loans, either cash or non-cash, carrying out any type of payment and collection transactions, including cash and deposit payment and fund transfer transactions, correspondent bank transactions, or use of check accounts, purchasing transactions of commercial bills, safe-keeping services, issuing payment instruments such as credit cards, carrying out foreign exchange transactions, trading of money market instruments, trading of precious metals and stones, trading and intermediation of forward, future and option contracts, purchase and sale of capital market instruments and repurchasing or re-sale commitments, intermediation for issuance or public offering of capital market instruments, transactions for trading previously issued capital market instruments for intermediation purposes, guarantee transactions like undertaking guarantees and other liabilities in favor of other persons, investment counseling services, portfolio operation and management, primary market dealing for purchase-sales transactions, factoring, financial leasing services, insurance agency and individual private pension fund services.



The BL also allows banks to perform “other activities to be determined by the Board”. The BRSA has explained that these activities are mostly on advisory services and operational support, particularly for subsidiaries. Banks’ requests to perform other activities are analyzed according to the supervisory opinion on the specific case and principles settled by the BRSB.
EC3The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3According to the article 150 of the BL legal persons who do not have a license are prohibited to use the business title of a bank in notices, advertisements and public statements. It is also prohibited to use other words and expressions which could create the impression that they were accepting deposits or participation funds or acting as a bank. Penalties for the breach of these rules are imprisonment and judicial fines for real persons and close of the business places where the offense is committed.
EC4The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.10
Description and findings re EC4Art. 60 of the BL establishes that only credit institutions, that are supervised by BRSA are permitted to accept deposits or participation funds. Accepting deposits without permission of the BRSA is legally punishable.
EC5The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5The list of licensed banks and branches is published and updated regularly on the BRSA’s website. According to the Article 10 of the BL, the permissions granted shall be published in the Official Gazette.
Assessment of Principle 4Compliant
CommentsThe BL provides clear definitions of activities that are only permitted to be conducted by registered banks, including taking deposits from the public.
Principle 5Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)11 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1The BL identifies the BRSA as both the licensing and supervisory authority in Turkey. According to article 6 of the BL, the establishment of a bank in Turkey or the opening up of the first branch in Turkey by a bank established abroad needs to be approved by the BRSB.



The licensing of banks in Turkey is a two-step process that includes on-site supervisors and several prudential conditions that needs to be fulfilled by banks. The whole process is conducted by the BRSA. See a description in EC2.



During the last five years four banks were granted a license to operate in Turkey.
EC2Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2Article 7 of the BL establishes a number of conditions that needs to be fulfilled for the establishment of banks in Turkey including that:
  • a) It should be established as a joint stock company,
  • b) Members of the board of directors should meet the necessary qualifications and professional experience,
  • c) Its envisaged fields of activity are in harmony with planned financial, managerial and organizational structure,
  • d) Its paid-up capital, is not be less than 30 million New Turkish Liras (BRSA announced that the current minimum paid-up capital should not be less than 300 million USD),
  • e) There is a transparent and open partnership structure and organizational that will not constitute an obstacle for the efficient supervision of the institution,
  • f) There is no element that hampers consolidated supervision, and
  • g) It submits its work plans for the envisioned fields of activity, the projections regarding the financial structure of the institution including capital adequacy and budget plan for the first three years and an activity program including internal control, risk management and internal audit system.
Additionally, any bank established abroad should meet the following conditions to be allowed to operate a branch in Turkey:
  • a) Its primary activities must not have been prohibited in the country where they are headquartered,
  • b) The supervisory authority in the country, wherein the headquarters of the bank is located should not have negative views regarding its operation in Turkey,
  • c) The paid-in capital reserved for Turkey should not be less than the amount indicated for the establishment of banks in Turkey,
  • d) Members of the board of directors meets the necessary qualifications and professional experience,
  • e) It must submit an activity program indicating work plans for the fields of activity covered by the permission, the budgetary plan for the first three years as well as its structural organization, and
  • f) The banking group must have a transparent partnership structure.
The BRSA assess these conditions through documents provided by the applicants. The necessary documentation is listed in Regulation on Transactions Subject to Permission and Indirect Shareholding (RTSPIO), Article 4.



In addition to the establishment permission, banks need to request the BRSA permission for operation. The banks that have an establishment permission are required to meet additional criteria including:
  • a) Their capital should have been paid in cash and must be at a level that enables the execution of the planned activities,
  • b) At least one fourth of the system entrance fee, equivalent to ten percent of the minimum capital requirements, should have been paid to the account of the deposit insurance fund (SDIF),
  • c) Their activities should be in compliance with corporate governance provisions and have the required personnel and technical infrastructure,
  • d) Their managers should bear the qualifications set out in the corporate governance provisions, and
  • e) The Board should comment that they bear the qualifications required for executing the activities.
The article 10 of RTSPIO provides additional information about the assessment process for granting operating license. The conditions are assessed in on-site examinations. BRSA examines among other issues whether the capital of the bank has been paid in cash in an arm’s length basis, whether it has technical equipment, hardware and adequate staff capable of performing such operations, whether its staff in managerial positions meet fit and proper criteria and whether necessary arrangements have been made to ensure compliance of its operations with the principles of corporate management.



The establishment permission of a bank can be revoked by a Board decision in case of one or more of the following conditions (BL, art. 11):
  • a) The permission is based on non-factual declarations,
  • b) Failure to apply for operating permission within nine months following the issue of the establishment permission,
  • c) Clearly stating the decision to waive the establishment permission,
  • d) Losing the eligibility qualifications for permission until commencement of operation,
  • e) Failure to obtain the operating permission,
  • f) Voluntary waiver from the whole activities allowed for banks,
  • g) Completion of bank merger and acquisition transactions, and
  • h) Completion of liquidation or bankruptcy proceedings under Article 106 of this Law.
The BRSB can also revoke the operating permissions of banks in case the Agency determines, as a result of supervision, that appropriate conditions have not been fulfilled (see CP1, EC 6 for discussion).



During the last five years one licensed was surrender. None have been revoked.
EC3The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3As described in EC 2, the BL provides criteria for authorization and registration that are consistent with those applied for ongoing supervision.
EC4The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.12 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4Among the criteria imposed by the BL for the establishment of banks it is set out that the ownership structure required does not hamper effective supervision on both a solo and a consolidated level. There are also criteria for clear ownership structures that do not hinder the implementation of corrective measures (see EC2 above for details).
EC5The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5The BL (article 8) establishes criteria for bank’s founders and natural person shareholder of the legal person founder with qualified shares of banks. These criteria include:
  • a) not have been declared bankrupt;
  • b) not have qualified shares or not hold control in banks that have been subjected to restrictive measures;
  • c) not have qualified shares or not hold control in banks subjected to liquidation, in development and investment banks whose operating permissions have been revoked, or in credit institutions whose shareholder rights have been transferred to the SDIF;
  • d) have not been sentenced to heavy imprisonment;
  • e) have necessary financial strength and reputation; and
  • f) have the honesty and competence required for the business.
The BL also demands that, in case of legal person and banks established abroad, partnership structure should be open and transparent.



In order to assess the above mention criteria, the BRSA (RTSPIO Art. 4) demands a series of documents such as tables showing the shareholding structure of legal entity founders until their natural partners, lists showing shareholder eventual privileged shares, legal documents stating that qualified shareholders have not been declared bankruptcy, criminal records of qualified shareholders, reports on the financial status of qualified shareholders and commitments to declare the source of capital.



The enforcement department of the BRSA analyses all the documents following internal manuals that list topics that should be considered, including when assessing financial strength of the shareholders.



In terms of initial capital, according to Article 7of RTSPIO, the Agency examines whether the capital of the bank applying for operating permission has been paid in cash in a manner free of any fictitious transactions and whether it is in an appropriate level. The initial capital of the bank that is transferred to the bank accounts is checked by on-site supervisors that also assess whether the amount of capital is sufficient to fulfill the planned activities.
EC6A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6BRSA has stipulated a minimum capital amount of 300 million USD for all banks (see EC2 above).
EC7The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.13 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7As described in EC2 the conditions for the establishment of banks in Turkey includes fit and proper criteria for board members. The BL establishes that the majority of the board of directors should meet the qualifications for general manager that includes: not have been declared bankrupt, have not been sentenced to heavy imprisonment or convicted of serious crimes, have at least undergraduate degrees in suitable disciplines and have at least ten years of professional experience in the field of banking or business administration.



The Deputy general managers must have at least seven years of professional experience and at least two thirds of them must have at least undergraduate degree in suitable disciplines. Even if employed with different position titles, other executives whose authority and duties are comparable to a deputy general manager or who occupy higher executive positions are subject to the provisions pertaining to deputy general managers.



The suitability criterion is evaluated through documents attesting the educational and professional background. The documentation that should be provided to the BRSA is specified in regulation (RSMOD). Apart from educational and professional background, the BRSA also checks if there is no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold managerial positions in a bank.



The BRSA does not impose requirements and does not assess if the board of the bank has a collective sound knowledge of the material activities the bank intends to pursue.
EC8The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.14
Description and findings re EC8As noted in EC2, the criteria for the establishment of banks in Turkey include the harmony of the envisaged activities with planned financial, managerial and organizational structure.



The BL also demands the applicant bank to submit to the BRSA the work plans for the envisioned fields of activity, the projections regarding the financial structure of the institution including capital adequacy, the budgetary plan for the first three years and an activity program including internal control, risk management and internal audit system.



The RTSPIO demands applicants to send “an operational program, which analyzes benefits expected from establishment of the bank, indicates operations to be carried out and operational plans containing methods of achieving internal supervision, internal control and risk management and incorporates the financial structure of the organization in a manner also containing the capital adequacy of the relevant projections, thereof.”



The projections and operational program of the proposed bank is assessed and reviewed with comparison to existing banks in Turkish banking sector that engages in similar activities and have a similar structure. Internal manuals guide the process listing issues that should be considered by supervisors. Compliance with corporate governance regulations, including risk management and internal control systems and IT systems are assessed in on-site supervision before the operating permission is granted.
EC9The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9The BL demands the founders of banks to have the necessary financial strength and reputation. These criteria and financial projections of the proposed bank are assessed by the BRSA during the licensing process (please also refer to EC 2 for details).
EC10In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10The criteria for the establishment of foreign banks in Turkey includes that the bank primary activities must not have been prohibited in the country where they are headquartered and that the home supervisor do not have negative views regarding its operation in Turkey. In order to assess these requirements, the BRSA requires a “no objection letter” from the home supervisor (RTSPIO). Nevertheless, there is no determination that the home supervisor practices global consolidated supervision.
EC11The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11During the license approval process, banks are instructed on issues that need improvements and eventual recommendations to correct deficiencies are shared with on-site supervisors who are responsible for following them up. As explained in EC2, licensing is a two-step process. The period between the establishment permission and the operation permission is a monitoring phase with a special focus on governance and operational requirements.



Once the bank starts operating, supervision procedures follow the ones applicable to all banks. These procedures include assessing the actual performance of banks in relation to their business plans.
Assessment of Principle 5Largely Compliant
CommentsProvisions in the laws and regulations related to licensing and the process followed by the BRSA provide a comprehensive framework to assess the adequacy of new registrations for banks, including foreign bank branches. The BRSA seems to have a broadly sound process to assess applications in practice. However, in order to maintain a licensing process fully compliant with the principle, the BRSA needs to additionally: i) impose requirements and assess if the bank’s board has a collectively sound knowledge of the material activities the bank intends to pursue; and ii) for cross-border banking operations, determine whether the home supervisor practices global consolidated supervision.
Principle 6Transfer of significant ownership. The supervisor15 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”.
Description and findings re EC1According to the Article 3 of the BL, “control” is defined as “the power to appoint or remove from office the decision-taking majority of members of board of directors through direct or indirect possession of the majority of a legal entity’s capital irrespective of the requirement of owning minimum 51 % of its capital; or by having control over the majority of the voting right as a consequence of holding privileged shares or of agreements with other shareholders although not owning the majority of capital”.



The concept of “Significant ownership” is referred in the BL as “qualified shares” and is defined as “the shares that represent, directly or indirectly, 10 % or more of the capital or voting rights of an undertaking or that yield the privilege to appoint members to board of directors even though such rate is below 10 %”. The BL also define “dominant partner” as “natural or legal entities that directly or indirectly, individually or jointly control an undertaking”.
EC2There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2The BL establish requirements for approval of changes in ownership. Article 18 of the BL requires the permission of the BRSA for:
  • a) Any acquisition of shares that result in the acquisition by one person directly or indirectly of shares representing 10 % or more of the capital of a bank or if shares held directly or indirectly by one shareholder exceed 10 %, 20 %, 33 % or 50 % percent of the capital as a result thereof, and assignments of shares that result in shares held by one shareholder falling below these percentages.
  • b) Assignment and transfer of preferential shares with the right of promoting a member to the board of directors or audit committee or issue of new shares irrespective of limits.
  • c) The transfer of shares of legal entities directly or indirectly, who own 10 % or more of the capital of a bank, under terms and conditions of a).
Article 18 of the BL also establishes that the permission might be given on the condition that the person who acquires the shares bears the qualifications required for the founders (see CP5). In cases where the shares are transferred without the permission of the BRSB, the shareholder rights of the legal entity stemming from these shares, other than dividends, shall be exercised by the SDIF.



The documents that are required to be submitted for transfer of ownership are listed in Article 11 of Regulation on Transactions Subject to Permission and Indirect Shareholding (RTSPIO).
EC3The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3The BRSA has the power to reject any proposal for a change in significant ownership, (article 18 of the BL), as each material change (according to predefined thresholds) requires its permission (see also EC2).



According to the Article 18 of the BL, the shareholders with qualified shares who do not bear the conditions required for founders any more shall not benefit from the shareholder rights other than dividends. In such cases, other shareholder rights shall be exercised by SDIF, upon the notification of BRSA. Such shareholders shall not use their preferential rights until the rate of their direct or indirect shares in the capital fall below 10 %.



If BRSA determines that the change in significant ownership was based on false information, according to the article 155 of BL, those persons may be sentenced to imprisonment from one year to three years and a judicial fine which shall not be less than 1,500 days.
EC4The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4Banks are required to submit their detailed shareholders structure on a monthly basis by means of a surveillance report. This report covers name and country of the owner, the size of holding, share percentage, control type (qualified, preferred shares, jointly control, non-controlling share etc.) and the way of ownership (directly owned, from public offering). Additionally, in order to evaluate qualified legal entity shareholders’ ownership structure, the BRSA requires one additional surveillance report semiannually.
EC5The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5According to the Article 18 of the BL, transferring of shares affected without permission shall not be recorded in the book of shares. Any records made in the book of shares in breach of the foregoing provision shall be null and void. Furthermore, article 18 also establishes that in cases where the shares are transferred without the permission of the Board, the shareholder rights of the legal entity stemming from these shares, other than dividends, shall be exercised by the SDIF.
EC6Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6According to 11(5) of RTSPIO “The board of directors is under obligation to take actions and measures for determination of whether a prior consent of the [BRSA] Board is taken for participants of bank general assembly meetings within the frame of obligations arising out of Article 18 of the Law, except for third, seventh and eighth paragraphs thereof.”



The BRSA explained that in order to fulfill the determination of the RTSPIO mentioned above as well as the determinations of article 18 of the BL, banks notify the BRSA when a shareholder no longer meets the criteria for major shareholders.
Assessment of principle 6Compliant
CommentsThe power given to the supervisor by laws and regulations as well as the current procedures provide broadly sound control and oversight regarding significant ownership of a bank and a controlling company.
Principle 7Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1Laws or regulations clearly define:
  • a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and
  • b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1Turkish laws and regulations require that all banks investments, with the exception of banks trading operations, need supervisory approval.



Cross border investments of banks require the BRSA approval according to the article 14 of the BL and article 9 of RTSPIO. In order to be allowed to make a cross border investment, banks’ practices should be in line with corporate governance and safeguarding provisions of the BL. Furthermore, there should be no obstacles in gathering information and executing supervision on the cross border company.



Previous permission for participating or establishing a domestic partnership is required by the article 8 of the RTSPIO. Additionally, article 57 of the BL prohibits banks to invest in entities whose main field of activity is property trading, except for mortgage financing institutions and real estate investment trusts.



The mentioned provisions of RTSPIO are not applied on investments made on shares for trading purposes, or on acquisition of shares solely for collection and recovery of receivables, or on participation in capital increases of partnerships.



Finally, article 56 of the BL limits the acquisition of shares by banks at undertakings other than credit institutions and financial institutions at an amount of 15% of its own funds, and the total amount of its shares in these undertakings shall not be more than 60 % of its own funds. Any investment in excess of the above limits is deducted from bank’s equity for capital adequacy purposes.
EC2Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2The regulatory framework determines that the investment of banks domestically and abroad needs to comply with corporate governance and protective provisions.



According to article 14 of the BL, banks established in Turkey may open branches or representative offices abroad, including off-shore banking regions, set up undertakings or participate in existing undertakings on the condition that they comply with the corporate governance and protective provisions, such as capital and liquidity adequacy or large exposures limits (article 43, 44, 45, 46, 54, 57 of BL).



According to the article 8 of RTSPIO, banks established in Turkey may set up undertakings or participate in existing undertakings at home as long as they comply with the corporate governance and protective provisions, such as capital and liquidity adequacy or large exposures limits (article 43, 44, 45, 46, 54, 57 of BL) and the principles established by BRSB. The permission to allow the investments is decided by the BRSA board.



Article 9 of RTSPIO requires banks planning to invest in or establish foreign entities to submit to the BRSA a detailed feasibility study indicating sums of funds necessary, an analysis of costs and benefits concerning the proposed activity, estimated balance sheets, cash flows and profit/loss schedules which set forth targets for three years from foundation.



The assessors could see examples showing that in practice the application of articles 8 and 9 of RTSPIO require the applicant banks to be compliant with management, internal systems, financial reporting and prudential requirements such as capital adequacy, liquidity, asset quality, provisioning and large exposures limits as stipulated in the BL and regulations. The BRSA also verifies that there should be no obstacles in gathering information and conducting supervision of the cross border company. If needed, the BRSA may require an MoU with the host supervisory authority.
EC3Consistent with the licensing requirements, among the objective criteria that the supervisor uses, is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.16 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3The BRSA analyses, as part of the approval process, the risks posed by new acquisitions and investments to the banking group. The analysis is performed mainly by the evaluation of a detailed feasibility study submitted by banks. Compliance with prudential measures such as capital and liquidity adequacy is also verified. Please also refer to EC2.



Powers attributed to the BRSA by the BL allows effective supervision of domestic undertakings (see CP 1 and 12 for discussion). Consistent with the licensing criteria, according to Article 9 of RTSPIO, there should be no obstacles in gathering information and conducting supervision of the cross border company and, where necessary, the BRSA may require an MoU with the host supervisory authority. Nevertheless, there is no explicit consideration about the effectiveness of supervision in the host countries.
EC4The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.
Description and findings re EC4Based on the laws and regulations explained in EC 2, banks are required to submit a detailed feasibility study indicating necessary resources, costs and benefits analysis of the proposed activity, estimated balance sheets and cash flows and profit/loss estimates for the following three years from foundation. The BRSA evaluates the submitted study during the process of granting permission. The regulation (RTSPIO) is explicit about the required study only for cross border investments, but the assessors also observed examples where domestic investments were analyzed in similar terms. Additionally, Article 8/7 of RTSPIO requires banks to submit a report explaining the reasoning behind the proposed domestic investment.
EC5The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.
Description and findings re EC5The assessment of the risks that non-banking activities can pose to a banking group is mostly assessed in the CAMELS rating process (see CP8). The process involves the assessment of many topics, including the risk that subsidiaries and other entities of the group may represent to the bank. The Internal Capital Adequacy Assessment Process of Banks (ICAAP) and its revision by the supervisor also address risks from non-banking activities. The opinion formulated on these assessments is reflected in the decision to permit banks to invest in non-banking activities.



Finally, the BL sets limit for investing in non-financial activities. According to article 56 of BL, a bank shall not acquire shares in entities other than credit institutions and financial institutions in excess of 15 % of its own funds, and the total amount of such investments shall not be more than 60 %of its own funds. Any investment in excess of the above limits reduce bank’s equity for capital adequacy purposes.
AC1The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.17 Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.
Description and findings re AC1
Assessment of Principle 7Compliant
CommentsThe regulatory framework subjects major acquisitions and investments by banks and controlling companies to prior approval by the BRSA. The BRSA also has well established supervisory practices to limit and monitor risks arising from such activities. Going forward, supervisors should consider more extensively and formally the effectiveness of supervision in host countries.
Principle 8Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks:
  • a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and
  • b) which banks or banking groups present to the safety and soundness of the banking system
The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1The supervisory approach of the BRSA is defined in the RAA as a dynamic risk-focused (RFS) one that aims to ensure efficiency, continue adequacy of supervision and efficient allocation of supervisory resources. The approach proposes to shape supervision form, scope, time, content and intensity based on the risk profile and adequacy of internal controls and risk management systems of each institution.



The BRSA’s methodology for ongoing supervision of banks, established in the Supervisory Manual on Banking Supervision Process (SMBSP) is organized in supervisory cycles that last one year.



Main Players



Three different departments play major roles in the supervisory cycle:



- The audit departments are responsible for on-site inspections. That includes special inspections, complementary inspections and the Camels rating system (see below).



- The off-site department analyzes various indicators related to bank’s financial performance in different periods and prepares periodical reports on issues of concern. The analysis made by the off-site team aims to provide feedback and early warning mechanism for emerging risks for on-site inspections.



- The enforcement department is responsible for the formal communication between banks and the BRSA in relation to corrective measures. Findings of the audit and off-site department are analyzed by the enforcement department that proposes supervisory actions to the BRSB or another competent authority within the BRSA.



Planning



The first phase of the cycle is the strategic planning. Based on previous accumulated knowledge this phase sets a high level plan for on-site inspections, listing the banks that will be assessed and broadly allocating the personal for each activity. The plan is elaborated by the heads of the audit departments and is approved by the chairman.



One of the main inputs of the planning phase is the risk profile of the bank, represented by its supervisory rating and its systemic importance. More specifically, the SMBSP determines that the minimum frequency of inspections depends on:



- The sector share (SS) of bank’s total risk weighted exposure amount,



- Bank’s final rating which is assigned by the supervision team at the end of the supervision process. (10 is the worst, 1 is the best rating)



Banks are mapped into three different categories, “red”, “yellow” and “green”, based on the above indicators and the following matrix:
Category of BanksFinal Rating
10,9,8,7,64,53,2,1
Sector ShareSS≥3RedRedYellow
3>SS≥0,5RedYellowGreen
0,5>SSYellowGreenGreen


Banks in the “red” category are examined on-site annually, banks in the “yellow” category are examined at least once every two years and the banks in “green” category are examined at least once every three years. The BRSA explained that even though the rule would allow some of the largest banks to be assessed every other year, in practice they are examined annually due to its systemic importance.



Identification of Risk Areas (IRA)



Banks selected to be assessed on-site are subject to the IRA phase of the supervisory cycle. The IRA aims to provide a snapshot of the risks of different areas of the bank. This phase is meant to be a short initial assessment based mainly on previous available information, including the latest risk matrix and profile, CAMELS rating, internal capital adequacy assessment process (ICAAP) report, special and complementary inspections and off-site reports. The IRA produces an initial opinion about the riskiness of different areas of the bank and a supervision plan identifying the specific areas that are going to be subject to special inspections. Camels rating assessment is performed in all other areas.



Special Inspections (SI)



Special Inspections (SI), as described in the Supervisory Manual on Special Inspections Report, are detailed on-site inspections meant to assess risks and quality of management in a particular area under inspection. SI are meant to reveal problems that have the potential to affect the financial soundness of the bank and identify measures that should be required from banks to resolve eventual problems and mitigate risks. The number of Special Inspections conducted in 2014 and 2015 were 61 and 44 respectively. Among these 105 SI, there were 70 SI conducted on loan portfolios in 27 different banks.



SIs are deep evaluations performed in three levels. The first level checks the adequacy of internal evaluations made by banks aiming to determine whether or not the bank manages well its activities and risks arising from those activities. The second level contrasts banks practices with BRSA best practice guidelines and finally, the last level examine specific transactions and operations through sampling methodology looking for potential issues that might affect the financial soundness of the bank.



SIs may have different themes, for instance, specific credit portfolios, business model and profitability, information systems, liquidity management and derivatives among others.



CAMELS rating and risk profile



The CAMELS rating phase of the supervisory cycle is conducted by analyses of the financial soundness of the bank and the assessment of the efficiency of the bank’s general risk profile, risk management and internal control and internal audit systems. The analyses is guided by a series of almost five hundred questions, contained in the Annex of the General Assessment Report (GAR), that supervisors are required to answer using as inputs the IRA evaluation, SI and ICAAP reports, banks data and discussion with bank managers. Relevant information is scanned and included in system in order to substantiate the response to the questions. The results of this phase are a financial structure and rating report, risk matrix, risk profile and their view of the ICAAP report submitted by banks.



Complementary analyses.



Once the SI and rating processes are completed, the BRSA executes a series of additional on-site inspections that usually have a stronger compliance nature. These inspections cover issues such as legal concerns, policies and processes on anti-money laundering and combating the financing of terrorism (AML/CFT) and follow up on supervisory findings and consumer complaints. Also see CP 29 to discussion on AML/CFT inspections.



Additionally, supervision teams may also perform thematic reviews considering developments and trends in the banking sector or significant specific changes to the operation of the bank.



Banks not been assessed on-site



Banks within “yellow” and “green” categories, that are not been assessed on-site in one particular year (e.g., have not been submitted to IRA, SI, rating and complementary inspections) should be assessed by the supervision teams of the audit department at least every six month (green category) or quarterly (yellow) through off-site reports including



“Monthly Report of Follow-Up of Compliance with Legal Limits”, “Monthly Report of Ratios Follow-Up” and “Monthly Report”. The SMBSP manual requests that the evaluations shall not be limited to the mentioned surveillance reports but also take into account the effects of current macroeconomic developments on the financial soundness of the bank, as well as the changes in shareholder structure and similar issues.



Off-site supervision



During the whole process, on-site supervision teams from the audit department have access to off-site reports regarding banks and other financial companies on a solo and consolidated basis. These reports include stress test and various prudential ratios of the bank and its peers. Additionally, during on-site inspections, supervisors have easy access to comprehensive databases with information of banks and its groups. See CP 10 for additional information.



Furthermore, within the scope of the off-site supervision function, the BRSA monitors individual banks and the banking sector as a whole, evaluates potential risks and informs on-site teams and upper management about present or emerging vulnerabilities. Bank surveillance reports, periodic and non-periodic thematic reports, stress tests and banking sector presentations are the main outputs of off-site supervision (also refer to CP 9).



Practice



The assessors reviewed examples of inputs, working papers and outputs of the different phases of the supervisory cycle. The review suggested that the practical implementation of the supervisory manuals face challenges that might hinder the quality of the process and its products. One of the shortcomings is an excessive compliance nature of the inspections. Although the declared goal of all the different inspections is to evaluate the risks faced by the bank, in practice the inspections appear to focus extensively on establishing compliance with the different regulations. The inspections seem to fall short of developing a clear view on the risks faced and posed by the bank and particularly important on the potential need for broader and more forceful supervisory action. To support this process, supervisors need to establish and highlight the implications of the findings of specific inspections for the broader risk assessment of the bank, which frequently does not seem to be the case.



Another point that needs to be considered is the strength and weaknesses of the CAMELS rating process. The process is comprehensive and requires supervisors to collect a large set of information to be able to provide answers on almost five hundred different criteria. Nevertheless, it is important to recognize that, by its own nature, the analyses executed by the supervisor during the rating process cannot be as deep and comprehensive as the ones performed, for example, during special inspections. The relatively limited nature of the ratings is expected and is not necessarily a problem if supervisors frequently take more detailed approaches to inspect the bank. It is not enough to inspect a number of issues only during the ratings process. BRSA should not take excessive comfort from the fact that some issues are analyzed during this phase. From time to time, the scope of special inspections needs to encompass issues that currently seem to be addressed only during the ratings phase.



Regarding banks that have not been selected to be inspected in one particular year, it was not possible to verify what kind of supervisory attention is given to them due to the fact that the supervisors’ analyses of off-site reports, do not typically deliver a formal assessment. Nevertheless, the possibility embedded in the current methodology of leaving some banks without a structured supervisory assessment for up to three years seems inadequate.



Finally, the BRSA has not started to assess the resolvability of banks.
EC2The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2As described in EC 1 and in the Supervisory Manual on Banking Supervision Process (SMBSP), the BRSA has a process to understand the risk profile of the banks. Different phases of the supervisory cycle aim to deepen the understanding of the banks risks. From the initial IRA until the Camels rating, the results of the previous phases are used to guide the work that is done subsequently.



The criteria for risk assessment are well established in the Supervisory Manual on Risk Assessment Criteria (SMRAC). The final products of the supervisory cycle, particularly the risk matrix and risk profile aims to show the risk types and levels which the banks are exposed to.



The most important forward looking element of the methodology is the ICAAP assessment that involves capital projections, by banks, for the following three years under different economic scenario. Nevertheless, the revision of supervisors’ working papers and discussion with banks suggested that the process still is in a learning phase. The quality of banks reports and the scrutiny of the reports by supervisors need to develop further before the results can be more extensively used.



Furthermore, as part of the off-site supervision efforts, the BRSA performs top-down stress testing analyses (please refer to CP9). The methodology could provide an important forward looking tool to deepen the assessment of the risk profile of banks and drive supervisory action but the assessors saw little evidence of its use currently during the banks’ assessment process.



Finally, the CAMELS rating system and the matrix used to summarize the risk profile of the banks does not have an explicit forward looking component that provides an indication of future trends in the soundness of the bank.
EC3The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3The BL provides an appropriate framework for the BRSA to conduct compliance inspection in banks as part of its regular inspection activities. These inspections include compliance with the BL, sub-regulations issued by the BRSA and other regulations applied to banks, including anti-money laundering.



The BRSA utilizes a number of tools to assess compliance of banks and banking groups with prudential and other requirements. As described in EC1, on-site supervisors conduct several compliance inspections during the complementary analysis phase of the supervisory cycle. Additionally, the rating process also involves the analysis of banks compliance with regulation and prescribed best practices.



Finally, the off-site department generates monthly reports to confirm banks’ consolidated and non-consolidated compliance with prudential regulations and other legal requirements. There is an off-site reporting template supporting a legal requirements check list. When a breach is detected, the BRSA takes necessary actions including demand the correction and applying penalties.
EC4The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.
Description and findings re EC4The BRSA develops macroeconomic analysis that includes local and global conditions that might affect the banking system. These analyses are inputs for bank inspections.



According to Supervisory Manual for Identifying Risky Areas and Supervision Planning (SMIRASP), inspection teams are expected to examine the diversity and scope of the bank’s activities and products, risk appetite, place in the sector, growth plan and strategies. They are also expected to understand the corporate culture of the bank and to have an opinion about the bank’s financial soundness and risk profile on a consolidated basis. While forming this opinion, the latest developments affecting all the institutions belonging to the group and its major shareholders, including non-bank activities, should be considered in conjunction with the latest trends and general macroeconomic conditions.



As part of the off-site monitoring function, the BRSA develops reports regarding the banks’ derivative transactions, CDS spreads, equity prices, that are used by supervision staff and senior management. Depending on market developments and risk factors, specific analysis and reports are also prepared.



The macroeconomic environment is also considered in stress testing studies. Top down macro stress testing studies employ a baseline and an adverse scenario and try to estimate how banks and the industry will be affected within a two years’ time frame. Macro variables such as GDP growth, FX rates, interest rates and unemployment rates in alternative scenarios are modeled and related with banks financial structure in terms of credit risk, interest rate risk, exchange rate risk and contagion risk. These analyses help to take account of the macroeconomic environment in both bank supervision and systemic risk analysis.



Regarding cross-sectoral developments, the rating process includes a section called consolidated supervision containing questions that aims to evaluate relationship among the bank and other financial and non-financial entities of the group. Additionally, some specific reports are prepared by off-site supervision in order to assess the banking sector as a whole. As mentioned in EC1, the rating process analyses are limited by its own nature.



BRSA also participates in a number of committees and working arrangements that allow the collaboration among different financial market supervisors (see CP 1 and 3 for details). In particular, BRSA, Treasury and CMB meet annually to share their findings and concerns and coordinate the supervision efforts toward insurance firms, investment firms, pension fund firms and others which are affiliated with banks.
EC5The supervisor, in conjunction with other relevant authorities, identifies monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5The BRSA requires banks to submit information on a number of issues and converts them in a meaningful database for analyzing the financial system. Concentrations and trends are monitored through reports generated from this database.



The BRSA off-site supervision function monitors and assesses asset quality, profitability, capital adequacy and liquidity of the individual banks and banking system as a whole by means of periodic reports such as: Bank Surveillance Reports, Weekly Banking Sector Report, Potential Non-Performing Loans Report, Monthly Key Indicators Report, Banking Sector Outlook, Stress Test Report, Country Risk Report, Credit Bureau Individual Credit Rating Results Report, etc.



In addition to periodic reports, ad-hoc analysis about emerging risks and tendencies facing the banking sector are also prepared. It was mention, as an example, that because of the size of the open positions of the corporations, FX lending was a potential emerging risk factor for the sector. In the second half of 2015 a survey was conducted on FX loans which covered 2,527 biggest firms (71 % of total FX loans) and gathered information about FX assets, liabilities, income generation capacity and derivatives for hedging FX risks.



BRSA findings are discussed in a number of committees with other authorities. Particularly relevant are the FSC and FSEC. See CP 1 and 3 for additional information.
EC6Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6According to the BL, the two authorities with roles in bank resolution are the BRSA and the SDIF. They regularly meet to exchange information and discuss measures and policies about banks (please refer to CP3). Additionally, BRSA and SDIF are the members of FSC and FSEC which are formed to increase the coordination, cooperation and information sharing among these institutions.



Under the current legislative framework, resolution options and tools are evaluated when the bank is asked to take corrective actions. These options are analyzed taking into account high level considerations such as safeguarding confidence and financial stability, prevailing market conditions and cost-effectiveness of resolution.



The BRSA and the SDIF have established a joint working group to analyze the eventual need to change the current resolution regime and align it with FSB’s Key Attributes of Effective Resolution Regimes. As part of this process, the two institutions have agreed to include resolvability assessment into the legislation. The joint working group is still formulating policy proposals and necessary legislative amendments on these issues. For the time being, banks are not required to develop recovery plans and supervisors have not started to assess banks’ resolvability.
EC7The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7The BRSA has the authority to take an appropriate range of remedial actions which are stated in the Articles of 68, 69 and 70 of BL. The range of measures is broad and allows appropriate escalation according to the situation (see CP 1 for detailed description).



Supervisory procedures are also intensified when banks are under stress. The frequency of inspections increase with the deterioration of the rating of the bank and the number of topics covered in the inspections may also increase due to the number of meaningful weaknesses identified (see details in EC1).



When the BRSA decides to initiate the resolution, the process involves either the revocation of the bank’s operating permission (Article 106 BL) or the transfer of the management and control of the bank to the SDIF (Article 107 BL). The decision about the process is based on general considerations, such as the structure of the balance sheet, the amount of deposits and potential wider impact of the different options. After the bank is transferred to the SDIF, the SDIF decides which actions to take in line with its mandate and powers specified in the BL.



If the bank is resolved under Article 106, the operating license of the failed bank is revoked and the SDIF makes a pay-out to the insured depositors and apply to the courts for a decision as to whether a bankruptcy proceeding should be initiated for the remainder of the failed bank. If the court rejects the application, the SDIF may start liquidation proceedings through a decision of the SDIF Board.



In cases where the BRSA transfers management and control of a bank to the SDIF, the SDIF has wide powers under Article 107 of BL, including to suspend the activities of the bank and manage it, transfer assets and liabilities, take over its shares and restructure it, sell or merge it with another bank, and request the BRSA to revoke the operating license of the bank. The SDIF may also provide financial support to a failing bank if it has acquired all or the majority of its shares.



One issue that should be considered in the effectiveness of the framework is that the sharing of communication responsibilities between the audit and the enforcement departments seems to generate a fragmented process that increases the risks that the messages conveyed to the bank do not reflect appropriately supervisory concerns. The speed of actions and decisions might also be affected. Please refer to CP9.



As explained in EC6, authorities are studying changes in the current resolution framework to harmonize it with the FSB’s Key Attributes of Effective Resolution Regimes.
EC8Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8Bank-like activities without the authorization of BRSA are legally punishable. BRSA initiates investigations in case of file of complaints or information provided on potentially bank-like activities being performed without required permission. If needed, findings are submitted to the responsible authority for further proper legal actions, including reporting to the prosecutor’s office.



The restructuring of a bank that involves establishing a subsidiary or investing in a joint venture requires a prior approval by the BRSA, where the bank needs to provide detailed information regarding structures and activities of the new undertaking. The BRSA explains it would not approve the application if it results in avoidance of the regulatory perimeter. Furthermore, the BRSA receives call reports on the structured of the banking groups and analyze group structure issues during on-site inspections.
Assessment of Principle 8Materially Non-compliant
CommentsThe BRSA has an established and comprehensive methodology to supervise banks. This methodology is documented on a number of manuals and grounded on comprehensive databases and a broadly appropriate regulatory framework. Nevertheless, the practical implementation of the process is subject to shortcomings that needs to be addressed:
  • The inspections need to develop a more profound and forward-looking risk assessment nature, producing a clear view of the risks faced by and posed by the bank. Current conclusions tend to focus mostly on compliance issues and do not identify and make clear if there is need for broader and more forceful supervisory action. Supervisors also need to derive and highlight the implications of the specific findings for the broader risk assessment of the bank.
  • The BRSA should not take excessive comfort from the fact that issues are analyzed during the ratings process. By its own nature, and as currently applied by the BRSA, the ratings process is not deep enough to generate firm and actionable conclusions. From time to time, the scope of special inspections needs to encompass issues that are currently addressed only during the ratings phase.
  • The BRSA needs to enhance the forward-looking components of its assessments. Results of the ICAAP need to be more thoroughly analyzed and discussed with banks. Stress tests results should play a larger role in the assessment framework. In addition, the ratings methodology could explicitly incorporate the expected trend for each component.
  • Banks, particularly the systemic important ones, should be required to develop recovery plans and the BRSA should assess their resolvability.
The assessors understand that the BRSA is already developing actions to address some of the above issues and encourage the authorities to keep working to improve the efficiency of the process.
Principle 9Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1The supervisor employs an appropriate mix of on-site18 and off-site19 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.
Description and findings re EC1The principles and procedures for the supervision of the institutions under the scope of the BRSA are determined by RAA. More specifically, article 5 of the RAA defines that the BRSA will conduct risk focus supervision (RFS). The RFS approach aims to shape the scope and intensity of the supervision taking into consideration the risk profile and the existence and adequacy of internal controls and risk management systems of banks.



The BRSA’s supervision system is composed of two essential activities, on-site and off-site supervision which aims to complement and support each other.



On-site supervision



On-site supervision covers issues that might have an impact on the financial safety and soundness of the bank, including a comprehensive risk assessment of the bank to identify its risk profile. On-site supervisors frequently perform: i) comprehensive reviews of the loan portfolio and the adequacy and effectiveness of the internal control systems; ii) evaluation of the compliance of the financial statements and accounts with national and international accounting standards; iii) assessment and analysis of the consolidated group; iv) analysis of the adequacy and reliability of the information systems of the bank; and v) alignment of the operations of the bank with all relevant legislation, among other activities. Bank’s inherent risks are analyzed taking into account its risk management framework as well as its compliance with corporate governance principles. Corrective measures are recommended when problems are identified. See CP8 for detailed discussion on the supervisory cycle and description of on-site main inspections. CP 11 discusses corrective measures.



Currently there are approximately, 75 on-site examiners assigned to conduct on-site bank inspections and 17 examiners assigned to non-bank financial institutions. Another 29 examiners are responsible for conducting specific examinations regarding customer complaints, alleged criminal activities of bank staff, etc, and 8 more are in the internal review team. There are also 13 on-site examiners working in the Risk Management and Financial Consumer Relations Departments, who are not included in regular bank or non-bank institutions’ examinations but they do perform ad hoc examinations that complement the regular supervision. Other expert personnel of the BRSA, including law experts and IT experts who can also be assigned to these groups when it is deemed necessary. The team head usually leads the inspection of the same set of banks for three years while the examiners assigned for the team change every supervisory cycle. There are also 50 examiners that do not belong to the audit departments who are responsible for specific inspections not related to prudential issues.



Off-site supervision



Off-site supervision activities are carried out analyzing various indicators related to bank’s financial performance in different periods and preparing periodical reports on issues of concern. Data sources include surveillance call reports, regulatory reports, on-site supervision and external audit reports, CBRT and Credit Bureau data, rating agency reports and media. Conclusions are immediately reported to other departments and senior management.



The analysis made by the off-site team aims to provide feedback and early warning mechanism for emerging risks for on-site inspection. The off-site supervision department produces various periodic reports and analysis on demand, including stress tests (see CP 10). Off-site supervision activities are performed by 22 supervisors (average 3 banks per banking expert). These activities have been organized under a separate department aiming to strengthen the off-site function, improve efficiency and ensure standardization.



Quality assessment



The quality assurance system is defined in the article 7 of RAA. According to this article, quality assurance system comprises all processes in the supervision framework and ensures the improvement of quality in BRSA’s inspections as well as the consistency in inspection reports and their alignment with the standards set forth by the BRSA. The quality assurance system aims to continuously improve the inspection standards. The BRSA assesses the compliance of audit systems and products to internationally-accepted principles and standards as a non-integrated part of quality assurance system and provides them to be subject to an independent analysis.



The current quality assurance system seems to be focused on the results of individual on-site inspections, ensuring that the procedures followed by the supervisors are in compliance with the relevant manuals. The BRSA has yet to develop policies and processes to assess more broadly the effectiveness and integration of on-site and off-site functions, and to address any weaknesses that are identified.
EC2The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.
Description and findings re EC2According to Article 10 of RAA, inspection plans are prepared by team leaders, evaluated by the heads of departments and submitted to the approval of the Chairman with the assent of the Vice-Chairman.



As described in CP8, the specific scope and extent of the supervision process is determined at the strategic planning phase of the supervisory cycle taking into consideration the findings of previous inspections and current risks evaluations. Inspection plans also include the terms of assignment of the examiners and the duties that they are required to perform.



The consistency of the supervisory procedures and process are determined by several supervision manuals. These manuals describe the methods and processes for data collection and evaluation as well as other relevant procedures including the report. According to Article 17 of RAA, at the end of the inspection process, the team prepares an inspection report, or a paper formally explaining the opinions of the examiner or a brief information paper, depending on the nature of the inspection.



Inspection reports are reviewed by the heads of the audit departments for their compliance with the regulations and guidelines. Inspection products with deficiencies or wrong interpretations are returned to the related expert personnel for correction (article 18 of RAA).



Bank’s data, audit reports and internal and external information sources are used and analyzed as part of off-site supervision activities. The process generates individual bank analysis and sector based thematic reports that are shared with the on-site teams and related enforcement departments. As described on CP 10, the off-site team also monitors the quantitative information provided by banks and notifies the on-site examiners of problems responsible for the bank when needed.



Supervisory Manuals also include references to off-site reports to be taken into account during the on-site inspection process. For example, SMCEP requires the on-site inspection team to review the off-site reports during the inspection of the loan portfolio of the bank. Additionally, on-site teams are informed about the names and contact information of the banking experts in the off-site supervision function responsible for the bank under examination.



In practice there seems to be a large set of off-site reports as well as a comprehensive database available for the supervision work. On-site supervisors refer to it as a tool to facilitate the comparison of financial information; nevertheless, the assessors could not observe many examples of a deeper exchange of information between the on- and off-site supervisors or joint analyses and projects.
EC3The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable20 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3The BRSA is empowered by the BL to require banks to submit information on their financial condition, performance, and risks on both solo and consolidated basis. These reports provide information on different issues such as on- and off-balance sheet assets and liabilities, profit and loss accounts, capital adequacy, liquidity, large exposures, asset concentrations, asset quality, loan loss provisioning, related party transactions, interest rate and market risk, FX positions and securities positions. The process of collecting and analyzing information from banks is based on a predetermined frequency (daily, monthly, quarterly, semiannually or annually) commensurate with the nature of the information requested and the size, activities and risk profile of the individual bank. In order to make meaningful comparisons between banks and banking groups, the BRSA collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates and periods. These data forms a database which can be easily accessed by supervisors.



A number of control procedures are applied to improve data quality. The data source is checked in terms of reliability, correctness and consistency. In this respect, banks’ call reports are checked from different sources and verified throughout the supervision process. The control procedures are applied on both client and server sides to provide consistency of the data. To maintain a regular reporting cycle, the system produces and sends the required warnings to institutions such as expected reports, reporting latency, errors in consistency checks and so on. Completed and consistent reporting sets are locked to protect the data from unauthorized changes.



Please refer to CP10 for detailed discussion on information available for the supervision process.
EC4The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as:
  • a) analysis of financial statements and accounts;
  • b) business model analysis;
  • c) horizontal peer reviews;
  • d) review of the outcome of stress tests undertaken by the bank; and
  • e) analysis of corporate governance, including risk management and internal control systems.
The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4During the supervisory cycle a large number of tools are used to assess and monitor the safety and soundness of banks. See CP 8 above.



Using a variety of tools, on-site and off-site supervision perform analysis of financial statements and accounts. Business model analyses are performed in special inspections and, to some extent, within the rating process. Off-site reports with peer group comparisons on a number of subjects are available for on-site supervisors who also conduct horizontal analysis in complementary inspections. The outcome of stress tests undertaken by the banks is reviewed within the context of the ICAAP assessment. Finally, analysis of corporate governance, including risk management and internal control systems are carefully taking into consideration by the on-site team in several phases of the supervisory cycle.



Supervisors conduct formal and informal meetings with the bank management as well as other relevant bank personnel and share their opinions on issues such as risk management systems, banks’ financial performance, capital adequacy and any other relevant subject. On-site inspection team members are in contact with institutions’ middle and senior management during the supervision process.



The on-site inspection team follows up the correction and/or mitigation of any vulnerability identified during the supervision framework. The supervisory findings, corrected by the bank under inspection prior to the finalization of the supervision cycle, are communicated by the bank to the inspection team. Any uncorrected deficiencies are scrutinized in the inspection reports. These reports are sent to the enforcement department that is responsible for the formal correspondence of examination reports which are sent to the bank. Related inspection teams are informed about bank’s actions with regard to the correction of deficiencies.



The assessors observed the communication process between banks and supervisors and consider that there is room for improvement. Initially, communication with the bank’s board could be strengthened. It would be helpful, for instance, setting policies establishing at least one annual meeting between supervisors and the board of the bank. The end of the rating process, when the supervisor summarizes the opinion about the bank, might be an appropriate occasion to explain the supervisors’ views and concerns to the board. Additionally, other important analyses done by the BRSA, such as the stress testing exercises could also be more formally discussed with the banks. Finally, the sharing of communication responsibilities between the audit and the enforcement departments seems to generate a fragmented process that increases the risks that the messages conveyed to the bank do not reflect appropriately supervisory concerns.
EC5The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5Stress tests are conducted as a part of the off-site supervision activities. Mainly it is a top down macro stress testing study to assess the resilience of Turkish Banks and the Turkish Banking System to extreme but plausible events. It is based on the Macro Stress Testing Model developed by European Central Bank’s Technical Assistance in 2011. It has been modified to fit the data, needs and approaches peculiar to Turkish banking system. It has also been customized with satellite models.



There are two macro scenarios in the model, the baseline scenario and the adverse scenario. Macro scenarios include GDP growth, FX rates, Interest Rates and Unemployment rates. The goal is to estimate how the Turkish banking industry might be affected within a two years period. Each bank is considered in the stress tests on solo basis. Individual results are aggregated to build the industry assessment.



The “baseline scenario” is formed by using market expectations extracted from information sources such as CBRT Market Survey and Bloomberg expectations and expert judgment. The “adverse scenario” depends on a “sudden stop” scenario based on a serious increase in rollover in government and private borrowing and a slowdown in international capital flows. This 1st year shock causes pressure on markets and increase interest rates and FX rates, resulting in an economic slowdown. The effects last for 2 years.



Main risks included are credit risk, interest rate risk (duration method for trading book, income method for the banking book), exchange rate risk and contagion effects.



A major part of the stress testing approach is the satellite (auxiliaries) models used to estimate the growth in the loan portfolio and the increase in the non-performing loans as a function of the macro scenarios for the following two years. The model uses quarterly panel data to estimate growth rates broken down by commercial and retail portfolios.



Final results are summarized using changes to the capital adequacy ratio (CAR) that are compared to the 8% and 12% regulatory prescriptions. If the resulting CARs are below these levels, the banks are highlighted together with their potential capital need. On-site inspection teams are informed of the findings of stress tests. Moreover, Core Tier I, Tier I and CAR are evaluated as well. In addition to the Macro Stress Testing Model, several sensitivity and what if analyses are performed. Short term FX and interest rate sensitivities of the Turkish Banking Sector are tested separately. The process includes tests of 10% to 30% increases in FX rates and 100 bps to 300 bps increases in interest. Moreover, loan losses threshold high enough to reduce banks’ CAR below 8% and 12% are examined. Additionally, the effects of “what if all loans under follow up are classified as NPL” are measured for each bank.



Stress tests are conducted on a quarterly basis. They are reported internally twice a year and presented to the Chairman, Vice Chairmanships of Supervision and Enforcement. Results are evaluated by on site, off site supervisors and the related BRSA staff internally.



Liquidity Tests are only conducted when required by the BRSB. Liquidity tests use the “Implied Cash-flow Test” which tries to estimate how the banking system will be affected under two scenarios applied on a bank by bank basis. The first scenario assumes that there will be no deposit withdrawal within the industry, but there will be a reduction in the non-deposit liabilities due to unrolled foreign funding (1 month remaining maturity foreign borrowings are not renewed). The second scenario adds the assumptions of deposit withdrawals (10% for TRL, 20% for FX deposit) to the first Scenario. In addition, 15% to 50% haircuts are considered for liquid assets.



Finally, as part of the ICAAP, banks have to maintain their stress testing programs. This regulation requires banks to have detailed stress testing programs consistent with their size and complexity. Tests for market risk, counterparty credit risk and liquidity risks are required to be conducted at least once a month and bank wide extensive stress tests with all risk factors are required to be conducted at least once a year. Banks are also required to apply the BRSA’s scenarios if given. The RICAAP regulation maintains an interaction between banks’ stress testing results and internal capital adequacy calculations. The BRSA is authorized to enforce banks to mitigate risk or to hold additional reserve depending on the stress test results. ICAAP results with stress testing outputs are collected and examined in the supervision process.



The BRSA does not disclose the results of the stress tests to banks.
EC6The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6An effective internal audit system is one of the requirements for the establishment of a bank in Turkey. According to the article 29 of the BL, banks are obliged to establish and operate adequate and efficient internal audit systems that are compatible with the scope and structure of their activities. The BL also determines the internal audit systems to involve all banks’ units, branches and undertakings subject to consolidation. Banks’ internal auditors must investigate the conformity of the banking activities to the legislation, articles of association, internal regulations and banking principles. Internal audit activities should be performed in an impartial and independent manner exercising due professional care by the adequate number of auditors.



Further principles and procedures for the establishment and functioning of the internal control, internal audit, and risk management systems are established in the RICAAP. The RICAAP also gives banks the obligation to report to the BRSA a number of issues related to the internal audit function including but not limited to their internal regulations, organizational structure, audit plans and reports submitted to the board of directors.



Compliance with all requirements set out in RICAAP are verified by the BRSA’s supervisors that according to article 14 of the RAA should analyze the adequacy and efficiency of the risk management, internal control and internal audit systems of the banks. During the on-site inspection, supervisors examine whether the internal audit function has sufficient resources, appropriate independence, full access to and communication with any member of staff, employ a methodology that identifies the material risks and prepares an audit plan based on its own risk assessment and allocates its resources accordingly. Financial Soundness Analysis Software Package (FSASP) includes a number of criteria to evaluate the internal audit function of the bank.
EC7The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7On-site examiners have frequent formal and informal meetings with different personnel of the bank during their analysis inspections and follow-up. In these meetings conducted with the bank management as well as other relevant bank personnel, supervisors share their opinions on issues such as risk management systems, banks’ financial performance, bank’s strategies, group structure, corporate governance, liquidity, asset quality, capital adequacy and any other relevant subjects. In cases where some important issues are detected, they are immediately reported to BRSA management and the BRSA management organizes formal meetings with the bank upper management to discuss such issues.



Additionally, the RAA provides a framework for more official contact. Heads of audit departments are formally responsible for organizing official meetings to be held with institutions under the supervisory and regulatory framework of the BRSA and with institutions providing service to these institutions. It also stipulates that, within the framework of carrying out risk evaluations and building up the risk profile of the institutions, inspections should be preceded by introductory meetings with the management of the bank. Along the same lines, according to SMBSP, in the process of IRA, the on-site inspection team collects the information required for completing the supervision plans and makes introductory meetings with the bank management.



There are also explicit requirements for inspection findings to be shared with the bank management in conclusion meetings under the coordination of the Group Head. The purpose of the conclusion meeting is to receive the opinions of the bank management about inspection findings and conclude the inspection report taking into account these opinions to the extent necessary.



Banks confirmed that supervisors maintain regular communications with them. Although it was clear that supervisors have access to all levels of staff in the bank, as discussed in EC4, there is opportunity for improvement in terms of frequency of meetings with the board and in the issues disclosed and discussed.
EC8The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8As discussed in EC 4, 5 and 7, the BRSA maintains regular communication with the bank by means of written reports and through discussion with the management. Nevertheless, as previously mentioned, there seems to be room for improvement, particularly concerning establishing a policy for minimum frequency of meetings with board members and communication of off-site findings like stress test results.
EC9The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9The BRSA has a broad range of powers to impose remedial actions and escalate it as needed. For a detailed discussion see CP1.



Remedial measures are addressed to the banks’ Board in a written document and banks are required to prepare a rehabilitation plan within a time period and a framework approved by the BRSA. The bank should submit regular written progress reports according to the plan that is approved and the severity of the matter. Progress reports are regularly monitored by the BRSA and shared with the supervision departments to follow up whether remedial actions have been completed satisfactorily.



When important issues have not been addressed, they are immediately reported to BRSA management that takes the appropriate measures.
EC10The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10The regulatory framework in Turkey demands banks to notify the BRSA in a number of changes and material developments. Article 43 of the BL demands notification in case the restrictions and threshold related to the standard ratios set in BL are breached.



The RICAAP requires banks to notify or to submit to the BRSA a number of topics including: i) appointment or resign of the internal systems manager or committee members, the members of the audit committee, and the senior managers of the units included within the scope of these systems; ii) changes to internal regulations concerning the duties, powers and responsibilities of the audit committee and of the internal systems manager and the organizational structure, duties, powers and responsibilities of the internal audit unit, the risk management unit and the internal control unit; iii) changes in their approved risk management policies and implementation procedures as well as their new strategy and policy texts; iv) internal audit plans and the risk assessments used in these plans; v) internal audit unit reports submitted to the board of directors; vi) ICAAP reports; vii) stress test report; viii) Internal model validation report,



Additionally, the RICAAP demands banks to promptly submit to the BRSA an action plan when the current capital adequacy ratio is below the internal capital requirement ratio (ICRR). The plan enters into practice after being approved by the Agency. At the end of the period foreseen in the plan, a new ICAAP Report is prepared and results of the action plan are submitted to the Agency.
EC11The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11According to Article 95 of the BL, the chairman of the BRSA has the authority to commission independent audit firms to examine specific matters that require expertise where he or she deems necessary. However, the BRSA is not legally authorized to outsource its prudential responsibilities to third parties.



Third parties are not extensively used for supervision purposes. Information Systems is one of the few areas where there is a more relevant reliance on external audit firms. External auditors are utilized for annual audits which are defined in RITEA after being previously approved by the BRSA. Their reports are evaluated by BRSA experts that subsequently send an official letter informing banks about the evaluation results and deadlines for the corrective actions.



The BRSA has the authority to monitor the quality of work done by external auditors for supervisory purposes. According to Article 17 of the Regulation on the External Audit of Banks (REAB), external audit firms are obliged to send to the BRSA all information and documents related to their audit when it is demanded and should keep them ready for the BRSA supervision.
EC12The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12The BRSA utilizes an information system specially designed to support the whole supervisory cycle. The FSASP supports all the steps of process including IRA, SI and CRRE. The software comprises both risk assessment and CAMELS rating modules in harmonization with the supervision manuals. It also includes criteria (via questions) to be assessed during the on-site inspection process. The FSASP stipulates the working papers to be recorded. It also allows supervisors to produce risk profile and risk matrix of the banks. In addition, the final rating of the bank is also derived from the assessments in that software. This information is used for follow up actions.



Banks data are also stored in appropriate databases that allow supervisors to develop queries for analyzing prudential issues relatively easily.



Please also refer to the BCP 10 for detailed reporting structure.
Additional criteria
AC1The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1
Assessment of Principle 9Largely Compliant
CommentsThe BRSA employs an array of tools and techniques to carry out its supervisory responsibilities. On-site and off-site functions are relevant and well developed. The different departments also share their findings with each other, but their work seems to be conducted in parallel with little coordination. The departments do not seem to have joint projects and supervisors rarely exchange views beyond written reports. As required by EC1, it is important for the BRSA to develop policies and processes to assess the effectiveness and integration of on-site and off-site functions, and to address any weaknesses that are identified. Increasing the rotation between on- and off- site supervisors could also help the integration of the areas.



Communication with banks could also be improved. The BRSA should consider setting policies establishing at least one annual meeting between supervisors and the board of the bank. The end of the CAMELS rating process, when the supervisor summarizes its opinion of the bank, might be an appropriate occasion to explain to the board the views and concerns of the BRSA. The assessors understand that this is frequently done, but not systematically with all banks. Additionally, other important analyses done by the BRSA, such as the stress testing exercises could also be more clearly discussed with banks.
Principle 10Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns21 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1The supervisor has the power22 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1Articles 95 and 96 of the BL authorize the BRSA to obtain information from the institutions under the scope of the law on both a solo and consolidated basis. Banks are required to provide the BRSA, timely and properly, any consolidated and non-consolidated information, document, report or financial statements. The information should be provided consistently with their accounts and record keeping systems, within the framework of the principles and procedures set forth by the BRSB.



The BL also authorizes the BRSA to request any information including those classified as confidential, where they are deemed necessary for the provisions of the BL, from banks and their subsidiaries, from the undertakings where they hold qualified shares, from the undertakings they control jointly, their branches and representative offices, their outsourcing institutions and from other real and legal entities; to review their ledgers, records and documents including the ones related to taxation; keep their ledgers, records and documents ready for inspection; make their information systems available to the expert staff of the BRSA responsible for on-site supervision; ensure the security of their data; and submit all the ledgers, records and statements that they have to keep as well as the microchips, micro film, magnetic tapes, compact disks and other records for inspection.



Based on these provisions of the BL, the BRSA require banks to periodically transmit data on solo and consolidated reports, including reports of their subsidiaries operating abroad and their shareholders.



Banks’ reporting frequencies varies from daily to annually. The periodicity of the requested reports is determined taking into consideration basic elements such as the information needs on supervision activities of the bank, the importance of data in analyzing the financial performance or risk structure of the banks, the importance or the size of the bank in the financial system, and the product diversity of the financial institution.



The most important data reported by banks on consolidated and solo basis to the BRSA’s database, are as follows:



Surveillance Reporting Set: includes broad range of summary and detailed information on daily, weekly, monthly, quarterly, semiannual and annual intervals in order to monitor the financial conditions of banks as well as their compliance with relevant regulation. The BRSA receives on a daily basis, for example, reports on the stock volume of some major on and off balance sheet items, details of the securities portfolio, the transaction based derivatives details, the custody services regarding securities, and the volumes and currency type of foreign currency transactions. The BRSA also receives some reports on weekly basis providing information about foreign currency position, consumer loans types and volumes, liquidity positions, details of securities kept in the banks’ accounts, including the names of the banks and the customers, details of repo transactions. In addition to these daily and weekly reports, monthly reports cover the largest part of the surveillance reporting set. The main financial tables are balance sheet, income statement, and various detailed and aggregated reports of loan portfolio, detailed information on subsidiaries, securities issuance and shareholders, general ledger, related parties and positions with other financial institutions.



Basel Reporting Set: includes own funds, capital adequacy, LCR and sub forms related to different risk categories (credit, market, operational etc.). Additionally, BRSA requires banks to prepare a detailed form named “Detailed Credit Risk Assessment Form-AKRİF” to see the steps for risk weighted asset calculation for credit risk. Since the size of the report is too large, banks keep it ready for on-site inspection.



Cross Border Organizations Reporting Set: includes narrow range of summary and detailed information on quarterly intervals for cross border financial subsidiaries and off-shore branches of banks established in Turkey (balance sheet, profit/loss, loans, financial sector relations, derivatives, interest rates, investments in associates, capital adequacy, repo, FX position etc.).



Banks’ Shareholders Reporting Set: includes main financial tables (balance sheet and income statements), shareholders list and ratio of each bank shareholder, and the set should be reported for both domestic and foreign shareholders.



Non-Bank Financial Institutions Reporting Set: includes information, on a quarterly basis, in order to monitor the financial conditions of non-bank financial institutions as well as their compliance with relevant regulation.



External audit reports and notes to financial statements are the main sources of consolidated information about asset concentrations by economic sector, geographical location and currency type. The BRSA does not collect regular reports directly from non-financial subsidiaries of the banks. However, semiannual consolidated reports include non-financial subsidiaries and affiliates which are prepared with a wider scope in addition to quarterly consolidated reports.
EC2The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2Based on the provisions of the BL, the RAP establishes the Turkish banking system’s accounting practices in line with the TFRS which is issued by the POA as the Turkish transposition of the IFRS. The BCP assessors were informed that the main difference between the implementation of IFRS and TFRS in banks and financial institutions is in loan loss provisioning standards. For loan loss provisioning Turkish banks apply REPL instead of impairment requirements of TAS 39 or IAS 39. The BRSA is planning to apply IFRS 9, including the impairment rules from 1 January 2017. By 2017, Turkish banks may choose to implement either the REPL or amended REPL that allows the use of TFRS 9.



The content and format of each report that banks are required to submit to the BRSA are appropriately documented in template files and instructions manual. Instructions for supervisory reporting and public disclosure of financial statements clearly demand the use of the TFRS.
EC3The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3As described in EC2, Turkish banks apply TFRS that are a transposition of IFRS. Valuation procedures also follow TFRS.



The BRSA provides banks further guidance on valuation methodologies on “Guideline On Fair Value Measurement” (GFVM). The guidelines require banks to maintain a broad set of practices compatible with international practices on governance, internal controls, independent validation, use of data, determination of valuation adjustments, dealing with uncertainties of the valuation process and consistent use of the results. In addition to this, there is a section specific to financial instrument fair value practices at Guideline on The Assessment Criteria Considered in the Audits to be Performed by the Agency (GAA).



Supervisory procedures established in the GAR include the assessment of the valuation process. The assessment includes the adequacy of information and documentation, the appropriateness of the banks’ management governance on the valuation process, including the understanding of the methodologies and deficiencies in the process.



During inspections, if the team determines that valuations are not sufficiently prudent, the bank is instructed to make necessary adjustments to its regulatory reporting based on Article 37(3) of BL and Article 31(2) of Regulation on Measurement and Assessment of Capital Adequacy of Banks (RCA). Additionally, according to Article 12(1) of the Regulation on the Principles regarding the Authorization and Activities of Valuation Firms (RAAVF), the BRSA is authorized to require the bank to verify its valuation framework by an independent valuation firm, where it is deemed necessary.
EC4The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4Based on the provisions of the BL, the BRSA requests, collects and analyses several information reports. As explained in EC1, reporting frequencies varies from daily to annually. The frequency of the requested reports is determined taking into consideration basic elements such as the nature of the information, the information needs on supervision activities of the bank, the importance of data in analyzing the financial performance or risk structure of the banks and the product diversity of the financial institution.



The report frequencies stipulated in the regulation do not differ among banks, except from reports related to the type of bank. However, the analysis of information differs depending on general market conditions, the individual condition of the bank, risk profile and size of the bank. As way of example, while normal frequency for off-site financial condition report is on a quarterly basis, in case of a market turbulence or existence of a problem related to the financial condition of a specific bank, off-site reports can be prepared on a daily basis.



In addition to periodic reporting and analyzing, on demand reporting and monitoring can also be intensified in case of institution specific or sector wide risks. Authorities mentioned that during the political crisis between Turkey and Russian Federation in the last quarter of 2015, some banks were required to submit detailed risk assessments about their Russia related country risks and the recent financial condition of their financial subsidiaries in Russia. An off-site supervision report called “Turkish Banking Sector-Russia Risks” was also prepared in order to see the extent of country risk.
EC5In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5See above ECs. The requirement of reports stipulated by the BRSA applies to all banks on a consolidated and non-consolidated basis in the same manner in terms of the content and frequency.
EC6The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6As described in EC1, the BL provides the BRSA the power to obtain information from the institutions under the scope of the BL on both a solo and consolidated basis, including those classified as confidential, where they are deemed necessary to fulfill its mandate.



This access to information include banks and their subsidiaries, the undertakings where they hold qualified shares, the undertakings they control jointly, their branches and representative offices, their outsourcing institutions and from other real and legal entities. Most supervisory reports are required on both solo and consolidated versions and compiled on the same date, providing comparable information for analysis.
EC7The supervisor has the power to access23 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7The BRSA has a full and wide access to records about the institutions under its supervision pursuant to Articles 95 and 96 of the BL (see EC 1 and 6 for details).



Access to banks’ staff is also facilitated in practice by the on-going presence of the BRSA within individual institutions. Please refer also to CP9.
EC8The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8Article 39 of the BL addresses the responsibility for the accuracy of supervisory returns. The requested financial reports prepared by banks shall be signed, with names, surnames and titles indicated, by the chairman of the board of directors, the members of the audit committee, general manager, deputy general manager responsible for financial reporting as well as the relevant unit manager or equivalent authorities. They must declare that the financial report is in compliance with the legislation pertaining to financial reporting and with the accounting records. The signing responsibility shall be fulfilled by the members of the board of branches in Turkey of banks established abroad.



Pursuant to Article 146 of the BL, the BRSA is authorized to impose administrative fines from 5,000 TL to 15,000 TL24 in cases of failure to submit the information requested by the BRSA, from 5,000 TL to 10,000 TL in case of late submission of such information, and from 5,000 TL to 15,000 TL in case of missing information, control errors or recurring control errors. Late and non submitted reports are detected by the electronic data transfer system, while erroneous information is checked using cross controls.



The Communiqué on the Principles and Procedures for the Administrative Fines to be Imposed on Reportings Made Within the Scope of Banking Data Transfer System (CAFBDTS) explains how and when administrative fines are applied. The BRSA has applied administrative fines to banks breaching the regulation several times.
EC9The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.25
Description and findings re EC9BRSA receives most periodic reports via electronic data transfer system and automatic controls procedures are applied to each received report. These controls consist of formal, logical and mathematical checks within and cross different forms. After passing through intra form controls successfully and reaching the BRSA’s database, reports are subject to cross controls and, if there are no reporting errors, the system sends a confirmation message to the sender of the data informing on the successful transfer of the data. If the system detects errors, banks are required to correct them.



The BRSA also perform special inspections that aim to guarantee the quality of the data provided by banks. Additionally, if errors are found during off-site and on-site inspections, banks are instructed to correct them immediately. Banks reporting erroneous information are also subject to administrative fines.
EC10The supervisor clearly defines and documents the roles and responsibilities of external experts,26 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10See also CP9. Article 95 of the BL allows the BRSA to supplement its audits by external experts. The Chairman has the authority to commission external audit firms to examine specific matters that require expertise where it is deemed necessary. This can either be an expansion of the normal audit, or a special audit. The work is commissioned by the BRSA but paid for by the bank. The auditors of external audit firms bear the powers restricted only to audit-related matters, and shall be subject to the obligation of keeping the confidentiality of information and documents conveyed by the BL.



According to Article 33 of the BL, among the audit firms authorized by POA, BRSA has the authority to set additional criteria for the firms that will perform external audits on banks. REAB sets the additional criteria for firms that will audit banks’ financial reports. The audit firms which meet the additional criteria are licensed by the BRSA and the list of the licensed firms are disclosed to the public in BRSA website. The regulation also defines the scope of the external audit as well as the roles and responsibilities of external audit firms. If, as a result of supervision, it is determined that the audit firm does not comply with the regulation, the license of the firm is revoked by BRSA. According to the same regulation, external audit firms may conduct special audit activities, upon the request by the BRSA pursuant to Article 95 of the BL mentioned above. The external audit firms that may conduct information systems audit are also licensed by BRSA. Please also refer to CP9, EC11.
EC11The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11Article 33 of BL and article 17 of the REAB requires external auditors to promptly inform the BRSA of any material shortcomings identified during the course of their work.
EC12The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12The BRSA periodically reviews the information collected, but the process could be better structured. Coordination within the BRSA generally occurs through receiving a new report or a new data set due to additional informational needs. As a result, data sets in the database are subject to frequent updates. Any data or report can be ended due to the cease of supervisory needs for the data or due to the fact that a more detailed information is already been collected.



The BRSA also makes an effort to catch and follow new product types or to analyze their effects to the financial conditions of the banks. As an example, authorities mentioned the derivative transactions form as one of the most updated forms recently.
Assessment re Principle 10Compliant
CommentsThe regulatory framework requires banks and controlling companies to periodically submit a broad range of information. Regulatory and supervisory processes exist to ensure accuracy and comparability of submitted returns. Developed procedures for analyzing collected information and feeding into supervisory activities are in place.



Going forward the BRSA could consider formalizing the review of the information collected, to determine that it remains appropriate and satisfies its needs.
Principle 11Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1The BRSA maintains a constant communication between inspection teams and the representatives of the different levels of the bank. According to supervision manuals, inspection teams are expected to communicate their findings to bank’s top management, audit committee members and some of the directors before finalizing their report during special inspections, CAMELS rating or risk assessment. Additionally, the BRSA sends an official letter after inspection reports are finalized.



As discussed in CP1 and EC2 bellow, the BRSA has broad powers to determine corrective and remedial actions. In these situations, supervisory determinations are addressed to the banks’ board in a written document. Banks are expected to respond preparing a rehabilitation plan within a time period and a framework determined by the BRSA. Finally, the bank should submit regular written progress reports that are used to monitor if the remedial actions were implemented satisfactorily.



Nevertheless, the review of supervisory files, including feedback and corrective actions, as well as discussion with banks by the assessors have not provided evidence of a supervisory approach that raises concerns at an early stage to enable them to be addressed, particular on issues that are more dependent of supervisory judgment. The assessors could see several examples of letters requiring banks to make adjustments but the scope of the letters were mostly limited to specific issues that were in out of line with the regulation. Actions addressing more broad supervisory concerns about banks’ financial soundness or unsafe practices at an early stage were not observed. Asked about feedback from supervisors, banks mentioned the result of the CAMELS rating as important information but they were unable to point to criticisms made by supervisors arising out of the process.



The supervisory review process within the BRSA also seems to play a role that limits the issues that supervisors raise with banks. On-site supervisory reports are subject to a number of reviews within the audit department and the enforcement department. Although reviews of supervisory reports are necessary, the current process seems long and relatively skewed towards checking compliance rather than supporting supervisory judgements and actions.



Supervisors are much more likely to be questioned and challenged when suggesting a corrective measure than when they do not raise concerns. Consideration could also be given to integration of supervision and enforcement which might support a more risk focused and less compliance based supervisory approach.
EC2The supervisor has available27 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2The BRSA has available an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory decisions, or is engaged in unsafe or unsound practices. These tools include the ability to require a bank to take prompt remedial action (Article 68, 69, 70 of BL) and to impose administrative fines (Article 146-148 of BL).



As described in CP1, the situations defined in the BL when the BRSA can take corrective actions are broad and allow for early measures. The bank subject to remedial and corrective actions, should prepare a rehabilitation plan within the framework determined by the BRSA. The bank should submit regular written progress reports that are used to monitor if the remedial actions were implemented satisfactorily.



In practice the remedial and corrective actions provided for in the law are rarely used. During the last five years there was just one case. The BRSA seems to rely more heavily on administrative fines whose scope of application is more clearly defined in the BL.
EC3The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3According to Article 67 of the BL, the corrective measures laid down in the BL Articles 68, 69 and 70 shall be taken promptly against the relevant bank if, as a result of consolidated or non-consolidated supervision, it is determined that:
  • a) Its assets are likely not to meet its obligations in terms of maturity or that the bank does not comply with the provisions pertaining to liquidity,
  • b) Its profitability is not at level that is sufficient to reliably perform its activities, due to impaired balance and relations between revenues and expenses,
  • c) Its own funds is inadequate pursuant to the provisions pertaining to capital adequacy, or such case is likely to occur,
  • d) The quality of its assets have deteriorated in such a manner that its financial structure will weaken,
  • e) Its decisions, transactions and practices are in violation of the BL and the applicable regulations,
  • f) It cannot establish its internal audit, internal control and risk management systems or cannot operate these systems efficiently or there is a factor that impedes supervision.
  • g) Due to the incompetence of the management, the risks defined in the BL and the applicable legislation have increased remarkably or have concentrated in such a manner that they may weaken the financial standing.
As explained in EC3, despite the power to act, in recent periods these measures have been rarely used, although they were in the period from 1999 to 2004 when the financial system went through a crisis.
EC4The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4As described in EC3 the range of scenarios defined in the BL for supervisory remedial actions allow measures to be taken at an early stage. The bank subject to these actions, should prepare a rehabilitation plan within a framework determined by the BRSA.



As described in CP 1, remedial and corrective actions set by article 68, 69 and 70 of the BL allow their application according to the gravity of the situation. The broad range of possible actions also allows supervisors to appropriately set prudential objective and act to safeguard the banking system.



The measures listed in article 68 of the BL includes, among other provisions, that the BRSA is allowed to require banks to increase the amount of the bank’s own funds, suspend the distribution of profits, increase loan loss provisions, ensure liquidity by selling off assets, restrict or stop new investments and restrict payments. Additionally, according to article 71 of the BL, the BRSA board is authorized to revoke the operating permissions of that bank or to transfer the shareholder rights except dividends, and the management and supervision of the bank to the SDIF, for the purposes of transferring, selling or merging them partially or fully, on condition that the loss will be deducted from the capital of the existing shareholders.
EC5The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5There are several provisions in the BL that allows the BRSA to impose sanctions not only to the bank but also to management and the Board.



Article 147 of the BL allows the BRSA to impose financial penalties against relevant persons if they commit certain violations.



Article 69 of the BL, provides the possibility to apply sanctions to individuals. The BRSA may require a bank to call on the shareholders meeting to convene extraordinarily to change one or more of the members of board of directors, or to appoint new members by increasing the number of board members, if the members have responsibility in the decision taken, transactions made and practices applied, or to dismiss responsible employees. Also, according to restrictive measures in article 70, BRSA may request a bank to dismiss some or all of the general managers, deputy general managers, relevant unit and branch directors including board of directors, and to get the approval of the BRSA for new recruitments for the emptied positions or the seats.



According to the Article 110 of the BL, if it is determined that the managers and auditors of a bank, or its general manager and assistant general managers, or its authorized signatory officers have caused the application of the provisions of Article 71 for the bank through their decisions and actions that are in violation of the applicable laws, on the basis of a decision of SDIF Board and upon the request of the SDIF, such person shall be held personally liable to the extent of the damage they have caused to the bank and a court may declare any such person bankrupt.



Finally, article 26 of the BL establishes that persons who have been declared bankrupt or hold control in banks that have been subjected to restrictive measures, liquidation, or whose operating permissions have been revoked, cannot work at any bank as general manager, deputy general manager or in a position wherein they have signing authority. Additionally, the signing authority of any bank employee, who is found to have infringed provisions of the BL or other applicable laws, might be temporarily revoked upon the BRSB’s decision. Such persons may not be employed by any bank as an employee vested with signing authorities unless permitted by the BRSB.
EC6The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6As described in CP1, articles 68, 69 and 70 of the BL can be used to implement wide ranging corrective actions on banks and controlling companies. For example, these powers could be used to restrict the subsidiary’s dividend payment to its controlling company, the subsidiary exposure to the controlling company or to its related entities, or the controlling company’s exercise of its shareholder’s right over the bank.
EC7The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7There is regular exchange of information between the BRSA and the SDIF that enables the SDIF to access supervisory information of individual banks. In accordance with article 100 of the BL, a Coordination Committee has been established between the two institutions. This Committee meets at least once every three months to further promote the exchange of information and high-level cooperation between the two institutions. Furthermore, the BL determines that the BRSA and the SDIF shall have access to jointly-agreed databases of each other within the principles of confidentiality.



In addition, according to the protocol signed between the BRSA and the SDIF, the BRSA notifies the SDIF that a bank has been required to take corrective, rehabilitative, or restrictive measures (Articles 68, 69, and 70). The timely notification allows SDIF to develop a Resolution Action Plan and prepare for the eventual process.



As it is explained in CP1 once the BRSA determines that the conditions for intervention are met in relation to a bank, it has two options: to revoke the bank’s operating permission (Article 106 of the BL) or to transfer the shareholder rights (except dividends) and its management and control to the SDIF (Article 107 of the BL). In the second case, the SDIF can select and implement any resolution strategy that falls within its statutory remit, and cooperates with other authorities – primarily the BRSA – during the resolution process. The BRSA retains its supervisory and regulatory authority over a bank in resolution under SDIF management.
Additional criteria
AC1Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1
AC2When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2
Assessment re principle 11Largely Compliant
CommentsThe BRSA has available an appropriate range of supervisory tools to use when, in the supervisor’s judgment, a bank is not complying with the regulations or represents a risk for the financial sector. Nevertheless, in practice, the remedial and corrective actions provided for in the law are rarely used at an early stage as preventative measures. The BRSA seems to rely more heavily on administrative fines whose scope of application is more clearly defined in the BL than on taking actions at an early stage to address unsafe and unsound practices that require supervisory judgment.



The assessors were presented evidence of BRSA actions requiring banks to make adjustments to practices and processes. Nevertheless, such action had a scope limited to specific issues such as the classification of particular loans operations. Evidence was not observed of supervisors addressing broader concerns about the risks posed and faced by banks from a deepening and expansion of the initial review, a point reinforced in the comments of banks.



The supervisory review process within the BRSA also seems to play a role towards limiting the issues that supervisors raise with banks. Although reviews of supervisory reports are necessary, the current process seems relatively skewed towards validation of compliance processes and thus constrains active supervisory judgments and decisions. Consideration could also be given to integration of supervision and enforcement, particularly in terms of communication with financial institutions, which might support a more risk focused and less compliance based supervisory approach.



In order to become fully compliant with this principle the BRSA needs to incorporate the results of forward looking tools more heavily in its decision making process and act at an early stage to restore weak banks and correct examples of unsound practices, even if formal prudential ratios haven’t been breached.
Principle 12Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.28
Essential criteria
EC1The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1The BL provide powers and responsibilities for the BRSA to supervise bank groups on a consolidated basis:



- Article 66 states that parent banks are subject to limitations and standard ratios on a consolidated basis and to consolidated supervision.



- Articles 95 and 96 of the BL, authorizes the BRSA to request all necessary documentation and information from the parent company of a banking group as well as the entities within the group to perform its duties. The law also allows the collection of information from banks’ shareholder and therefore includes banks ‘parent companies even if they are not financial companies.



- Financial holding companies are also subject to consolidated supervision pursuant to Article 78 of the BL.



Based on the authority provided by the BL, the BRSA has issued guidance on the preparation of consolidated financial statements of banks. The CCFS states that parent banks are obliged to prepare consolidated financial statements quarterly considering the financial subsidiaries of the group and semi-annually including financial and non-financial subsidiaries. Financial subsidiaries include insurance firms. The consolidated financial statements and reports are used for calculating regulatory ratios and limits.



The BRSA request an extensive amount of information about the group. Intra group transactions are monitored by off-site supervisors through monthly call reports. Banks also regularly report and update the names of all real and legal persons in their own risk group, including their shareholders, affiliates and subsidiaries on a monthly basis. Loans extended within the group of the own bank, transactions with related party, derivative transactions within the own group and risk limits are the main surveillance call reports which are used for reviewing aggregate exposures to the group of the own bank. Names of all real and legal persons in their own risk group and related party risk limits are the main surveillance call reports for financial holding companies.



In order to complement consolidated reports and analysis, BRSA also requests balance sheet, income statement, loan book details (including non-performing loans), securities, derivatives, FX position, transactions between cross-border establishments and the banking group, capital adequacy, transactions with financial sector and deposits data on a quarterly basis from the foreign based subsidiaries and off shore branches of the banks.



Banks are also required to submit a number of periodic reports containing information of their parent companies, including balance sheet, shareholders list and income statements.



The BRSA updated its on-site supervision process in 2012 and all banks have been examined with respect to the new process since then. As described in CP 8, BRSA teams take into account the consolidated risk profile of banks. Supervision manuals (SMIRASP and SMGAR) explicitly ask supervisory teams to understand the structure of the banking group to which the bank belongs. Also, the ownership structure of the bank is included in inspection reports together with the other findings.



In this context, the adequacy of their risk management, internal control and internal audit systems, effectiveness of their internal processes and procedures and the compliance of their operations with the relevant legislation are assessed, on a group level, by the on-site examiners through the CAMELS rating system. Contagion and reputation risks, for instance, are taken into account with specific questions that need to be answered by the supervisor.



There are also assessment criteria to address the risks that may arise from banks’ parent companies, affiliates and subsidiaries.



Furthermore, banks are required to prepare their ICAAP reports on consolidated basis according to RICAAP article 46(1). In the article 47of RICAAP, it is stated that ICAAP reports comprise all the risks of the bank on consolidated basis. According to article 61 of RICAAP, banks should not abide by the definition and scope of consolidation specified in the legislation and the assessment should be made based on the partnership’s risk profile, rather than the inclusion of the partnership to the definition of consolidation specified in the legislation. Furthermore, section 5 of Annex to Guideline on ICAAP Report (GICAAPR), states that “In identifying their own risks, banks should also consider risks arising from the parent company or subsidiaries belonging to the parent company (for example, reputational risk), alongside the risks existing by themselves or arising from their consolidated affiliates and subsidiaries. In doing so, they should be attentive that there are no inconsistencies between the identification of risk and measurement and management activities”.



As discussed in CPs 8 and 9, in practice, CAMELS rating assessments do not provide an appropriate framework for the deep analysis of issues and the ICAAP process is still on a learning phase for both banks and supervisors. That limits the ability of supervisors to fully understand the overall structure and group-wide risks of the conglomerates.



In Turkey, as of September 2015, 19 banks have established foreign operations which include 60 subsidiaries. Total assets of these cross border operations amounts to 15.7% of the total assets of banking sector. In terms of total assets, the largest foreign establishments are located in Malta, Bahrain and the Netherlands whereas the highest number of branches and subsidiaries operate in the Turkish Republic of Northern Cyprus.
EC2The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, and exposures to related parties, lending limits and group structure.
Description and findings re EC2Based on article 43 of the BL, prudential limits covering capital adequacy, liquidity, large exposures, exposures to related parties and lending limits are required to be met on both solo and consolidated basis. As explained in EC1, the BRSA collects and analyses data for monitoring the prudential limits and assess risks on a consolidated basis. Prudential consolidated ratios such as, capital adequacy, liquidity coverage ratio, lending limits, group risks, large and related party exposures, leverage ratio and FX net position are received from the banks on specified intervals. Banks are also required to submit to the BRSA quarterly consolidated financial statements such as balance sheet, income statement, cash flow statement, share-holders equity statement and earnings distribution tables. Issues associated with group structure are analyzed using monthly call reports and information collected during on-site inspections.
EC3The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3As explained in CP 7, banks’ cross border investments requires BRSA approval according to the BL Article 14 and RTSPIO Article 9. The BL also establishes that there should be no obstacles in gathering information and executing supervision on the cross border company and where necessary, the BRSA may require a MoU with the host supervisory authority. Therefore, BRSA has authority to reject any cross-border investment proposal either in the form of branch or subsidiary if the supervisory framework of the host country is deemed insufficient or does not allow appropriate access for supervision purposes.



BRSA regulation requires banks to build an appropriate risk management framework that comprise the whole banking conglomerate. In particular, the ICAAP report should consider risk management practices in subsidiaries and the CAMELS rating system should evaluate the adequacy and effectiveness of management’s oversight of bank’s foreign operations. Furthermore, banks should inform the BRSA who are the board members of foreign subsidiaries and the BRSA that might reject them if consider that they do not hold the appropriate conditions for their functions.



The BRSA also conducts on-site inspections in foreign branches and subsidiaries of banks once every two or three years. The effectiveness of the parent company’s oversight on the foreign operations is evaluated during these visits.



Finally, there are specific reports submitted by banks on cross-border operations. The Cross Border Organizations Reporting Set, please refer to CP9, is the main source of information about the oversight of banks’ foreign operations. The reports include detailed information about operations of foreign establishments of banks.
EC4The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4BRSA has the power to initiate and carry out on-site inspections of foreign subsidiaries and branches of banks licensed in Turkey. On-site examiners of the BRSA perform periodic inspections in subsidiaries and branches overseas. The BRSA determines the list of the subsidiaries and branches which will be subject to on-site inspection mainly according to size and complexity of the operations. The frequency and timing of on-site inspections of foreign establishments also depend on work load of on-site examiners and host country supervisory authority’s time preferences. The issue is considered by the head of departments every year during the strategic planning phase of the supervisory cycle.



The BRSA conducted 52 on-site visits to foreign subsidiaries and branches since 2008. These visits include 19 subsidiaries, 6 off-shore branches and 27 on-shore branches of 11 banks. The last time a large number of banks were visited was in 2013. Besides, upon the invitation from the host authorities, the BRSA on-site inspection teams have been involved in on-site inspection of subsidiaries of banks in a few jurisdictions during the last two years.



The BRSA has entered into MoUs with the supervisory authorities of 34 countries to facilitate on-site inspections of foreign establishments of banks operating in Turkey. Among the 34 MoUs concluded by the BRSA, 19 MoUs are signed with the supervisory authorities of countries where Turkish banks have presence. These foreign operations represent 77% of total assets of the Turkish banks operating abroad. Additional MoUs are under discussion with foreign supervisory authorities.



Article 98 of the BL also authorizes the BRSA to cooperate with a foreign supervisory authority even in the absence of an MoU. In this case, the requests of authorities of foreign countries regarding the audit of Turkey branches or undertakings of institutions operating in the financial markets of their own countries and to obtain information about such branches and undertakings, and the requests of information covered by consolidation from the overseas branches and undertakings of banks shall be subject to BRSB’s approval within the framework of the principle of reciprocity. Please also refer to CP13, EC2.
EC5The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5The activities of parent companies are mostly assessed through the ratings process. The methodology has a number of assessment criteria that are analyzed by on-site supervisors. Nevertheless, as discussed in CP8, the methodology is not designed to provide an in-depth evaluation of all the criteria.



The BRSA also requires banks to prepare reports on intra-group transactions on a yearly basis since 2014. Intra-group transaction reports include:



- Transactions between the bank and its financial and non-financial subsidiaries (controlled directly or indirectly by the bank)



- Transactions between the bank’s financial and non-financial subsidiaries (controlled directly by the bank)



- Transactions between parent company and the bank together with its financial subsidiaries (controlled directly or indirectly by the bank)



- Transactions between the bank with its financial subsidiaries and companies controlled directly or indirectly by parent company.



The transactions include financial (securities, loans and participation investments) and non-financial transactions (trading, property related transactions, leasing, technical services, consulting services etc.). Information on intra-group transaction reports is an input for BRSA examiners in the rating process.
EC6The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:
  • a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed;
  • b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or
  • c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6As explained in CP 1, article 67 of the BL allows the BRSA to impose restrictive measures on banks in a number of situations that include impediments to supervision and inadequate risk management. Among these restrictive measures, article 70 of the BL authorizes the BRSA to require the bank to restrict or temporarily suspend its activities, as inclusive of all the organization of the relevant activity, or the domestic or overseas branches to be deemed necessary or the relations with correspondent banks.



Furthermore, according to article 78 of BL, financial holding companies are also subject to article 70. Therefore, if a bank or a financial holding company is a parent company of a bank or part of a banking group, BRSA has power to restrict or temporarily suspend their activities.
EC7In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.29
Description and findings re EC7According to article 95 of BL, BRSA is responsible for the supervision of institutions under the scope of the law both on a consolidated and individual basis.



The supervisory perspective of the BRSA analyses individual banks and risks that other entities of the group might impose on them. The BL and all the other applicable regulations put the individual banks (the statement “bank”) at the center of the regulatory and supervisory framework. As explained on CPs 8 and 9, data is also collected and analyzed on individual basis and the impact of the individual bank’s relationships with the other members of the group on the safety, soundness and reputation of the bank is assessed in the context of the rating process and off-site reports such as the intra-group transactions report.
Additional criteria
AC1For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies.
Description and findings re AC1
Assessment of Principle 12Largely Compliant
CommentsThe regulatory and reporting framework provides a broadly appropriate structure for monitoring and assessing risks to banks from non-banking and foreign banking operations in banking groups. However, the current limitations of the CAMELS rating and ICAAP process, the BRSA should make further effort to monitor and manage risks arising from nonbanking and foreign activities or parent entities of a financial group. In this regard, as described in CP 8 and 9, the BRSA should deepen the analyses and strengthen its techniques, such as group-wide stress testing, to monitor and assess these risks. It is important to improve further the group-wide strategic view of the banking group operations and risks. Authorities should further improve the recovery and resolution planning of large banking groups particularly once the necessary power is given to the supervisor by the expected new legislation. Such planning should also consider scenarios where shocks originate from non-banking entities or parent groups. Taking into account that these shortcomings have already been reflected in other principles, particularly CP 8 and 9, the assessors considered this principle compliant.
Principle 13Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1As of September 2015, 19 Turkish banks had foreign subsidiaries or branches operating in 28 different countries. At least 5 of these have more than 15% of their assets abroad and at least two of them have more than 40%.



The BRSA has organized early this year a supervisory college for one of the largest Turkish banks that maintain substantial operations abroad. The college was the first one organized by the BRSA in its capacity as home supervisor. Host authorities from the 6 countries where the bank maintains operations were invited. Representatives of the BRSA presented information on the current situation of the banking sector of Turkey and the BRSA’s approaches to banking regulation and supervision. There was also exchange of information among home and host supervisors about the operations, strength and weakness of the particular bank. Host and home supervisors considered the event important for the consolidated supervision of the bank.



There are other banks in Turkey with extensive operations abroad that would benefit from colleges. The BRSA explained that it plans to organize other colleges in the future.
EC2Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group30 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2According to the article 98 of the BL, the BRSA is authorized to cooperate and exchange information about financial institutions and financial markets with competent supervisory authorities, within the framework of bilateral memoranda of understanding or through other means, in order to conduct inspections in foreign countries, provide training and ensure exchange of personnel with the purpose of the harmonization of policies and legislation.



The MoUs signed by the BRSA specify general principles and procedures concerning the cooperation within the statutory legislation. They contain provisions about the exchange of information that includes providing relevant information to the counterparty authority regarding: i) material developments or supervisory concerns in respect of cross-border establishments; ii) events which have the potential to endanger the stability of the cross-border establishments; iii) material enforcement actions taken against the cross-border establishment; and iv) cases of revocation of the license and operating permission or voluntary liquidation.



The BRSA has entered into MoU with the supervisory authorities of 34 countries. Among the 34 MoUs concluded by the BRSA, 19 MoUs are signed with the supervisory authorities of countries where Turkish banks have presence. These foreign subsidiaries hold 77% of total assets of the Turkish banks operating abroad. Besides, MoU negotiations are continuing with six countries other countries where Turkish banks are operating. Difficulties that occurred in the past for supervision in a specific country have been overcome.



The BRSA explained that currently the agency does not face any problems to supervise cross border subsidiaries or exchange information with home supervisors.



Furthermore, the BRSA is legally authorized to cooperate with a foreign supervisory authority even in the absence of a specific agreement. Pursuant to Article 98 of the BL, if a MoU is not effective, the requests of authorities of foreign countries, which have been authorized for supervision pursuant to their respective laws and which are equivalent to the BRSA, to examine the Turkish branches or undertakings of institutions operating in the financial markets of their own countries and to obtain information about such branches and undertakings, and the requests of information covered by consolidation from the overseas branches and undertakings of banks shall be fulfilled within the framework of the principle of reciprocity and is subject to the permission of the BRSB.



Finally, as a host supervisor of 32 banks the BRSA has participated in supervisory colleges arranged by several countries and organized a college for one of Turkish banks with one of the largest operations abroad.
EC3Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3As explained in EC1 and EC2 the BRSA maintains MoUs with other relevant supervisory authorities and participates in supervisory colleges.



In order to improve the efficiency of the consolidated supervision, the BRSA has conducted on-site inspections of foreign subsidiaries and branches of Turkish banks operating in a number of countries. Additionally, upon the invitation from host authorities, the BRSA on-site inspection teams have participated in inspections of Turkish banks operating abroad.



The BRSA provides feedback to the host authority on the issues found by the examiners during the on-site inspection of the cross border establishment providing a summary of the inspection report. In the case of on-site visits, communication is updated through opening and closing meetings held between the BRSA examiners and the host supervisory authority. The BRSA also approves meeting requests of equivalent supervisory authorities concerning the cross border establishments operating in Turkey. Similarly, the BRSA organizes meetings with the auditors of foreign supervisory authorities who perform on-site visit to the Turkish subsidiaries of foreign banks. Any findings that might have an impact on the safety and soundness or the risk management capabilities of the banking group are also shared with the relevant host authority within the scope of MoUs concluded.



The BRSA also explained that it exchanges appropriate information with foreign supervisory authorities in line with the provisions of the BL regarding the financial situation of banks, process of mergers, disintegrations and change of shares, qualifications of managers, material risks, safety and soundness of relevant entity.
EC4The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4As mentioned above, the BRSA is empowered to exchange information with other relevant supervisors and maintain a number of MoU setting the principles for the communication. Colleges and on-site inspections are also part of the strategy.
EC5Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5Since Turkey is not a home country or a key-host country for G-SIBs, the BRSA and SDIF, although available, have not been participating in crisis management groups of these institutions.



Turkish supervisory authorities have not initiated the development of a framework for cross-border crisis cooperation and coordination. As mentioned in EC1, some Turkish banks present material cross border operations and could benefit from such framework.
EC6Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6As mentioned in CP 8, Turkish supervisory authorities have not initiated the development of group resolution plans. The BRSA and the SDIF have established a joint working group to analyze the eventual need to change the current resolution regime and align it with FSB’s Key Attributes of Effective Resolution Regimes. The joint working group is still formulating policy proposals and necessary legislative amendments. Banks have not been required yet to develop recovery plans and supervisors do not assess the resolvability of banking groups.
EC7The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7Pursuant to the legislation, subsidiaries or branches of foreign banks operating in Turkey are subject to the same prudential, supervisory and regulatory reporting requirements applied to domestic banks.
EC8The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8According to the Article 98 of the BL, foreign authorities which have been authorized for supervision under their respective laws and which are equivalent to the BRSA, need to request permission to examine the Turkish branches or undertakings of institutions operating in the financial markets of their own countries. These permissions and requests of information covered by consolidation from the overseas branches and undertakings of banks are fulfilled within the principle of reciprocity and are subject to the permission of the BRSB.



In this context, home supervisors may carry out on-site examination in Turkey subject to prior notification to the BRSA. If there is a MoU in place, the request regarding the on-site inspection is evaluated considering the provisions of the MoU. If there is not a MoU, the on-site visit request is submitted to the BRSB for approval.



The BRSA explained that all the inspection requests of home supervisory authorities of foreign banks operating in Turkey have been accepted by the BRSA. A number of jurisdictions have performed on site visits to cross border establishments of financial institutions operating in the financial markets of their own countries. As mentioned in EC 3, overseas subsidiaries and branches of Turkish banks are also subject to on-site inspection. BRSA has conducted 39 on-site visits to foreign subsidiaries and branches of banks operating in Turkey since 2011. These visits include 20 subsidiaries and 16 branches operating in 13 countries.
EC9The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9The BRSA does not permit shell banks or booking offices.



Furthermore, Article 6 (4) of the BL stipulates that representative offices of the foreign banks are not allowed to do any banking business. CAROT regulates the activities of representative offices of foreign banks.
EC10A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10As explained in EC1, 2 and 3 above, the BRSA works in contact with other supervisors through various channels. MoUs signed by the BRSA includes provisions that authorities should inform each other of any material developments and formal enforcement action taken against cross-border establishments. Even in the absence of MoU with foreign authorities, the BRSA may consult with the other supervisory authorities.
Assessment of Principle 13Largely Compliant
CommentsThe BRSA has made vast efforts to improve home-host relationship during the last few years. Among several initiatives the agency has started organizing colleges, signed a number of important MoUs and removed obstacles that weakened the supervision of Turkish banks operations in several countries. Nevertheless, considering that some Turkish banks hold material operations abroad, it is important to improve the relationship even further. In particular, it is essential to develop a framework for cross-border crisis coordination with relevant host authorities and the development of resolution plans that pay special attention to cross border issues.

B. Prudential Regulations and Requirements

Principle 14Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,31 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank.
Essential criteria
EC1Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance.
Description and findings re EC1Corporate governance features prominently in Turkish banking legislation. The legal and regulatory framework surrounding corporate governance resides in several key laws and is comprehensive. BL Article 1 establishes corporate governance as a part of ensuring confidence and stability in financial markets, the efficient functioning of the credit system and the protection of the rights and interests of depositors. It establishes that shareholders’ interests are secondary to the depositors’ interests for banks, and is generally aligned with Basel guidance and principles for corporate governance.



The BL, 3rd part, explicitly addresses corporate governance. This part regulates the allocation of authority, qualifications and responsibilities of management, internal systems, authorized institutions and financial reporting. Related to these titles a number of sub-regulations, of which the most important are RICAAP and Regulation on the Corporate Governance Principles of Banks (RCGB), have been designed in order to implement the principles and enumerate responsibilities on corporate governance.



The responsibilities and authorities of the banks’ board is regulated in the Article 23 of BL. According to Article 23(3) the responsibilities of the board of directors shall include ensuring the establishment, functionality, appropriateness and adequacy of internal control, risk management and internal audit systems compliant with the applicable legislation; securing financial reporting systems; and specification of the powers and responsibilities within the bank.



Under the BL Article 23, the board of directors shall have at least 5 members including the general manager. The qualifications of a majority of members shall have similar qualifications as the general manager. The positions of chairman of the board and general manager (or chief executive officer) must be separate. The BRSA must be informed about (and approve) the appointment of the members. However, the BL nor subsidiary legislation requires the majority of the board to be non-executive and collectively act independently and objectively from the influence of other parties.



Article 24 goes on to direct that the board must appoint an audit committee of at least 2 board members. These 2 members shall not have executive functions within the bank. (RICAAP Article 6 goes on to define “non-executive” members which is very similar to the definition of independent given in the CMB’s Communique.)



While some bank boards in the system have populated this committee with more members, a minimum of 2 members is considered too few in order to execute the duties assigned to it in a robust and effective manner. In addition, the chair of this committee, in some banks is also the chairman of the board which does not reflect best practice and potentially represents a conflict of interest.



The duties and responsibilities of the audit committee include the supervision of the efficiency and adequacy of the bank’s internal control, risk management and internal audit systems and the accounting and reporting systems within the framework of BL. The audit committee shall also be responsible for ensuring that internal systems units and the external audit firms regularly provide reports regarding the execution of their tasks.



Given that the audit committee is responsible for the oversight of internal systems in which risk management is a part, many banks’ audit committees also fill the role of a board risk committee that would, in other circumstances be separate from the audit committee. The team was informed that in the more complex banks, there is, in fact, a separate risk committee.



RICAAP enumerates major provisions assigning responsibility to the board and senior management for establishing and monitoring of the internal systems. The term “internal system” includes internal audit, internal control and risk management systems. Article 5(1) of RICAAP provides that members of the board of directors are ultimately responsible for establishment and effective operation of the internal systems. They are also responsible for defining the powers and duties within the bank regarding these systems. Article 5(2) defines the responsibilities of the board in detail by mentioning the board’s overall responsibilities on determining the structure of the whole organization, human resources policies, senior management selection policies, and also with reference to the internal system’s structure, organization and policies, strategic policies, risk management and consumer complaints from conduct of business.



Article 7 of RICAAP sets forth in more detail the duties of the audit committee which must act in the name of the board of directors. The committee must supervise efficiency and adequacy of the internal systems. In this manner, the audit committee must supervise compliance with the provisions of RICAAP concerning internal control, internal audit and risk management and with the internal policies and implementation procedures approved by the board of directors and to make proposals to the board of directors in relation to measures which it is considered necessary to take. Furthermore Article 7(2) gives the details of these responsibilities such as: the establishment of communication channels in the bank; assessment of the adequacy of the internal systems; internal systems staff and management; establishment of whistle-blowing channels; evaluation of internal audit plans and follow up; evaluation of the adequacy of internal system staff, risk management tools, and infrastructure; the contact with internal and external auditors; monitoring of the financial reporting system; evaluation of outsourced activities.



Duties and responsibilities of the senior management are also regulated under RICAAP as well as in the Regulation on Corporate Management Principles of Banks (RCGB). According to Article 8, the senior management must fulfill their responsibilities to carry out their assigned responsibilities and ensure they do so efficiently. They must also report the board of directors about material risks to which the bank is exposed.



CMB also has its Communiqué on Corporate Governance32 (Communiqué) applicable to listed companies. According to the paragraph 4 of Annex 1 of the Communiqué, the board of directors keeps in balance a corporation’s risk, growth and returns at the most appropriate level through strategic decisions and manages and represents the corporation by firstly protecting the long-term benefits of the corporation through rational and prudent risk management. Board of directors also has to define the strategic targets of the corporation, establish the human and financial resources of the bank, and evaluate management performance. The board must be composed of a minimum of independent members for which the definition of “independent” is given. Among others, the Communiqué requires the board of directors to conduct its activities in a transparent, accountable, fair and responsible way.



There is not a special section in TCC for corporate governance principles, but these principles are spread through the Code. The TCC addresses, inter alia, duties of care and loyalty of the members of the board of directors, fair treatment of shareholders, and powers of the board of directors. It also defines the liability of the members of the board of directors and the managers for the damages they cause to the company, shareholders and the company’s creditors. It also compels companies to announce specific information on their websites.
EC2The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner.
Description and findings re EC2There are a number of ways in which the BRSA assesses the various elements of corporate governance in banks. This is accomplished through on and offsite supervision as well as through the licensing process. The role of the board of directors and their responsibilities are clearly anchored in, firstly, the banking law as well as other attendant regulation. However, the validation of banks’ corporate governance on an ongoing basis through the examination process requires concrete strengthening through a more holistic approach, analysis, and well substantiated conclusions. This is a critical aspect of conducting effective risk focused supervision.



A. Supervisory Process



The on-site and off-site supervision by BRSA is regulated in the Article 95 of BL. According to Article 95(1) BRSA is responsible for the supervision of the implementation of the regulations by the banks beside the financial safety and soundness supervision and also the supervision of compliance with corporate governance principles. The supervision of compliance with corporate governance principles is solely and especially mentioned as one of the supervisory responsibilities of BRSA in this article. The sub-regulation related to supervision by BRSA is RAA which includes in its scope the supervision of the financial institutions’ compliance level to the corporate governance principles in its Article 2(1)(d). RAA also mentions the assessment of the quality of the corporate governance in financial institutions as a type of on-site supervision in the Article 14(1) (a-9).



As a part of the risk focused supervision (the IRA phase), the supervisors will scope the activities for the upcoming cycle through various means. This includes, in part, meeting with the board members, senior managers and independent auditors to understand recent changes in the bank’s profile and activities. As a part of the cycle planning process and to inform on governance, the supervisor will also review the board minutes, strategic plan, budgeting, policies, procedures, audit reports, MIS, etc. according to the size, activities, complexity and structure of the banks. Depending on the outcome of the IRA, special examinations will be conducted of areas identified as concerns or special supervisory interest.



The BRSA indicated that 3 special examinations focused on governance elements were conducted in 2014/15.



B. On-site Supervision



In practice compliance with corporate governance principles and the assessment of quality of compliance is taken into consideration during the CAMELS review/GAR methodology supervision. In assigning M (for management) the supervisor evaluates mainly the following elements:
  • MIS and its unrestricted access by examiners including the bank’s information systems and data including the bank’s foreign branches.
  • assessment of the accounting and financial reporting systems including adequacy of written processes for accounting and financial reporting, efficiency and effectiveness of the internal control/audit on these systems, the existence and number of manual and/or retrospective interventions on the accounting and financial reporting systems.
  • assessment of the internal systems which include internal control, risk management and internal audit which includes evaluation of the relevant structure, procedures, policies, compliance with the enforcement actions instructed by BRSA, and adequacy of contingency action plans.
  • assessment of the organization, management and business strategies including the objectives and reality of the strategic plan and its risks, organizational policies and procedures and internal regulations, duties and responsibilities of the staff, the relation between the bank’s board’s and senior managers’ success and the bank’s financial performance, risk management and compliance level.
  • assessment of human resources including evaluation of the policies and implementations in human resources management. As well, feedback from bank staff is considered and staff turnover in critical areas.
While assessing above mentioned elements, examiners more specifically address:
  • compliance of board numbers and qualifications;
  • if relevant policies, procedures, and workflows approved by the board and are they clearly defined; do conflicts of interest exist among procedures or workflows;
  • if a corporate governance committee exists; if an internal CG policy exists;
  • if a “corporate governance compliance report” exists;
  • policy on disclosure and transparency;
  • monitoring process for breaches in policies, procedures, limits and for informing the board.
Special examinations conducted by the examiners will feed into the CAMELS rating process in a more informal way, by providing insight into the function of selected areas of the bank. However, no concrete conclusions are drawn regarding the quality of board oversight or corporate governance in general.



Also, supervisory review of the ICAAP process highlights governance elements of risk management and more generally. Through this process, the GAR process, and the IRA work, the bank’s current business strategies are reviewed and compared to last year’s plan and projected numbers. The IRA process involves discussions with management, review of performance, review of strategies, evaluation of bank resources, etc. These steps feed into the responses to the CAMELS review/GAR process which in turn, creates the subcomponent ratings before leading to the assignment of the “M” in CAMELS which reflects governance elements. No analytical, critical narrative exists which reflects a collective view on corporate governance of a bank or the attendant systems and controls which compose it.



C. Other supervisory activities



Besides the regular CAMELS on-site supervision by BRSA, the BRSA reviews board member and senior management qualifications immediately following their appointment to their posts as per BL Articles 5 and 7.



Similarly, approval of the top management team is necessary before the BRSA will authorize a bank to operate in Turkey. Besides these prerequisites for establishment and operation authorization of banks’ operations, BL Article 13 requires the banks to take the corporate governance regulations of BL into account while opening a new branch in Turkey. And Article 14 requires the banks to be compliant with the corporate governance regulations of BL for approvals to operate abroad.



The BRSA has the authority to take corrective action when certain concerns and deficiencies are identified. Among these are failures by board and management to institute required internal systems in BL Article 67. Also, as a result of supervisory examinations and according to the severity of the findings and the responsibility of the board members, the composition of the board can be changed by BRSA according to these articles. The responsibility of supervision for determining the compliance with the corporate governance parameters is clearly mentioned in the Article 95(1) of BL and the related sub-regulation RAA Article 2 (d). The evaluation of the quality of the corporate governance management is one of the inevitable part of on-site supervision according to the Article 14(1)(a-9) of RAA.



The team reviewed several examples of work performed by the examiners to test how observations about corporate governance were formed and the supervisory response thereafter. The work conducted by the examiners, both on and offsite, is extensive. However, the team found, through the review of several special examinations and the GAR database, the results of the examinations and supervisory processes consistently stopped short of drawing conclusions, in analytical, narrative form, on the implications the findings have for other critical areas of the bank(s) which reflect directly on the overall corporate governance effectiveness of the bank. As a result supervisory observations are not easily collected in order to form a more cross-cutting, substantiated view on critical internal systems and therefore, the boards’ ability to oversee the bank’s’ business.



For instance, if a loan portfolio is reviewed, deficiencies may be identified but are not consistently linked to conclusions drawn about the 1) line and senior management and their ability to oversee their business and know their risks, 2) risk management adequacy and ability to proactively identify developing risks that management has not – and report such issues and trends to the board, 3) impact provisioning levels and implications on financial statement accuracy, 4) implications on internal audit’s role, 5) MIS particularly sent to the board, and 6) ultimately, board oversight. All of these linkages reflect directly on the strength and nature of corporate governance in a bank.



Without taking the examinations process further and drawing conclusions, assessment of governance adequacy is much less able to leverage examination efforts to substantiate, and perhaps change, the supervisory view on board and management ability to run and control the bank’s business. This ultimately can impact the integrity of the “M” in the CAMELS.
EC3The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members
Description and findings re EC3Article 23(1) of BL states the minimum number of the members in a bank’s board of directors as five and also sets out the requirements for the members to be appointed. The qualifications required for the general manager in BL shall also be required for majority of the board of directors. So majority of the members must have at least undergraduate degrees in the disciplines of law, economics, finance, banking, business administration, public administration and related fields and those that have undergraduate degrees in engineering fields must have a graduate degree in the aforementioned fields, and they must have at least ten years of professional experience in the field of banking or business administration. Other financial and personal requirements for the members of the board of directors are listed in detail under Article 8. The board is held responsible for the establishment, effectiveness, compliance and efficiency of the internal control, risk management and internal audit systems according to the Article 23(3).



As mentioned above in EC 1, only 2 board members are required to be nonexecutive commensurate with the requirement that the Audit Committee be composed of at least 2 nonexecutive members. There are no requirements for the majority of board members to be nonexecutive. As a result, boards can potentially be composed of executive directors except for the 2 required nonexecutives. The only possible influence against this is the approval process conducted by the BRSA if it was to disapprove such a structure. However, there is no regulatory or practical support for this given the above structure of the law and regulation.



The one required board committee is the audit committee. As mentioned in EC 1 above, Article 24(1) of the BL provides that a banks’ board of directors shall establish audit committees for the execution of the audit and monitoring functions in the name of the board of directors and audit committee shall consist of minimum two non-executive board members. According to the Article 24(3) the main duties and responsibilities of the audit committee include the supervision of the efficiency and adequacy of the bank’s internal control, risk management and internal audit systems, functioning of these systems and the accounting and reporting systems and the integrity of the information produced. In RICAAP the Article 4(2) it is repeated that the internal systems units can only be established directly under the board. In the same paragraph it is clearly mentioned that the responsibility for the internal systems may only be fully or partially assigned to one of the non-executive directors or to committees composed of such directors or to the audit committee. In most banks, the audit committees are responsible risk oversight as well as the audit and control function oversight. However, some banks, depending on the size and complexity of their operations, have established board risk committees as well.



The remuneration committee for the banks is regulated under paragraph 12 of the Guideline on Best Compensation Practices of Banks (GBCP); it is not a required committee. This committee is comprised of at least two non-executive members of board of directors who have sufficient information and experience regarding remuneration policies and internal systems as a whole. Besides this sub-regulation the second paragraph of the Principle 6 of RCGB mentions that the remuneration committee which is responsible for the monitoring and supervision of the remuneration policies in the name of the board of directors to be comprised of two members. This committee is to evaluate the remuneration policies and implementations under the risk management principles and to report their findings to the board at least annually. The three largest banks have appointed remuneration committees.



The BRSA approves board and senior management appointments. In this way, the BRSA reviews the appointments process of the subject bank. Checklists have been prepared by BRSA for use in the evaluation process. The assessment process not only includes examining the documents submitted to the BRSA but also browsing the BRSA database. If the assessment shows that the individual is not fit and proper for the appointment, the bank will be informed about the situation and instructed to appoint a different individual. Furthermore, the board members and senior managers are responsible for notifying BRSA in case of a change in their situation after they are appointed (RSMOD, article 8). The appointments process itself is not a focus of examination to date.



As indicated above, the BRSA conducted 3 special examinations of governance elements during 2014/15; however, there is a need to form more holistic conclusions about governance on a more regular basis and conduct cross sector assessments of corporate governance, leveraging examination and offsite inputs.
EC4Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.33
Description and findings re EC 4See EC3 above.
Board member and senior management qualifications criteria are set out in Article 23(1) of BL and addressed in EC 1 and 3 above.



Articles 7, 9 and 10 of BL requires the board members to meet the qualifications set out in corporate governance provisions as a prerequisite for establishment and operating permission. Besides the Article 7(1)(d), Article 9(d) requires the same qualifications for any bank established abroad that wants to operate in Turkey by opening branch.



Principle 3 of the RCGB requires that management shall have the qualifications to fulfill efficiently their duty and be conscious of their role; board members are to be well-intentioned, informative, wise, and ethical, to be aware of their duties and responsibilities, to have time and to participate actively in the bank business.



TCC Article 369 defines duty of care and duty of loyalty of the board members and the third persons in charge of management. According to this provision, these persons have to fulfill their duties with care as prudent managers and act in good faith while overseeing company’s interest.
EC5The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite34 and strategy, and related policies, establishes and communicates corporate culture and values (e.g., through a code of conduct), and establishes conflicts of interest policies and a strong control environment.
Description and findings re EC5As mentioned in EC 1 according to the Article 23(3) of BL the responsibilities of the board of directors should include ensuring the establishment, functionality, appropriateness and adequacy of internal control, risk management and internal audit systems which are compliant with the regulations, and besides the specification of the powers and responsibilities within a bank.



Main regulations addressing risk appetite, strategic policies, communication channels and conflict of interest issues are covered in the RICAAP. Following the definition of risk appetite in the Article 3(1) (gg), the responsibilities of the board are regulated in the 5th Article. The Article 5(1) of RICAAP determines the board of directors as the ultimate responsible body for the establishment, effective, adequate and efficient implementation of internal systems in a bank. With respect to this responsibility, in the Article 5(2)(g) the board is held responsible for and authorized to determine and monitor the strategic decision making process and besides to maintain the determination of planning policies. Furthermore, in Article 5(2)(h) one of the board’s responsibilities is mentioned as to determine the bank’s policies and strategies relating to risk management in general and separately for each risk type, risk level the bank can take and related implementation procedures, to allocate maximum risk limits for units and their managers or the personnel working in those units. Article 5(2)(ı) requires the board to identify the bank’s risk appetite, to ensure that business lines, managers of the units within the scope of the internal systems and internal systems manager gather and exchange ideas, to resolve the communication problems between business lines within the aim of developing an effective risk management point of view throughout the bank and to ensure that business lines are informed about the developments, risks and risk mitigation techniques in the market.



The audit committee, as an extension of the board, according to Article 24 of BL, is also responsible for the supervision of the efficiency and adequacy of the bank’s internal systems, including the bank’s control environment, and the integrity of MIS therein.



Regarding potential conflicts of interest, requirements for functional division of tasks in a bank is regulated in RICAAP



article 10 in order to prevent mistakes, fraud, conflicts of interest, manipulation of information and misuse of resources at the bank. According to this article the powers and responsibilities of all units, personnel and committees within the bank shall be determined clearly and in writing, with a division of tasks in relation to the activities on the same subject. Banks need to comply with the regulation which requires that activities from which conflicts of interest may arise to be identified and minimized and the activities of approving transactions, accounting and recording transactions, and monitoring and managing the transaction are appropriately segregated. As well, RCGB Principle 1 addresses possible conflicts of interest within senior management responsibilities.



The establishment of communication structure and communication channels is regulated in the Article 12 of RICAAP. According to 12(1) it shall be ensured that information vertically and horizontally flows within the organizational structure of the bank so as to reach the relevant levels of management and the responsible personnel in safety and that the managers of lower units and the operational personnel are fully informed of the bank’s objectives, strategies, policies, implementation procedures and expectations. Information to be directed towards personnel shall include data concerning the policies related to bank activities, their implementation procedures, and the activity performance of the bank. It shall be ensured that the bank personnel are aware of the rules concerning their duties and responsibilities and that the necessary information rapidly reaches the concerned personnel.



Besides in the Article 7(2)(c) of the RICAAP audit committee members are held responsible for and authorized to establish communication channels which enable the committee to be informed and to check whether personnel who are authorized to lend have been involved in the evaluation and/or the decision making process of certain identified borrowers, e.g., themselves, their spouses, dependent children and other natural persons or legal entities which constitute a risk group.



While internal codes of conduct are not explicitly required, the team was informed that many banks do, in fact, have them. This, as well as strategy, risk appetite, and internal communication channels could all be topics addressed in a corporate governance evaluation by the supervisor.
EC6The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them.
Description and findings re EC6The educational and experience requirements for the senior managers are mainly determined in Article 25 of BL. The Article 25(1) mentions the requirements for the general managers while Article 25(2) does the same for the deputy general managers.



The Principle 2 in RCGB requires the board of directors to determine the duties and responsibilities of the senior management in a bank while it also empowers the board to monitor the compliance level of senior management’s activities to the policies which have been put in place by the Board itself.



According to the points (a) and (c) of the Article 5(2) of the RICAAP, the board of directors of the bank is authorized and liable for
  • establishing the organizational structure and human resources policy of the bank and to determine the criteria for the appointment of senior management and
  • determining the written strategies, policies and the implementation procedures concerning the activities of the units included within the scope of the internal systems and ensuring that these are implemented and maintained effectively and coordinated with each other.
There currently is no requirement for banks to develop succession plans for key management positions. As mentioned in EC 5 and 3 above, there is not yet a cross-cutting supervisory evaluation process of a bank’s corporate governance function.
EC7The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies.
Description and findings re EC7Best practice guidelines for the structure and management of remuneration frameworks within an effective risk management environment are comprehensively enumerated in the GBCP. Paragraph 8 of this guideline states that it is the responsibility of board of directors of the bank to approve, periodically review and oversee the implementation of the remuneration policy. Remuneration policies and practices should be consistent with the complexity of activities, individual risk profile, risk appetite and strategy of a bank.



The GBCP paragraph 9 directs that the remuneration policy should support sound risk management within the bank and not be associated with excessive short-term profit-making goals and does not incentivize risk-taking that is beyond tolerated risk level of the institution. The remuneration policy should also be in line with the scope and size of the operations, risk management structure, business strategy, long-term financial soundness and capital adequacy level of the institution, and incorporates measures to avoid conflicts of interest.



Further, the GBCP paragraph 11 states that the bank should consider the impact of remuneration policies on soundness indicators such as capital and liquidity and in case of a threat against capital adequacy or when needed, a more conservative policy should be followed on all remuneration issues, mainly the variable remuneration. Further, variable pay levels should be established in relation to the performance of their unit as well as the bank’s overall performance. The impact of risk taken should also factor into remuneration formulas. When determining the performance of identified staff, financial and non-financial criteria should be considered.



As well, principle 6 of RCGB directs that remuneration framework should be aligned with a bank’s ethical values and strategic targets. Compensation shall not be based on short-term performance or be guaranteed in advance.



No explicit supervisory reviews have been undertaken to date to address banks’ remuneration frameworks. Again, as mentioned in EC 5 and 3 above, this could be an area to include in a cross-cutting supervisory evaluation process of a bank’s corporate governance function.
EC8The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g., special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate.
Description and findings re EC8Legislation does not explicitly direct boards and senior management to “know your structure” but they must have knowledge of the bank’s related structures in order to assess individual and consolidated risk exposures and to prepare ICAAP on a consolidated basis. The bank’s Board and senior management’s responsibilities are defined in RICAAP. Articles 5-8 regulate the responsibilities of top management (which includes key senior management and the board of directors) regarding the establishment of the internal systems (including risk management systems). This requires top management to set policies and strategies relating the risk management as well as to establish the bank’s risk appetite and maintain sufficient capital as determined through ICAAP. ICAAP must be prepared on a consolidated basis, therefore bank management must know and understand all the risks to which the bank is exposed. In addition; the “intra-group transactions report” that has to be prepared each year guarantees that the bank management sees the financial relationship between group entities. Please also refer to CP12 for consolidated supervision framework of BRSA.
EC9The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria.
Description and findings re EC9According to the article 69 (b) of the BL, in the context of points (e), (f) and (g) of Article 67 to eliminate violations, the BRSB has the power to require the bank to call on the general assembly to convene an extraordinary meeting to change one or several or all of the members of board of directors or to appoint new members by increasing the number of board members if the board of directors’ members have responsibility in decisions, transactions and practices.



Furthermore; the article 70(c) of the BL clearly empowers the BRSB to require the bank to dismiss one or all of the board members or together with the general manager, deputy general managers, and/or relevant unit and branch directors in cases where the bank fails to take measures laid down in Article 68 and/or 69. The same article requires the approval of BRSA for persons to be appointed or selected in place of the persons removed from office.



The supervisor’s responsibility for detecting compliance with the corporate governance principles is laid out in the BL Article 95(1) and the RAA Article 2(d). The evaluation of the quality of the corporate governance management is one of the key parts of on-site supervision according to the Article 14(1)(a-9) of RAA. Findings regarding CG enables the BRSB to take action against the board or specific board members in case of breaches of CG regulations and principles.



Another tool held by BRSA, contained in BL Article 26(2), is the ability to revoke the signing authority of any bank employee who is found to have infringed provisions of BL or related regulation, has endangered the safety and soundness of the bank, and legal proceedings have been requested. These provisions apply to not only staff but also to board members. There have been cases where such signing authority has been revoked, mainly dealing with bank staff. Only one instance did such action involve a bank director.
Additional criteria
AC1Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management.
Description and findings re AC1
Assessment of Principle 14Materially Non-compliant
CommentsThe legal framework surrounding the corporate governance framework for banks is extensive, but very heavily focused on board responsibilities regarding internal systems (risk management, internal control, internal audit). Examination processes (GAR and specialized examinations) have required steps to check board approvals, internal structures, and processes which reflect on the governance function. The BRSA approves board and senior management appointments. In this way, the BRSA reviews the appointments process of the bank.



However, the results of special examinations and supervisory processes consistently stop short of drawing conclusions, in analytical, narrative form, on the implications the findings have for critical areas that are directly linked to the examined area. These critical areas reflect directly on the corporate governance effectiveness of the bank (such as management oversight of business areas, adequacy of risk management and internal audit’s role in the subject areas, integrity of MIS that goes up to the board level, and ultimately, board oversight). As a result, supervisory observations are not easily collected in order to form a more cross-cutting, substantiated view on corporate governance and the adequacy of internal systems. Therefore, validation of the manner in which such internal systems and governance operates is not well supported. This impacts the degree to which the BRSA should place confidence in the systems that inform the board and itself, as well as the systems’ ability to generate early warning indicators of deterioration.



There is no requirement for the majority of the board to be composed of non-executive members which could result in, potentially, boards being composed of a majority of executive directors with only the 2 nonexecutives as currently required by the legal framework. However, practically speaking, 10 out of 53 banks are listed and must fall under the CMB Communique on governance which requires a majority of independent directors. Consideration should be given to upgrading banking legislation requiring the board to be composed of a majority of nonexecutive members, and ideally, with a certain minimum of independent individuals. (The definition of “independent” should be consistent with that used by the CMB in its Communiqué on Corporate Governance.)



Audit committee membership should be expanded. While some bank boards in the system have populated this committee with more members, a minimum of 2 members is considered too few in order to execute the duties assigned to it in a robust and effective manner. This is particularly so since the audit committee is considered an extension of the board and is assigned the task of internal systems oversight which includes risk management. In addition, the chair of this committee, in some banks, is also the chairman of the board which does not reflect best practice and potentially represents a conflict of interest. This committee should be expanded and should be composed of all independent directors. As well, legislation directs that the audit committees have oversight responsibility for internal systems which includes risk management. Under the current audit committee structures, proper oversight of both critical areas is difficult at best. Risk management oversight responsibility should be separated from the audit committee, particularly in the more complex institutions (it was noted that one bank has, in fact, constituted a separate risk management committee).



While (3) special inspections of governance elements have been conducted, there is a need to more regularly conduct cross-cutting assessment of corporate governance in a holistic manner which would, in part, leverage examination results and relevant offsite information as well as information generated from any enforcement actions. Consideration could be given to introducing such reviews on a more regular basis in order to enhance and better substantiate conclusions on the adequacy of a bank’s corporate governance.



Given the observations cited in the above ECs (board membership/objectivity, board nominations process, board committee structure and membership, management oversight and performance evaluation, succession planning, “know your structure requirements”, internal code of conduct, etc.) the BRSA should develop a more comprehensive corporate governance regulation that completes the elements of governance that already exist in guidelines and regulation. This type of instrument could be a focal point of supervisory corporate governance reviews in the future.
Principle 15Risk management process. The supervisor determines that banks35 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate36 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.37
Essential criteria
EC1The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:
  • a) a sound risk management culture is established throughout the bank;
  • b) policies and processes are developed for risk-taking, that are consistent with the risk management strategy and the established risk appetite;
  • c) uncertainties attached to risk measurement are recognized;
  • d) appropriate limits are established that are consistent with the bank’s risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff; and
  • e) senior management takes the steps necessary to monitor and control all material risks consistent with the approved strategies and risk appetite.
Description and findings re EC1The focus of this BCP 15 is on both the framework for the overall risk management process in banks (both the legal and implementation aspects) as well as the BRSA’s supervisory process over this critical function. The actual implementation of the framework and supervisory process, and the results it renders, are specifically addressed in the respective Principles which follow.



The BL Articles 29 and 31 state the obligations pertaining to internal systems (internal control, risk management and internal audit systems). According to Article 29, banks are obliged to establish and operate adequate and efficient internal systems that are in harmony with the scope and structure of their activities, that can respond to changing conditions and that cover all their branches and undertakings subject to consolidation in order to monitor and control the risks that they encounter. In Article 31, within their risk management frameworks, banks shall establish, implement and report risk policies within the framework set by the BRSB. Risk management activities shall be performed by the risk management department and personnel who work under the board of directors.



Based on the above mentioned BL articles, RICAAP has been issued for the purpose of setting procedures and principles for the establishment and functioning of the internal systems (internal audit, internal control and risk management systems) and internal capital assessment process. While the ultimate output of ICAAP is the derivation of the internal capital requirement and capital projections for the upcoming three years under different economic scenarios, the process is highly dependent on banks’ internal risk management, their assessment of its adequacy, and the risk based measures of capital needs.



It is through this process that the BRSA has enumerated comprehensive regulation addressing requirements for robust risk management systems. This regulation, RICAAP, underpins to a very significant extent, BRSA’s expected risk management framework in banks which reflects much of what is international standard. The guidance offered by RICAAAP is cited throughout the risk section of this assessment and is pivotal to the evaluation of the adequacy of the system’s risk framework. Equally important, implementation of RICCAP and other essential regulation and directions have been evaluated to determine the extent that the requirements have taken root and are used effectively to identify, measure, and control risk.



ICAAP is a relatively recent development in the country’s banking system. As a result, banks’ are still developing their approach and implementing important systems. The BCP team’s review of supervisors’ working papers and discussion with banks indicated that banks as well as supervisors are, in fact, in a relatively early phase. The quality of banks reports and the scrutiny of the reports by supervisors will need to develop further before the results can be more reliable and more extensively used.



Risk appetite & risk strategies:



The BL directs that internal systems shall be established directly under the Board of Directors. The board may transfer all or part of its duties and responsibilities to the internal systems manager. It is also possible to have a senior manager such as an executive vice president who does not have any hierarchical link with CEO and whose performance evaluation is conducted by the board of directors or the audit committee. Furthermore, powers and duties of the board of directors, audit committee, and the senior management regarding the risk management system are determined in the RICAAP as well as establishment of internal capital assessment process.



As well, the board of directors of the bank is responsible for determining, in writing, the strategies, policies and the implementation procedures concerning the activities of the units included within the scope of the internal systems and to ensure that they are implemented and maintained effectively and coordinated with each other. The section further states that (the board of directors) will determine in writing the bank’s polices and strategies relating to risk management in general and separately for each risk type, risk level the bank can take and related implementation procedures, to allocate maximum risk limits for units and their managers or the personnel working in those units.



RICAAP Article 5 states that (the Board of Directors) will identify the bank’s risk appetite, to ensure that business lines, managers of the units within the scope of the internal systems and internal systems manager gather and exchange ideas, to resolve the communication problems between business lines within the aim of developing an effective risk management point of view throughout the bank and to ensure that business lines are informed about the developments, risks and risk mitigation techniques in the market.



As well, Article 39 (1) states that banks are obliged to establish a structure comprised of policies and processes to determine the risk appetite and monitor the conformity of units to the risk appetite. (2) Banks are obliged to set, measure, monitor and manage the risk limits for controlling the current risk profile in order not to exceed the risk appetite approved by the board of directors. Risk appetite structure shall be reviewed when necessary, once in a year at a minimum.



Culture, policies, processes, limits, and monitoring



RICAAP Article 38 (1-3) states that (banks must establish) risk limits associated clearly with the loss amount and allocated capital amount, connected with the risk appetite. Within this scope, risk appetite approved by the board of directors is shared to risk types, units, business lines and products as well as other levels deemed necessary and allocated. Furthermore, transaction limits are established per personnel, sub-unit or unit for risk limits in the required areas, mainly credit allocation and treasury transactions. Banks shall determine implementation procedures concerning proposal, assessment, approval, notifying in the bank, monitoring and audit processes of risk limits and the principles determined are approved by the board of directors. Surveillance responsibility for the bank’s risk profile not to exceed risk limits and values realized to be monitored by top management of the bank belongs to the board of directors. Risk limits are determined as a part of risk appetite on consolidated and non-consolidated basis by considering the size of bank in financial system. The risk limits shall be regularly reviewed and adapted in accordance with changes in market conditions and in the bank strategy.



RICAAP Article 35 (4) states that banks are obliged to establish and implement an effective risk management system for material risks in compliance with volume, complexity, and level of activities that bear risks. In addition to Pillar 1 risks, Pillar 2 risks shall also be taken into account considering their level of importance. Moreover, risks which are minor on their own but which may cause significant losses when combined with other risk types are also included.



RICAAP Article 38 requires banks to put in place board approved written limits and risk appetites for each risk type on consolidated and non-consolidated basis by considering the size of bank in the financial system. The risk limits are regularly reviewed and adapted in accordance with changes in market conditions and in the bank strategy. Risk limits are notified to related units and it is ensured that related personnel understands them. Limit usages are monitored closely and limit exceeding is notified to the senior management promptly in order to take necessary actions.



Article 4 of the RICAAP imposes banks to establish and operate adequate and effective internal systems in conformity with the scope and nature of their activities in order to monitor and control the risks to which they are exposed. BRSA requires banks to implement the principles by considering banks’ own scales, risk profiles; activities, volume, nature and complexity of their business and transactions. It’s also necessary to make written explanations and retentions for the principles which are not implemented totally or partially [Article (4)(1)(m) of RAA].



According to the Article 46 of RICAAP, banks are obliged to calculate the capital internally which will meet the risks exposed or which may be exposed on consolidated and non-consolidated basis and maintain their activities with a capital higher than this amount on consolidated and non-consolidated basis. The ICAAP process determines that the management body; a) accurately and comprehensively identify, measure, aggregate, monitor and report the bank’s risks, b) calculate and hold adequate internal capital in relation to the bank’s risk profile, risk management process, adequacy of internal systems, strategies and activity plan, c) establish and use sound risk management systems and develop them further. The ICAAP also considers the impact of economic cycles, and sensitivity to other external risks and factors. The ICAAP shall be integrated to the bank’s organizational structure, risk appetite framework and activity processes; and shall form a basis for them.



Supervisory (onsite) manual



There are several criteria in the Supervisory Manual on Risk Assessment Criteria (SMRAC) that require BRSA onsite examiners to take into consideration the strategies, policies and processes concerning following risk categories; credit risk, operational risk, strategic risk, reputational risk, liquidity risk, interest rate risk in the banking book, market risk, country and transfer risk, concentration risk, residual risk, model risk, counterparty credit risk. In SMRAC, there are assessment criteria for each risk category to evaluate the effectiveness of risk management.



For example, in the credit risk area, the criteria help the examiners to evaluate risk management strategy whether the Board and senior management set a suitable risk appetite to define the level of credit risk the bank is willing to assume or tolerate. In addition to this, the examiner determines that if a sound credit risk management culture is established throughout the bank; policy and processes are developed for risk taking that are consistent with the risk management strategy and the established risk appetite; appropriate credit limits are established that are consistent with the bank’s risk appetite, risk profile, and that are understood by relevant personnel; and senior management takes the necessary steps to monitor and control credit risk consistent with the approved strategies and risk appetite. The authority and liability of the relevant staff is defined clearly and the necessary steps in case of deficiency are defined.



CAMELS review/GAR methodology



The GAR process directs examiners to evaluate policies, strategies and processes, contingency plans to determine if they address material risks such as operational risk issues in departments such as corporate/small and medium enterprises/retail loans, credit cards, accounting and reporting systems, derivatives etc.
EC2The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor determines that these processes are adequate:
  • a) to provide a comprehensive “bank-wide” view of risk across all material risk types;
  • b) for the risk profile and systemic importance of the bank; and
  • c) to assess risks arising from the macroeconomic environment affecting the markets in which the bank operates and to incorporate such assessments into the bank’s risk management process.
Description and findings re EC2As stated in EC1 above, RICAAP comprehensively addresses the risk management function in banks.



The complexity level of risk management system is formed in proportion with the bank’s size and the complexity of its activities. If BRSA finds the mentioned level insufficient, banks are obliged to remove this insufficiency within a timeframe to be determined by BRSA (Article 35(3) and 35(5)).



Banks should have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. In addition, the management of the material risks in the bank’s risk profile and providing a comprehensive “bank-wide” view of risk across all material risk types are arranged in the RICAAP Articles 5, 35, 37, 38, 39, 42, 45.



RICAAP Article 38 requires banks to put in place board approved written limits and risk appetites for each risk type on consolidated and non-consolidated basis by considering the size of bank in the financial system. The risk limits are regularly reviewed and adapted in accordance with changes in market conditions and in the bank strategy. Risk limits are notified to related units and it is ensured that related personnel understands them. Limit usages are monitored closely and limit exceeding is notified to the senior management promptly in order to take necessary actions.



The article 36(2) of the RICAAP states that risk management policies and implementation procedures must adapt to changing conditions. The board of directors or the relevant internal systems manager shall regularly assess their adequacy and make the necessary changes. In addition, according to the 42(6) of the RICAAP, the risk measurement methods and models should be periodically updated to reflect changing market conditions.



Macroeconomic environment affecting the markets in which the bank operates is assessed in ICAAP reports as stated in the GICAAPR (section “2. General Assessment and Expectations”) in a detailed manner because of the fact that it may cause material risks for the bank.



During the CAMELS review/GAR methodology process, as well as during special examinations, supervisors check whether a bank has suitable policies and processes that clearly articulate roles and responsibilities related to the identification, measurement, monitoring and control of the material risks. As well, the examiners review banks’ strategy, policies, procedures and growth budgets pertaining to various risks, including their implementation, and invites bank management’s attention to areas of concern. Banks’ business plans in relation to their risk profile, capital, manpower skills, historical performance, adequacy of procedures and controls are evaluated.
EC3The supervisor determines that risk management strategies, policies, processes and limits are:
  • a) properly documented;
  • b) regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk profiles and market and macroeconomic conditions; and
  • c) communicated within the bank.
The supervisor determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorization by, the appropriate level of management and the bank’s Board where necessary.
Description and findings re EC3RICAAP Article 5 and provisions that are mentioned in EC1 require that risk management strategies, policies, processes and limits are documented; regularly reviewed and adjusted to reflect changing risk appetites, risk profiles, market and macroeconomic conditions; communicated within the bank. Article 12 regulates establishment of the communication structure and communication channels within the bank.



How the risk management system (RMS) of banks shall be established, the purpose of RMS, which points have to be included in the policies and procedures, the activities of RMS, main aspects of risk limit setting, risk appetite framework, new products and services, responsibilities of risk management unit and personnel, risk measurement and its process, stress testing to be performed by bank, data management process and reporting of risks within the banks are regulated in Section Four (articles 35-45), “the Risk Management System” of the Regulation.



Due to RICAAP, article 63(6), banks are required to prepare ICAAP reports every year. In these reports, banks give detailed information about their risk management strategies, policies, processes, limits and risk appetites. Banks are obliged to submit these reports to BRSA in the first quarter of every year. Banks should have detailed risk management strategy documents to prepare these reports. Furthermore, in the section “5. Risk management” of GICAAPR, all material risks are taken into consideration in terms of identification, measurement, management/control and mitigation as well as risk appetite and risk limits.



In addition to this, banks are required to list internal regulations, communiqués, action plans and decisions by which the policies and procedures and business flows and processes are determined and duties and responsibilities are assigned relating to corporate governance, management of each risk type (identification, measurement, monitoring, control and reporting) capital and liquidity planning within risk management structure and submit these documents to the BRSA in the annex of the ICAAP Report. Inside the Report, amendments made to regulations within the period, as well as new regulations entered into force and justified information about abolished ones are given to express the progress in the bank’s risk management capacity and its elasticity face to changing conditions.



In the on-site supervision process, the BRSA examiners are informed about important decisions taken by banks and are able to access and assess banks’ policies, processes, strategies, exceptions and internal reports on an ongoing basis. On-site examination reports make observations on banks’ compliance with internal and regulatory limits. As a part of the routine examination, BRSA examiners evaluate whether the risk management strategies, policies, processes and limits are documented and limits are monitored by the top management with the help of GAR module.
EC4The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive.
Description and findings re EC4RICAAP Article 5 stipulates that the bank’s Board and senior management get sufficient information on, and understand, the nature and level of material risks being taken by the bank and how these risks relate to adequate levels of capital and liquidity. In addition to this, the Board and senior management shall regularly review and understand the risk management information that they receive from the all units of the bank. RICAAP Article 5(3) states that the board of directors is responsible for ensuring that the bank has adequate capital to support its risks by means of establishment and implementation of the ICAAP. It needs to ensure that the bank management establishes a framework for assessing the various risks, develops a system to relate risk to the bank’s capital level, and establishes a method for monitoring compliance with internal policies. Also, information on the nature and level of risk being taken by the bank should be reported to the Board of directors and top management according to the article 45 of the RICAAP.



Banks shall prepare a report including their assessments on risk measurement, capital and liquidity planning as well as risk management abilities made within the scope of the ICAAP according to Article 56(1) of RICAAP.



In the Risk Assessment (CAMELS) phase of supervision, BRSA examiners assess whether the bank’s top management obtains sufficient information about material risks that are taken by the bank and regularly reviews and understands the implications and limitations of the risk management information that they receive.
EC5The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies.
Description and findings re EC5In addition to abovementioned requirements (EC1-EC4), banks are also required to assess their internal capital and liquidity adequacy. They are required to have an ICAAP process and the provisions regarding this process are regulated in RICAAP. Banks are required to submit an ICAAP report once in a year and requirements of ICAAP reporting is regulated in GICAAPR.



In the ICAAP reports, banks assess their capital and liquidity adequacy according to section “6. Capital Planning” and “9. Liquidity Planning” of GICAAPR respectively. Moreover, there is detailed information about how to carry out these capital and liquidity plans in other parts of the GICAAPR.



According to Article 56(2) of the RICAAP, Bank’s analysis and assessments relating to capital and liquidity adequacy and planning in the ICAAP Report are assessed in the examinations made by the BRSA. In addition, there are also specific provisions concerning the audits conducted by the BRSA in terms of capital and liquidity adequacy, in the sections “3. Regulatory Capital Adequacy”, “4. Internal Capital Adequacy”, “5. Adequacy of Liquidity”, “6. Stress Tests” of the GAA.



As stated in EC 1, ICAAP is a relatively recent development in the country’s banking system. As a result, banks’ are still developing their approach and implementing important systems. The BCP team’s review of supervisors’ working papers and discussion with banks indicated that banks as well as supervisors are, in fact, in a learning phase. The quality of banks reports and the annual review of the reports by supervisors will need to develop further before the results can be more reliable and more extensively used.
EC6Where banks use models to measure components of risk, the supervisor determines that:
  • a) banks comply with supervisory standards on their use;
  • b) the banks’ Boards and senior management understand the limitations and uncertainties relating to the output of the models and the risk inherent in their use; and
  • c) banks perform regular and independent validation and testing of the models
  • d) The supervisor assesses whether the model outputs appear reasonable as a reflection of the risks assumed.
Description and findings re EC6There are 3 different communiques regarding standards for models used to measure market risk, credit risk and operational risk: Communiqué on the Calculation of Market Risk by Risk Measurement Models and Assessment of Risk Measurement Model (CMR-RMM), Communiqué on Calculation of the Risk Weighted Exposure Amount for Credit Risk by Internal-rating based Approaches (CIRB), Communiqué on Calculation of the Risk Weighted Exposure Amount for Operational Risk by Advanced Measurement Approach (CAMA) respectively. Additionally, there are Guidelines on Assessment and Validation of Internal Rating Based Approaches and Advanced Measurement Approach (GAVA) and Guidelines on the Application Process of Internal Rating Based Approaches and Advanced Measurement Approach (GAPA) guidelines regarding approval and validations processes for these models. These guidelines regulate the model use for regulatory capital requirement calculation purposes.



RICAAP has rules about model use for internal risk management purposes. RICAAP Article 5(2) (ğ) gives responsibility to the Board to have information about risks the bank is exposed to and measurement methods and management of those.



It is mentioned in the Articles 42, 45(2)(ç), 55(1) of the RICAAP that different measurement methods and models may be used to measure and assess risks. In these articles there are detailed information about the processes related to method or model.



Regulation states that banks’ internal audit units are given the responsibility to audit risk measurement models. If risk measurement models are used in the bank, the internal audit unit should audit: whether the results obtained from risk measurement models and methods are incorporated in daily risk management, the accuracy of data and assumptions used in risk measurement models, reliability, integrity and timely availability of the data source used and the accuracy of back-tests used for these models, etc. (Article 21(4) of the RICAAP).



The responsibility of the risk management department is “to participate in the process of designing, selecting and putting into practice the risk measurement models and giving preliminary approval, to review the models regularly and to make the necessary changes”. Article 41(1)(d), (e) of RICAAP.



RICAAP imposes separate roles to different internal system units regarding risk measurement models. Article 11(2)(b) requires that the information systems of the bank shall enable risks, including regulatory and internal capital adequacy calculations, to be measured using risk measurement methods or models and to be reported in a timely and effective manner. Article 15(2)(ç) gives internal control units the responsibility to interrogate the accuracy of transaction details, activities, and outputs related to risk management models.



Article 58 and 62 of the RICAAP arranges validation process of the internal model. The validation process to be made within the scope of Article 58 is assessed by the BRSA. According to article 58, validation of internal model used within the scope of ICAAP shall be made by a team independent from the units which develops methodology or independent from the executive units. Validation may be conducted by external experts. Validation report should be submitted to BRSA together with ICAAP report (Article 63(9)). In addition to the RICAAP, GICAAPR has numerous detailed provisions connected to the models or methods as well as validation processes of them.



Additionally, model risk is highlighted in risk management guidelines such as in Guideline on The Management of Concentration Risk (GMCR).



GAA, para 8, states that the Agency examines the regulatory capital adequacy and calculation process, models and assumptions. In paragraph 10, the issues that the bank considers while using the IRB approach are listed. According to paragraph 12, the Agency examines the internal capital adequacy and calculation process, models and assumptions that are used by banks.



The BRSA examiners examine compliance to the above mentioned regulations. To examine these processes, the BRSA examiners use GAR (risk assessment – CAMELS) module
EC7The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use.
Description and findings re EC7Article 11 of RICAAP addresses information systems. The structure of information systems must be commensurate with the scale of the bank and with nature and complexity of the products. The minimum outputs of these systems are regulated in RICAAP including regulatory and internal capital adequacy calculations, early warning indicators, timely reporting of breaches of maximum risk levels, allocation of capital requirement according to risk level, stress tests and scenario analysis to be made, etc. Also Article 45 gives information about reporting of risks within the bank.



RICAAP regulates the general requirements about information systems, however, in the risk management guidelines that are listed in Principle 1, EC3, there are additional specific requirements imposed regarding that specific risk. For example, Paragraphs 44-51 of Guideline for Liquidity Risk Management (GLRM) explains how an information system for liquidity risk management should be. GAA paragraphs 12(8), 12(11) mention about management information systems and reporting.



Banks’ reporting framework comprises of a wide range of call reports on several aspects of prudential importance, some of which pertain to the consolidated bank position. Banks are obliged to prepare the ICAAP report annually both on a consolidated basis and non-consolidated basis. Within the ICAAP report, the results of stress tests and scenario analyses must be presented. Banks’ reporting is subjected to test checks by the BRSA. Periodical internal systems audit conducted by external auditors and the BRSA provide assurance about the integrity and coverage of the internal and supervisory reports.



BRSA sets the standards for information systems of banks in CPITMB, RICAAP, and GICAAP and conducts IT examinations via its IT audit experts. Furthermore, annual external audit findings are utilized to evaluate the IT risks associated with a bank as well. Bank’s Board and senior management make self-assessments using Circular on Management Assertion and submit their assessments to the external auditor.



Through the CAMELS review/GAR methodology, under MIS in the Management component—the BRSA examiners assess whether banks have adequate information systems for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types. Through this process and procedure, they are to assess whether these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s top management.



Furthermore, according to GAA paragraph 12(8); during the ICAAP examinations, the Agency assesses the quality of the bank’s management information reporting and systems, the manner in which business risks and activities are aggregated, and management’s record in response to emerging or changing risks.
EC8The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,38 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board.
Description and findings re EC8RICAAP Article 5(2) points (ğ) and (ö) give the Board the responsibility to have information about risks the bank is exposed and to understand the risks of new products. Board is also given the responsibility to approve all policies and processes according to article 5(2) (i) and best practice guidelines. Article 40 requires banks to carefully assess new products and services offered by them. Banks are required to ensure that the necessary personnel, technology and financial resources are available for these products and services to be offered and that the top management is fully aware of the risks involved in the new products and services. Also in article 18 of the RICAAP it is stated that new transactions and products should be included in the compliance controls carried out by the internal control units of banks.



While Article 40 enumerates a number of the review requirements for new products, it does not explicitly extend the process to address material modifications to existing products and major acquisitions. It also does not require banks to restrict new products if they do not have the necessary controls, management, and resources to manage related risks.



In addition to this, BRSA is able to verify compliance to these regulations as part of its CAMELS rating methodology under the Management component during on-site examinations. For example, Financial Soundness Analysis Identification Number (FSAID) 2753 supports this examination.
EC9The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function.
Description and findings re EC9BL (Article 31) stipulates that the risk management activities shall be performed by the risk management department which will work under the board of directors. RICAAP Article 4 (2) also requires internal systems to be located under the board of directors. It furthermore requires the board of directors to determine the duties, powers and responsibilities of the internal systems units and of their managers clearly and without conflict of duties, to approve the working procedures and principles for the staff appointed in these units, and to ensure that the necessary resources are allocated.



Article 10(1) of RICAAP, provides information for the division of risk management functions/tasks in banks. Moreover, the BRSA verifies the independence of the risk management functions and recommend remedial measures if it is not observed.



In periodic and risk-based audits, the department audits the adequacy and effectiveness of the internal control and risk management systems and ICAAP is assessed by the internal audit unit. Additionally, the ICAAP report is also examined by the BRSA examiners.



The BCP team identified certain issues with the organization of the credit risk management function and the credit monitoring function which is a line management activity. The organizational arrangements discussed in BCP 17 do not adequately address independent credit risk monitoring at the individual credit and portfolio levels. See BCP 17.
EC10The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor.
Description and findings re EC10In Turkey, risk management departments of banks are separate units that are directly under the board of directors. According to the Article 31 of BL, risk management activities shall be performed by the risk management department and personnel to work under the board of directors.



RICAAP Article 4 directs that banks assign a senior manager or an executive vice president, responsible for all internal systems departments, who has no hierarchical link with the CEO in the bank’s organization structure and whose assessments on performance as well as financial and personal rights are conducted by the board of directors or the audit committee. Also the articles 37(1) and 41(3) have provisions regarding risk management unit and personnel.



In Turkey, the risk management departments of banks are generally organized under a senior manager reporting directly to audit committee. However, some banks do have CRO type posts. Commensurate with their size and complexity of operations, banks should be specifically required to have qualified CROs with sufficient stature, position and authority within the organization to oversee risk management activities. The level of senior manager may not provide the necessary stature necessary to challenge high level risk decisions and processes.



According to RICAAP article 63(1), banks must notify the Agency in writing of the appointment or resignation of the internal systems manager or committee members, the members of the audit committee, and the senior managers of the units included within the scope of these systems, within seven working days from the date of the relevant decision. However, regulation should require, explicitly, if the CRO is removed from his/her position for any reason, that the Board has been informed and has given its approval. This action should be generally disclosed publicly. While the regulation requires banks to notify the BRSA promptly, the reasons for such removal should be presented and discussed.
EC11The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk.
Description and findings re EC11BRSA has issued detailed specific guidelines articulating the standards related to credit risk, market risk, liquidity risk, and operational risk, interest rate risk in the banking book, country risk, reputational risk, and others.
EC12The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified.
Description and findings re EC12RICAAP Article 13 addresses the emergency and contingency plans and business continuity management. Banks must establish a business continuity management structure approved by the board of directors in order to ensure the sustainability of activities in case of an interruption or to save them time to minimize operational, financial, legal and reputational negative effects. There are also other provisions at RICAAP Article 13 that address payment and settlement systems and business disruption. For a possible emergency and contingency regarding the payment and settlement systems, communication arrangements shall be established between the authorities of the CBRT, the persons responsible for the interbank payments, agreements and settlement systems and the Agency as well as a communication channel or network open to the public and the customers. The continuity of information systems is handled in information systems continuity plan approved by the board of directors prepared within the scope of business continuity plan and in state of emergency and contingency plan. Banks have to mention their contingency arrangements in their ICAAP reports. Please refer to GICAAPR Annex section 6, paragraphs (1, 3, and 4), section 8 paragraph 4, section 9 paragraphs (2, 3, and 5(7)).



Provisions regarding business continuity plans are further regulated in GORM in a more detailed manner. According to GORM Principle 10, banks need to have a business continuity plan to be able to continue their activities on an ongoing basis and limit losses in the event of severe business disruption.



Negative condition scenarios created by the bank should be assessed for their financial, operational and reputational impact and the resulting risk assessment should be the foundation for recovery priorities and objectives (paragraph 71 of GORM).



All the disaster recovery and business continuity plans are tested at least once in a year according to RICAAP article 13. These tests are checked by the BRSA on-site examination teams as a part of the ratings process. This includes whether there is a business continuity plan approved by the board of directors and if this plan is tested by the bank.
EC13The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing program and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing program:
  • a) promotes risk identification and control, on a bank-wide basis
  • b) adopts suitably severe assumptions and seeks to address feedback effects and system-wide interaction between risks;
  • c) benefits from the active involvement of the Board and senior management; and
  • d) is appropriately documented and regularly maintained and updated.
The supervisor requires corrective action if material deficiencies are identified in a bank’s stress testing program or if the results of stress tests are not adequately taken into consideration in the bank’s decision-making process
Description and findings re EC13RICAAP Article 43 stipulates that Banks shall establish and operate a stress testing program in order to measure its material risks and vulnerabilities which may arise from both negative developments peculiar to the bank and the developments in stressed economic and financial environment. Top management is responsible for establishment and implementation of a stress testing program as a whole. In addition to this, stress testing program shall be based on historical data including statistical risk and loss predictions and complementary for other risk management methods and qualitative implementations. Stress testing program shall include clearly defined purposes, well designed scenarios in compliance with the bank’s activities and its risk arising from those activities, written assumptions, a strong methodology, reporting supporting the decisions taken, revising stress testing processes in a continuous and efficient manner and management actions based on stress testing results. Stress testing program requires, an overall firm-wide stress testing, in addition to each material risk type.



Consistent with RICAAP Article 43(7), a Guideline on Stress Testing to be used by Banks In Capital and Liquidity Planning (GST) was published. GST is arranged to determine the principles on the implementation of the mentioned article and banks are expected to be in compliance to the extent with their structures, size and complexity of the Bank’s activities. Principles stated in the guideline also make a base for supervision and surveillance activities of the Agency. Within the scope of GST, stress testing defines all the implementations enabling the forward-looking evaluation of possible events or changes that could adversely impact the bank.



During the examinations conducted, BRSA reviews the key assumptions driving stress testing results and their continuing relevance in view of existing and potentially changing market conditions. BRSA evaluates banks on how stress testing is used in internal processes of banks and the way it affects decision-making.
EC14The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities.
Description and findings re EC14Article 40 of RICAAP states that the top management should be fully aware of the risks involved in the new products and services. The bank must ensure that detailed assessment of the risks that may arise from the product or service, determination of the necessary resources to assess risk management practices and carry out effective risk management for the new product or service, implementation procedures to be followed in measuring, monitoring and controlling the risks that would arise from the new product or service are taken into account when a new product is offered.
Additional criteria
AC1The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks.
Description and findings re AC1
Assessment of Principle 15Largely Compliant
CommentsThe RICAAP forms a part of the core of the BRSA’s regulatory framework for risk management. Given that the ICAAP is a relatively recent requirement, banks’ are still developing their approach and implementing important systems. The BCP team’s review of supervisors’ working papers and discussion with banks indicated that banks as well as supervisors are, in fact, in a learning phase. The quality of banks reports and the scrutiny of the reports by supervisors will need to develop further before the results can be more reliably and more extensively used.



Commensurate with their size and complexity of operations, banks should be specifically required to have qualified CROs with sufficient stature, position and authority within the organization to oversee risk management activities. The level of senior manager may not provide the necessary stature necessary to challenge high level risk decisions and processes.



As well, while there are comprehensive requirements for the evaluation of new products, parameters should be expanded to explicitly address material modifications to existing products and major acquisitions. It should also direct banks to restrict such products or activities if they do not have the necessary controls, management, and resources to manage related risks.
Principle 16Capital adequacy.39 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards.
Essential criteria
EC 1Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis.
Description and findings re EC1According to Article 45 of the BL all banks in Turkey need to hold a capital adequacy ratio (CAR) of at least 8%. The BL also authorizes the BRSB to increase the minimum CAR, to set different ratios for each bank and to revise the risk weight assets after taking into consideration the banks’ internal systems as well as their asset and financial structures.



Using these powers the BRSA has implemented a capital framework in compliance with Basel standards. For the regulatory minimum capital requirement, the BRSA sets the minimum standard for CET1, Tier 1 and Total Capital on a solo and consolidated level according to the Basel requirements, which are 4.5%, 6.0% and 8.0% of risk-weighted assets, respectively, and, as a parallel requirement, the BRSA also sets a targeted minimum total capital ratio of 12% of risk-weighted assets. Minimum levels are defined in the RCA (art. 29 and 30) while ROF defines the elements of regulatory capital.



Banks are also required to maintain a capital planning buffer above the minimum amounts based in their internal capital assessment and planning (RICAAP, art. 55 and 60).
EC2At least for internationally active banks,40 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards.
Description and findings re EC2The BRSA applies the Basel Framework on a consolidated basis to all credit institutions in Turkey, including credit banks and participation banks. The capital framework is mostly established in the Regulation on Own Funds (ROF) and in the Regulation of Measurement and Assessment of Capital Adequacy in Banks (RCA) and is in compliance with Basel Standards.



Some aspects of the regulation are more rigorous than the Basel framework. Turkish legislation, for instance, applies a more conservative approach in assigning risk weights based on ratings for exposures to corporates. All domestically incorporated corporates are subject to a risk weight of at least 100%. The floors applied to the IRB and AMA framework are also more conservative than the ones prescribed by Basel, although currently there is no bank authorized to calculate regulatory requirements following these approaches



Given the low materiality of securitization exposures in the Turkish banking system, the BRSA has not implemented the internal ratings-based approach for securitization.



The BRSA capital framework has been assessed as compliant by the Basel Committee Regulatory Assessment Program
EC3The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)41 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements.
Description and findings re EC3Article 45 of BL provide the BRSB the power to increase the minimum CAR and to set different ratios for each bank after taking into consideration the banks’ internal systems as well as their asset and financial structures.



In practice specific capital charges are established in the ICAAP and SREP review. The RICAAP Section 5 (ICAAP) requires banks to assess their capital needs, estimate capital charges for Pillar 2 risks and estimate a capital planning buffer based on stress scenario for the following three years. Banks are required to maintain a higher level than the amount estimated internally. The BRSA examines the ICAAP report and in case missing parts or errors are found, a new ICRR can be determined. Article 60 of the RICAAP also allows the BRSA to increase capital requirements if it considers that banks are not holding sufficient capital for Pillar1 and Pillar2 risks.



The regulation imposed by the BRSA is complex and difficult to enforce. Banks are allowed to use models to calculate the internal capital charge for Pillar 1 and Pillar 2 risks, to consider risk diversification benefits, and are provided a few constraints on the projections of their capital needs for the following years under stress. In addition to that, the specific capital charge may not be binding for several banks. Since the capital planning buffer is only applied when the results are higher than the capital conservation buffer, it is likely to fade in importance over the next few years as the capital conservation buffer will be fully phased-in. The 12% total capital parallel requirement imposed by the BRSA might also be the effective binding constraint for a number of banks.
EC4The prescribed capital requirements reflect the risk profile and systemic importance of banks42 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements.
Description and findings re EC4As explained in EC3, the BL authorizes the BRSA board to increase the minimum capital adequacy ratio and to set different ratios for each bank taking into consideration the banks’ internal systems as well as their asset and financial structures. The BRSA does that in practice through the ICAAP.



Systemic importance is taken into account imposing additional loss absorbency requirements for domestic systemically important banks. The BRSA methodology is similar to the one used by the FSB to identify and group G-SIBs. The regulation creates four groups of banks as shown in the table below and distributes the banks in the groups according to their systemic importance. Seven banks are expected to populate the bottom three groups of the table.
GroupsDomestic Systemically

Important Banks (D-SIBs)

Buffer rates (%)
Group 4- empty3
Group 32
Group 21,5
Group 11


Macroeconomic conditions are taken into account through the countercyclical capital buffer. Following the Basel guidance, the BRSA’s capital framework prescribes a process whereby both national and cross-border conditions are taken into account. The national component of the buffer is currently set at zero. BRSA has established indicators and a process for monitoring the macroeconomic conditions in Turkey and update this value as needed. Banks should obtain the value of the foreign component of the buffer for each country where they contain exposures from the Basel Committee website.



Another tool implemented by the BRSA to limit leverage in the banking system is the leverage ratio. The regulation on Measurement and Assessment of Leverage Level of Banks (RMAL) establishes that the three-month simple arithmetic average of the leverage ratio should be at least three percent. The RMAL also provides the BRSB the power to establishes a different leverage ratio and consolidated leverage ratio by considering the internal systems, asset and financial structures of banks, the implementation of different ratio on the basis of the bank and change the calculation and reporting periods.



As explained in EC2, some aspects of the regulation set by the BRSA are more rigorous than the Basel framework. Turkish legislation, for instance, applies a more conservative approach in assigning risk weights based on ratings for the exposures to corporates. The BRSA also applies a parallel 12% capital adequacy ratio requirement.
EC5The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use:
  • a) such assessments adhere to rigorous qualifying standards;
  • b) any cessation of such use, or any material modification of the bank’s processes and models for producing such internal assessments, are subject to the approval of the supervisor;
  • c) the supervisor has the capacity to evaluate a bank’s internal assessment process in order to determine that the relevant qualifying standards are met and that the bank’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken;
  • d) the supervisor has the power to impose conditions on its approvals if the supervisor considers it prudent to do so; and
  • e) if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval.
Description and findings re EC5Currently there is no bank in Turkey authorized to use modeling approaches to calculate the Pillar 1 capital charge.



The use of internal models for calculating regulatory capital requirements is subject to BRSA approval (RCA, Articles 4, 9 and 24). The approval process to use internal assessments for various risk types are set out in related communiqués such as CIRB, CAMA, CMR-RMM.



Some large domestic banks and subsidiaries of international banks, are already using models for their internal risk management and lending process. These banks are in the process of calibrating and adjusting those models in order to appropriately capture the risks of the local market, before submitting them for regulatory approval by the BRSA. Some banks are expected to apply for the IRB approach.



The regulatory framework set out numerous requirements for banks utilizing internal models approaches. CIRB, CAMA and CMR-RMM set qualifying standards for credit risk, operational risk and market risk in accordance to the Basel II framework. The BRSA has a number of risk management specialists that are able to provide support during the authorization process.



According to the regulation, material modifications to the risk system after the authorization process require new BRSA approval. If a bank does not continue to meet the qualifying standards or the conditions imposed by the BRSA on an ongoing basis, the BRSA has the power to revoke its approval according to CIRB, CAMA, and CMR-RMM.
EC6The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).43 The supervisor has the power to require banks:
  • a) to set capital levels and manage available capital in anticipation of possible events or changes in market conditions that could have an adverse effect; and
  • b) to have in place feasible contingency arrangements to maintain or strengthen capital positions in times of stress, as appropriate in the light of the risk profile and systemic importance of the bank.
Description and findings re EC6RICAAP Articles 46-62 have detailed provisions concerning the ICAAP processes and reporting of banks. In particular, banks should have a risk based, comprehensive and forward-looking capital assessment processes which should include all the risks on a consolidated basis.



In particular, as discussed in EC3, banks are required to hold a capital planning buffer that is based on stress tests. Banks are required to project the evolution of their RWA and capital for the following three years under different stress scenarios. The methodology generates a capital charge associated with the lowest capital buffer in any one of these years.



Finally, banks are required to discuss and provide information on contingency arrangements to maintain their capital positions in times of stress as part of the ICAAP reports (GICAAPR).
AC1For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks.
Description and findings re AC1
AC2The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.44
Description and findings re AC2
Assessment of Principle 16Compliant
CommentsThe BRSA has adopted the various components of Basel II, 2.5 and III according to the framework established by the Basel Committee. Capital is calculated on a consolidated and solo basis for all banks and the BRSA has the authority to impose additional capital requirements on individual banks, as deemed necessary. The BRSA has applied the three Basel ratios (common equity tier 1, tier 1 and total capital) as well as countercyclical capital requirements, systemic important bank capital add-ons and a “capital planning buffer” that provides a forward looking nature to the capital regulation.



Going forward, as the BRSA gain experience with the ICAAP, it should consider simplifications to the framework to improve its enforceability and reduce banks compliance burden, particularly for non-systemic important banks. Simplifications that could be considered include restrictions on diversification benefits and use of models for credit, market and operational risk that have not been authorized for the Pillar 1 capital charge. The BRSA should also evaluate the interaction with other requirements such as the 12% parallel capital charge and the Basel capital buffers to prevent the effectiveness of the Pillar 2 regime from being damaged by another more stringent requirement that in practice makes the Pillar 2 charges redundant.
Principle 17Credit risk.45 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk46 (including counterparty credit risk)47 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios.
Essential criteria
EC1Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring.
Description and findings re EC1Article 23 of the BL assigns direct responsibility to the board of directors for “ensuring the establishment, functionality, appropriateness, and adequacy of internal control, risk management, and internal audit inconformity with the applicable legislation; securing financial reporting systems; and specification of the powers and responsibilities within the bank”. The Article 29 of the BL states that the banks are obliged to establish and operate adequate and efficient internal control, risk management and internal audit systems that are in harmony with the scope and structure of their activities.



The definition of a “loan” is provided articles 48 and article 50 and provides a comprehensive list of the prudential standards and limitations for extending loans to the risk group of the bank. Article 51 and article 52 of the BL includes the framework regarding credit administration and monitoring.



Standards of credit underwriting, evaluation, administration and monitoring are further enumerated in the Guideline on Credit Management of Banks (GCM). It states that the processes should be consistent with the risk appetite, risk profile, systemic importance and capital strength of a bank; that the processes should take market and macroeconomic conditions into account and result in prudent standards of credit underwriting, evaluation, administration and monitoring. Additionally, there is a separate Guideline on Counterparty Credit Risk Management (GCPRM).



In addition to the credit risk management provisions described above, the GCM defines ‘credit management’. It includes the areas of credit marketing, credit granting, and credit monitoring. The GCM states that certain organizational structures in the credit area should avoid conflicts of interest that may be caused by units reporting to the same vice general manager that are involved in credit monitoring and tracking together with credit marketing and credit granting. The GCM also addresses certain MIS requirements, conformity with limits, and management of collateral. The following provides a description of the organization of the 2 functions of (credit) risk management and credit monitoring as conveyed to the assessor team.



Credit Risk Oversight Organization



Credit oversight is laid out in a two-fold manner.



1. (Credit) Risk Management



The board is charged with effective risk management and organizationally, such a unit must fall directly under it. As such, the unit falls under the audit committee as an extension of the board.



The “legal” independence of this unit is expected via RICAAP which enumerates in detail the responsibilities of the board including determining its organizational structure, strategies, as well as human resource considerations. In this regard the board is responsible for the appointment and dismissal of unit managers and training of staff.



This unit conducts a variety of risk management activities including credit portfolio/exposure surveillance. However, it does not conduct evaluation of individual credits to determine their internal classification status (standard, special mention, substandard, doubtful, loss). It takes this information generated from the “risk management function”, a management line function, as source data from which to calculate relevant trend information. It adds to that other analysis to monitor higher level trends and issues that management and the board should receive. Some of the information generated at this level includes:
  • Internal limits and ratios
  • Legal limits and ratios
  • Individual borrower limits
  • Sector concentration limits
  • NPLs figures (received from the credit review department)
  • Recent trends and developments in the portfolio(s) taking into account market and macroeconomic information
This type of information, at this level, will first go to the audit committee and then to the full board.



Among other things, this department is also typically responsible for monitoring the overall risk trends in the bank, designing the risk rating system used by the management/business lines, policies and procedures, model development for credit approval processes, review of model validations conducted elsewhere in the bank, etc. However, no work or analysis is conducted at the individual credit level.



2. Credit Monitoring Function (line management department/unit)



This unit is a management line function as are the marketing and underwriting functions. The later 2 are involved in credit origination, analysis, approvals (according to delegated loan authorities and controls), and administration.



The credit monitoring function represents management’s execution of their responsibility to monitor the business risk they put on the books of the bank. The business line (should be) is the party responsible for first identifying and flagging credit risk deterioration. If accomplished in a timely manner, this allows early intervention and possible rectification of potential credit problems.



Credit risk monitoring starts as soon as the subject loan is granted and consists of monitoring:
  • Past due status of the borrowers
  • Change in system generated risk ratings
  • Collateral status and coverage
  • Customer limits
  • Risk Center monitoring for developing borrower(s) trends
  • Opines on restructuring loans
  • Deteriorating credit as detected from past due information
In general, once a credit hits NPL status, it is sent to the loan work-out unit for more active management.



This unit provides the source data on, intern alia, individual deteriorating/NPL credits and NPL trend data on homogeneous credits to the board via the risk management function described above. Such data are management reports which may have more current (and different) classifications of credit than the system generates due to the timing of information input to the system.



The BRSA also conveyed that the internal audit function plays an important role in the credit risk management framework. Audits in the credit areas are intended to determine whether the credit process is consistent with board approved policies and procedures and the accuracy of management reports, and board and audit committee reports. As well, the BRSA added that loan review is the most prevalent activity in the internal audit plan(s).



According to REPL, banks are required to review their loan portfolio in terms of classification at least quarterly and they are required to document those reviewed for the largest 200 loans (or the ones above 250.000 TL). The BRSA indicated that the loan review documentation for the largest 200 loans is usually prepared by internal audit.



The BRSA, in its credit portfolio reviews, determines the extent to which internal bank ratings are automatically generated, both the homogeneous portfolios as well as the larger, individual credit exposures. The examiners review and use both management problem loan reports and the system generated reports during portfolio inspections.



The credit risk management oversight (line management function) and credit risk management function and the organization therein create loopholes in the independence and integrity of credit risk monitoring and reporting to bank boards and the BRSA. Key observations on the credit risk oversight organization:
  • Based on this design, which may vary in practice from institution to institution, the board has indeed established a (credit) risk management unit that complies with the letter of the law. Through this mechanism, the unit is able to provide high level trend and other analysis information.
However, there is no ongoing, independent credit risk monitoring of large individual exposures or homogeneous portfolios. Important source data (identification of deteriorating credits that have not yet reached an NPL status—as well as special mention credit and status of NPLs) is generated by the credit monitoring unit which is a business line management function. This information is also reported to the BRSA for monitoring and examination purposes.
  • • There is no independent verification (i.e., independent loan review function) that determines that 1) management identification processes are accurate and timely, 2) management, itself, is accurately recognizing its business risk, and 3) timely borrower intervention is activated.
  • • This critical input forms the basis of important MIS going to the board.
  • • Examiners, through their inspection process, have identified important, clearly inaccurate classifications of credit that could easily indicate key issues with 1-3 above. However, the significance of these inaccurate classifications was not clear from the examination samples reviewed. Consistently, there was no indication of the size of the sample of reviewed credits, how significant the aggregate, inaccurately classified credit was to the total portfolio, and if such findings could be extrapolated to the entire portfolio.
GCM Principle 9 presents the activities of units included in the bank’s internal systems (internal audit, risk management, compliance). Banks are to make “internal controls” (internal audits) with the objective to assess credit management processes, determine compliance with legal and bank limits, and to avoid deterioration in the credit portfolio. Activities, at a minimum, include: periodically assess the largest 200 credits of the bank which have the highest risks, test adequacy of collateral, assess the adequacy and accuracy of credit files; test non-performing loan identification; and assess the risk arising from exceptional operations. The activity also is to determine compliance with credit policies and procedures including authorizations, maturity, quality, and reporting to senior management.



Results of internal systems’ (risk management, internal audit) reviews are to be shared with senior management and the audit committee. The GCM goes on to indicate that banks establish an internal ratings system to manage credit risk. Retail customers are monitored through behavioral models. Corporate credits must be rated once a year (the REPL requires quarterly). Board of directors and senior management of the bank should be regularly informed about rating results.



The CAMEL rating process/GAR module lays out specific review processes for evaluating the credit risk management processes. For example, questions aim to check whether banks have the necessary policies and procedures regarding the credit risk management, risk appetite and CCR.



The BRSA undertakes special examinations that target certain banking activities/credit portfolios according to the risk evaluations conducted at the beginning of a bank’s supervisory cycle. The assessor team reviewed a sample of 4 such examinations in the credit portfolio area. See EC 3 for detail of observations.
EC2The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,48 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes.
Description and findings re EC2GCM Principle 1 requires that the board of directors to determine, in writing, and approve the credit strategies in light of market conditions, the bank’s financial condition, risk appetite, etc. It goes on to direct that the board of directors periodically reviews the financial and economic indicators used in establishing the credit strategy and make the necessary changes in the strategy and practices. Implementation of the credit risk strategy by the senior management or another related unit of the bank is also addressed throughout the GCM.



Principle 2 requires banks to establish marketing, credit-granting and monitoring policies in line with their credit volume and complexity of activities. According to paragraph 13, those policies are approved by the board of directors and reviewed annually (Paragraph 15). Credit procedures are established in writing by senior management or the board of directors according to Paragraph 25.



GCPRM directs that the board of directors must approve counterparty credit risk (CCR) management strategies. The level of risk appetite should be reviewed periodically and the frequency and scope of this review should be determined according to CCR level and complexity of the bank. A sound CCR management framework shall include the identification, measurement, management, approval and internal reporting of CCR. The Guideline details requirements for the measurement, monitoring, and reporting of CCR to the board and senior management. Parameters for CCR risk mitigation practices are enumerated as well.



The BRSA conducts onsite review of credit risk management and the attendant strategies, policies and controls through its CAMELS review/GAR methodology process. During this process, the examiners may decide to conduct specialty examinations targeting areas such as corporate loans, commercial loans, SME loans etc. These activities provide the opportunity for the examiners to test management implementation of board established risk appetite and strategies and current bank practices.



For more detailed description of the credit examination process, see EC 3 below.
EC3The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:
  • a) a well-documented and effectively implemented strategy and sound policies and processes for assuming credit risk, without undue reliance on external credit assessments;
  • b) well defined criteria and policies and processes for approving new exposures (including prudent underwriting standards) as well as for renewing and refinancing existing exposures, and identifying the appropriate approval authority for the size and complexity of the exposures;
  • c) effective credit administration policies and processes, including continued analysis of a borrower’s ability and willingness to repay under the terms of the debt (including review of the performance of underlying assets in the case of securitization exposures); monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system;
  • d) effective information systems for accurate and timely identification, aggregation and reporting of credit risk exposures to the bank’s Board and senior management on an ongoing basis;
  • e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff;
  • f) exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board where necessary; and
  • g) effective controls (including in respect of the quality, reliability and relevancy of data and in respect of validation procedures) around the use of models to identify and measure credit risk and set limits.
Description and findings re EC3Requirements addressing the above are contained in the BL, REPL, and GCM. REPL (Regulation on Procedures and Principles for Determination of Qualifications of Loans and other Receivables and Provisioning) has been revised and is awaiting publishing in the official Gazette. As relevant, the provisions in the new document are included.



a) policies for assuming credit risk w/o undue reliance on external assessments.



Article 52(1) of BL requires banks to measure credit risk; regularly analyze and monitor the financial standing of the counterparty; obtain the necessary information and documents; and establish the relevant procedures.



Principles 1-3 of the GCM require banks to establish credit strategies, credit policies and credit procedures. Specifically, principle 17 presents selected guidelines for determining customer limits, indebtedness, and solvency upon which to base credit granting – which relies on internal bank analysis. Principle 14 requires that banks obtain adequate information in order to assess the risk profile of the borrower and that (principle 13) banks have established assessment and approval functions for credit management and approvals.



b) procedures for new, renewed, and refinanced exposures; structured approval authorities.



Principles 11, 13 and 23 of GCM present parameters for approving new exposures, for renewing and refinancing existing exposures, and identifying the appropriate approval authority for the size and complexity of the exposures. Principle 13 requires banks to establish assessment and approval functions for an effective credit management. Requirements and standards for restructured credit are enumerated in principle 23.



Restructured Credit



The current REPL, Article 11, goes further in addressing terms for restructuring credit. Credits experiencing a temporary liquidity problem may be restructured in order to provide (reasonable) assurance that the debt will be repaid. The article requires monitoring of restructured credits for at least six months in the Third (substandard), Fourth (doubtful), Fifth (loss) groups of loans and other receivables. During this period, provisions are continued to be set aside for the said receivables at the rates of special provisions applied on the relevant group. Credits may be restructured twice, the second time providing that 20% of the existing principal is collected each year. The draft REPL is silent on the maximum number of times a loan may be restructured but prescribes rather extensive “probation periods” for classification of special mention credits to be upgraded to standard (one year). When a substandard loan is subject to forbearance (restructuring), it can only be upgraded to special mention if certain conditions are met (including performing as agreed for one year). If a restructured special mention credit goes past due 30 days, then it must be classified substandard. However, the draft REPL prescribes a rather extensive timeframe for writing off such a substandard credit that hits the loss classification. It states that once a restructured credit falls into the substandard category and is past due for one year, it will be classified in the 5th group (loss) and the bank will be required to write-off the uncollateralized portion within a maximum period of one year.



Further, the regulation allows restructuring of loans in the loss category. Credits in this loan classification generally should not have the opportunity to be restructured as they are, by definition, permanently impaired and considered “nonbankable” assets. In some systems, such credits are prohibited from being restructured. (The draft REPL is silent on this, but, in fact, should offer guidance here as silence may indicate approval of previously allowed (imprudent) restructuring of loss credit.)



Restructured credit facilities may be transferred and posted to the “Account of Loan Facilities Renewed and Subject to Redemption Plan” at the end of this period, providing that at least fifteen percent (15%) of the total amount of receivables is repaid, and they are traced and pursued in the same group for at least six months, and the repayments are not delayed. (The draft REPL extends the monitoring period to one year before consideration of a classification change.)



Discussions with the BRSA indicated that reports on a host of credit issues are received by the offsite department, including information on restructured credits. Examiners indicated that restructured credit is, in fact, reviewed when special credit examinations are conducted – as a part of the relevant portfolio.



c) continued analysis of a borrower’s ability and willingness to repay under the terms of the debt; monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system.



Article 52 of the BL requires banks to “measure (loan exposures); regularly analyze and monitor the financial standing of the counterparty; obtain the necessary information and documents; and establish the relevant procedures”. GCM principles 1-3 and principles 15, 17, 24, 25 and 26 detail the parameters regarding the monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system. The Communique on Credit Risk Mitigation Techniques (CCRM) sets down procedures and principles relating to credit risk mitigation techniques to be used by banks in calculation of regulatory capital requirement. REPL presents the terms and conditions for asset classification.



Loan Classification System



REPL enumerates loan classification requirements. The Second Part of the regulation directs that loans are categorized/classified based on the state of borrower creditworthiness and/or delinquency status. The following presents the minimum for credit classification. Still, much of the classification process by the banks and examiners is driven by the past due status of the given credit(s).
  • Special Mention (“close monitoring”) – > 30 up to 90 days
  • Substandard (“limited collectability”) - > 90 up to 180 days (provisioning: 20%)
  • Doubtful - > 180 days to 1 year (50%)
  • Loss - > over 1 year (100%)
  • Credits classified substandard and worse are considered nonperforming.
Review of special examinations of loan portfolios, mutually agreed by the BRSA and the BCP team identified a number of key issues which are further discussed in BCP 18 Problem Assets, Provisions, and Reserves. However, the issues identified with REPL content are presented in here.



Classification categories enumerated and required by REPL are internationally used. However, the definitions for the classifications themselves are unclear and substantially overlapping. This is particularly the case for the special mention and substandard categories.



Special mention includes, according to the REPL, credits that:
  • are required to be monitored closely due to such reasons as observation of negative developments in solvency or cash flow of the debtor, or suspecting of such developments, or the borrower’s bearing a substantial and material financial risk
  • These elements indicate that, on a financial basis, the current sound worth and paying capacity of the borrower is exhibiting well defined credit weaknesses – the concrete definition of substandard.
  • The substandard definition reflects very similar parameters and goes on to state:
  • (credits) which fully have a limited collectability due to inadequacy of shareholders’ equity or guarantees of the borrower in repayment of debts on due dates thereof, and which may probably cause damages and losses if the observed problems are not corrected or remedied; or
  • creditworthiness of the borrower weakened and which is accepted to have been weakened
Review of the sample portfolio examinations clearly indicated that both the banks and the examiners are blurring the use of these 2 classification categories, although more so the banks in the examples seen. Furthermore, the examples highlighted that banks also are maintaining “watch lists” which can be considered precursors to special mention classifications (or worse). Reviews by the examiners accurately identified credits in this group that rightly deserved to be in substandard or worse categories. This may be, in part due to the nature of the special mention category (as well as the desire to avoid additional provisioning and disclosure). (It should be noted that, in their loan portfolio special examinations, examiners typically do not dive into the accuracy of credits already classified as NPL, but focus on those that are carried on management’s “watch list” and special mention credits.) The impact of this is further discussion in BCP 18. However, the definitions and use of the classifications require clarification and strengthening. Review of the draft REPL indicated much the same issue with the definitions.



The framework for loan loss provisions and observations therein are provided in BCP 18.
  • d) MIS for accurate and timely identification, aggregation and reporting of credit risk exposures to the bank’s Board and senior management on an ongoing basis In addition to the general requirements regarding information systems of banks in RICAAP Article 11, Principles 6-8 of the GCM include the provisions for the documentation and information systems for credit risk. Principle 6 requires that information and documents concerning credits for each customer should be easily accessible, principle 7 requires banks to establish effective information systems with respect to the credit management. Moreover, in accordance with Principle 8 banks should design information systems in line with the size and complexity of their operations. Also in line with paragraph 56, results of internal system analysis will be shared regularly with senior management and audit committee regarding their importance.
  • e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff The RICAAP, specifically Article 5, requires that boards set an appropriate risk appetite and that risk limits are established commensurate with the risk appetite, capital, and management resource of the bank. The regulation requires effective communication of the risk appetite and limit structures through the bank.
  • f) exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board where necessary.
In accordance with paragraph 14 of the GCM, credit policies should address identifying and reporting exceptions to credit policy. Paragraph 59 of GCM require risk management units to assess and report the frequency of such credit exceptions.
  • g) effective controls (including in respect of the quality, reliability and relevancy of data and in respect of validation procedures) around the use of models to identify and measure credit risk and set limits.
BCP 27, EC 3 details the BRSA’s requirements for model validation as per the GFVM. For CCR, Paragraph 7 of GCPRM stipulates that where the bank is using an internal model for CCR, senior management must be aware of the limitations and assumptions of the model used.



From the IT point of view, banks’ information systems must meet the standards set in RITEA. For example, according to article 25 (2)(b) of RITEA banks’ processes regarding retail and corporate loans are audited by external auditors and results of this audit are submitted to BRSA. If any deficiencies regarding standards laid down in RITEA are observed during the IT audits conducted by external auditors those deficiencies are taken into account within the scope of regular on-site examinations.



BRSA Credit Examination Process



The management and risk control over the credit operations of a bank are evaluated through both the CAMELS review/GAR methodology. During this process, the examiners may decide to conduct specialty examinations targeting areas such as corporate loans, commercial loans, SME loans etc. It is during the specialized examination process that the examiners have the opportunity to assess the effectiveness of the bank’s credit underwriting, monitoring, early identification and classification processes as well as the risk management oversight mechanisms. Further comments on the adequacy of the examination process are offered in the rating comments below and in BCP 18.
EC4The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk.
Description and findings re EC4Banks are required to have policies and processes to monitor the total amount of customer indebtedness held by the bank. According to Article 107 of GCM, the foreign exchange risk exposure of customers in other banks is also taken into consideration in effective credit administration process.



In the CAMELS risk assessment process, GAR process directs examiners to have information about total indebtedness of firms in the market. Reviews of 4 sample examinations showed that aggregate customer indebtedness (on and off-balance sheet) is also gathered during certain specialized examinations and classified consistent with the borrower classification. However, the manner in which the examiners present and write up the credits that they review during the special examination does not clearly depict the nature and volume of other related exposures (in the given bank) which, if presented, would help put the overall borrower relationship in context.
EC5The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis.
Description and findings re EC5Article 50 of the BL requires banks that the loan conditions cannot vary from the loans made available to other persons and groups and from market conditions, in favor of the borrower. It explicitly states that all loans should be extended on an arm’s length basis.



Please also see BCP 20, Related Parties.
EC6The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities.
Description and findings re EC6According to Article 5(1) of Regulation on Credit Transactions by Banks (RCT), the powers for extension of credit in a bank basically rest with the board of directors and the board may delegate its powers for extension of credit to a credit committee or headquarters. According to Article 5(2) the maximum amounts the board of directors can delegate to credit committee or headquarters are up to 10 percent and up to 1 percent of own funds respectively.
EC7The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk.
Description and findings re EC7Articles 65, 66, 95 and 96 of the BL grant the right to the BRSA to have full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk. The institutions under the scope of BL and their activities shall be subject to supervision of the BRSA. The BRSA may send representatives to the meetings of the general assemblies of banks, for observation purposes. The institutions should keep their information and documents regarding their internal control, risk management and internal audit systems, accounting and financial reporting units, financial statements and reports as well as loans extended to risk groups, as ready and appropriate for consolidated supervision.
EC8The supervisor requires banks to include their credit risk exposures into their stress testing programs for risk management purposes.
Description and findings re EC8According to Article 43(4) of RICAAP, banks are required to have stress testing program which requires, an overall firm-wide stress testing, in addition to each material risk type, including credit risk.



According to principle 27 of GCM, banks should perform stress testing and scenario analysis in monitoring and measuring risks arising from credit portfolio. Banks are required to make analysis on the current and future capital requirements for credit risk. Banks are required to conduct stress testing on an individual risk level and also on a firm-wide basis. GCPRM principle 7 also gives guidance on counterparty credit risk stress testing program.



For a more expanded discussion on stress testing parameters and observations, see BCP 8 EC 5.
Assessment of Principle 17Materially Non-compliant
CommentThe legal framework for credit risk is generally comprehensive. It establishes the responsibility of the board in this area, requires a framework for the credit business of banks, as well as prescribes properly controlled credit risk environment. However, several issues exist within the framework which compromise the effectiveness of this framework and its application.



As prescribed in regulation and organized in practice (verified through review of credit portfolio special examinations presented by the BRSA during the assessment) the credit risk management oversight (line management function) and credit risk management function and the organization therein create loopholes in independence and integrity of credit risk monitoring and reporting to bank boards and the BRSA:



1. The framework design does not require ongoing, independent (from the business line) credit risk monitoring of large individual exposures or homogeneous portfolios. Important source data (e.g., identification of deteriorating credits, level of (accurately) classified assets, status of restructured credits, etc.) is generated by a line management function (credit monitoring) without independent verification that 1) management identification processes are accurate and timely, 2) that management, itself, is well informed of the risk it is running and is upholding board prescribed underwriting standards, and therefore, accurately conveying its business risk, and that 3) timely borrower intervention is activated.



2. This (unverified) information generated by the line function is source data used by the risk management functions for audit committee and board reporting and is also likely the information also reported to the BRSA for monitoring and examination purposes.



Although the internal audit function plays an important role in ensuring a strong control environment, the function itself is not designed to play an ongoing surveillance role such as the independent credit risk management unit. It cannot replace the need to have such a function within the bank(s).



Highlighting the issues surrounding this organizational environment, examiners, through their inspection process, have identified important, clearly inaccurate classifications of credit that could easily indicate the existence of 1 and 2 above. However, the significance of these inaccurate classifications was not clear from the examination samples reviewed. Consistently, there was no indication of the size of the sample of reviewed credits, how significant the aggregate, inaccurately classified credit was to the total portfolio, and if such findings could be extrapolated to the entire portfolio.



Credit classification definitions, particularly in the special mention and substandard categories are overlapping. Evidence demonstrates that both the examiners, but especially the bankers, fluidly move credits among these categories which compromises the picture of the bank’s risk profile which accurate classification is intended to depict. As well, such movement and less rigorous classification impacts provisioning levels and ultimately, the accuracy of the bank’s financial statement.



The REPL explicitly allows restructuring of loss credit which is considering in many systems to be outright imprudent activity as such loans are, by definition, permanently impaired and considered “nonbankable” assets. In some systems, such credits are prohibited from being restructured. The draft REPL is silent on this issue but theoretically would allow this practice. This practice should be explicitly addressed (disallowed).



The manner in which the examiners present and write up the credits that they review during the special examination does not clearly depict the nature and volume of other related exposures (in the given bank) which, if presented, would help put the overall borrower relationship in context.
Principle 18Problem assets, provisions and reserves.49 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.50
Essential criteria
EC1Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs.
Description and findings re EC1Articles 52 and 53 of the BL stipulate the rules that banks must follow for loan evaluation. In particular, Article 52 of the BL requires banks to regularly analyze and monitor the financial standing of their borrowers and borrowers are obliged to provide the necessary information to the banks on both solo and consolidated basis. Article 53 requires banks to establish, implement, and regularly review the policies regarding the monitoring of the loans under follow-up and their loan loss provisions. In addition, the Regulation on the Procedures and Principles for the Evaluation of Loans and Other Receivables (REPL) sets the rules on classification of loans (into five groups) and the criteria for loan loss provisioning.



Article 12(9) of REPL requires banks to prepare an exclusive report containing views about the loans that exceed TL 250,000 and, in any case, the largest top 200 loans, on a quarterly basis or in case of occurrence of any risk event.



The article 16(10) and (12) of the Communiqué on Financial Statements and Their Disclosures to be Announced to Public by Banks (CPD) requires banks to disclose the amounts of write-offs as well as their policies and procedures on write-offs respectively.



On the other hand, the REPL does not include parameters for write-offs. The draft REPL specifies write-off criteria in relation to IFRS 9 requirements.



Additionally, in GCM, principle 28 states that banks should have written policies concerning the management of non-performing loans and receivables. The processes of credit monitoring and liquidation should be established in a way to secure collection efficiency. As well, banks should establish a unit apart from credit assessment and marketing units for the management of NPLs. Banks should identify the criteria concerning the determination and reporting of problematic loans which need to be monitored closely, classified into a different group, and which require provisioning and/or additional remedial measures.



The proper implementation of REPL is assessed during the on-site examinations and the data on Performing Loans, Non-Performing Loans, Restructured Loans and Provisions for Non-Performing Loans, Solo and Consolidated Compliance of Banks to Credit Limits are monitored offsite by means of call reports sent by banks on a monthly/quarterly basis.



Furthermore, audit committee reports and meetings are analyzed in terms of credit classification and provisioning. Management committee meetings and board decisions about the policies and strategies established for the management of problem assets are also evaluated during the on-site examination process.



Of note, the BRSA prepared a new draft REPL for which the responses of the stakeholders haves been received during the public consultation phase. Draft REPL is currently awaiting publication in the official gazette. The BRSA informed the BCP team that the draft takes into account IFRS 9 for provisioning purposes and keeps five group classification of the current regulation. Additionally;



* the entry and exit criteria of sub-groups are elaborated,



* the definition of non-performing loans is linked to the Basel II default definition and the stage 3 of the IFRS 9,



* forbearance is defined as a cross-cutting category based on EBA ITS dated 20.02.2015.



* criteria for reclassification from non-performing to performing loans is determined,



* write-off criteria are laid down by considering IFRS 9 requirements,



* expected loan loss provisions are required to be recognized in compliance with the IFRS 9, and



* Banks are required to review loans on a quarterly basis or in case of occurrence of any risk event for re-classification purposes. Also, the banks are required to document their assessments regarding the largest 200 loans or the loans exceeding TL 500.000.
EC2The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes
Description and findings re EC2The on-site examiners assess the objectivity and adequacy of internal procedures and internal controls necessary for an independent inspection of bank lending activities. The SMCEP directs that this assessment as well as the assessment of the adequacy of a bank’s policies and processes for grading, classifying, and provisioning its assets are made taking into account several factors such as:
  • The effectiveness of the internal rating system of the bank,
  • Whether the internal procedures as well as the MIS system of the bank allow for the board and management to obtain timely and appropriate information on the condition of the loan portfolios,
  • Whether the internal procedures of the bank established for monitoring the loan portfolios and classification of the loans are in compliance with the relevant legislation,
  • Whether the findings of the internal audit and internal control groups about the problem assets are sufficiently taken into account by the bank’s management,
  • Robustness of the collateral data used for capital adequacy calculations,
  • The adequacy of the provisioning levels of the bank in relation to regulatory requirements and with respect to the risk profile and quality of the credit risk management system of the bank,
  • The accuracy of loan classification based on a sufficiently large examination sample of loans.
During the full scope examinations, with reference to SMCEP, the on-site team assesses a cross section of a significantly large sample of individual loans, including the highest risk exposures. In particular, loans are selected on the basis of different sources and criteria including, inter alia,
  • the loan reports produced by the bank,
  • list of loans categorized in the second group (special mention) pursuant to REPL,
  • list of loans past due,
  • the report of potential problem loans produced by the off-site team,
  • previous examination reports produced by the BRSA with respect to the loan portfolio of the bank,
  • list of obligors classified in the 2nd group (special mention) by other banks pursuant to the REPL,
  • list of restructured/rescheduled loans.
  • the selection of the sample of individual loans pays particular attention to the significance of the individual loan in the portfolio and to the fact that the examination sample adequately represents the total loan portfolio of the bank. In every instance, on-site team examines at least the 200 firms/obligors having the highest level of risk in the total loan portfolio.
Furthermore, notes to financial statements prepared according to the CPD and audited by external auditors, include various information on issues such as grading and classification of assets, and the loan loss provisioning levels. This information is also reviewed with respect to their consistency with the information provided by the bank and where appropriate, used as an input during the on-site examination process.



As well, examiners pay particular attention to the loans classified as special mention since these loans have a potential to be classified as NPL in the future. In that context, according to the SMCEP, on-site examiners take into account several factors including the following:



- whether the debtor is classified in the special mention group by other banks,



- whether the debtor has been refinanced by the bank under examination or by any other bank in the sector,



- whether the debtor has any reimbursed non-cash loans in the bank under examination or in any other bank in the sector,



- whether the debtor has any NPL in the bank under examination or in any other bank in the sector in the past.



Assessor Observations:



The BCP team reviewed special examinations of credit portfolios, mutually agreed by the assessors and the supervisors. The reviews focused on the process of the examination team, findings and subsequent supervisory response/corrective actions. The examination findings were thorough and demonstrated application of many of the above outlined objectives. At the same time, the review identified the following key points which are embedded in the analysis and results process:



• Of the credits reviewed, written up, and featured in the examination reports, the exam team did, in fact, identify important deficiencies in the subject bank’s classification and the (lack of) accuracy therein.



• Review of the examination report highlighted several issues:



○ Size and significance of the group credits sampled and reviewed was not enumerated.



○ A number of credits were re-classified by the examiners.



◾ There was no indication of the relative significance of the findings relative to the total portfolio, especially given some of the critical classification issues identified. No indication if the findings could be extrapolated to the rest of the portfolio.



◾ No indication if, based on the findings, expansion of the credit sample was warranted to support findings about the condition of the portfolio.



◾ The loan write-ups themselves were not complete enough to convey the nature of the credit relationship and any connected customer relationships/exposures. Total indebtedness did not break out the various, more significant on/off balance sheet extensions; context of the total credit relationship was not provided, i.e., payment history: number of times the credit—and associated credits—had been renewed or restructured, if interest was capitalized, if the credit was on nonaccrual, what the collateral position was and integrity of estimated values, etc.



◾ As a result of limited information in the write up, it was difficult to assess if the final classification was accurate or not.



◾ Provisioning impact was not presented.



◾ There was no documentation retained on the review of the “standard” loans in order to substantiate the reasonableness of maintaining the standard classification.



• Overall conclusions focused on internal control issues rather than higher level implications on the condition and management of the credit portfolio under examination.



• As a result, the examination exercise missed opportunity to identify very important linkages with and conclusions on:



○ Management’s understanding of their business and credit risk, ability to identify deterioration proactively – thereby allowing for early intervention.



○ Implications for internal systems => function, role, and independence of credit risk management – thereby validating the systems that both the bank’s board and the BRSA depends upon in order to effectively oversee the institution. As well, these systems are key to the exercise of risk based supervision by the BRSA.



○ Inputs to evaluate corporate governance of the bank.



○ Accuracy of information conveyed to the board and the BRSA



Drawing such conclusions and linkages to management adequacy and internal systems then, is critical to validating the systems risk based supervision depends upon. Also, it would provide the basis for supervisory response and, as required, corrective actions by the BRSA.



During discussions with the BCP team, the BRSA conveyed that although such linkages are not explicitly presented in the reports themselves, they are, indeed, very important inputs to the CAMELS risk rating process as well as to the risk matrix and profile. These instruments then convey the level of supervisory priority and serve as an input for future supervisory activities.
EC3The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures.51
Description and findings re EC3With reference to article 48 of the BL, the REPL covers the rules for classification and provisioning of all off-balance sheet items. The draft regulation also covers the rules for classification and provisioning of all off-balance sheet items.



On-site examiners evaluate the adequacy of the classification of and provisioning for off-balance items, with respect to REPL, taking into account several factors such as



- whether the obligor has reimbursed non-cash loans,



- the ratio of reimbursed non-cash loans to total non-cash loan portfolio of the bank,



- past due days of the obligor with respect to cash loans,



- the level of concentration risk in off-balance sheet items.
EC4The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions.
Description and findings re EC4The minimum provisioning rates are determined according to the loan categories. Articles 6(3) and 6(4) of the REPL require banks to consider financial and macroeconomic factors including sectoral and firm specific conditions and to base their calculations on reasonable and supportable assumptions. Additionally, article 10(8) of the REPL allows banks to make higher provisions than the minimum rates stipulated in the article 8 of the REPL. REPL authorizes BRSB to set higher levels of general and special provisions taking into account the risks in different sectors and countries.



The draft REPL requires banks to recognize their loan loss provisions consistent with IFRS 9. The BRSB is authorized to increase general and special provisioning levels both for a specific bank or a specific loan type for the whole banking sector.



As mentioned in EC1, the REPL does not include a rule on write-offs. However, write-off criteria are laid down in draft Regulation on the Procedures and Principles for Accounting Practices and Retention of Documents by Banks (RAP) by considering IFRS 9 requirements which was opened for public consultation. In that context, article 10(A) of the draft RAP requires banks to write-off the uncollateralized portion of their non-performing loans within a maximum period of one year after their classification in the 5th group.



In addition to the above mentioned draft regulations, the BRSA will publish a guideline in alignment with the Guidance on Credit Risk and Accounting for the Expected Credit Loss (GACL) published by the BCBS so that the GACL will be incorporated into the national regulatory framework. As a result, within the context of IFRS 9 and the GACL, forward looking information and macroeconomic factors are to be taken into account by banks in provisioning.



The current provisioning requirements are as follows:
Asset ClassificationPast Due PeriodProvisioning (Net of Collateral for special provisions)
LoansOff-balance Sheet
Group 1/Standard52up to 30.5% - 5.0%53O% - .20%
Retail w/extension10%540% - .20%
Group 2/Special30 - 902%.4%
Mention
Retail10%.4%
Group 3/Substandard90 - 18020%20%
Group 4/Doubtful180 - 36050%50%
Group 5/Loss◾360100%100%


In addition to the provisioning requirements above, specific provisions are made net of collateral values. REPL assigns a haircut to collateral values depending on the item. Requirements for valuation of collateral are specified in CCRM and GFVM. The BCP team was informed that banks ensure that adequate collateral underpins the preponderance of their credit exposures, sometimes to the extent of over-collateralizing. Real estate composes the majority of the collateral. Banks use firms approved by the BRSA to value real estate. Underlying collateral must be revalued once a credit exposure is classified as NPL. In general, banks have approximately 75% loan loss coverage on current NPL levels.



Several observations are made on the provisioning for NPLs, special mention, and the general portfolio. The historical and statistical support for standard (general) and special mention loan categories is not substantiated by accumulated experience. It is not clear if appraised values, within a range, are being realized upon the sale of the properties or if provisioned amounts are adequately covering loss experience on classified loans. Clear parameters should be established for periodic valuation of underlying collateral on NPL exposures.



The on-site examination teams assess the adequacy of the provisioning levels of the bank with respect to regulatory requirements stipulated in REPL. Write-offs and loan sales are also considered in the context of the examination of NPL portfolio of the bank. In that context, on-site examiners analyze the internal policies, procedures and practices of the bank with respect to write-offs and asset sales.



Off-site supervision makes analysis complementary to the on-site work and produces early warning information regarding the loan portfolio. In that context, a Report on Potentially Problematic Loans on a semiannual basis is produced and sent to on-site examination teams. In that report, a loan is considered to be potentially problematic if it meets one of the following criteria:
  • - if the loan is classified as NPL by any bank,
  • - if the loan is classified as NPL by any non-bank financial institution,
  • - based on the information received from on-site supervision function, if it is classified as NPL by the on-site examination team,
  • - if the loan is transferred to an asset management company.
With regard to provisions of the SMCEP, on-site examiners to take into account the above mentioned report in their analysis of the loan portfolio and in the selection of the loan sample to be examined.
EC5The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g., 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g., rescheduling, refinancing or reclassification of loans).
Description and findings re EC5Please refer to EC 1 and 4 for relevant regulations and credit portfolio review processes. The draft REPL states that loans that have an immaterial balance and that have homogenous characteristics with regard to the type, credit grading/scores, collateral, effective date, date to maturity, geographical location of the debtor and loan to value ratio can be assessed on a group basis.



Examiners review homogenous credits based on various inputs including delinquency status, trends in the portfolio and market, and review of banks’ internal risk rating models, if used.
EC6The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels.
Description and findings re EC6REPL requires banks to record, classify, monitor, and asses their loans in alignment with Article 4 of the REPL. Banks are obliged to prepare an exclusive report containing views about the loans that exceed TL 250,000 and, in any case, the largest top 200 loans, on a quarterly basis or in case of any significant risk event.



The draft REPL also requires banks to maintain adequate documentation to support their asset classification and provisioning levels. Banks are required to review their loans on a quarterly basis or in case of occurrence of any risk event for re-classification purposes. Banks are required to document their assessments regarding the largest 200 loans or the loans exceeding TL 500.000.



Regarding the reports received by the BRSA with regard to classification of assets and provisioning, banks are obliged to submit off-site call reports on asset classification, asset quality and provisioning. The monthly detailed loan report (KR202AS) provides customer level details of each loan, including, loan classification, loan type (cash, non-cash), sector, collateral, date of default, and provision amount.



The BRSA also has access to the more detailed CRB data which also includes scoring information of debtors. In the BRSA reporting sets, asset management companies are also required to report their acquired portfolios (corporate, retail or other) on a quarterly basis. Moreover, supervisors always have access to banks’ records and staff when required.
EC7The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g., if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures.
Description and findings re EC7In case on-site supervisors determine that asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (based on the classification criteria in Article 4 of REPL) then the bank is instructed to reclassify those assets and/or set aside additional provisions. Additionally, insufficient provisioning or misclassification of assets are breaches that lead to financial penalty according to Article 146(1)(i) and 148(1)(b) respectively.



Furthermore, pursuant to Articles 67 and 68 of the BL, the BRSA is authorized to require banks, as a part of corrective measures, to set aside higher provisions if, among other things, the quality of assets have deteriorated in such a manner that its financial structure will weaken.



As well, article 37 of BL states that, in cases where it is determined that the financial statements have been mispresented, the BRSB also can take necessary measures. So, if provisioning level of a bank presented on financial statements approved by external auditors is determined as insufficient by the BRSA examiners, the BRSB may require banks to set aside additional provisions.



Under the draft REPL the BRSB is authorized to increase general and special provisioning levels both for a specific bank or a specific loan type for the whole banking sector.



On-site examiners assess the accuracy of the loan classifications and adequacy of provisioning levels with respect to REPL as well as the risk profile of the bank and the quality of its credit risk management system.



Please refer to EC2, EC3, EC4 and EC5 for further details.
EC8The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions.
Description and findings re EC8Articles 9 and 10 of REPL set forth the requirements pertaining to collateral including valuation and applicable haircuts when computing special provisions to be made by banks. Accordingly, the valuation of the collaterals is based on TAS. On the other hand, REPL lays down specific requirements to value real estate, lien on properties. Banks are also required to assess the value of the collateral in the incidence of a risk event or within reasonable intervals according to the article 10(1)(c).



The CCRM enumerates a number of guidelines on valuation of collateral. Additionally, Guideline on Fair Value Measurement (GFVM) provides principles for calculating the fair value of financial instruments which are classified as risk mitigants, credit derivatives or collaterals. As well, banks must have monitoring and control procedures and processes including valuation and risk of loss of effectiveness of credit risk mitigation.



Credit risk mitigation techniques are regulated in CCRM in order to set down procedures and principles to be used by banks in calculation of risk-weighted amount under the scope of Standardized Approach and risk weighted exposure amounts and expected loss under the scope of Foundation IRB Approach.



The draft REPL requires banks to value loan collateral, for calculation of the loan loss provisions, based on the net realizable value of the collateral. Since net realizable values takes into account the fair value, prevailing market conditions are factored into the valuation. In addition, valuations of real estate collateral is subject to principles set out in the RCA. Real estate collateral must be revalued at the time loans are classified as NPL.
EC9Laws, regulations or the supervisor establish criteria for assets to be:
  • a) identified as a problem asset (e.g., a loan is identified as a problem asset when there is reason to believe that all amounts due, including principal and interest, will not be collected in accordance with the contractual terms of the loan agreement); and
  • b) reclassified as performing (e.g., a loan is reclassified as performing when all arrears have been cleared and the loan has been brought fully current, repayments have been made in a timely manner over a continuous repayment period and continued collection, in accordance with the contractual terms, is expected).
Description and findings re EC9See EC 1-4 above. REPL defines problem assets taking into account past due days and credit worthiness of the obligor. As well, the draft REPL links the Basel II default definition and the stage 3 of the IFRS 9the to definition of non-performing loans. As such, although the regulation considers loans classified as special mention performing loans, banks are required to recognize life-time expected loss for this group of loans since they are mapped to 2nd stage of the IFRS 9. Additionally, banks are required to establish relevant systems for closely monitoring 2nd group loans pursuant to Article 18(4) of the draft regulation.
EC10The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred.
Description and findings re EC10On-site examiners evaluate whether the MIS and internal procedures of the bank allow for the sufficient level of information flow to bank’s board so as to obtain timely and appropriate information with regard to the classification of loans, the provisioning levels and problem assets.



Please refer to EC2 for further details.
EC11The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold.
Description and findings re EC11Banks are obliged to prepare an exclusive report containing views about the loans that exceed TL 250,000 and, in any case, the largest top 200 loans, on a quarterly basis or in case of occurrence of any risk event according to the article 12(9) of the REPL. In the draft REPL, banks will be required to document their assessments of the largest 200 loans or loans exceeding TL 500.000.
EC12The supervisor regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment.
Description and findings re EC12Credit concentration risk and trends across the banking sector are monitored by loan types, geography and industry by off-site supervision department through monthly banking sector overview presentations and loan reports. Non-performing loans by segment, sectors, and provisioning rates as well as loans under follow up and restructured loans are also monitored.



Overview of the banking sector, risk concentrations and trends are presented to the BRSA Board and some committees such as FSC and CC where necessary actions will be discussed and initiated. Macro prudential measures on consumer loans such as credit restrictions (increasing minimum payment ratios of credit cards, maturity restriction for consumer loans, loan to value ratio for housing and vehicle loans etc.), increasing risk weights for capital adequacy, increasing general provision ratios in order to curb credit growth and risk accumulation may be given as recent examples.



Furthermore, stress tests are used for estimating following 2 years loan growth, NPL growth (PD and LGD for economic capital) under both baseline and adverse scenarios (please refer to CP 9 EC5 for further details).
Assessment of Principle 18Materially Non-compliant
CommentsThe framework for credit classification and provisioning is generally adequate. However, the accuracy asset classification by banks, and therefore the integrity reporting to boards and the BRSA is called into question given the nature of reclassifications assigned by onsite examiners and the lack of documentation therein. Loan write ups require more support and context as well as need to present nature of collateral and provision impact. Examination conclusions focus more on internal control issues rather than higher level implications for the condition and management of the credit portfolio under examination.



Given the lack of (documented) focus on the implications of important bank processes, the examination exercise missed opportunity to identify very important linkages with and conclusions on:
  • Management’s understanding of their business and credit risk, ability to identify deterioration proactively – thereby allowing for early intervention.
  • Implications for internal systems => function, role, and independence of credit risk management – thereby validating the systems that the bank’s board and the BRSA depends upon in order to effectively oversee the institution. As well, these systems are key to the exercise of risk based supervision by the BRSA.
  • Inputs to evaluate corporate governance of the bank.
  • Accuracy of information conveyed to the board and the BRSA
As well, the historical and statistical support for standard (general) and special mention loan categories is not substantiated by accumulated experience. It is not clear if appraised values, within a range, are being realized upon the sale of the properties or if provisioned amounts are adequately covering loss experience on classified loans. Clear parameters should be established for periodic valuation of underlying collateral on NPL exposures.
Principle 19Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.55
Essential criteria
EC1Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.56 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured.
Description and findings re EC1Article 48 of the BL contains a very comprehensive definition of a loan which includes both on and off balance sheet exposures. RICAAP article 35(4) requires banks to have effective risk management systems for key risks, based on their level of importance, including concentration risks. Further, the banks shall have a mechanism through which to evaluate the integrity of the risk management process including how large loans and risk concentrations are overseen.



GMCR is a principle based guideline which explains the best practices expected from banks in the area of management of concentration risk within the framework of RICAAP. Banks are to have a system of identifying exposures to single or connected counterparties in the same markets, sectors, supply chains, partnerships, guarantor relationship and geographic region or activity fields and capture both on-balance sheet and off-balance sheet positions as well as assets and liabilities, both on consolidated and non-consolidated basis. Banks are required to specify personnel and units responsible for the management of concentration risk and have written policies and procedures for active monitoring, control and mitigation of concentration of risk.



GCM directs that credit risk management processes should address concentration risk and diversification therein in the banks’ credit strategies and policies. As appropriate, banks should mitigate increases in credit risk concentrations using various management tool such as product price differentiation.



Concentration risk is an important focus of the CAMELS review/GAR methodology process. As well, it is captured in the ICAAP process and the supervisory review. Supervisory evaluation of concentration risk also feeds into the risk matrix prepared as a part of the supervisory cycle.
EC2The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure57 to single counterparties or groups of connected counterparties.
Description and findings re EC2GCM Principle 8, directs that banks must have information systems which can monitor exposures by customer, group, sub-portfolios and all portfolio. GMCR Principle 3 requires banks to have adequate data management systems to identify concentrations across business lines and firm-wide and on an on- and off-balance sheet basis. Such concentrations must be reported to senior management and to relevant business units to support decision making.



Special examinations provide the opportunity for examiners to evaluate aggregation systems for concentrations of risk. More specifically, during on-site examinations of credit portfolios, examiners are required to pick up total customer relationship exposures in order to evaluate credit quality on an individual exposure basis. Through this, as the assessors review of a sample of special inspections revealed, the examiners are able to pick up issues with the subject bank’s system. The CAMELS review/GAR methodology requires supervisors to address concentration risk in counterparty, product, sector and geographical region groupings.



From the IT point of view, banks’ information systems are required to meet the standards set in RITEA. Banks’ retail and corporate loans systems (including monitoring loan limits) are audited by external auditors and results of this audit are submitted to BRSA. Identified deficiencies are taken into account during regular on-site examinations.
EC3The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board.
Description and findings re EC3Concentration risk is addressed by banks through setting strategic planning and business objectives, establishing and monitoring counterparty specific, portfolio, product and other limit structures and position objectives, and risk oversight mechanisms. These elements are addressed, in part, in GMCR which requires banks to set limits in order to manage concentration risks.



Paragraphs 47 and 48 of GMCR require banks to have a system to report concentration risk timely, accurately and comprehensively to senior management, boards, and related units ensuring effective decision-making in the management of concentration risk. RICAAP requires the bank’s system of limits, risk appetite, etc. to be communicated throughout the bank.



Risk concentrations are captured in the ICAAP process which is reviewed by the BRSA.



A framework for risk concentration control and management is provided through regulation and the RICAAP process. However, review of the onsite examination process for credit risk (CP 17, 18) where issues surrounding risk identification as well as questions surrounding the implications of findings on the broader risk management processes were cited could have a bearing on the supervisory process for concentration risk identification, monitoring and control.
EC4The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed.
Description and findings re EC4The surveillance call reports received from banks include details of sector, geography and currency information and risk concentration on customer basis (KR202AS-monthly). Monthly basis summary call reports on country risk and currency concentration (UL200AS, UL211AS) enable off-site supervisors to evaluate the extent of on and off-balance sheet concentration risk in banks. Single and group exposures (close to or in excess of 20% of regulatory capital for related party and 25% for other individual or group exposure); large exposures; top 25, 50 and 100 exposures are also received.



Supervision reports and reviews include concentrations including loan portfolio, sectoral, geographical, currency accumulations. Findings are compared against peer group and sector positions and used in banks’ risk assessment reports.



There are minimum regulatory requirements for loan concentrations which are closely monitored. These, which are determined by laws and regulations, include, inter alia, banks own risk group, major owners, large exposures (KS100AS and KS100UK, exposure limits consolidated and non-consolidated), real estate (GS100AS, real estate limits).



Furthermore, Article 12(9) of REPL requires banks to prepare an exclusive report containing views about the loans that exceed TL 250,000 and, in any case, the largest top 200 loans, on a quarterly basis or in case of occurrence of any risk event.
EC5In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis.
Description and findings re EC5Article 49 of the BL defines the following four risk groups (a) group of counterparties unconnected with the bank, (b) related parties (those connected with the bank), (c) group of connected counterparties of state owned banks and (d) group of connected counterparties of state owned non-bank enterprises. The Article states that the “the BRSA shall set the principles and procedures of implementation of this Article and principles and procedures to be applicable to the identification of the (natural) and legal persons to be included in the same risk group….”. The BRSA has covered these elements in the RCT, which prescribes the norms for identifying risk groups and aggregating various types of cash and noncash exposures. Article 49 of the BL requires banks to include in the same risk group, real (natural) and legal persons that have surety, guarantee or similar relationships where the insolvency of one will lead to the insolvency of the other.
EC6Laws, regulations or the supervisor set prudent and appropriate58 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as offbalance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis.
Description and findings re EC6Article 54 of the BL set limits to the amount of loans to be granted to a single or group of connected counterparties. Article 48 provides a comprehensive definition of a loan, both on and off balance sheet. Article 49 provides a comprehensive definition of “risk group” or group of connected parties.



The total amount of loans to be extended by a bank to a real or a legal person or a risk group shall not be more than 25 %of its own funds. For the bank’s own risk group, the limit shall be set at 20%. The Board may increase this rate up to 25% or to lower it back down to the legal limit. For further limitations on a bank’s own risk group, see BCP 20.



Loans made available to a real or legal person or a risk group that are equal to or exceed 10% of own funds shall be considered large loans and the total of such loans shall not exceed 8 times of the own funds according to the article 54(4).



Pursuant to Article 43 of the BL, all ratios and limits in the BL are required to be calculated by parent banks on a solo and consolidated basis. Article 54 of the BL states that these limits are calculated on consolidated basis by parent banks.



Article 20 of the GMCR requires banks to measure, monitor, and report concentrations of risk.



As explained in EC 3, in GAR; supervisor examines thresholds and specific limits for all types of exposures including off-balance sheet risks, regarding concentrations of sector, product, customer, risk group, shareholders, reviews reporting to senior management, and reviews compliance with bank policies and internal and regulatory limits. The General Risk Limits (KS100AS-KS100UK) reports are used for monitoring the compliance with the above mentioned limits and if any deficiencies are observed, the necessary actions are taken by BRSA depending on the nature of incompliance.
EC7The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programs for risk management purposes.
Description and findings re EC7RICAAP 43 requires banks to establish and operate a stress testing program in order to measure their material risks and vulnerabilities in general terms. GST Principle 12 requires banks to stress test their portfolios and business units to identify risk concentrations that may arise across their book. GMCR Principle 3 emphasizes the importance of concentration risk stress testing, including to identify and measure various hidden concentrations.



See BCP 8, EC 5 for further expansion on stress testing.
Additional criteria
AC1In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following:
  • a) ten per cent or more of a bank’s capital is defined as a large exposure; and
  • b) twenty-five per cent of a bank’s capital is the limit for an individual large exposure to a private sector non-bank counterparty or a group of connected counterparties.
Minor deviations from these limits may be acceptable, especially if explicitly temporary or related to very small or specialized banks.
Description and findings re AC1
Assessment of Principle 19Compliant
CommentsThe legal framework addressing concentration risk and large exposures limits is generally in line with international standards. The definition of connected parties is comprehensive. The BRSA examines and monitors various exposures including, inter alia, large exposures, concentrations by sector, product, customer, and risk group.
Principle 20Transactions with related parties. In order to prevent abuses arising in transactions with related parties59 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties60 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes.
Essential criteria
EC1Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis.
Description and findings re EC1The definition of related parties is sufficiently comprehensive to capture relevant real and legal persons within the scope of the bank.



According to BL article 49 a bank and its qualified shareholders, members of its board of directors and its general manager as well as the undertakings they control individually or jointly, directly or indirectly or participate with unlimited responsibility or where they are members of board of directors or general manager constitute a risk group including the bank. Jointly-controlled undertakings shall be included in the risk group of each shareholder that controls together these undertakings. Risk groups include real and legal persons who have such relationships (surety, guarantee or similar relationships) where the insolvency of one will lead to the insolvency of the other. By the authority given in this article, BRSA may extend the risk group definition to include legal or real persons that may have material effects on the solvency of the risk group.



Article 50 of the BL prohibits banks from granting cash or non-cash (OBS) loans, purchasing bonds or similar securities to:
  • a) members of the board of directors, general manager, deputy general managers and employees that are authorized to extend loans; their spouses and children under their custody; and the undertakings where they individually or jointly own twenty-five percent or more of the capital,
  • b) employees other than those mentioned in sub-paragraph (a) and their spouses and children under their guardianship,
  • c) funds, associations, unions or foundations established by or for their employees.




Article 50 further directs that the prohibitions above will not apply to the loans made available to the board members and employees and family members thereof of the bank that do not exceed 5 times their monthly total net remuneration and credit in the form of check book and credit cards may not be granted over 3 times monthly total net remuneration. The total of these loans is very small in size.



For banks who are majority owned, separately or jointly by the Treasury Undersecretariat, Privatization Administration or the administrations subject to the general budget or annexed budget (i.e., State owned), are considered a risk group, together with their affiliated companies. The non-bank state economic enterprises or other public institutions and enterprises that are majority owned by the Privatization Administration shall constitute a risk group together with companies in which they own or influence management and supervision.
EC2Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.61
Description and findings re EC2BL article 50 of the BL directs that loans to natural and legal persons in the bank’s risk group requires approval of two thirds majority of the board of directors’ members and that the loan conditions shall not differ from the loans made available to other persons and groups and from market conditions, in favor of the borrower. Additionally, in order to ensure that credit to related parties are not undertaken on more favorable terms and to prevent conflict of interests the principle 3, paragraph 28 of the GCM states that, the approval processes and work flows for credits which are extended to the bank risk group should be separately determined.



While Article 48 of the BL provides a comprehensive definition of “loan”, it does not include other non-credit transactions within the limitations addressing related parties. Legislation should be expanded to explicitly capture all transactions, including loans, within the parameters of related party limits and requirements.
EC3The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions.
Description and findings re EC3Article 50 of the BL stipulates that the decisions for loan extensions to natural and legal persons in the bank’s risk group are required to be made by two thirds majority of the board of directors’ members and that the loan conditions should not differ from the loans made available to other persons and groups and from market conditions, in favor of the borrower.



There is no explicit provision that requires prior approval of related party transactions by the bank’s board. No explicit provision requires approval (prior or post) of write-off of related party transactions. The assessor team was informed that no such write offs have occurred in the recent past.



According to Article 51 of the BL, bank personnel authorized to extend loans cannot take part in the evaluation and decision-making phases for the loan transactions involving themselves, their spouses, children or their related risk group. Additionally, in order to ensure that transactions with related parties are not undertaken on more favorable terms and to prevent conflicts of interest the principle 3, paragraph 28 of GCM requires banks to separate, independent approval processes and work flows for credits extended to the bank’s risk group.
EC4The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction.
Description and findings re EC4See also EC 2 above.



Article 7(2) (s) of RICAAP requires the bank’s audit committee to monitor whether personnel receiving bank credit participates in the decision making process. This includes any related credit extended to the person’s risk group. Appropriate communication channels must exist for reporting these issues to the audit committee.



According to GCM paragraph 78, the board of directors establishes the structure and practices which will prevent the shareholders, bank management or other relevant parties from intervening credit assessment process.



Additionally, in line with the principle 26, paragraph 156 of GCM, banks should assign qualified staff for monitoring the credits. These monitoring activities cover the conditions related to collaterals and guarantees for credits. In assigning this staff, banks are required to establish a monitoring structure which will not cause any potential conflicts of interest.



RCT, which regulates the procedures and principles for the credits extended by the banks, has also provisions for identification of natural persons and legal entities to be included in the bank’s risk group.



Related party exposures are examined as part of the loan review process during CAMELS on-site supervision.
EC5Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties.
Description and findings re EC5Article 50 establishes limitations on lending to a bank’s related parties. See EC 1 for the specific language. Thereafter, that allowable exposure is monitored and addressed within the context of legislation addressing credit exposures overall.



According to BL article 54(1), the total amount of loans to be extended by a bank to a natural or legal person or a risk group shall not exceed 25% of the bank’s own funds. This rate shall be applied as 20 % for the bank’s risk group. The BRSB may increase this rate up to 25% or to lower it down to the legal limit. The loans made available to an unincorporated undertaking shall be considered as made available to partners in proportionate to their responsibilities. (In practice, no such increase in a bank’s limit threshold to 25% has been granted by the BRSA.)



In any event paragraph 54 limits the total of loans extended by banks to all shareholders who have more than 1% share in the capital of banks, irrespective of whether they are controlling owners or whether they own qualified shares, and to persons who constitute a risk group with such persons, to no more than 50% of own funds.



In cases violations of the relevant law, articles 50 and 51 authorize the BRSA to deduct the excesses from a bank’s own funds or to require the bank to obtain additional own funds equal to the amount of such loans.



RCT article 13 of RCT directs that calculation of credit exposures for purposes of application of the limits to risk groups shall be on a consolidated basis – including the financial institution’s affiliates subject to consolidation.
EC6The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions.
Description and findings re EC6Legislation largely addresses lending to related parties (the bank’s risk group) within the context of lending parameters in general. The BL specifically assigns responsibility to the board for implementing strong internal systems within the bank which includes effective risk management and internal audit processes. It is within this scope of activity that the monitoring of related party transactions occurs. Within this context, according to Article 51 of the BL, bank personnel authorized to extend loans cannot take part in the evaluation and decision-making phases for the loan transactions involving themselves, their spouses, children or their related risk group. (As stated in EC 5 above, lending to board members is currently prohibited except on very restricted terms.)



Additionally, in order to ensure that transactions with related parties are not undertaken on more favorable terms and to prevent conflicts of interest the principle 3, paragraph 28 of GCM requires banks to separate, independent approval processes and work flows for credits extended to the bank’s risk group.



Article 7(2) (s) of RICAAP requires the bank’s audit committee to monitor whether personnel receiving bank credit participates in the decision making process. This includes any related credit extended to the person’s risk group. Appropriate communication channels must exist for reporting these issues to the audit committee.



See also BCP 17/18 for credit risk monitoring and management. See also EC 3 above for the board approval processes for undertaking credit exposures to a bank’s risk group. During the CAMELS review/GAR methodology, related party exposures are examined as part of the loan review process. As well, examiners evaluate thresholds and specific limits for all types of exposures including related party exposures. Moreover, FSAID 2914 aims to review the level of ratio of loans extended to related parties to the regulatory capital. And this assessment affects the asset quality component of the CAMELS rating system.



It should be noted, however, that review of the onsite examination process for credit risk (CP 17, 18) where issues surrounding risk identification as well as questions surrounding the implications of findings on the broader risk management processes were cited could have a bearing on the supervisory process for related party transactions.
EC7The supervisor obtains and reviews information on aggregate exposures to related parties.
Description and findings re EC7Exposures to related parties are closely monitored by off-site supervisors by means of monthly call reports. Banks shall regularly report and update the names of all real and legal persons in their own risk group (KR105AS), their shareholders (HS200AS) and their affiliates and subsidiaries (IS200AS) on a monthly basis. Loans extended to related party (KR202AS), transactions with related party in financial sector (MS200AS), derivative transactions with related party (BD101GS), related party risk limits (exposure to bank’s own risk group shall not exceed 20% of regulatory capital-KS100AS) are the main surveillance call reports which are used for reviewing aggregate exposures to related parties. In addition to that banks disclose the information about transactions with their own risk group in the external audit reports quarterly as it is required by article 22 of CPD.



As well, banks prepare an intragroup transactions report annually for consolidated supervision. Supervision teams assess that report in their examination processes. The report covers transactions with financial/nonfinancial parties that the bank controls directly or indirectly, transactions of affiliate financial/nonfinancial parties amongst themselves of which bank is not a part, transactions of the bank and its financial/nonfinancial affiliates with the controlling shareholder, transactions of the bank and its financial/nonfinancial parties with the controlling shareholder’s other partnerships.
Assessment of Principle 20Largely Compliant
CommentsThe legal and regulatory framework for related parties is generally comprehensive. The offsite department receives and regularly monitors reporting from banks. Examiners evaluate related party exposures during the onsite review. Offsite monitoring is comprehensive.



There is no explicit provision that requires prior approval of related party transactions by the bank’s board. As well, no explicit provision requires approval (prior or post) of write-off of related party transactions.



As well, while Article 48 of the BL provides a comprehensive definition of “loan” and related party limitations address such, legislation does not include other non-credit transactions within the limitations addressing related parties. Legislation should be expanded to explicitly capture all transactions, including loans, within the parameters of related party limits and requirements.



The assessment team was informed that a draft revision of the BL is being prepared by the BRSA. Within this context, article 50 (a and b) may be revoked to allow board member borrowing from the bank. It will also address related party “transactions” as well. The assessment team cautions the BRSA on relaxing related party risk parameters. There are countries that continue to rigorously restrict extension of credit, as well as transactions with, related parties of the bank, including board members. This is an area which historically has proven consistently problematic in distressed bank situations. Therefore, the team advises caution in widening the scope for such exposures.
Principle 21Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk62 and transfer risk63 in their international lending and investment activities on a timely basis.
Essential criteria
EC1The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures.
Description and findings re EC1GCRM is a principle based guideline which explains the best practices expected from banks regarding the management of country risk within the framework of RICAAP Article 35 which determines purpose of risk management and implementation of risk management systems including country and transfer risks. Country and transfer risks are defined in this guideline as well as contagion risk, indirect foreign-exchange risk, indirect country risk, macroeconomic risk and sovereign risk. According to the guideline, banks should establish country risk management processes in accordance with their risk profile, systemic importance and risk appetite after identifying market and macroeconomic conditions and scope and depth of their country risk exposure.



GCRM Paragraph 3 draws a framework for adequate country risk management structure both on consolidated and non-consolidated basis considering the size and complexity of bank’s activities including senior management surveillance, strategy, policy and procedures, risk analysis, measurement, monitoring and controlling.



GCRM Paragraph 6-13 requires sovereign risk, transfer risk, contagion risk, and the categories of indirect exchange risk, macroeconomic risk and indirect country risk to be taken into account in management of country risk. A risk management process should be established in accordance with risk profile, systemic importance and risk appetite after identifying market and macroeconomic conditions, scope and depth of risk exposure. Country risk exposures must be identified, measured, monitored and managed on the basis of each country and country groups (considering the borrower on ultimate position and other counterparties), subsidiaries and participations. Emerging developments in relevant countries must be monitored.



GCRM Principle 1 states that banks should clearly identify the country risk strategy, policy and procedures and document them. Senior management is responsible for implementing, however the board of directors has the ultimate responsibility in establishing country risk strategy, policy and procedures.



BRSA examines the risks regarding Pillar II in terms of definition, measurement, assessment, surveillance, reporting, modelling, back testing and supervision of risks in on-site examination of banks. Country and transfer risk is one of the significant part of that examination. Management of country and transfer risk policies and procedures of banks are being examined within the scope of ICAAP.



One of the most significant objectives of supervision is assessment of risks and determination of risk profiles of the banks. SMRAC is the framework which is used to prepare the risk matrix all relevant risks. As one of the essential part of the supervision cycle, country and transfer risk is described in SMRAC to be considered in examination of the banks.



SMGAR requires examiners to consider country risk in assessment of banks. Supervisor assesses whether the bank has made an analysis evaluating the necessity of using a model for measurement of country and transfer risk within the scope of ICAAP (FSAID 2459) and examines validation/backtesting results in modelling policies for measuring required capital (FSAID 2466) and at the same time oversees the recognition of those results in decision making processes (FSAID 2471).



Through the CAMELS review/GAR methodology process, the examiners review the bank’s oversight and management process; oversight of country risks arising from bank’s partnerships, shareholders and shareholder’s partnerships; the volume of activity of its clients abroad, etc.
EC2The supervisor determines that bank’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process.
Description and findings re EC2GCRM Principle 1 requires banks to identify the country risk strategy, policy and procedures, and to have them approved by the board of directors in order to ensure to be considered in all decision processes. Moreover, senior management is responsible for implementing these strategy, policy and procedures. Paragraph 17 also declares that board of directors shall regularly review the bank’s country risk exposure. Paragraph 38 requires country risk limits to be approved by the Board. As well, paragraph 38 requires that relevant limits should be approved by the board and linked to capital.



Through the CAMELS review/GAR methodology the examiners verify that the proper board approvals for policies and strategies have been given as well as the reports provided the board. The BRSA requires banks to have an effective organizational structure regarding management, limitation and supervision of country and transfer risks and allocation of authorized staff.
EC3The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits.
Description and findings re EC3GCRM Principle 6 requires banks to have an information system, a risk management system and an internal control system that monitor and report country risks. Moreover, banks should regularly review IT systems to enable country limits to be monitored on a timely basis, to ensure appropriate measures to be taken where necessary, and to ensure adherence to established country exposure limits. The GCRM requires setting limits on an individual country basis and a system for establishing, controlling, monitoring and reporting country limits and risks.



Through the CAMELS review/GAR process, the examiner evaluates the country risk management process and verifies that internal audit addresses the key aspects of country risk management and internal controls.



It should be noted, however, that review of the onsite examination process for credit risk (CP 17, 18) where issues surrounding risk identification as well as questions surrounding the implications of findings on the broader risk management processes were cited could have a bearing on the supervisory process for country and transfer risk.
EC4There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:
  • a) The supervisor (or some other official authority) decides on appropriate minimum provisioning by regularly setting fixed percentages for exposures to each country taking into account prevailing conditions. The supervisor reviews minimum provisioning levels where appropriate.
  • b) The supervisor (or some other official authority) regularly sets percentage ranges for each country, taking into account prevailing conditions and the banks may decide, within these ranges, which provisioning to apply for the individual exposures. The supervisor reviews percentage ranges for provisioning purposes where appropriate.
  • c) The bank itself (or some other body such as the national bankers association) sets percentages or guidelines or even decides for each individual loan on the appropriate provisioning. The adequacy of the provisioning will then be judged by the external auditor and/or by the supervisor.
Description and findings re EC4BRSA implements the method (c). The Articles 7(9) and 8(4) of the REPL give authority to the BRSA to increase general and specific provisions for banks by considering country risk.



The draft REPL Article 10(2) and 11(2) requires banks to make additional provisions for country and transfer risks above the minimum amount determined for general and specific provisions.



GCRM Paragraph 13 directs a bank to reserve capital or make provisions for country risk exposures by considering its portfolio structure, size and emerging developments. Banks may apply various risk-based methods accepted in this context.



GCRM Paragraph 14 requires the written policies and procedures of a bank on country risk management shall include system, policy, methodology and processes applied in making provision or reserving capital.



During the ICAAP review, the examiners review the management process surrounding country risk management and the adequacy of provisioning for exposures therein.
EC5The supervisor requires banks to include appropriate scenarios into their stress testing programs to reflect country and transfer risk analysis for risk management purposes.
Description and findings re EC5RICAAP 43 requires banks to establish and operate a stress testing program in order to measure its material risks and vulnerabilities. GCRM Principle 5 requires banks to perform stress tests for country risk analysis including using sufficiently severe scenarios to adequately analyze the nature of exposures.



The examiners evaluate stress testing programs in the context of the ICAAP review and during examination of country and transfer risks when and as appropriate for the level and nature of the bank’s exposures.
EC6The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g., in crisis situations).
Description and findings re EC6The article 96(1) of the BL provides authority to the BRSA to request any related information from banks and related parties indicated in this article. By using this power, the BRSA can demand all needed document and information from banks.



Country risks are closely monitored through monthly basis two call reports: “UL200AS, Country And Foreign Currency Risks- Balance Sheet Accounts” and “UL211AS, Country And Foreign Currency Risk—Off-Balance Sheet Accounts”. Moreover, call reports such as Loans-detailed (KR202AS), “Transactions with Financial Sector (MS200AS) and “Cross Border Organizations Reporting Set” are used for country risk analysis. “Country Risk Report” and “Cross Border Organizations of the Banks Established in Turkey report” are the final off-site supervision products about country risks.



Additionally, reports or notes are prepared when needed in special cases or crisis (e.g., recent special notes on Greece Risks, Russian Risks). In these cases ad-hoc information other than regular call reports can always be gathered in a very short time from banks.
Assessment of Principle 21Compliant
CommentsBRSA guidance adequately captures country and transfer risk as well as other relevant risks. Banks are expected to establish country risk parameters as well as systems for monitoring exposures, including indirect foreign-exchange risk and indirect country risk. Country risk is evaluated through the CAMELS review process and via the risk matrix of the bank.
Principle 22Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis.
Essential criteria
EC1Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk.
Description and findings re EC1The Article 29 of the BL requires banks to implement adequate and efficient internal control, risk management and internal audit systems that are commensurate with the scope and structure of their activities, that can respond to changing conditions and that cover all their branches and undertakings subject to consolidation in order to monitor and control risks that they encounter. Foreign exchange risk is the primary market risk of banks in the Turkish system.



The overall framework of risk management is defined in RICAAP. Article 5 and 38 directly assigns responsibility to the board to establish the risk appetite and ensure fluid communication lines through the bank. The board is responsible for determining the organizational structure, policies, procedures, authorities of the units, etc. It further requires in article 38 that risk limits are established in relation to allocated capital and risk appetite. Responsibilities for identification, measuring, monitoring and control of each risk has been given to risk management unit of banks according to article 37. Management responsibilities and duties are articulated in article 41.



Banks shall manage their market risk according to the provisions of this Regulation beside the principles and procedures stated in the Guideline on Market Risk Management (GMRM) within the frame of principle of proportionality. GMRM is a principle based guideline explaining the best practices and processes expected from banks regarding the management of market risk. It advises a proportionality approach in which banks adopt processes in relation to the size and complexity of their activities. GMRM Principle 2 requires banks to establish a sound and comprehensive risk management framework, systems through which to concerning measure, monitor, and control market risk and to execute their business in accordance with them. Minimum factors to be included in the framework and processes regarding the measurement, monitoring, and controlling of the market risk are stated in this principle in detail.



GMRM Paragraph 8 states that banks should also take into account the general market and macroeconomic conditions in which they operate in their assessment and management of risks and their loss absorbing capacity. Moreover, Paragraph 23 clarifies that all significant risks should be measured and aggregated on a bank-wide basis. As well, policies should be applied on a consolidated and non-consolidated basis and should clearly determine the lines of responsibilities of the Board, senior management, units within the internal systems and other personnel responsible for managing market risk as well as identifying processes of reviewing or updating policies in cases of considerable changes occurred in the bank’s market risk profile.



During the CAMELS rating process/GAR methodology, examiners use GMRM as a manual for market risk supervision. Therefore, each principle and paragraph in GMRM determines the on-site supervision framework for market risk.



Examiners also assess the level of risks and risk profiles of the banks according to SMRAC which guides the preparation of the risk matrix. SMRAC has a special chapter for determining the risk level and the management quality of market risk. According to SMRAC, examiners determine risk profile and assess the adequacy of policies and procedures, the level of risk appetite, and the quality of risk measuring, monitoring and control functions including the roles and responsibilities.



The BRSA evaluates the level and management of market risk through the onsite GAR methodology. The process includes evaluating the bank’s related strategies and policies, risk appetite and risk tolerance. Examiners are further directed to check policies, strategies, limit structures, and valuation processes. The result of these steps feeds into the risk matrix and profile documents prepared at the end of the supervisory cycle. Banks’ foreign exchange exposures and business are regularly evaluated along with activity in the securities and other relevant areas. Two “test” specific examinations were conducted to pilot new questions and the implied processes within the context of the GAR methodology and for the draft GRMR. Conclusions were drawn and presented to the respective banks. As a matter of course, consolidated risk governance is reviewed during the ICAAP process.
EC2The supervisor determines that bank’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process.
Description and findings re EC2See also EC 1 above.



RICAAP provides the parameters for the risk management process under which market risk falls. GMRM principle 1 requires banks to establish written strategies, policies, and procedures with the Board’s approval. The Board charges senior management with monitoring and controlling the risk in accordance with the strategies, policies, and procedures and fully integrating market risk processes into the bank’s overall risk management function (paragraph 17).



The adequacy of policies and board approvals are addressed through the CAMELS rating process/GAR methodology which is conducted onsite as well, on a higher level, through the ICAAP review process. Examiners are directed to check board approval of risk appetite and risk tolerance, board approval of strategies, board approval for policies, procedures and workflows, roles and responsibilities in policies, procedures and workflows, board approval of the definition of trading book, board oversight of the risk levels, consolidated level of market risk, periodic reports to board and senior management about risk management, and board oversight of implementation of policies, procedures and strategies.
EC3The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:
  • a) effective information systems for accurate and timely identification, aggregation, monitoring and reporting of market risk exposure to the bank’s Board and senior management;
  • b) appropriate market risk limits consistent with the bank’s risk appetite, risk profile and capital strength, and with the management’s ability to manage market risk and which are understood by, and regularly communicated to, relevant staff;
  • c) exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board, where necessary;
  • d) effective controls around the use of models to identify and measure market risk, and set limits; and
  • e) sound policies and processes for allocation of exposures to the trading book.
Description and findings re EC3RICAAP addresses the elements of a strong risk management function that must be in place along with the calculation and support of a well-defined internal capital allocation process. The Regulation requires banks to establish information systems, control of transactions and control of communication channels and information systems which are to be performed within the internal control function. It is the duty of internal audit system to audit risk measurement models used in the bank.



As indicated in EC 1 above, GMRM paragraph 21 articulates the factors for effective market risk framework and processes, inter alia:
  • a) a framework to identify risks;
  • b) an appropriately detailed structure of market risk limits that are consistent with the institution’s risk appetite, risk profile and capital strength, and which are understood by, and regularly communicated to, relevant staff;
  • c) guidelines and other parameters established by the bank and used to govern market risk-taking;
  • d) rules and criteria for allocation of positions to the trading book;
  • e) appropriate management information system (MIS) for accurate and timely identification, aggregation, monitoring, controlling, and reporting of market risk, including transactions between the bank and its affiliates, to the institution’s Board and senior management;
  • f) exception tracking and reporting processes that ensure prompt action at the Board or senior management level, where necessary;
  • g) effective controls around the use of models to identify and measure market risk;
  • h) valuation policies, including policies and processes for considering and making appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities (concentrated or less liquid positions); and
  • i) action plans for possible concentrated risks (pricing differences, keeping more capital, more frequent reporting, etc.).
The Regulation on Calculation and Implementation of Net General Position of Foreign Exchange Over Own Funds Ratio for Banks on Non-Consolidated and Consolidated Basis (RNFER) sets standards/rules for forex risk. It requires banks to calculate their on- and offbalance sheet forex positions on a daily basis. The net aggregate position method is used to calculate the overall forex position. The net general forex position should not exceed ±20 percent of own funds. The BRSA is empowered to determine different ratios for different banks and banking groups, but has not exercised this power to date. The BRSA has not prescribed regulatory limits for other elements of market risk. These are generally left to bank managements’ discretion.



GMRM Paragraph 21 identifies the check points in for use during the CAMELS rating/GAR GAR methodology process. Besides the GMRM, the GAR methodology directs supervisors, according to the level and nature of a bank’s market risk activities, to specifically address accurate and timely identification and monitoring of risk through management information systems, other checks in addition to regulatory limits and definitions, internal models on market risk, back testing and validation for internal models on market risk, measurement methods under ICAAP, controls around measure of market risk, tracking systems for internal control and audit, the oversight of the of audit committee in this area, internal controls and audit on market risk, valuation of derivative positions, valuation of financial assets, valuation policies, business continuity plans, and concentration of risks within trading book.



Supervisors address this guidance, as relevant, in the CAMELS/GAR process, however as stated in EC 1 above, market risk otherwise would be captured in conjunction with the ICAAP review process and overall risk management reviews. (See also BCP # 15 above) Currently, individual, special market risk examinations have not been conducted, as a matter of routine. Two targeted market risk examinations were conducted in order to determine how this risk is measured and managed as well as the level of compliance with the GMRM regulation. Results of these exams were presented to the banks.
EC4The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions.
Description and findings re EC4Please refer to BCP Principle 27, EC 3 for a full discussion on valuation and model validation.



RCA Annex 3 regulates principles and procedures for prudent valuation and management of the trading book for market risk regulatory capital requirement calculations.



GMRM Paragraph 26 states that banks should ensure that transactions are captured on a timely basis and that marked-to-market positions are revalued frequently. Valuation of market risk positions should be robust and independent of the risk-taking function. The valuation process should use reliable market data verified independently of the business line. In the absence of market prices, internal or industry-accepted models should be used. Models and supporting statistical analyses used in valuations should be appropriate, consistently applied, and have reasonable assumptions. These should be independently validated before deployment. Staff involved in the validation process should be adequately qualified and independent of those who assume market risks and develop models. Models should be periodically reviewed. More frequent reviews may be necessary if there are changes in models or in the assumptions resulting from developments in market conditions. It should be ensured that these changes are cautiously taken into consideration by the model.



Additionally, there is a separate Guideline On Fair Value Measurement (GFVM), which explains the best practices expected from banks regarding the banks’ processes to measure the fair value of financial instruments and banks’ risk management and control processes related to fair valuation. In paragraph 23 of GFVM it is also emphasized that a valuation model must be validated before the implementation as well as after the implementation by an independent, suitably qualified group prior to usage, with periodic reviews to ensure the model remains suitable for its intended use. Details regarding a validation processes is also given in paragraphs 24-28.



GMRM Paragraph 21(h) points out that risk management framework should possess valuation policies, including policies and processes for considering and making appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities (concentrated or less liquid positions). GMRM Paragraph 35 states that each of foreign exchange rates should be considered as a different risk factor in measurement of foreign exchange risk within market risk. The measurement should also consider the risks arising from changes in values or asset-liability mismatch.



Valuation adjustments and independent price verification processes are defined in GFVM paragraph 5(b) and (a). Paragraph 7 requires banks to establish and maintain governance structures and controls sufficient to provide prudent and reliable valuation estimates. Principle 6 of GFVM states that banks should have a rigorous and consistent process to determine valuation adjustments for risk management, regulatory and financial reporting purposes, where appropriate.



According to Principle 2 of GFVM, a bank should have adequate capacity, including during periods of stress, to establish and verify valuations for instruments in which it engages. Senior management should ensure that the bank has the resources and capabilities to estimate appropriately the inherent risks and the value of financial instruments, including complex and illiquid instruments. It is also stated that, for exposures that represent material risk, a bank should have the capacity to produce valuations using alternative methods in the event that primary inputs and approaches become unreliable, unavailable or not relevant due to market discontinuities or illiquidity or in stressed market conditions.



GMRM Paragraph 26 and Paragraph 21 point (h) identify the check points for supervisory review. Besides the GMRM, the CAMEL risk rating/GAR methodology have targeted questions for valuation including questions on fair value computations, on senior management oversight about valuation practices, on internal or external audits about valuation practices and management conducts about the findings, and on quality of risk management policies, systems and controls about valuation. Market risk is reflected in the CAMELS rating “S” and determined through GAR, risk matrix, and risk profile processes. As well, the offsite supervision department receives and monitors regulatory reporting information on a regular basis, including stress testing results on market risk (FX) positions.



The assessor team reviewed several examples of special examinations which had as a part of the process market risk elements. Conclusions, in fact, cited certain issues dealing transactional deficiencies in the market risk area such as lack of independence in the model validation process, etc. As well, the team reviewed selected GAR (onsite) activities in this area which reflected selected market risk exam steps and related documentation.
EC5The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities.
Description and findings re EC5RICAAP Article 60(4) states that in case the Agency, within the scope of supervision and surveillance activities, detects the probability that the bank cannot meet the internal capital requirement ratio for the bank’s risk profile or detects the probability that the bank does not hold sufficient capital for each important risk type, it takes the measures deemed necessary, including directing the bank to increase capital. A Communique on the “Calculation of Market Risk Measurement Models and Assessment of Risk Measurement Models” (CMR-RMM) requires BRSA approval for any market risk models used in the specific calculation of related capital. The BRSA approval is not required if banks chose to use models for internal risk management or capital management purposes. However, requests for market risk capital calculation models have not been made to date.



GMRM Paragraph 10 states that the level of market risk and stop/loss thresholds should be set relative to the amount of market risk capital set aside against unexpected losses. As well, banks are required to establish the processes of determination of appropriate capital levels against unexpected losses.



GMRM Paragraph 21(h) and 21(i) require banks to implement valuation policies, including policies and processes for considering and making appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities (concentrated or less liquid positions) and action plans for possible concentrated risks (pricing differences, keeping more capital, more frequent reporting etc.). Paragraph 26 directs that in the absence of market prices, internal or industry-accepted models should be used. Models and supporting statistical analyses used in valuations should be appropriate, consistently applied, and have reasonable assumptions. These should be validated before deployment. Staff involved in the validation process should be adequately qualified and independent of those who assume market risks and develop models. Models should be periodically reviewed.



The abovementioned regulations represent check points for the CAMELS review/on-site supervision. Besides the GMRM, the CAMEL risk rating process/GAR methodology has specific questions for valuation and additional capital needs.



In practice, several large banks are using models internally for managing market risks.



A responsibility of the independent risk management function (one of the 3 elements of internal systems) is to assure model validation. Model validation must be performed by a department separate from the unit using the model. In some cases, a bank my hire an external party to conduct the validation process. The BRSA reviews the model validations as a part of its GAR process but does not deploy specialist expertise to review the integrity of the validations. No bank has yet formally applied for using market risk models for capital adequacy purposes which would require BRSA approval.
EC6The supervisor requires banks to include market risk exposure into their stress testing programs for risk management purposes.
Description and findings re EC6RICAAP article 43 regulates general requirements that banks must follow for their stress testing programs. Article 43(1) requires banks to establish and operate a stress testing program in order to measure their material risks and vulnerabilities which may arise from both negative developments peculiar to the bank and the developments in stressed economic and financial environment. Article 43(4) requires overall firm-wide stress testing in addition to each material risk type. Article 43(5) states that stress tests on market and counterparty risk as well as bank’s total liquidity risk shall be made simultaneously once a month or more frequently and results are monitored closely by the top management.



The Guideline On Stress Testing To Be Used By Banks In Capital And Liquidity Planning (GST) also provides parameters for banks’ stress testing activities and has special provisions for stress testing on market risk. Paragraphs 91 to 97 deal with stress testing on market risk. Banks can consider a range of exceptional, but realistic, market shocks or scenarios for their trading book positions. The Guideline also addresses back testing and scenario analysis. Tests should be conducted on a bank-wide basis.



The CAMELS rating process/GAR methodology includes evaluation of market risk stress testing and scenario analysis as well as board and senior management oversight principles. Currently, the BRSA reviews market risk stress testing in the context of the overall stress testing conducted for/presented in the ICAAP process. As a part of the GAR review process, the market risk stress tests may be reviewed, however, specialist expertise is not deployed to evaluate the scenarios or calculation details of the process.



See also stress testing comments in CP8 EC5.
Assessment of Principle 22Compliant
CommentsThe BRSA has adopted comprehensive regulation and guidance through which to direct banks to identify, measure, and monitor their market risk exposures. This includes parameters for valuation, stress testing, and model use. For examination purposes, these elements are largely addressed through the CAMELS rating/GAR methodology review process, and on an overall basis, during the ICAAP review.



Of note, currently, specialist expertise is not deployed to evaluate the scenarios or calculation details of the stress testing exercises. Examiners review the models used to measure market risk. However, they also depend substantially on the banks’ model validation process. To deepen the work and enhance the forward looking aspect, the BRSA could consider deploying trained specialists to assess stress test approaches and mathematical integrity and to leverage resulting advice/input on specialized exams. As well, enhanced examiner expertise in the area of model evaluation could provide added assurance to the BRSA on the integrity of bank models used.
Principle 23Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk64 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions.
Essential criteria
EC1Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments.
Description and findings re EC1RICAAP article 35(4) directs that banks are obliged to establish and implement an effective risk management system for material risks including interest rate risk in the banking book. Regulation on Measurement and Assessment of the Interest Rate Risk Stemming from the Banking Book with Standardized Shock Method (RIRRBB) requires banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. The Guideline For Interest Rate Risk Management (GIRRM) enumerates the best practices and processes expected from banks regarding the management of interest rate risk.



GIRRM directs that interest rate risk (IRR) management systems should include: i) senior management surveillance, ii) in-bank policy and procedures concerning risk management which are approved by the board, iii) the process of adequate risk measurement, monitoring and controlling, and iv) controlling activities. The principles are to be applied on a consolidated and unconsolidated basis and consistent with the size and complexity of bank’s activities.



GIRRM Principle 4 requires that interest rate risk measurement systems assess the effects of interest rate changes on earnings and economic value. According to paragraph 30, banks measurement systems should address all material sources of IRR including repricing, yield curve, basis and option risk components.



GIRRM is also used as a guide during the (GAR) on-site supervision framework. Furthermore, the GAR methodology includes addressing interest rate risk strategies, risk appetite, and risk tolerance.



Examiners also assess the level of risks and risk profiles of the banks according to SMRAC which guides preparation of the risk matrix (level and management of risk). SMRAC has a special chapter for determining the risk level and the management quality of interest rate risk in the banking book. According to SMRAC, examiners determine risk profile and assess the adequacy of policies and procedures, the level of risk appetite, and the quality of risk measuring, monitoring and control functions including the roles and responsibilities. The questions in SMRAC are, in general, a subset of the GAR annex. This process is an output of the CAMELS/GAR methodology. IRR is also monitored regularly by the offsite monitoring process.
EC2The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively.
Description and findings re EC2RICAAP draws general framework for all internal systems and GIRRM gives specific requirements for IRRBB. RICAAP article 5(2) defines the responsibilities of the Board which includes determination and approval of policies, procedures, strategy for each risk type and also identification of risk appetite. Article 8(2) also gives the responsibility and duty to senior management to implement the strategies and policies approved by the Board.



In addition, GIRRM Principle 1 requires banks to have a written strategy, policy and procedures concerning the interest rate risk management approved by the board of directors. The board approves and regularly assesses (through the internal systems and audit committee functions) the relevant IRR activities, strategies and policies. The board oversees that senior management takes the necessary steps to monitor and control the risks consistent with the approved strategies and policies. The board is to periodically review the adequacy of action plans and the results, measurement system and assumptions concerning stress tests.



Principle 2 requires senior management to ensure that the level of bank’s interest rate risk is effectively managed. They should establish necessary processes to ensure to control and to keep the risk within limits and enable required resources are available for performing these processes. They are responsible for maintaining risk limits, establishing effective internal controls for risk, etc. Paragraph 15 states that senior management periodically review the policies and procedures concerning the management of interest rate risk and report the necessary changes to the board of directors with their reasons. GIRRM Paragraph 22 sets that the policies and procedures of interest rate risk should be reviewed periodically.



Besides the GIRRM, as part of the CAMEL review/GAR methodology requires the supervisor to address: board approval for limits on interest rate risk; board and senior management oversight for interest rate risk; board approval of risk appetite, risk tolerance, strategies, and policies. It further requires the examiner to check roles and responsibilities in policies, procedures and workflows and implementation therein.



In practice, the supervisor covers elements of interest rate risk through the GAR process, as described in EC 1 above, which is conducted onsite but not to the depth of what a special examination would require. However, specialized examinations of this area are not yet conducted. There were two targeted reviews in two banks which focused on how IRR is measured and managed and tested compliance with GIRRBB. Also, off-site analysis is conducted on all banks to identify the treatment of IRRBB within the scope of ICAAP.
EC3The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:
  • a) comprehensive and appropriate interest rate risk measurement systems;
  • b) regular review, and independent (internal or external) validation, of any models used by the functions tasked with managing interest rate risk (including review of key model assumptions);
  • c) appropriate limits, approved by the banks’ Boards and senior management, that reflect the banks’ risk appetite, risk profile and capital strength, and are understood by, and regularly communicated to, relevant staff;
  • d) effective exception tracking and reporting processes which ensure prompt action at the appropriate level of the banks’ senior management or Boards where necessary; and
  • e) effective information systems for accurate and timely identification, aggregation, monitoring and reporting of interest rate risk exposure to the banks’ Boards and senior management.
Description and findings re EC3
  • a) GIRRM Principle 4 states that banks should establish interest rate risk measurement systems that include all significant sources of interest rate risk, that assess the effects of interest rate changes on earnings and economic value, and that are consistent with the scope and complexity of their activities. The minimum aspects of the system are presented paragraph 28. GIRRM paragraph 38 requires risk managers and senior management to review the assumptions in interest rate risk management system at least annually. Paragraph 41 directs that all the assumptions used in interest rate risk measurement system are comprehensively justified, are approved by risk management unit and senior management, and are reviewed at least annually.
  • b) Paragraph 68 of the GIRRM directs that the frequency and extent to which a bank should re-evaluate its risk measurement methodologies and models depend, in part, on the particular interest rate risk exposures created by holdings and activities, the pace and nature of market interest rate changes, and the pace and complexity of innovation with respect to measuring and managing interest rate risk. Further, banks should have measurement, monitoring and control functions that are reviewed regularly. The staff carried out the independent review should ensure that risk measurement system include all the important components of interest rate risk management arising from on and off balance sheet positions. Reviewing process should include, inter alia, the accuracy and relevancy of modelling assumptions. See also BCP Principle 27, EC 3.
RICAAP, the overall guiding risk management document, Article 58(1) states that an independent team shall validate the risk measurement methodology used in economic or/and regulatory capital management process within the ICAAP process. Independence means that the team should be independent from the units that developed the models or the executive units. Moreover, RICAAP Article 58(2) points out that banks can use external expertise in case there is insufficient scope for internal validation.
  • c) Principle 6 gives directions regarding the interest rate risk limits. Banks should determine interest rate risk limits appropriate to the internal risk management policies and implement these limits. Limits should be consistent with the overall approach to measuring interest rate risk. These limits should be established in conformity with the bank’s size nature and capital adequacy. The responsible senior manager should immediately be informed about the limit exceptions. Risk tolerance should be identified. Paragraph 19 requires banks to identify the specific actions necessary for exceptions to limits.
GIRRM Principle 9 requires banks to establish adequate and effective internal control systems for the interest rate risk management process. Internal control systems should include an independent review and assessment that will be carried out by internal audit unit to measure the effectiveness of system regularly and to ensure the improvement of internal control if necessary.
  • d) GIRRM paragraph 32 points out that banks should establish reliable management information systems to measure, monitor, control and report interest rate risk. The results of risk monitoring and measuring concerning interest rate risk should be reported to the board of directors, senior management and relevant business line managers in time. Paragraphs 61 and 62 articulates the content of the necessary reporting.
The CAMELS review/GAR methodology addresses elements of re-pricing risk, yield curve risk, basis risk and optionality risk; interest rate risk ratios; behavioral analysis of optionality; effect of interest rate risk on income; interest rate risk in the banking book under ICAAP; model validation for interest rate risk under ICAAP; internal control and audit for interest rate risk; the effect of interest rate risk on capital; reporting to board and senior management; internal models or approaches for measurement and monitoring of interest rate risk; independent evaluation of internal models and approaches; effectiveness of management information systems for interest rate risk; and consolidated monitoring techniques for interest rate risk.



From the IT point of view, banks’ information systems must meet the standards set in RITEA. For example, according to article 25 (2)(c) of RITEA banks’ processes regarding accounting processes regarding interest rate income and expenditure are audited by external auditors and results of this audit are submitted to BRSA. If any deficiencies regarding standards laid down in RITEA are observed during the IT audits conducted by external auditors those deficiencies are taken into account within the scope of the CAMELS review/examinations.
EC4The supervisor requires banks to include appropriate scenarios into their stress testing programs to measure their vulnerability to loss under adverse interest rate movements.
Description and findings re EC4See also BCP 8, EC 5 for comments on stress testing integrity.



RICAAP article 43 directs that banks shall establish and operate a stress testing program in order to measure its material risks and vulnerabilities which may arise from both negative developments peculiar to the bank and the developments in stressed economic and financial environment. More specific guidance to stress testing of interest rate risk is given in GIRRM and GST.



GIRRM Principle 7 states that banks should measure the effects of losses that may arise under certain stress conditions including that the assumptions considered in interest rate risk measurement may not reflect the truth.



GIRRM Paragraph 35 indicates that banks should use multiple scenarios including the possible interactions (for example yield curve risk and basis risk) across different interest rates as well as for changes in the overall level of interest rates. GIRRM paragraph 36 directs that projected/possible shifts in customer behavior—and potential responses to those shifts by the bank—should also be stressed/modeled. Also, GIRRM paragraph 37 states that banks consider the expectations concerning the possible path of interest rate in the future. Banks should use their own as well as the BRSA’s designated scenarios to determine shocks per material each currency on the bank’s books.



The CAMELS review/GAR methodology directs review of scenario analysis, simulations and stress testing for interest rate risk.
Additional criteria
AC1The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book.
Description and findings re AC1
AC2The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book.
Description and findings re AC2
Assessment of Principle 23Compliant
CommentsBRSA supervision of interest rate risk is addressed through several activities. It is reviewed as a part of the overall ICAAP review process and captured as an input in the stress testing conducted therein. As well, the supervisor covers elements of interest rate risk through the GAR process, as described in EC 1 above, which is conducted onsite but not to the depth of what a special examination would require. However, specialized examinations of this area are not yet conducted.



The BRSA should develop specialized examination procedures for interest rate risk where it identifies increasing or high risk areas. The BRSA should use specialized expertise with which to evaluate scenarios and assumptions used for more complex stress testing as well as to review model validations during onsite examinations or, as an offsite exercise.
Principle 24Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards.
Essential criteria
EC1Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards.
Description and findings re EC1The BRSA has set up a comprehensive framework for liquidity regulation, monitoring, and bank responsibilities. The framework is grounded in the provisions of the BL and are further expanded in regulation and guidance. The requirements contained therein as well as the requirements under development are consistent with, and in some cases, more strict than international standards. A wide range of monitoring tools are in place at the BRSA for monitoring banks’ liquidity positions and funding experience.



According to the Article 46 (Adequacy of Liquidity) of the BL, banks are required to calculate, achieve, perpetuate and report the minimum liquidity level in accordance with the principles and procedures to be set by the BRSB which are put forward in the Regulation on Measurement and Evaluation of Liquidity Adequacy of Banks (RLA) in 2006. The objective of this Regulation is to regulate banks’ procedures and principles for achievement and maintenance of adequate levels of liquidity in order to meet their liabilities with their assets.



In March 2014, in compliance with the Basel III LCR document65, BRSA issued a Regulation on Liquidity Coverage Ratio (RLCR). The aim of RLCR is to determine the procedures and principles regarding banks’ having high quality liquid assets stock at a sufficient level to cover their net cash outflows in order to designate a minimum liquidity level, both at a consolidated and solo basis in terms of FX and total. After in-depth analysis, in line with the Basel framework, BRSB approved that deposit banks would calculate and achieve at least 60% LCR and 40% FX LCR throughout 2015 and these ratios would increase 10 basis points each year until 2019 and be 100% and 80% respectively unless otherwise indicated. Right now, for 2016, deposit banks are required to achieve at least 70% LCR and 50% FX LCR. Until January 1, 2017, consolidated LCR and FX LCR may be calculated as of the last day of the month. Beginning from 2017, consolidated LCR and FX LCR may be computed for each day and monthly arithmetic average is calculated. This approach is also in compliance with the Basel III LCR document as well as Basel III LCR disclosure document.



On the other hand, BRSB decided that until an appropriate LCR is determined for investment and development banks, they would calculate and report their LCRs to the BRSA but they do not have to meet the required LCR. On the other hand, those banks would continue to be subject to the provisions of RLA until otherwise approved by the BRSB.



Basel III LCR document set the minimum factors, cash outflow and inflow rates. This means that jurisdictions are entitled to set the factors and rates which would not be less than the international requirements. The Annex 1 and Annex 2 of RLCR, where factors, cash outflow and cash inflow rates for each high quality liquid asset and other items are explicitly stated, were designed after in depth analysis of the banking sector. Areas where Turkish LCR rules are stricter than the Basel standards are as follows:
  • The Basel standard allows supervisors to determine inflow percentages for other contractual cash inflows, as appropriate for each type of inflow. The BRSA has set 0% inflow rate for other contractual cash inflows.
  • Even though Basel standards require LCR standard and monitoring tools to be applied to internationally active banks, BRSA requires RLCR provisions to be applied by all banks except for investment and development banks until an appropriate level for LCR is determined. There is ongoing work to determine an appropriate LCR for investment and development banks.
  • The BRSA requires banks to calculate, report and disclose FX liquidity coverage ratio on both solo and consolidated basis as a regulatory standard ratio. Moreover, total LCR is also calculated, reported and disclosed on solo basis.
BRSB will decide when the first implementation date will be (2017 or 2019) as well as whether gradual approach would be preferred for those banks after reviewing the LCRs and banks’ risk profiles.



In addition to the minimum standard for the LCR, the Basel III LCR document also outlines the metrics to be used to monitor liquidity risks (“the monitoring tools”). The monitoring tools supplement the LCR standard and are a cornerstone for supervisors in assessing the liquidity risk of a bank. A list of the monitoring tools prescribed in the BCBS Basel III LCR document and the most important corresponding monitoring tools, their preparation and submission frequencies prescribed by the BRSA is given below:
BCBS monitoring toolBRSA’s corresponding reporting templateEffective sinceFrequency of preparationFrequency of submission to the BRSA
1Contractual maturity mismatchStatement of liquidity risk analysis – According to cash flow6 December 2013WeeklyWithin 3 business days
2Concentration of fundingStatement of deposits – According to the size, type, number of customers



Statement of securities issuances



Statement of repo transactions



Statement of cross-border liabilities
Introduced in 2006, revised in 2010, last revision 1 March 2013



Introduced in 2002, revised in 2014



27 December 2002



27 December 2002
Monthly



Monthly



Weekly Weekly
Within 18 business days



Within 18 business days



Within 3 business days



Within 3 business days
3Available unencumbere d assetsStatement of securities – detailed



Statement of securities – weekly
Introduced in 2002, revised in 2007



27 December 2002
Daily WeeklyDaily



Within 3 business days
4LCR by significant currencyFX LCR1 January 2014WeeklyWithin 3 business days


There are two more monitoring tools. First one is market-related monitoring tools (where supervisors can monitor market-wide information, information on the financial sector, bank-specific information). For the market-related monitoring tools, as proposed by the Basel standard both BRSA and CBRT use several market wide information as early warning indicators in monitoring potential liquidity difficulties at banks. Market-wide information and information on the financial sector are monitored by both BRSA and CBRT.



Of note, in 2015 the BRSA underwent a Regulatory Consistency Assessment of its Basel III LCR regulations for which it received a “compliant” rating.



As for the bank-specific information, BRSA prepares regular off-site surveillance reports on banks liquidity position and shares these with on-site supervisors. On the other hand, BRSA conducts liquidity stress tests depending on market conditions when needed. In addition to that, banks are required to monitor market related information on equity prices, CDS spreads, money-market trading prices, the situation of roll-overs and prices for various lengths of funding according to Guideline on Liquidity Risk Management (GLRM).



The second one is Basel guidance on monitoring tools for intraday liquidity management. The BCBS issued a guidance on monitoring tools for intraday liquidity management in April 2013. In compliance with the requirements of this guidance, the BRSA has initiated a study and consulted the industry in 2015 on its proposal to implement in Turkey. Throughout 2015, meetings have taken place between the BRSA, CBRT and the banks to discuss the implementation of this new reporting requirement. BRSA’s goal is to implement the intraday liquidity management in Turkey before the end of 2016, prior to the time limit set by the BCBS of January 2017.



In addition to BL, RLCR and RLA, a best practice guideline on liquidity risk management is issued which is based on Article 35 of RICAAP. GLRM is a principle based comprehensive guideline explaining the best practices and processes expected from banks regarding the management of liquidity risk. It is prepared based on the paper “Principles for Sound Liquidity Risk Management and Supervision” of BCBS and countries’ best practices.



Liquidity is reflected in the “L” in CAMELS. However, there is no concretely defined threshold that triggers supervisory action. However, supervisory concern is elevated if negative trends are detected through off-site monitoring or the GAR process. This may trigger further review of liquidity levels and management in a specialized examination. See EC 4 for further detail on the supervisory process.
EC2The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate.
Description and findings re EC2According to RICAAP Article 35(4) banks are obliged to establish and implement an effective risk management system for material risks including liquidity risk.



The GLRM, paragraph 22, 23 directs that a bank’s board should approve liquidity risk management strategies, policies and procedures established by senior management and review the approved strategy at an acceptable frequency within the economic, financial and operational standards and general strategy of bank (GLRM, Paragraph 23).



Further, GLRM Paragraph 16 states that banks should determine their vulnerabilities by using the quantitative measures about concentration of funding in various maturity, contingent liquidity obligations arising from off-balance sheet activities, maturity and currency mismatches, and liquid asset holdings.



GLRM Principle 3 states that the liquidity risk appetite approved by the board of directors should reflect the banks’ willingness under both normal and stressed economic conditions. In addition, GLRM Principle 1 points out that the liquidity risk framework of a bank should include a liquidity cushion that ensures it maintains sufficient liquidity in all economic conditions.



The above requirements are part and parcel to the CAMELS review/GAR process. The criteria contained therein plus the elements included in the GLRM are part and parcel to the review.



For further expansion of the supervisory process, see EC 1 above and EC 4 below.
EC3The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance.
Description and findings re EC3GLRM Principle 1 requires banks to establish a robust liquidity risk management framework including the strategy, policy and procedures that ensure they maintain their businesses soundly.



GLRM paragraph 6 states that banks should establish liquidity risk management framework considering that it can maintain its business positively under periods of liquidity stress the source of which may be bank-specific or market-wide and it can meet the daily liquidity needs.



According to GLRM Paragraph 13, while establishing a risk appetite, the board of directors should consider different factors including business objectives, strategic direction, financial structure, share in financial system, funding capacity and overall risk appetite. In addition, (GLRM, Paragraphs 17 and 18) the board is also responsible for establishing a liquidity risk management structure appropriate for the bank’s activities, scale, complexity, and size and for reviewing the appropriateness of the liquidity risk management structure in the light of developments and changes in scope of bank’s business. Another responsibility of the board in this sense, is establishing a structure to ensure that internal audit should regularly review the implementation and effectiveness of liquidity risk management.



The CAMELS review/GAR process directs the supervisor to evaluate, inter alia, board approval for policies, procedures and workflows; management roles and responsibilities in policies, procedures and workflows; board oversight of implementation; and board approval of strategies. In addition, the supervisor will review the ICAAP process as it pertains to liquidity and also the LCR level and trends.



As stated, stress testing is required by the GLRM. Overall institutional stress testing is conducted as a part of the ICAAP process. More specifically, banks are required to stress their liquidity positions and the BRSA will review how those stress tests are used in the management process.
EC4The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:
  • a) clear articulation of an overall liquidity risk appetite that is appropriate for the banks’ business and their role in the financial system and that is approved by the banks’ Boards;
  • b) sound day-to-day, and where appropriate intraday, liquidity risk management practices;
  • c) effective information systems to enable active identification, aggregation, monitoring and control of liquidity risk exposures and funding needs (including active management of collateral positions) bank-wide;
  • d) adequate oversight by the banks’ Boards in ensuring that management effectively implements policies and processes for the management of liquidity risk in a manner consistent with the banks’ liquidity risk appetite; and
  • e) regular review by the banks’ Boards (at least annually) and appropriate adjustment of the banks’ strategy, policies and processes for the management of liquidity risk in the light of the banks’ changing risk profile and external developments in the markets and macroeconomic conditions in which they operate.
Description and findings re EC4The BRSA’s liquidity framework addresses each of the elements enumerated above. Please also refer to EC 1-3 above. Liquidity is comprehensively addressed through both the offsite and onsite (CAMELS review/GAR process) supervisory processes as well as through any specialized examinations deemed necessary. See the description below of the supervisory practice in this area.



As mentioned in paragraph 13 of GLRM; the board of directors should develop their liquidity risk appetite in light of the bank’s business objectives, strategic direction, financial structure, size in financial system, funding capacity and overall risk appetite.



GLRM Paragraph 29 determines that the liquidity risk management policy should take account of a bank’s liquidity needs under normal and stressed conditions and cover, at a minimum, the following key aspects:
  • Liquidity risk appetite established by the board of directors;
  • Liquidity risk management strategy—set out the general approach to liquidity (including goals and objectives ) and the liquidity risk management policies on particular aspects;
  • Liquidity risk management responsibilities including clearly defined authority and responsibilities of staff /unit /committee;
  • Liquidity risk management systems: the systems and tools for measuring, monitoring and controlling liquidity risk:
  • a) the setting of various liquidity limits and ratios (e.g., target liquidity ratio, maturity and currency mismatch limits, loan to deposit ratio, concentration risk limits),
  • b) the framework for conducting cash-flow analysis under normal and stressed economic conditions, including the techniques and behavioral assumptions used, and
  • c) reporting system of monitoring liquidity risk management;
  • Contingency plan: the approach and strategies for dealing with various types of liquidity crisis;
  • The new product approval process, liquidity costs in pricing and performance measuring, risks and profits (Liquidity Transfer Pricing).
According to GLRM Paragraph 24, the board of directors should be informed immediately of new and emerging concerns mentioned below:
  • increasing funding costs over thresholds,
  • the growing size of a funding gap in different maturities,
  • concentrations in funding sources,
  • negative developments in the markets from which significant funding provided,
  • drying up of alternative funding sources,
  • material or persistent breaches of limits,
  • a significant change/decline in the cushion of unencumbered, highly liquid assets,
  • increasing additional margin calls arising from the potential decline in the market price of collateral assets, and
  • changes in external market conditions which should signal future difficulties.
  • a) GLRM Principle 5 states that a bank should have a sound process for identifying, measuring, monitoring and controlling liquidity risk including projecting cash flows arising from assets, liabilities and off-balance sheet items over an appropriate set of time horizons. GLRM Paragraphs 34 to 43 articulate the details of liquidity metrics and measurement tools, risk limits, and early warning indicators.
  • b) GLRM Principle 10 is about Intraday Liquidity Risk Management and requires banks to actively manage their intraday liquidity to meet payment and settlement obligations on a timely basis under both normal and stressed economic conditions (paragraphs 169-175).
In addition to GLRM Paragraph 6, various paragraphs require banks to manage liquidity on a daily basis including monitoring funding requirements and measuring daily cash flows (Paragraphs 52, 57, 59, 94, 147, and 172)
  • c) GLRM Paragraph 44 states that banks should have a reliable management information system designed to provide the board of directors, senior management and other responsible staff with timely and forward-looking information. From GLRM Paragraph 45 (what the information systems enable banks to do) to Paragraph 51, many aspects of information systems are listed including its importance in securitizations or other financial instruments (Paragraph 46), its help for statistical or behavioral analysis (Paragraph 47), reporting purposes (Paragraphs 48 and 49).
In practice, BRSA reviews liquidity adequacy of banks and assesses the quality of liquidity management as well as banks’ internal liquidity assessments through several means. As mentioned above, the ongoing offsite monitoring process is comprehensive. As well, evaluation of liquidity, both the level and management of, is a part of the CAMELS review/GARS process conducted each supervisory cycle. Through this process, the supervisors review any changes in the bank’s stated risk appetite, policies and procedures, level of risk, and any changes in the bank’s overall business strategy. If elevated liquidity risk is identified, then the supervisors will initiate a more detailed review of the area. Two such specialized examinations were conducted in 2015.



A more detailed review of liquidity management through specialized examinations was reviewed to test implementation. Such specialized reviews begin with the IRA process (identified risk assessment). Relevant regulatory ratios will be reviewed, recent cost of funds trends (in light of the interest rate environment), any previous actions or observations. This helps feed the scope of the specialized examination.



In the specialized examination, the supervisor looks at the funding base and the mix of sources (for example, deposits, repurchase agreements, borrowings including securities issued, etc.). Large deposits (concentrations of funds providers) will be reviewed, rates paid, deposit volume and rates, available collateral, as well as the liquidity coverage ratio calculated by the bank. Scenarios can cover variable deposit outflows, movement in correspondent bank accounts, change in loan volume and off-balance sheet commitments, etc. Any relevant subsidiaries and their potential cash needs will be included. MIS will be reviewed as well as processes which might deserve increased internal control or internal audit involvement (such as manually prepared reports, monitoring tools, or transactions). If the bank has an oversight committee such as a Liquidity Risk



Committee, the supervisors may review its function. Contingency funding/liquidity plans will also be evaluated.



However, issues were identified, similar to those cited in CP 17, regarding the need for examiners to go further with their evaluations to assess the implications on internal systems and the bank(s) governance processes. For instance, the impact of a bank’s funding positions, and shifts therein, relative to the configuration of the balance sheet (high asset growth, nature and risk of growth, overall credit quality, loan: deposit ratio, etc.) should be evaluated and clearly presented. Linkages to conclusions on management and internal systems should be more explicitly provided.
EC5The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g., credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:
  • a) an analysis of funding requirements under alternative scenarios;
  • b) the maintenance of a cushion of high quality, unencumbered, liquid assets that can be used, without impediment, to obtain funding in times of stress;
  • c) diversification in the sources (including counterparties, instruments, currencies and markets) and tenor of funding, and regular review of concentration limits;
  • d) regular efforts to establish and maintain relationships with liability holders; and
  • e) regular assessment of the capacity to sell assets.
Description and findings re EC5The GLRM addresses each of the funding parameters listed above. For example:



Paragraph 12 requires that senior management and the board of directors should have an adequate understanding of the close links between funding liquidity risk and market liquidity risk as well as how other risks (e.g., credit, market, operational and reputation risks) interact with liquidity risk and affect the liquidity risk management strategy.



According to GLRM Paragraph 52, banks should adopt a cash-flow approach in liquidity management that includes conducting regular cash-flow analysis on a range of stress scenarios. Net funding requirements are detailed in paragraphs 57-62. GLRM (Paragraphs 131, 135, and 137) states that banks should analyze the funding requirements under various stress scenarios including bank-specific scenarios, general market crisis scenarios, and combined scenarios.



GLRM Paragraph 91 requires banks to identify alternative funding sources that may be used to generate liquidity in case of needs, and assess the effectiveness of using such sources in different situations. Banks should assess the effectiveness of selling assets under various situations.



GLRM Principle 8 requires banks to maintain a cushion of unencumbered, high quality liquid assets to be held as insurance against a range of liquidity stress scenarios including those that involve the loss or impairment of unsecured and typically available secured funding sources. Paragraphs 144 to 157 clarify the properties of liquidity cushion including size and composition of cushion, characteristics of liquid assets, and operational requirements.



GLRM has a separate chapter for funding diversification and market access. Principle 6 says that banks should establish a liquidity strategy to diversify the funding sources and maturity effectively and be in a sound relationship with fund providers and strengthen presence in chosen funding markets in order to ensure funding diversification. Paragraph 79 requires banks to determine the concentration limits for each funding sources, assets and maturity segments. In determining the concentration limits, banks should take into account the type of asset and market; the nature of counterparty, issuer and fund provider; maturity; currency; geographical location and economic sector. Banks should avoid any potential concentrations in their reliance on particular funding markets or sources.



GLRM Paragraph 97 states that banks should identify and build strong relationships with current and potential investors and providers, even in funding markets facilitated by brokers and other third parties.



In Paragraph 92 the importance of market access is emphasized, senior management is made responsible to ensure that market access is being actively managed, monitored and tested by appropriate staff or unit. The following paragraphs 93-96 are related to market presence where the banks are asked to review their established systems and test their presence by borrowing funds even without need.



The CAMELS review/GAR process covers a host of issues addressing funding capacity, planning and stress testing. In addition, the sample specialized examination described in EC 4 above specifically evaluated the funding mix, shifts, contingency plans, and alternative sources of funding. Concentrations of funding were evaluated as was overall pricing and any potential shifts in market access.
EC6The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies.
Description and findings re EC6GLRM has a separate chapter for contingency funding plan (CFP) which is defined in article 3 and explained in detail in article 13 of RICAAP. GLRM, Principle 12 requires banks to have a formal CFP that clearly sets out the strategies for addressing liquidity shortfalls in emergency situations. GLRM Paragraph 184 points out that the board of directors should approve the CFP.



GLRM Paragraph 186 states that the CFP should contain a set of policies, procedures and action plans that prepare a bank to deal with the relevant liquidity stress events assumed in the stress tests with clearly established lines of responsibility and invocation and escalation procedures. GLRM Paragraph 187 ensures that the CFP should be commensurate with a bank’s complexity, risk profile, scope of operations and role in the financial system. The design of a CFP, including its action plans and procedures, should be closely integrated with the bank’s ongoing analysis of liquidity risk, and with the results of the scenarios and assumptions used in stress tests.



GLRM Paragraph 189 points out that the CFP should articulate available potential contingency funding sources, along with the estimated amount of funds that can be derived from these sources, their expected degree of reliability, under what conditions these sources should be used and the lead time needed to tap additional funds from each of the sources.



GLRM Paragraphs 193 and 194 state that lender of last resort support should be considered as secondary sources of liquidity and banks should not assume that such support is automatically available to them during a crisis even if they have the eligible collateral.



GLRM Paragraph 196 says that the CFP should contain clear policies and procedures enabling a bank’s management to make timely and appropriate decisions, communicate the decisions effectively and execute contingency measures swiftly and proficiently. Additionally, the roles and responsibilities and internal procedures for crisis management should be defined.



GLRM Paragraph 200 points out that banks should develop a communication plan to deliver on a timely basis clear and consistent communication to internal and external parties including the central bank, the agency, correspondents and custodians, relevant local or overseas public authorities, major counterparties and customers, payment systems and other relevant parties.



GLRM Paragraph 202 states that the CFP should be subject to regular testing to ensure its effectiveness and operational feasibility, particularly in respect of the availability of the contingency sources of funding listed in it. GLRM Paragraph 205 ensures that senior management should review and update the CFP regularly, at an acceptable frequency or more often as business or market circumstances change, to ensure that it remains robust over time. Also, any changes to the CFP should be properly documented and approved by the board of directors.



The CAMELS review/GAR process directs the examiner to consider the following when evaluating the CFP including capital for liquidity risk under ICAAP; roles and responsibilities under contingency plan; operational risks emerged from deposit and money market operations; funding risk concentrations and impact on the contingency plan. Contingency funding plans are reviewed during the CAMELS process and as a part of any specialized examinations in this area.
EC7The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programs for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans.
Description and findings re EC7According to article 43 of RICAAP, banks shall establish and operate a stress testing program in order to measure its material risks and vulnerabilities which may arise from both negative developments peculiar to the bank and the developments in stressed economic and financial environment. More specific guidance to stress testing of liquidity risk is given in GLRM and GST.



GLRM has a separate section for stress tests. Principle 7 states that banks should conduct stress tests on a regular basis for a variety of short-term and protracted institution-specific and market-wide stress scenarios individually or in combination, to identify sources of potential liquidity strain and to ensure that current on- and off-balance sheet positions remain in accordance with banks’ established liquidity risk appetite. The outcomes should be used to adjust liquidity risk management strategies, policies and positions and to develop effective contingency plans. Paragraph 101 ensures that banks should evaluate the impact of scenarios of stressed economic conditions on consolidated and unconsolidated basis.



Additionally, GST has a special reference to liquidity risk. Paragraphs 140 to 149 deal with stress testing on liquidity risk.



As mentioned above, review of a bank’s stress tests are an important part of the ICAAP review process (which includes important liquidity considerations), the liquidity review under CAMELS, and as a part of any targeted specialized examinations. The examiners review the scenarios used by the bank and determine if the results are used for management purposes. They also evaluate how results are factored into the contingency plan.
EC8The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or-the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities.
Description and findings re EC8GLRM has a separate section for Foreign Currency Liquidity Management. Paragraph 69 points out that banks should have adequate systems in place for measuring, monitoring and controlling their liquidity positions in each major currency in which they have significant activity or exposure. Paragraph 71 states that banks should formulate liquidity strategies and policies for all significant currencies and the effectiveness of such strategies and policies should be regularly reviewed. Paragraph 73 clarifies that banks should assess aggregate foreign currency liquidity needs under both normal and stressed business conditions and control currency mismatches within acceptable levels. According to paragraph 75, banks should set and regularly review the limits to control the size of cumulative net mismatches over particular time bands (one day, seven days and one month) for significant currencies.



Moreover, GLRM paragraph 103 ensures that stress tests should be performed for separately for significant currencies as well as for all currencies in aggregate.



Many banks in the system run large USD banking books and have meaningful foreign currency exposures. To a large extent, these exposures are hedged, though the hedges may be of shorter maturities than the exposures, creating roll over risk which it is important to assess and to manage. The supervisory process, both in the CAMELS review/GAR methodology process and in the specialized examinations as well as through offsite monitoring, is required to address foreign currency exposure management.
Additional criteria
AC1The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks.
Description and findings re AC1
Assessment of Principle 24Compliant
CommentsThe BRSA has set up a comprehensive framework for liquidity regulation, monitoring, and assignment of bank responsibilities. Regulation is in some cases more rigorous than international benchmarks. A wide range of tools is in place for monitoring banks’ liquidity positions and funding experience. The CAMELS review/GAR methodology addresses liquidity, and specialized examinations are conducted when a change in trends or strategy is detected. As well, the BRSA underwent a Regulatory Consistency Assessment of its Basel III LCR regulations for which it received a “compliant” rating.



However, review of onsite documents indicated that conclusions regarding liquidity, funding stability, and management processes stopped short of considering other areas of the balance sheet, growth trends, asset quality, and management processes, etc to support conclusions. Such issues are critical to the overall review process and should be captured and clearly conveyed in examination documents to supported supervisory observations. This is particularly important given that some banks may have tight liquidity positions including relatively high loan to deposit ratios.



The central bank has taken a number of steps in recent years to support the strengthening of foreign currency funding. There appears to be an opportunity to strengthen liaison between the BRSA and the CBRT on the monitoring and management of foreign liquidity risk. Given the potential foreign exchange roll over risk residing in banks’ positions, consideration could be given to increasing the ultimate target for the FX LCR from 80% to 100% to further strengthen the management of liquidity risk.
Principle 25Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk66 on a timely basis.
Essential criteria
EC1Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase).
Description and findings re EC1BRSA published GORM, 2015, that is prepared based on “Principles for the Sound Management of Operational Risk” and other countries’ best practices. The principles contained in this guideline present a comprehensive approach to addressing operational risk within banks. It is prepared as a reference to effectively implement and establish operational risk management systems. As with all regulatory issuances, GORM is intended to be adapted to each bank’s level of size, activity and complexity.



Principle 6 of GORM requires banks to have a risk management process and appropriate means to be able to regularly identify, measure, assess, monitor and control the operational risk exposure due to their products, activities, processes and systems.



According to Principle 1 of GORM, a bank’s operational risk management framework should determine that operational risks are consistently and comprehensively identified, assessed, controlled, mitigated, monitored and reported. BRSA requires banks to implement the operational risk management framework considering; i) organizational structure (board oversight, senior management, business lines, independent corporate risk management unit, internal control and internal audit), ii) risk culture iii) operational risk management strategies, policies and procedures (including written work flow diagram) and iv) operational risk management process (the processes to identify, assess, monitor, control, mitigate and report operational risk ) and declare the framework in a written document.



Section VI of GORM gives requirements for building strategy, policies and procedures regarding operational risk as well as an example of determining operational risk strategy, policies and procedures and corporate strategy of a bank. Article 35 requires that, operational risk management process begins with the determination of the overall strategies and long-term objectives of a bank. Once determined, the bank can identify the associated inherent risks in its strategy and objectives, and thereby establish an operational risk management strategy and develop an operational risk management framework appropriate to all these strategies. Article 36 requires all business units67 to develop supplementary policies and procedures specific to their business based on and in consistence with the corporate operational risk management framework. It has great importance to establish written work flow diagrams within the procedures.



According to paragraph 4 of the GORM, banks should consider these principles in accordance with their capital adequacy, risk profile and risk appetite. As well, a bank’s operational risk management should be commensurate with the organizational structure, size, complexity, risk profile and business line.



According to RICAAP Article 53(2) all banks are required to implement a measurement and assessment process to cover Pillar 1 risks including operational risk. Bank reporting to the board of directors on operational risk is detailed in GORM paragraph 45.



The level of operational risk in the system is considered moderate by the BRSA. The team was informed that the major sources of operational losses revolve largely around fraud and human error. The sophistication of the operational risk management systems in a bank is considered by the BRSA in relation to the size, complexity, and nature of a bank’s activities and systems. Banks are required to track their loss history over time. Operational loss history/risk must be conveyed through banks’ ICAAP reports. Banks are using either the BIA or STA approach to calculate capital charges.



Overall operational risk is assessed largely through the CAMELS review/GAR process. The examiners review all relevant policies, processes and strategies pertaining to operational risk across each relevant unit in the given bank. During this review a range of factors, including, banks size, nature, complexity, capital strength, risk appetite and risk profile are taken into consideration. Operational risk is a specific focus element in the preparation of the risk matrix, using the SMRAC procedures.
EC2The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively.
Description and findings re EC2RICAAP regulates general framework for all internal systems and GORM gives requirements that is only specific for operational risk. Article 5(2) of RICAAP defines responsibilities of the Board which includes determination and approval of policies, procedures, strategy for each risk type (including operational risk) and also identification of risk appetite. Article 8(2) also gives the responsibility and duty to senior management to implement the strategies and policies approved by the Board. Furthermore, the board of directors is responsible for approving and reviewing a risk appetite and tolerance statement on the basis of general and sub factors (e.g., business line, product, unit) for operational risk that articulates the nature, types and levels of operational risk that the bank is willing to assume and establish the system and processes for implementing these functions (GORM Principle 3).



The board of directors are required to oversee that the policies, processes and systems are implemented effectively at all decision levels. For example, GORM paragraph 45 requires regular reporting to the Board on overall status of operational risk in the bank, any particular risk areas or weaknesses, likely impact of major events on the bank’s operational risks, etc. As well, boards should be informed about operational risks that may arise with the introduction of new products.



As part of the routine supervision cycle, BRSA determines whether there is a reporting and monitoring process that enables Board of Directors to review limits, policies, procedures and processes concerning operational risk. The GAR process requires the examiners to evaluate whether policies, procedures and work flow diagrams are up to date and approved by Board of Directors.
EC3The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process.
Description and findings re EC3As stated in EC2, the Board of Directors are required to establish, approve and periodically review the operational risk framework (GORM Principle 2). Strategies, policies and procedures are a part of operational risk framework according to the GORM paragraph 7.



Operational risk management process begins with the determination of the overall strategies and long-term objectives of a bank. Once determined, the bank can identify the associated inherent risks in its strategy and objectives, and thereby establish an operational risk management strategy and develop an operational risk management framework appropriate to all these strategies. The risk appetite of the bank and basic elements regarding its management should be determined and documented in the operational risk management frame work (GORM 35). GORM presents an operational example of what such a process may be in paragraph 36.



Monitoring process of the operational risk, should be integrated with the bank’s routine activities and in this context the operational risk potential of each business line should be assessed, in this assessment process the frequency and nature of changes in the operating environment should also be taken into account (GORM 44).



Banks are required to give detailed information regarding identification, measurement, control and risk appetite of operational risk within their ICAAP reports. These sections are assessed through the CAMELS review/GAR methodology and off-site BRSA audit teams.
EC4The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption.
Description and findings re EC4RICAAP Article 13 is about business continuity management and plan. Banks must establish a business continuity management structure approved by the board of directors in order to ensure the sustainability of activities in case of an interruption or to save them on time to minimize operational, financial, legal and reputational costs.



According to GORM Principle 10, banks need to have a business continuity plan to be able to continue their activities on an ongoing basis and limit losses in the event of severe business disruption. Negative condition scenarios created by the bank should be assessed for their financial, operational and reputational impact and the resulting risk assessment should be the foundation for recovery priorities and objectives (GORM paragraph 71).



Each bank should establish business continuity plans considering their size, activity nature, and complexity of their processes. These plans should outline possible responses according to different types of likely or plausible scenarios to which the bank may be vulnerable. Some of the possible events may include incidents that damage or render accessibility to the bank’s facilities, telecommunication or information technology infrastructures, or events that affect human resources as well as broader disruptions to the financial system altogether (GORM Paragraph 70). Continuity plans should be tested periodically including preparation of an impact analysis (GORM paragraph 71).



All the disaster recovery and business continuity plans are tested at least once in a year according to RICAAP article 13. These tests are reviewed by BRSA on-site examination teams during the GAR process once a year. Examiners are required to determine if there is a business continuity plan approved by Board of Directors and if this plan is tested by the bank. As well, they check to see if the business continuity plan contains the policies, responsibilities and duties during business disruption cases.
EC5The supervisor determines that banks have established appropriate IT policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound IT infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management.
Description and findings re EC5BRSA uses framework explained in CP9/EC3 for identifying, assessing, monitoring and managing technology risks.



Also GORM has a special section on ‘IT capacity and security and change of IT systems, facilities and equipment’ provisions being explained in paragraphs 59-62.



Regarding IT, the BRSA requires banks to receive an IT audit every 2 years by the bank’s external auditor. The team was informed that most internal audit departments in banks have some resource in this area. The BRSA has IT specialists who review external audit’s IT reports, conduct their own examinations, and participate in the CAMELS onsite examinations as needed. On occasion, they may participate in MIS reviews conducted by the commercial examiners. They evaluate the external audits and also conduct their own examinations. The questions contained in GAR are relatively high level for which answers are derived primarily from the external audit IT report or are referred to the BRSA’s IT department.
EC6The supervisor determines that banks have appropriate and effective information systems to:
  • a) monitor operational risk;
  • b) compile and analyze operational risk data; and
  • c) facilitate appropriate reporting mechanisms at the banks’ Boards, senior management and business line levels that support proactive management of operational risk.
Description and findings re EC6BRSA uses framework explained in CP9/EC3 for identifying, assessing, monitoring and managing technology risks. As well, see EC 2 above for requirements for board reporting.



In RICAAP Article 21(3) requires internal audit system of banks to review information systems including electronic information system and electronic banking services and it also evaluates the accuracy and reliability of accounting records and financial reports.



Additionally, RICAAP Article 57 (1) internal audit system should review the adequacy of the system and processes and accuracy of the data used in the ICAAP Reports and send their findings to BRSA according to Article 63 (5).



Also GORM has a special section on ‘IT capacity and security and change of IT systems, facilities and equipment provisions being explained in paragraphs 59-62.
EC7The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions.
Description and findings re EC7Section IV of RCA is about calculation of RWA for operational risk for regulatory capital. The calculations are submitted to BRSA via two annual supervisory reports (OR500YS/OR500YK).



The reporting mechanisms for operational risk are viewed through the CAMELS review process/GAR methodology by on-site BRSA examiners as well. During relevant special examinations, examiners are required to evaluate certain systems and reporting. For example, examiners are required to determine if there is a system for reporting operational risks on SME, corporate, commercial loans (regarding incorrect operations, abuse, suspicious financial transactions). During the review of sample special examinations, the team observed issues and deficiencies in these areas cited and communicated in the reports and to bank management.



It is required that banks send their ICAAP reports to BRSA once in a year since 2013. Banks have to provide sufficient information about both Pillar 1 and Pillar 2 risks at ICAAAP report. In this context all banks have to give information about identification, measurement, management, control, risk appetite and risk limits. All ICAAP reports are evaluated by BRSA. Banks also must report their operational loss history to the BRSA.
EC8The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management program covers:
  • a) conducting appropriate due diligence for selecting potential service providers;
  • b) structuring the outsourcing arrangement;
  • c) managing and monitoring the risks associated with the outsourcing arrangement;
  • d) ensuring an effective control environment; and
  • e) establishing viable contingency planning.
Outsourcing policies and processes require the bank to have comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank.
Description and findings re EC8According to the Article 35 of BL, the banks will, before outsourcing certain allowable activities, prepare a written report to be submitted to the Agency if and when it is required, containing the probable risks of outsourcing services to be received, and management of such risks, as well as the expected benefits and costs thereof.



The Article 5 (1) of Regulation on Receiving Outsourcing Services by Banks (RROS) states that banks contracting outsourcing services are obliged to:
  • a) Identify needed outsourcing services in each relevant area;
  • b) Studies for necessary transformation, internal regulation, infrastructure and training at the stage of transition to outsourcing services,
  • c) Coordination of responsibilities concerning the issues of supervision, measurement and evaluation, reporting and security in connection with outsourcing services
  • d) Risks that may have arisen from receiving outsourcing activities and a contingency plan to be implemented in case of any interruptions or delays in services in any manner along with the management of these risks and substitutability of received outsourcing services
  • e) The impact of outsourced areas on the internal control, internal audit, and risk management to be done by the bank for operations and process that are related to thereof.
According to the Article 7 of RROS it is obligatory that the contracts to be signed between the banks and of outsourcing service providers must explicitly state issues such as the subject matter, scope and term of outsourcing services, fees to be paid for services and responsibilities of the parties.



Within the scope of the above mentioned rules, BRSA examines compliance to these regulations. There is a specific question about this EC in the annex of GAR module. FSAID 2495 requires BRSA on-site examination teams to asses if there is an effective monitoring and controlling system of operational risk arising from outsourcing activities. While answering the question above-mentioned BRSA examiners sources are indicated in GAR module as below;
  • Due diligence activities,
  • Outsourcing contracts,
  • Activities to manage and monitor the risk arising from outsourcing activities,
  • Contingency plans to be implemented in unexpected cases.
  • Policies and processes about outsourcing activities.
Additional criteria
AC1The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g., outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities).
Description and findings re AC1
Assessment of Principle 25Compliant
CommentsOversight of operational risk is anchored in RICAAP and further expanded in the GORM which comprehensively addresses relevant aspects of this risk. The supervisory process explicitly addresses this risk through the evaluation of the ICAAP process and reports submitted by banks as well as through the GAR process and as a part of MIS evaluation and controls during specialized examinations.
Principle 26Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent68 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations.
Essential criteria
EC1Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address:
  • a) organizational structure: definitions of duties and responsibilities, including clear delegation of authority (e.g., clear loan approval limits), decision-making policies and processes, separation of critical functions (e.g., business origination, payments, reconciliation, risk management, accounting, audit and compliance);
  • b) accounting policies and processes: reconciliation of accounts, control lists, information for management;
  • c) checks and balances (or “four eyes principle”): segregation of duties, crosschecking, dual control of assets, double signatures; and
  • d) safeguarding assets and investments: including physical control and computer access.
Description and findings re EC1Mainly, the BL and RICAAP regulate the issues regarding internal control and audit systems. In addition to these two, RCGB establishes the responsibilities of the board and senior management with respect to corporate governance to ensure that there is effective control over a bank’s entire business.



Article 23, 29 of the BL states that banks are obliged to establish and operate adequate and efficient internal control, risk management and internal audit systems that are in harmony with the scope and structure of their activities, that can respond to changing conditions and that cover all their branches and undertakings subject to consolidation in order to monitor and control the risks that they encounter. These systems should be compliant with relevant legislation, secure financial reporting systems, and assign authorities and responsibilities in the bank. These duties are further expanded in RICAAP.



Further, BL article 30 requires that banks:
  • (i) ensure the execution of their activities in compliance with the legislation, bank’s internal regulations and banking ethics;
  • (ii) secure the integrity and reliability of accounting and reporting systems and timely accessibility of information through continuous control activities to be complied with and performed by the personnel at any level;
  • (iii) ensure the functional separation of the duties and the sharing of powers and responsibilities regarding the payments of funds, the reconciliation of bank’s transactions, safeguarding assets and controlling liabilities;
  • (iv) identify and evaluate any risk encountered and prepare the infrastructure required for managing such risks; and
  • (v) construct an adequate network for information exchange.
Pursuant to the same article, internal control checks are required to be carried out by the internal control department; the internal control personnel must work under the board of directors. RICAAP further establishes reporting to the BRSA expands the obligations and requirements of BL article 30 cited above including requirements for independent internal audit and compliance functions to test adherence to these controls.



The BRSA follows a dynamic supervisory approach with a risk-focused point of view in order to ensure the efficiency, continuity and adequacy of the supervision process and efficient usage of supervision resources. Article 5 of the RAA defines the risk focused supervision approach. The RFS approach aims to configure the scope and intensity of the supervision as well as the allocation of supervision resources and supervision activities taking into consideration the risk profile, the existence and adequacy of internal control and risk management systems of the institutions subject to the regulation and supervision of the BRSA.



During the ICAAP examinations, the BRSA reviews the quality of the bank’s risk management, internal control and internal audit functions pursuant to section 4 of the GAA.



The CAMELS review/GAR process addresses internal systems, controls and internal audit in various areas. Special inspections also involve checks of internal controls as relevant. Internal Systems is defined as one of the main activity fields to be examined if it is assessed as a risky field by the on-site examination teams. However, see BCP principle 14/15 for issues on conclusions drawn during the supervisory process.
EC2The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units.
Description and findings re EC2On-site examination teams review and determine whether the personnel responsible for control functions have sufficient skills and expertise. For example, questions in the GAR process address the sufficiency, effectiveness and frequency of the training activities surrounding anti-money laundering control activities. As well, steps in the GAR process direct the examiner to evaluate the follow-up mechanism for deficiencies cited in internal control and audit reports including to what extent the findings in these reports are corrected by relevant business units. Evaluation of the control functions and back office activities are guided by the GAR process as well as tested during special inspections. For example, review of several special inspection reports and procedures revealed shortcomings in the areas of internal controls and reporting. As well the GAR process directs examiners to determine if the performance of internal systems personnel is assessed by the board and not by the executive units of the bank. This is to provide the basis for assessing the independence of the internal systems personnel. During these processes, shortcomings and staffing issues with internal control staff as well as operational staff are able to be identified.



During the preparation of the risk matrix (one of the end products of the supervisory cycle), guided by SMRAC, requires input on internal control and audit functions.



Please also refer to EC1 for regulations regarding the internal systems of banks.
EC3The supervisor determines that banks have an adequately staffed, permanent and independent compliance function69 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function is suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function.
Description and findings re EC3Pursuant to Article 5(1) of the RICAAP, the board of directors has the ultimate responsibility for the establishment and sufficient and effective functioning of the internal systems.



Article 4(2) of RICAAP requires banks to establish their internal systems directly linked to the board of directors. In other words, in order to ensure the independency of the units in the internal systems of banks including compliance function, these units should not be established under business lines within the organizational structure of the bank. Although they are not obliged to according to RICAAP regulation, banks generally have separate compliance units directly connected to the Board of Directors. On-site examination teams assess the compliance of the bank’s internal systems with this regulation.



Please refer to EC1 for the assessments regarding the skills and training of the internal systems staff.
EC4The supervisor determines that banks have an independent, permanent and effective internal audit function70 charged with:
  • a) assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are effective, appropriate and remain sufficient for the bank’s business; and
  • b) ensuring that policies and processes are complied with.
Description and findings re EC4All banks are required to have independent and adequately functioning internal audit departments. As mentioned in EC2 and EC3, the BRSA evaluates the independence, permanence and effectiveness of the internal systems of the bank. All these assessments are valid for internal audit function as well. As a result, guided by the GAR methodology, on-site examination teams assess the independence of internal audit function as they assess the independence of internal systems. As well, examiners determine whether internal audit activities are effectively and sufficiently covered on a consolidated basis.



The GAR process also directs review of reports submitted to the board (audit committee). On-site examiners take into consideration the effectiveness of policies, process and internal controls while responding to these questions.
EC5The supervisor determines that the internal audit function:
  • a) has sufficient resources, and staff that are suitably trained and have relevant experience to understand and evaluate the business they are auditing;
  • b) has appropriate independence with reporting lines to the bank’s Board or to an audit committee of the Board, and has status within the bank to ensure that senior management reacts to and acts upon its recommendations;
  • c) is kept informed in a timely manner of any material changes made to the bank’s risk management strategy, policies or processes;
  • d) has full access to and communication with any member of staff as well as full access to records, files or data of the bank and its affiliates, whenever relevant to the performance of its duties;
  • e) employs a methodology that identifies the material risks run by the bank;
  • f) prepares an audit plan, which is reviewed regularly, based on its own risk assessment and allocates its resources accordingly; and
  • g) has the authority to assess any outsourced functions.
Description and findings re EC5With respect to (a); Article 5(2)(ç) of RICAAP requires the board of directors to ensure the allocation of sufficient resources for the units in internal systems of the bank. Additionally, RICAAP 22(3) (c) states that the manager of the internal audit unit is obliged to assess whether the internal auditors have the qualifications required by their powers and responsibilities, prepare training programs to improve their professional knowledge, skills and abilities, and monitor whether they are performing their duties independently and objectively with the necessary professional diligence and attention.



With respect to b), the BRSA legislation involves several provisions on the independence of internal auditors. As previously mentioned, the internal audit function, being a part of the internal systems of the bank, shall be directly under the board of directors. Further, Article 23(1) of RICAAP stipulates that the internal auditors are required to perform their duties and responsibilities objectively and independently. To this end, they shall not be accountable to anyone in the bank management other than the manager of the internal audit unit, the relevant internal systems manager and the board of directors and, in the performance of their duties, they are required to be free from any conflicts of interest stemming from reasons such as personal or family relations or their position within the bank. Audit findings are submitted to the audit committee and to the board of directors through the audit committee as well as the follow-up of the corrective actions pursued by the department subject to the audit.



With respect to (c), article 26(5) of RICAAP, states that the risk evaluations shall be regularly reviewed. Events that may affect the risk evaluations such as new products, new systems, changes to the Law and other applicable legislation, and changes in organization or personnel in important positions, vertical changes in volume and amount of activities shall be communicated by unit managers to the internal audit unit, which shall in turn review the risk evaluations in the light of such changes.



With respect to (d), Article 23(3) of RICAAP requires the board of directors to ensure that the internal auditors are properly authorized to access all units of the bank, to obtain information from any personnel of the bank, and to have access to all records, files and data of the bank, so that they may effectively perform their duties and responsibilities.



With respect to (e), Article 26 of the ICAAP requires banks to effectively perform their internal audit activities following a risk focused approach, based on the risk assessments of the internal audit unit. In that context, risk assessments, made on an annual basis, requires the utilization of risk measurement and rating systems to assess the activity and control risks in significant business units and products and to determine their materiality.



With respect to (f), Article 27 of the RICAAP include provisions on internal audit plans. In that context, internal audit plans are required to be prepared on the basis of the risk assessments made pursuant to Article 26 and to allocation of resources of the internal audit department. The internal audit plans can be reviewed and updated by the assent of the board of directors.



With respect to (g) Article 7(2)(o) of the RICAAP stipulates that members of the audit committee are responsible for making risk assessments about the support services received by the bank, for submitting their assessments to the board of directors and, monitoring the sufficiency of the support service provided to the bank.



Internal audit is assessed by the on-site examination teams through the CAMELS review/GAR methodology during the course of the supervisory cycle. Among the aspects evaluated in this area, the examiners i) review audit plans in comparison to previous years plans as well as relative to the understood risks of the bank; ii) review audit reports (including loan audits, branch reports, etc.); iii) staff adequacy and turnover as well a budget sufficiency; iv) training received; iv) audit access to business units and internal functions, etc. Observations and views on internal audit are factored into the CAMELS ratings process through the “M”.
Assessment of Principle 26Compliant
CommentsThe legal framework is comprehensive in this area, both as it is articulated in the requirements for internal systems and separately as requirements specifically directed to the internal audit function. Review of the internal audit process is an important part of the onsite (GAR) process covered each supervisory cycle. However, targeted or specialized examinations of the internal audit process, leveraging the GAR results as well as specialized examination results as partial inputs, could enhance the validation of this important function. Such validation by the BRSA is important in order for it to maintain or increase the degree of confidence (and therefore, dependence) it can place in audit outputs as early warning indicators of shifting risk.
Principle 27Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function.
Essential criteria
EC1The supervisor71 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data.
Description and findings re EC1BL article 39 requires the financial reports prepared by banks to be signed, with names, surnames and titles indicated, by the chairman of the board of directors, the members of the audit committee, general manager, deputy general manager responsible for financial reporting as well as the relevant unit manager or equivalent authorities, declaring that the financial report is in compliance with the legislation pertaining to financial reporting and with the accounting records.



Additionally, BL article 37 requires banks, in line with the principles and procedures to be determined by the Board in consultation with POA and associations of institutions, to account all transactions in an accurate manner and to present financial reports in a clear, reliable, and comparable way. In cases where it is determined that the financial statements have been mispresented, the BRSB shall be authorized to take necessary measures.



Based on the BL, the RAP brings the Turkish banking system’s accounting practices in line with the TFRS which are issued by the POA as the Turkish translations of the IFRS. There are 2 notable differences in the implementation of TFRS in banks and financial institutions with IFRS: 1) a bank group’s consolidated accounts capture the financial subsidiaries but not the nonfinancial subsidiaries, and 2) loan loss provisions reflect the BRSA’s requirements. Banks will be required to implement the upcoming IFRS 9 for provisioning in line with the timeframe specified by the standards.
EC2The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards.
Description and findings re EC2According to BL article 39 (2), the annual financial reports to be presented by banks to their general assembly, are required to be approved by independent audit firms. Article 4 (2) of the REAB requires independent auditing firms to conduct their audits in banks in alignment with the principles and procedures stipulated in the Turkish Auditing Standards (TSAs) which are issued as Turkish translation of International Standards of Audit (ISAs). In addition, article 4(4) of the REAB requires banks to have their quarterly financial statements audited by independent audit firms in compliance with the provisions laid down in REAB as well as the TSAs. In that context, financial statements of banks are required to be subject to interim limited audit as of the end of March, June and September and to annual full-scope audit as of the end of December.
EC3The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes.
Description and findings re EC3BRSA published GFVM in order to explain the best practices for determining the fair value of financial instruments as well as the associated risk management and internal procedures. Banks are required to classify and report financial instruments in their financial reports in alignment with relevant accounting and regulatory reporting requirements.



Further, GFVM paragraph 23 that any models used in the valuation process (internally developed or purchased from external sources), including any material changes made in the model, are required to be validated and regularly reviewed by an independent expert, both before it is used initially as well as during its use. The independent validation team should have reporting lines independent of risk taking units. The GFVM goes on to provide baseline parameters that should be addressed as a part of the validation process.



GFVM paragraph 29 also requires internal and external audit to review the control environment, the availability and reliability of information used in the valuation process, and the reliability of estimated fair values. External and internal audit should include the price verification processes and testing valuations of significant transactions. Audit programs should also evaluate whether the disclosures about fair values made by the bank are in accordance with the applicable accounting standards.



Paragraph 35 of GFVM states that any significant differences between fair values included in financial reporting and those used for risk management purposes or used in regulatory reporting, should be reported to the senior management. In cases where there is material uncertainty surrounding the valuation practices, the BRSA may consider conducting tests on portfolio valuations.



As a part of its supervisory process, the BRSA evaluates a bank’s financial instruments valuation practices incorporating relevant governance, risk management, and control practices and takes these evaluations into consideration when assessing capital adequacy. This includes an evaluation of the process of valuation including reviewing the pricing information used in the process, surrounding control environment, and determining the impact of the valuations on capital adequacy. The examiners also verify audit coverage of the processes and management’s response to any cited deficiencies. On-site examination teams also assess whether bank management adequately understands the valuation methodologies and calculations. The examiners also assess if computer systems are used in the valuation of banks’ securities and derivatives portfolios are validated by independent teams.



In addition, the assessment team reviewed an example of a special check on valuation and transaction activity the BRSA conducted. The objective of the review was to determine the propriety and risk involved in certain business areas. Thorough review of the valuation process was conducted.
EC4Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit.
Description and findings re EC4In general terms, the scope of external audit of banks is set by Article 4 of the REAB. Accordingly, external audit of banks is to be carried out in accordance with the TSAs which is the Turkish version of the ISAs, to provide a fair assurance on reliability and accuracy of financial statements as well as accounting and recording systems, including assessment of compliance, adequacy and effectiveness of banks’ internal and financial reporting systems. Also, BRSA is authorized to require banks or external auditors to initiate a special purpose external audit on specific matters regulated in the BL and related regulations, or on specific subjects of importance to be determined by BRSA.



TSA 32072, Turkish version of ISA 320, Materiality in Planning and Performing an Audit, regulates the responsibility of auditors to apply the concept of materiality in planning and performing an audit of financial statements. Paragraph 5 of the annex of TSA 320 states that “The concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements and in forming the opinion in the auditor’s report.” and materiality and audit risk is explained in paragraph A1.
EC5Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting.
Description and findings re EC5See also EC 1 & 2 enumerating use of TFRS and TSA standards in the auditing and accounting process. Article 4 of the REAB stipulates that the external audit of banks is conducted with the purpose of providing an opinion with regard to the accuracy and reliability of the accounts, records and financial statements of banks as well as their compliance with all relevant regulations issued pursuant to the BL. Article 17 covers the issues related to the assessment of the adequacy of internal controls over financial reporting of banks. As a consequence, external audit covers all areas mentioned in EC5.



As well, in the process of scoping and conducting CAMELS review/GAR methodology process, the external auditors’ IT audit reports and consolidated and non-consolidated audit reports are used as important inputs.
EC6The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards.
Description and findings re EC6The POA sets financial reporting and auditing standards in compliance with international standards. BL articles 15 and 33 empower the BRSA to authorize or terminate the appointment of banks’ external audit firms.



BL article 15, 33 authorizes the BRSA to evaluate and publish the names of audit firms deemed acceptable to conduct audits in banks. The BRSB has the power to remove the external audit firm from the list when it is deemed to have inadequate expertise or independence, or when it is not subject to or does not adhere to established professional standards.
EC7The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time.
Description and findings re EC7Article 26 (1) (ç) of the Regulation on Independent Audit (RIA73) issued by the POA states that external audit firms and auditors are not allowed to undertake the audits for the entities for which they have conducted the audit activity for seven years within the last ten years for audit firms and five years within the last seven years for auditors, including the ones employed at an audit firm, prior to the extinction of a three-year period following the date of the last audit.
EC8The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations.
Description and findings re EC8The BRSA started meeting with external auditors last year. The first meeting was held February 2015 and included 4 international firms and two domestic external auditing firms. Prior to that, BRSA had, on occasion, met with selected firms when important issues of common interest arose. As well, on-site examination teams meet with external auditing teams in the bank(s) frequently to discuss the issues of common interest. These meetings are arranged by on-site examiners when necessary.
EC9The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality.
Description and findings re EC9BL article 33 (2) directs “If, during their audits, external audit firms detect any matter that may endanger the existence of the bank or an evidence demonstrating that their managers have severely violated the Law or the articles of association, the external audit firms shall promptly notify the BRSA thereof. Such notification does not mean the violation of the professional confidentiality principles and agreements or the obligations pertaining to confidentiality”.



Principles and procedures related to this obligation are also regulated in more detail in the Article 17 (3), (4), (5), (6) and (7) of the REAB.
Additional criteria
AC1The supervisor has the power to access external auditors’ working papers, where necessary.
Description and findings re AC1
Assessment of Principle 27Compliant
CommentsProcedures surrounding financial reporting and external audit are well established. Accounting standards closely follow IFRS and provisioning standards are set to dovetail with the implementation of IFRS 9. Valuation procedures for financial assets are comprehensive. BRSA conducts review of valuation procedures and of valuation models as a part of the onsite examination process. Parameters for banks’ external audit process are well established.
Principle 28Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes.
Essential criteria
EC1Laws, regulations or the supervisor require periodic public disclosures74 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed.
Description and findings re EC1According to the BL article 37 banks are required to prepare their financial reports which include financial statements and disclosure in accordance with TASs and TFRSs (Turkish version of IASs and IFRSs) published by the POA. Article 10 of the RAP states that the year-end financial report includes financial statements, supplemental information required by the BRSA, and the external audit report. Article 14 of the RAP regulates rules and procedures on publication of banks’ financial reports. Additionally, pursuant to Articles 1 and 4(4) of the CPD, banks are required to prepare their public disclosures on a solo and consolidated basis quarterly and annually.
EC2The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank.
Description and findings re EC2Pursuant to BL article 40, banks are required to prepare annual reports that contain information about banks’ status, management and organization structures, human resources, activities, financial situations, assessment of the management and expectations from the future; together with financial statements, summary of board of directors’ report and external auditing report. These annual reports are utilized during the planning phase of on-site supervision.



As well, other parameters for disclosure are covered in the RPPAP (Regulation on Principles and Procedures Concerning the Preparation and Publishing of Annual Reports), RAP (Regulation for Accounting Practices), CPD (Communique on Financial Statements Disclosed to the Public by Banks), and CDRM (Communique on Disclosures about Risk Management).



CPD article 4 stipulates the composition of financial statements: balance sheet, off balance sheet items, income statement, table concerning the income and expenses items recognized as equity, statement of changes in equity, statement of cash flow, and statement of profit distribution.



The structure of the bank and its basic business lines are required to be disclosed including the structure of the bank and the consolidated organization, capital structure of the parent bank and others, activities of the parent bank, risk exposures, transactions with related parties, and accounting policies. Risk disclosures are governed by articles 7-15.



RPPAP and RAP require banks to prepare and disclose annual reports and interim reports (quarterly). RPPAP article 6 (1) (b) addresses additional, nonfinancial information to be disclosed such corporate governance practices within the bank, intra-company transactions, etc.



CDRM, entering into force March 2016 focuses on the individual and consolidated risk management information to be disclosed by banks. This Communiqué is prepared in alignment with Basel Pillar III disclosure requirements. Risk management disclosure requirements in this Communiqué are complementary to the other disclosure requirements stated in the third section of CPD.



Remuneration disclosures laid out by GBCP should be provided as a part of Pillar III disclosures required by CDRM in accordance with the general principles and procedures set out in that Communiqué. Banks other than systemically important banks should implement mentioned requirements proportionately.



The CAMELS review/GAR methodology directs examiners, inter alia, to review various elements of banks’ annual reports and remuneration. As well, on-site examiners are to analyze the banks’ policies about disclosure and through the GAR process.
EC3Laws, regulations or the supervisor require banks to disclose all material entities in the group structure.
Description and findings re EC3According to CCFS, banks are required to prepare consolidated financial statements and announce them in their web sites. The scope/exemptions of this consolidation are laid down in article 5.



CPD article 4 (2) requires the disclosure of the information about the capital structure of the parent bank and direct and indirect parties who influence the management or supervision of the parent bank. Parent banks are required to disclose information on the name/commercial title of the natural or legal persons holding their qualified shares and information about the entities and the scope of consolidation. Banks are also required to give information on related parties consistent with TAS 24.
EC4The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards.
Description and findings re EC4As of December 2015, there are 52 banks in Turkey and 16 of them are publicly traded. These 16 banks’ disclosure standards are reviewed by Public Disclosure Platform which is a governmental agency.



Furthermore, the Communiqué on Material Events Disclosure,75 issued by the CMB, sets forth the principles and procedures related to public disclosure of information, events and development which may affect the value or price of securities or the investment decisions of investors. These disclosures are submitted to the Public Disclosure Platform via Borsa Istanbul, published in the web-site of the bank and kept in the web-site for 5 years.



BRSA regularly evaluates the timeliness and content of external audit/annual reports for compliance with regulatory parameters. It is within this context that the BRSA would review Pillar III disclosures.
EC5The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles).
Description and findings re EC5BRSA has been quarterly publishing “Main Banking Indicators” series via internet since June 2014. The BRSA website also includes interactive daily, weekly and monthly bulletins and facilitates users’ requests for information by tailor made reports. (Please see the link in the footnote)76.
Additional criteria
AC1The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period.
Description and findings re AC1
Assessment of Principle 28Compliant
CommentsBanks are required to disclose their financial statements according to TFRS and TAS, the Turkish version of IFRS and IAS, on both a solo basis and consolidated basis. Disclosure requirements for nonfinancial information are adequate. BRSA regularly evaluates the timeliness and content of external audit/annual reports for compliance with regulatory parameters and Pillar III disclosures.
Principle 29Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.77
Essential criteria
EC1Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities.
Description and findings re EC1The Turkish regime against money laundering is governed by the Law no. 5549 on Prevention of Laundering Proceeds of Crime (AML Law). The last revision of the act was made in 2014. There is a separate Law no. 6415 on the Prevention of Financing of Terrorism (TF Law) adopted on 16.02.2013. The money laundering offense is set forth in the Article 282 of the Turkish Criminal Law.



The role of the Financial Intelligence Unit (FIU):



Turkey has established a FIU called MASAK. The duties and powers of MASAK are determined in the Article 19 of the AML Law and Article 16 of the TF Law.



MASAK is the main supervisory authority for AML/CFT related issues. Duties and powers of MASAK include developing policies and implementation strategies, preparing legislation, collecting and analyzing data, receiving suspicious transaction reports and deciding on and coordinating inspections regarding AML/CFT issues.



The supervision of AML/CFT obligations is exercised by different sector supervisors from the BRSA, Treasury and CMB on behalf of MASAK.



The role of the BRSA:



According to article 11 of the AML Law, on-site inspections are conducted by the MASAK through different sector supervisors including the bank examiners and experts of the BRSA. The BRSA serves as the “technical arm” of the MASAK for AML/CFT supervisory matters. The MASAK examination teams are formed according to the MASAK requirements on a case by case basis.



However, in addition to the inspections required by the MASAK, as a part of the on-site supervision of banks, the BRSA oversee AML/CFT compliance in the banking industry. In that context, the on-site teams examine and evaluate the adequacy and effectiveness of banks’ policies, procedures, work-flows, human resources management and internal control systems in relation to the relevant regulations. The GAR Module of the BRSA has specific questions on AML/CFT related issues.



In this context, AML/CFT policies, implementation procedures, human resources and control systems are examined by the BRSA. These examinations are mostly done during the ratings process assessing the following issues:
  • - Whether the bank employs relevant number of personnel charged for AML/CFT issues commensurate with its scale and operations and whether they are sufficiently qualified, whether bank’s personnel is subject to an adequate level of training with respect to AML/CFT issues and whether the frequency of training is commensurate with the scale and operations of the bank,
  • - Whether the bank uses an adequately structured IT framework with regard to AML/CFT issues commensurate with the scale and operations of the bank,
  • - Whether the criteria underlying the above mentioned IT framework are regularly reviewed, and updated where it is deemed necessary,
  • - Whether the authorization and responsibilities of the compliance officer is documented and is adequate,
  • - Whether the bank has a policy document regarding the AML/CFT issues approved by the Board of Directors and whether this document is adequate,
  • - Whether the bank has written criteria for detection of suspicious transactions,
  • - Whether the bank has adequately established procedures regarding the authorization of the relevant personnel for incorporating revisions to the IT framework established for the detection of suspicious transactions,
  • - Whether the bank has documented its CDD policies, including issues on documents to be demanded from the customers and procedures for verification of the accuracy of these documents,
  • - Whether the internal controls with regard to the effectiveness and applicability of cross controls are adequate,
  • - Whether the internal audit unit of the bank has special audits on AML/CFT issues,
  • - Whether the findings of the internal audit are followed up by the bank’s management,
  • - Whether the bank has an adequate internal assessment report about the AML/CFT issues,
  • - In the context of consolidated supervision, whether the parent company of the bank has written policy documents on AML/CFT issues,
  • - Whether the home country of the parent company is subject to the supervision of an FIU.
These assessments are then incorporated into the CAMELS rating methodology under the “Management” component.



Recently, the BRSA has established a Commission, composed of 4 senior bank examiners, responsible for coordinating AML/CFT examinations. These examinations will be conducted starting from the second half of 2016. For that purpose, the Commission prepared a Supervisory Manual on AML/CFT Issues (SMAMLCFT) approved by the Chairman.



According to this manual on-site examiners are initially required to make an AML/CFT related risk assessment of the bank. The manual includes analysis and assessments under 8 sections: Organizational Structure, Compliance, Training of the Personnel, Internal and External Audit, Reporting Requirements, Process Audits, Retention of Documents, Secrecy.
EC2The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities.
Description and findings re EC2The supervisory requirements on policies and processes to prevent institutions from being used for criminal activities are contained in the AML Law, TF Law and subsequent sub-regulations, namely the Regulation on Measures Regarding Prevention of Laundering proceeds of Crime and Financing of Terrorism (ROM), Regulation on Program of Compliance with Obligations of Anti-Money Laundering and Combating the Financing of Terrorism (ROC) and Regulation on the Procedures and Principles Regarding the Implementation of Law on the Prevention of Financing of Terrorism (ROT). Furthermore, the MASAK prepared a formal supervision manual in 2010 called “Guidance on the Supervision of Obligation”. This guidance involves check-lists for the obligors to provide examiners with formal supervisory tools.



AML general compliance inspections aim at preventing and detecting criminal activities in banks. As mentioned in EC1, the inspections are planned and coordinated by the MASAK using banking experts of the BRSA. The inspections follow a risk-based approach focusing on risk factors determined by the MASAK and relevant supervisory authorities. When elaborating the annual supervisory plans, the MASAK coordinates with the supervisory authorities the time frame and availability of human resources to AML/CFT supervision.



The examinations conducted in banks regarding AML/CFT issues by BRSA and MASAK during the last two years are summarized in the following table:
YearNumber of Banks ExaminedExamination Type
201423General Compliance with laws and regulations regarding AML/CFT
201511General Compliance with laws and regulations regarding AML/CFT
201418Examinations related to violations of Suspicious Transactions Reporting, CDD, Training-Internal Systems-Other Measures
201516Examinations related to violations of Suspicious Transactions Reporting, CDD, Training-Internal Systems-Other Measures


The findings of these examinations are followed up by MASAK and shared with BRSA’s management along with the other related information when requested.



Banks obligation to report suspicious activities related to money laundering or terrorist financing activities are clearly established in article 4 of the AML Law and ROM, chapter 4. The obligation is to report these activities to the MASAK only.
EC3In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness or reputation of the bank.78
Description and findings re EC3Banks are required to report only to the MASAK any suspicious activities pursuant to the Article 4 of the AML Law.
EC4If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities.
Description and findings re EC4Pursuant to the Article 40 of the ROM, the BRSA informs the MASAK when it becomes aware of any suspicious transactions or criminal activity. The MASAK is responsible for transmitting the information to judicial and other relevant authorities.
EC5The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and that there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management program, on a group-wide basis, has as its essential elements:
  • a) a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks;
  • b) a customer identification, verification and due diligence programme on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant;
  • c) policies and processes to monitor and recognize unusual or potentially suspicious transactions;
  • d) enhanced due diligence on high-risk accounts (e.g., escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk);
  • e) enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and
  • f) clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period.
Description and findings re EC5Supervisory determinations on CDD policies and processes are mostly defined in the ROM and the ROC. As mentioned in EC1, the BRSA examines CDD and AML/CFT polices and process of banks under the management component of the ratings process. Regarding the essential elements of the CDD management program:
  • a) customer acceptance policy is not explicitly mentioned in the regulation;
  • b) customer identification, verification and due diligence program, including beneficial ownership are covered by the ROM, mostly on chapter 3.
  • c) policies and processes to monitor and recognize unusual or potentially suspicious transactions are covered by the RoM, chapter 4.
  • d) escalation to the senior management level of decisions on entering into business relationships with high-risk accounts is covered in articles 12 and 13 of the RoC.
  • e) enhanced due diligence on politically exposed persons is not defined in the regulation. The BRSA and MASAK explained that since PEPs are involved in high risk groups, they are indirectly subject to also the other obligations such as the obligation to pay special attention to certain transactions, the obligations concerning new technologies or risky countries (the Articles 18, 20 and 25 of the ROM, respectively).
  • f) rules on what records must be kept on CDD are established by article 8 of the AML Law. The obliged parties (including banks) should maintain the documents, books and records for eight years from the last record date, and must keep identification document for eight years from the last transaction date.
EC6The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include:
  • a) gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and
  • b) not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks.
Description and findings re EC6Article 23 of the ROM provides the measures to be taken by financial institutions with regard to correspondent banking and payable-through accounts. Financial institutions are obliged to apply enhanced due diligence measures in their correspondent banking relationships and assess the AML and terrorist financing system of the respondent financial institution.



More specifically, article 23 of the ROM states that financial institutions are required to take necessary measures in foreign correspondent relationships in order to obtain, by making use of publicly available resources, reliable information on whether the respondent financial institution has been subject to a money laundering and terrorist financing investigation and been punished, its business field, reputation and the adequacy of supervision on it. Banks are also required to assess AML and terrorist financing system of the respondent financial institution and to ascertain that the system is appropriate and effective. Financial institutions must also obtain approval from a senior manager before establishing new correspondent relationships.



According to Article 23 of the ROM, it is forbidden for financial institutions to establish correspondent relationship with shell banks and financial institutions about which they cannot be sure that these institutions do not permit their accounts to be used by shell banks.
EC7The supervisor determines that banks have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism.
Description and findings re EC7In addition to broad regulation on internal controls issued by the BRSA, including IRCAAP, the ROM requires financial institutions to establish appropriate risk management systems to follow up permanently the transactions made by their customers and analyze the compatibility of these transactions with the profile of the customer in order to identify and report potential suspicious transactions. Furthermore, ROC, chapter 7, establishes requirements for internal controls related to AML/CFT.



The BRSA assesses on a regular basis, as part of the ratings process, whether banks internal systems and controls are appropriately addressing AML/CFT issues. These inspections include, but are not limited to the adequacy of the IT framework, internal controls and bank’s policy and internal audit function in relation to AML/CFT. Furthermore, MASAK coordinates compliance inspections with AML/CFT regulation. Please refer to EC1.
EC8The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities.
Description and findings re EC8The MASAK is the only authority empowered to sanction financial institutions in case of non-compliance with the AML/CFT requirements.



Articles 13 and 14 of the AML Law specify the administrative fines and judicial penalties in failure to comply with obligations prescribed in the law. Furthermore, the Article 39(2) of the ROM, extends the administrative fines applicable for failure to comply with the CDD and suspicious transaction reporting obligations. Administrative fines are imposed by the MASAK.



The Article 14 of the TF Law stipulates that MASAK will monitor the compliance of institutions and persons holding assets with the freezing measures and the Article 15 of the TF Law sets out the penal sanctions applicable for failure to comply with freezing decisions.



The MASAK is also authorized to take any violation of Articles 4(2), 7 and 8 of the AML Law to the public prosecutor in order to allow the violating bank to be subjected to judicial penalty. (Article 4(2) is on disclosing the information in the suspicious transaction reports. Article 7 is on providing all kinds of information requested by MASAK. Article 8 is on the obligation of obliged parties to retain the documents, books and records for eight years.)



Although the powers of BRSA set out under the BL are not directly related to money laundering or terrorist financing crimes, the BRSA is authorized by law to implement administrative penalties to a bank that does not comply with its duties. The BRSA is also empowered to take any criminal activity by a bank to the public prosecutor. Among those criminal activities are failure to submit data and documents, failure to comply with the obligation of records keeping, false statement, non-recording transactions, non-factual accounting and embezzlement.
EC9The supervisor determines that banks have:
  • a) requirements for internal audit and/or external experts79 to independently evaluate the relevant risk management policies, processes and controls. The supervisor has access to their reports;
  • b) established policies and processes to designate compliance officers at the banks’ management level, and appoint a relevant dedicated officer to whom potential abuses of the banks’ financial services (including suspicious transactions) are reported;
  • c) adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and
  • d) ongoing training programs for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities.
Description and findings re EC9
  • a) The requirements for internal audit are established in the RICAAP and are assessed by the on-site examiners of the BRSA. Please also refer to CP 26 on internal control and audit.
  • b) Requirements for establishing compliance programs are prescribed in the ROC. The regulation includes requirements regarding the adoption of policies and procedures, the establishment of monitoring processes and controls and the appointment of a compliance officer to whom potential abuses of the bank’s financial services are reported.
  • c) MASAK regulation includes provisions to ensure high ethical and professional standards when hiring staff but those measures only address the screening of senior management.
  • d) Chapter 6 of the ROC includes provisions on the training of the staff on AML/CFT matters.
EC10The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilize adequate management information systems to provide the banks’ Boards, management and the dedicated officers with timely and appropriate information on such activities.
Description and findings re EC10MASAK (ROM) requires banks to report suspicious transactions (STR) via their compliance officers. The ROC, particularly chapter two, requires the establishment of institutional policies and procedures related to STR. Chapter 7 provides guidance on the internal controls.



Obliged parties send their institutional policies to MASAK that evaluate their adequacy. Additionally, articles 24 and 28 of the ROC requires the obligors to report detailed information on staff training and the works carried out in the scope of internal control activities.



General compliance inspections are carried out by the BRSA on behalf of MASAK. Please also refer to EC2.
EC11Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable.
Description and findings re EC11A member of a bank’s staff who reports suspicious activity in good faith will be protected under article 10 of the AML Law. According to this article, natural and legal persons fulfilling their obligations in accordance with this Law will not be subject to civil and criminal liability.
EC12The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes.
Description and findings re EC12MASAK is authorized to exchange views and information on the subjects within the scope of its duties. In that manner, MASAK may exchange information and documents with foreign counterparts and sign MoU (art. 12 of the AML law) establishing the basis for cooperation.



MASAK has been a member of the Egmont Group of FIUs since 1998. As member, MASAK is able to exchange information related to money laundering, and predicate offenses resulting in money laundering, with other members of the Egmont Group using the Egmont Secure Web and in accordance with the “Statements of Purpose of the Egmont Group and its Principles for Information Exchange.



The BRSA is also authorized by Article 98 of the BL to cooperate and exchange information regarding financial institutions and financial markets with any counterpart supervisory authority. Please refer to CP13.



MASAK and BRSA have signed a protocol on information exchange and working arrangements. Please also refer to EC2.
EC13Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks.
Description and findings re EC13As explained in EC1, the MASAK is the main supervisory authority for AML/CFT related issues pursuant to the Articles 11 and 9(1) (i) of the AML Law. Duties and powers of the MASAK include developing policies and implementation strategies, preparing legislation, collecting and analyzing data, receiving suspicious transaction reports and coordinating inspections on AML/CFT issues.



The MASAK conducts training activities for the obligors as well as the relevant regulatory and supervisory authorities. Within this framework, the MASAK conducted 6 workshops in 2014 with 64 participants from the Tax Inspection Board, Customs and Trade Ministry Inspection Board, BRSA, Comptrollers Board of the Treasury, Insurance Supervision Board of the Treasury and Capital Markets Board. Additionally, 5 workshops were conducted with 490 participants from the obligors including banks, insurance and pensions corporations and Islamic banks.



The BRSA also maintains a team of experts on AML/CFT issues in charge of inspections, drafting manuals and disseminate the expertise.



Finally, the MASAK provides information on risks of money laundering and the financing of terrorism to the banks in the form of handbooks, workshops and frequent contacts and discussions.
Assessment of Principle 29Largely Compliant
CommentsThe scope of the assessment of this principle was limited to the applicable regulation and the BRSA activities. It did not include MASAK coordinated inspections and other activities.



The AML law and related regulations forms the framework to prevent the abuse of financial services. The framework includes customer due diligence (CDD) rules and procedures to report suspicious transactions but have shortcomings that need to be addressed. In particular, the CDD requirements should include a customer acceptance policy that identifies business relationships that the bank will not accepted based on identified risks and enhanced due diligence on politically exposed persons. The framework should also require banks to report to the BRSA suspicious activities and incidents of fraud when such activities/incidents are material to the safety and soundness or reputation of the bank.

Summary Compliance with the Basel Core Principles

Core PrincipleGradeComments
1. Responsibilities, objectives and powersLCThe BL provides a broadly appropriate framework for regulating and supervising banks. It also provides clear responsibilities and adequate powers to the BRSA. However, the lack of appropriately defined hierarchy among the objectives of financial stability and development of the financial sector may cause potential conflicts and be harmful to the safety and soundness of banks. The assessors noted that some BRSA decisions (e.g., differentiations in loan loss provisions and loan restructuring rules) might be interpreted as rules that aim primarily to support financial development objectives. Such measures might affect the reputation of the supervisors and convey the message of forbearance. In order to be fully compliant with this principle the objective of development of the financial sector should be explicitly subordinated to financial stability in the BL
2. Independence, accountability, resourcing and legal protection for supervisorsMNCThe legal protection of the supervisor is broadly adequate. Nonetheless the institutional framework contains shortcomings that should be improved.



The BL establishes the BRSA as an independent body but it contains provisions that might undermine independence in practice. There are several channels of interaction between the BRSA and the government that, considered together, may accommodate political influence: i) the appointments of the Chair and Board members are made by the Council of Ministers without any confirmation process by any other independent body; ii) before putting into force regulatory procedures the BRSA needs, by law, to consult the related Ministry; iii) the Prime Minister approves the removal of members of the Board, if conditions specified in the BL are met, without publishing the reasons; iv) the relevant minister may permit lawsuit against board members; and v) the BL allows the relevant ministry to file a lawsuit for the cancelation of the Boards regulatory decisions (art. 105). These possible channels of political influence over the Agency, particularly considering the large role played by state-owned banks in Turkey, might cause conflicts of interest that might undermine financial stability.



The authorities should therefore amend the legislation to limit the cases that require the Minister’s involvement. In particular, it seems appropriate to establish a third party to perform a stronger role in the checks and balances framework such as, making regulatory consultation procedures more transparent, so that BRSA proposals and Ministry comments are published, introducing a process for appointments for the BRSA to be confirmed by a nonexecutive government body and removing the related minister permission for lawsuits for the cancelation of the BRSB regulatory decisions.



There also seems to be room for improving the accountability framework. Despite the periodic briefings from the BRSA to the Council of Ministers, the assessors did not see evidence of a third party aiming to ensure that the powers delegated to the BRSA are exercised appropriately and that its operations are effective and in line with its mandate and objectives.



Finally, in relation to resourcing, entry conditions to the BRSA are not attractive for the hiring of mid-career professionals and provide practical constraints in the event of a shortfall in experience levels.
3. Cooperation and collaborationCLegal provisions as well as operational frameworks for cooperation and collaboration with domestic and foreign authorities are in place. Protections on confidentiality appear appropriate. Regarding the lack of processes for recovery and resolution planning, the assessors do not see their absence as reflecting a lack of collaboration between authorities. See also CP9.
4. Permissible activitiesCThe BL provides clear definitions of activities that are only permitted to be conducted by registered banks, including taking deposits from the public.
5. Licensing criteriaLCProvisions in the laws and regulations related to licensing and the process followed by the BRSA provide a comprehensive framework to assess the adequacy of new registrations for banks, including foreign bank branches. The BRSA seems to have a broadly sound process to assess applications in practice. However, in order to maintain a licensing process fully compliant with the principle, the BRSA needs to additionally: i) impose requirements and assess if the bank’s board has a collectively sound knowledge of the material activities the bank intends to pursue; and ii) for cross-border banking operations, determine whether the home supervisor practices global consolidated supervision.
6. Transfer of significant ownershipCThe power given to the supervisor by laws and regulations as well as the current procedures provide broadly sound control and oversight regarding significant ownership of a bank and a controlling company.
7. Major acquisitionsCThe regulatory framework subjects major acquisitions and investments by banks and controlling companies to prior approval by the BRSA. The BRSA also has well established supervisory practices to limit and monitor risks arising from such activities. Going forward, supervisors should consider more extensively and formally the effectiveness of supervision in host countries.
8. Supervisory approachMNC
  • The BRSA has an established and comprehensive methodology to supervise banks. This methodology is documented in a number of manuals and leverages comprehensive databases and a broadly appropriate regulatory framework. Nevertheless, the practical implementation of the process is subject to shortcomings that needs to be addressed:
  • The inspections need to develop a more profound and forward-looking risk assessment nature, producing a clear view of the risks faced by and posed by the bank. Current conclusions tend to focus mostly on compliance issues and do not identify and make clear if there is need for broader and more forceful supervisory action. Supervisors also need to derive and highlight the implications of the specific findings for the broader risk assessment of the bank.
  • The BRSA should not take excessive comfort from the fact that issues are analyzed during the ratings process. By its own nature, and as currently applied by the BRSA, the ratings process is not deep enough to generate firm and actionable conclusions. From time to time, the scope of special inspections needs to encompass issues that are currently addressed only during the ratings phase.
  • The BRSA needs to enhance the forward-looking components of its assessments. Results of the ICAAP need to be more thoroughly analyzed and discussed with banks. Stress tests results should play a larger role in the assessment framework. In addition, the ratings methodology could explicitly incorporate the expected trend for each component.
  • Banks, particularly the systemically important ones, should be required to develop recovery plans and the BRSA should assess their resolvability.
  • The assessors understand that the BRSA is already developing actions to address some of the above issues and encourage the authorities to keep working to improve the efficiency of the process.
9. Supervisory techniques and toolsLCThe BRSA employs an array of tools and techniques to carry out its supervisory responsibilities. On-site and off-site functions are relevant and well developed. The different departments also share their findings with each other, but their work seems to be conducted in parallel with little coordination. The departments do not seem to have joint projects and supervisors do not exchange views beyond written reports. As required by EC1, it is important for the BRSA to develop policies and processes to assess the effectiveness and integration of on-site and off-site functions, and to address any weaknesses that are identified. Increasing the rotation between on- and off-site supervisors could also help the integration of the areas.



Communication with banks could also be improved. The BRSA should consider setting policies establishing at least one annual meeting between supervisors and the board of the bank. The end of the CAMELS rating process, when the supervisor summarizes its opinion of the bank, might be an appropriate occasion to explain to the board the views and concerns of the BRSA. The assessors understand that this is frequently done, but not systematically with all banks. Additionally, other important analyses done by the BRSA, such as the stress testing exercises could also be more clearly discussed with banks.
10. Supervisory reportingCThe regulatory framework requires banks and controlling companies to periodically submit a broad range of information. Regulatory and supervisory processes exist to ensure accuracy and comparability of submitted returns. Developed procedures for analyzing collected information and feeding into supervisory activities are in place.



Going forward the BRSA could consider formalizing the process of periodically review of the information collected, to determine that it remains appropriate and satisfies its needs.
11. Corrective and sanctioning powers of supervisorsLCThe BRSA has available an appropriate range of supervisory tools to use when, in the supervisor’s judgment, a bank is not complying with the regulations or represents a risk for the financial sector. Nevertheless, in practice, the remedial and corrective actions provided for in the law are rarely used at an early stage as a preventative measure. The BRSA seems to rely more heavily on administrative fines whose scope of application is more clearly defined in the BL than on taking actionsat an early stage to address unsafe and unsound practices that require supervisory judgment.



The assessors were presented evidence of BRSA actions requiring banks to make adjustments to practices and processes. Nevertheless, such action had a scope limited to specific issues such as the classification of particular loan operations. Evidence was not observed of supervisors addressing broader concerns about the risks posed and faced by banks from a deepening and expansion of the initial review, a point reinforced in the comments of banks.



The supervisory review process within the BRSA also seems to play a role towards limiting the issues that supervisors raise with banks. Although reviews of supervisory reports are necessary, the current process seems relatively skewed towards validation of compliance processes and thus constrains active supervisory judgments and decisions. Consideration could also be given to integration of supervision and enforcement, particularly in terms of communication with financial institutions, which might support a more risk focused and less compliance based supervisory approach.



In order to become fully compliant with this principle the BRSA needs to incorporate the results of forward looking tools more heavily in its decision making process and act at an early stage to restore weak banks and correct examples of unsound practices, even if formal prudential ratios haven’t been breached.
12. Consolidated supervisionLCThe regulatory and reporting framework provides a broadly appropriate structure for monitoring and assessing risks to banks from non-banking and foreign banking operations in banking groups. However, the current limitations of the CAMELS rating and ICAAP process, the BRSA should make further effort to monitor and manage risks arising from nonbanking and foreign activities or parent entities of a financial group. In this regard, as described in CP 8 and 9, the BRSA should deepen the analyses and strengthen its techniques, such as group-wide stress testing, to monitor and assess these risks. It is important to further improve the group-wide strategic view of the banking group operations and risks. Authorities should further improve the recovery and resolution planning of large banking groups particularly once the necessary power is given to the supervisor by the expected new legislation. Such planning should also consider scenarios where shocks originate from non-banking entities or parent groups. Taking into account that these shortcomings have already been reflected in other principles, particularly CP 8 and 9, the assessors considered this principle compliant.
13. Home-host relationshipsLCThe BRSA has made vast efforts to improve home-host relationship during the last few years. Among several initiatives the agency has started organizing colleges, signed a number of important MoUs and removed obstacles that weakened the supervision of Turkish banks’ operations in several countries. Nevertheless, considering that some Turkish banks hold material operations abroad, it is important to improve the relationship even further. In particular, it is essential to develop a framework for cross-border crisis coordination with relevant host authorities and the development of resolution plans that pay special attention to cross border issues.
14. Corporate governanceMNCThe legal framework surrounding the corporate governance framework for banks is extensive, but very heavily focused on board responsibilities regarding internal systems (risk management, internal control, internal audit). Examination processes (GAR and specialized examinations) have required steps to check board approvals, internal structures, and processes which reflect on the governance function. The BRSA approves board and senior management appointments. In this way, the BRSA reviews the appointments process of the bank.



However, the results of special examinations and supervisory processes consistently stop short of drawing conclusions, in analytical, narrative form, on the implications the findings have for critical areas that are directly linked to the examined area. These critical areas reflect directly on the corporate governance effectiveness of the bank (such as management oversight of business areas, adequacy of risk management and internal audit’s role in the subject areas, integrity of MIS that goes up to the board level, and ultimately, board oversight). As a result, supervisory observations are not easily collected in order to form a more cross-cutting, substantiated view on corporate governance and the adequacy of internal systems. Therefore, validation of the manner in which such internal systems and governance operates is not well supported. This impacts the degree to which the BRSA should place confidence in the systems that inform the board and itself, as well as the systems’ ability to generate early warning indicators of deterioration.



There is no requirement for the majority of the board to be composed of non-executive members which could result in, potentially, boards being composed of a majority of executive directors with only the 2 nonexecutives as currently required by the legal framework. However, practically speaking, 10 out of 53 banks are listed and must fall under the CMB Communique on governance which requires a majority of independent directors. Consideration should be given to upgrading legislation requiring the board to be composed of a majority of nonexecutive members, and ideally, with a certain minimum of independent individuals. (The definition of “independent” should be consistent with that used by the CMB in its Communiqué on Corporate Governance.)



Audit committee membership should be expanded. While some bank boards in the system have populated this committee with more members, a minimum of 2 members is considered too few in order to execute the duties assigned to it in a robust and effective manner. This is particularly so since the audit committee is considered an extension of the board and is assigned the task of internal systems oversight which includes risk management. In addition, the chair of this committee, in some banks, is also the chairman of the board which does not reflect best practice and potentially represents a conflict of interest. This committee should be expanded and should be composed of all independent directors. As well, legislation directs that audit committees have oversight responsibility for internal systems which includes risk management. Under the current audit committee structures, proper oversight of both critical areas is difficult at best. Risk management oversight responsibility should be separated from the audit committee, particularly in the more complex institutions (it was noted that one bank, in fact, constituted a separate risk management committee).



While three special examinations of governance elements have been conducted, there is a need to more regularly conduct cross-cutting assessments of corporate governance in a holistic manner which would, in part, leverage recent examination results and relevant offsite information as well as information generated from any enforcement actions. Consideration could be given to introducing such a review in order to enhance and better substantiate conclusions on the adequacy of a bank’s corporate governance.



Given the observations cited in the above ECs (board membership/objectivity, board nominations process, board committee structure and membership, management oversight and performance evaluation, succession planning, “know your structure requirements”, internal code of conduct, etc.) the BRSA should develop a more comprehensive corporate governance regulation that completes the elements of governance that already exist in guidelines and regulation. This type of instrument could be a focal point of supervisory corporate governance reviews in the future.
15. Risk management processLCThe RICAAP forms a part of the core of the BRSA’s regulatory framework for risk management. Given that the ICAAP is a relatively recent requirement, banks’ are still developing their approach and implementing important systems. The BCP team’s review of supervisors’ working papers and discussion with banks indicated that banks as well as supervisors are, in fact, in a learning phase. The quality of banks reports and the scrutiny of the reports by supervisors will need to develop further before the results can be more reliably and more extensively used.



Commensurate with their size and complexity of operations, banks should be specifically required to have qualified CROs with sufficient stature, position and authority within the organization to oversee risk management activities. The level of senior manager may not provide the necessary stature necessary to challenge high level risk decisions and processes.



As well, while there are comprehensive requirements for the evaluation of new products, parameters should be expanded to explicitly address material modifications to existing products and major acquisitions. It should also direct banks to restrict such products or activities if they do not have the necessary controls, management, and resources to manage related risks.
16. Capital adequacyCThe BRSA has adopted the various components of Basel II, 2.5 and III according to the framework established by the Basel Committee. Capital is calculated on a consolidated and solo basis for all banks and the BRSA has the authority to impose additional capital requirements on individual banks, as deemed necessary. The BRSA has applied the three Basel ratios (common equity tier 1, tier 1 and total capital) as well as countercyclical capital requirements, systemically important bank capital add-ons and a “capital planning buffer” that provides a forward looking nature to the capital regulation.



Going forward, as the BRSA gain experience with the ICAAP, it should consider simplifications to the framework to improve its enforceability and reduce banks’ compliance burden, particularly for non-systemically important banks. Simplifications that could be considered include restrictions on diversification benefits and use of models for credit, market and operational risk that have not been authorized for the Pillar 1 capital charge. The BRSA should also evaluate the interaction with other requirements such as the 12% parallel capital charge and the Basel capital buffers to prevent the effectiveness of the Pillar 2 regime from being damaged by another more stringent requirement that in practice makes the Pillar 2 charges irrelevant.
17. Credit riskMNCThe legal framework for credit risk is generally comprehensive. It establishes the responsibility of the board in this area, requires a framework for the credit business of banks, as well as prescribes a properly controlled credit risk environment. However, several issues exist which compromise the effectiveness the framework and its application.



As prescribed in regulation and organized in practice (verified through review of credit portfolio special examinations presented by the BRSA during the assessment) the credit risk management oversight (line management function) and credit risk management function and the organization therein create loopholes in independence and integrity of credit risk monitoring and reporting to bank boards and the BRSA:



1. The framework design does not require ongoing, independent (from the business line) credit risk monitoring of large individual exposures or homogeneous portfolios. Important source data (e.g., identification of deteriorating credits, level of (accurately) classified assets, status of restructured credits, etc.) is generated by a line management function (credit monitoring) without independent verification that 1) management identification processes are accurate and timely, 2) that management, itself, is well informed of the risk and that it is running and is upholding board prescribed underwriting standards, and therefore, accurately conveying its business risk, and that 3) timely borrower intervention is activated.



2. This (unverified) information generated by the line function is source data used by the risk management functions for audit committee and board reporting and is also likely the information also reported to the BRSA for monitoring and examination purposes.



Although the internal audit function plays an important role in ensuring a strong control environment, the function itself is not designed to play an ongoing surveillance role such as the independent credit risk management unit. It cannot replace the need to have such a function within the bank(s).



Highlighting the issues surrounding this organizational environment, examiners, through their inspection process, have identified important, clearly inaccurate classifications of credit that could easily indicate the existence of 1 and 2 above. However, the significance of these inaccurate classifications was not clear from the examination samples reviewed. Consistently, there was no indication of the size of the sample of reviewed credits, how significant the aggregate, inaccurately classified credit was to the total portfolio, and if such findings could be extrapolated to the entire portfolio.



Credit classification definitions, particularly in the special mention and substandard categories are overlapping. Evidence demonstrates that both the examiners, but especially the bankers, fluidly move credits among these categories which compromises the picture of the bank’s risk profile which accurate classification is intended to depict. As well, such movement and less rigorous classification impacts provisioning levels and ultimately, the accuracy of the bank’s financial statement.



The REPL explicitly allows restructuring of loss credit which is considering in many systems to be imprudent activity as such loans are, by definition, permanently impaired and considered “nonbankable” assets. In some systems, such credits are prohibited from being restructured. The draft REPL is silent on this issue but theoretically would allow this practice. This practice should be explicitly addressed (disallowed).



The manner in which the examiners present and write up the credits that they review during the special examination does not clearly depict the nature and volume of other related exposures (in the given bank) which, if presented, would help put the overall borrower relationship in context.
18. Problem assets, provisions, and reservesMNCThe framework for credit classification and provisioning is generally adequate. However, the accuracy of asset classification by banks, and therefore the integrity of reporting to boards and the BRSA is called into question given the nature of reclassifications assigned by onsite examiners and the lack of documentation therein. Loan write ups require more support and context as well as need to present nature of collateral and provision impact. Examination conclusions focus more on internal control issues rather than higher level implications for the condition and management of the credit portfolio under examination.



Given the lack of (documented) focus on the implications of important bank processes, the examination exercise missed the opportunity to identify very important linkages with and conclusions on:
  • Management’s understanding of their business and credit risk, ability to identify deterioration proactively - thereby allowing for early intervention.
  • Implications for internal systems => function, role, and independence of credit risk management – thereby validating the systems that the bank’s board and the BRSA depends upon in order to effectively oversee the institution. As well, these systems are key to the exercise of risk based supervision by the BRSA.
  • Inputs to evaluate corporate governance of the bank.
  • Accuracy of information conveyed to the board and the BRSA
The historical and statistical support for standard (general) and special mention loan categories is not substantiated by accumulated loss experience. It is not clear if appraised values, within a range, are being realized upon the sale of the properties or if provisioned amounts are adequately covering loss experience on classified loans. Clear parameters should be established for periodic valuation of underlying collateral on NPL exposures.
19. Concentration risk and large exposure limitsCThe legal framework addressing concentration risk and large exposures limits is generally in line with international standards. The definition of connected parties is comprehensive. The BRSA examines and monitors various exposures including, inter alia, large exposures, concentrations by sector, product, customer, and risk group.
20. Transactions with related partiesLCThe legal and regulatory framework for related parties is comprehensive. The offsite department receives and regularly monitors reporting from banks. The onsite review process for related parties is well structured; related party exposures and the controls and board processes therein are reviewed during the onsite processes.



However, there is no explicit provision that requires prior approval of related party transactions by the bank’s board. As well, no explicit provision requires approval (prior or post) of write-off of related party transactions.



While Article 48 of the BL provides a comprehensive definition of “loan” and related party limitations address such, legislation does not include other non-crediting transactions within the limitations addressing related parties. Legislation should be expanded to explicitly capture all transactions, including loans, within the parameters of related party limits and requirements.



The assessment team was informed that a draft revision of the BL is being prepared by the BRSA. Within this context, article 50 (a and b) may be revoked to allow board member borrowing from the bank. It will also address related party “transactions” as well. The assessment team cautions the BRSA on relaxing related party risk parameters. There are countries that continue to rigorously restrict extension of credit, as well as transactions with, related parties of the bank, including board members. This is an area which historically has proven consistently problematic in distressed bank situations. Therefore, the team advises caution in widening the scope for such exposures.
21. Country and transfer risksCBRSA guidance adequately captures country and transfer risk as well as other relevant risks. Banks are expected to establish country risk parameters as well as systems for monitoring exposures, including indirect foreign-exchange risk and indirect country risk. Country risk is evaluated through the CAMELS review process and via the risk matrix of the bank.
22. Market riskCThe BRSA has adopted comprehensive regulation and guidance through which to direct banks to identify, measure, and monitor their market risk exposures. This includes parameters for valuation, stress testing, and model use. For examination purposes, these elements are largely addressed through the CAMELS rating/GAR methodology review process, and on an overall basis, during the ICAAP review.



Of note, currently, specialist expertise is not deployed to evaluate the scenarios or calculation details of the stress testing exercises. Examiners review the models used to measure market risk. However, they also depend substantially on the banks’ model validation process. To deepen the work and enhance the forward looking aspect, the BRSA could consider deploying trained specialists to assess stress test approaches and mathematical integrity and to leverage resulting advice/input on specialized exams. As well, enhanced examiner expertise in the area of model evaluation could provide added assurance to the BRSA on the integrity of bank models used.
23. Interest rate risk in the banking bookCBRSA supervision of interest rate risk is addressed through several activities. It is reviewed as a part of the overall ICAAP review process and captured as an input in the stress testing conducted therein. As well, the supervisor covers elements of interest rate risk through the GAR process, as described in EC 1 above, which is conducted onsite but not to the depth of what a special examination would require. However, specialized examinations of this area are not yet conducted.



The BRSA should develop specialized examination procedures for interest rate risk where it identifies increasing or high risk areas. The BRSA should use specialized expertise with which to evaluate scenarios and assumptions used for more complex stress testing as well as to review model validations during onsite examinations or, as an offsite exercise.
24. Liquidity riskCThe BRSA has set up a comprehensive framework for liquidity regulation, monitoring, and assignment of bank responsibilities. Regulation is in some cases more rigorous than international benchmarks. A wide range of tools is in place for monitoring banks’ liquidity positions and funding experience. The CAMELS review/GAR methodology addresses liquidity, and specialized examinations are conducted when a change in trends or strategy is detected. As well, the BRSA underwent a Regulatory Consistency Assessment of its Basel III LCR regulations for which it received a “compliant” rating.



However, review of onsite documents indicated that conclusions regarding liquidity, funding stability, and management processes stopped short of considering other areas of the balance sheet, growth trends, asset quality, and management processes, etc. to support conclusions. Such issues are critical to the overall review process and should be captured and clearly conveyed in examination documents to supported supervisory observations. This is particularly important given that some banks may have tight liquidity positions including relatively high loan to deposit ratios.



The central bank has taken a number of steps in recent years to support the strengthening of foreign currency funding. There appears to be an opportunity to strengthen liaison between the BRSA and the CBRT on the monitoring and management of foreign liquidity risk. Given the potential foreign exchange roll over risk residing in banks’ positions, consideration could be given to increasing the ultimate target for the FX LCR from 80% to 100% to further strengthen the management of liquidity risk.
25. Operational riskCOversight of operational risk is anchored in RICAAP and further expanded in the GORM which comprehensively addresses relevant aspects of this risk. The supervisory process explicitly addresses this risk through the evaluation of the ICAAP process and reports submitted by banks as well as through the GAR process and as a part of MIS evaluation and controls during specialized examinations.
26. Internal control and auditCThe legal framework is comprehensive in this area, both as it is articulated in the requirements for internal systems and separately as requirements specifically directed to the internal audit function. Review of the internal audit process is an important part of the onsite (GAR) process covered each supervisory cycle. However, targeted or specialized examinations of the internal audit process, leveraging the GAR results as well as specialized examination results as partial inputs, could enhance the validation of this important function. Such validation by the BRSA is important in order for it to maintain or increase the degree of confidence (and therefore, dependence) it can place in audit outputs as early warning indicators of shifting risk.
27. Financial reporting and external auditCProcedures surrounding financial reporting and external audit are well established. Accounting standards closely follow IFRS and provisioning standards are set to dovetail with the implementation of IFRS 9. Valuation procedures for financial assets are comprehensive. BRSA conducts review of valuation procedures and of valuation models as a part of the onsite examination process. Parameters for banks’ external audit process are well established.
28. Disclosure and transparencyCBanks are required to disclose their financial statements according to TFRS and TAS, the Turkish version of IFRS and IAS, on both a solo basis and consolidated basis. Disclosure requirements for nonfinancial information are adequate. BRSA regularly evaluates the timeliness and content of external audit/annual reports for compliance with regulatory parameters and Pillar III disclosures.
29. Abuse of financial servicesLCThe scope of the assessment of this principle was limited to the applicable regulation and the BRSA activities. It did not include MASAK coordinated inspections and other activities.



The AML law and related regulations form the framework to prevent the abuse of financial services. The framework includes customer due diligence (CDD) rules and procedures to report suspicious transactions but have shortcomings that need to be addressed. In particular, the CDD requirements should include a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks and enhanced due diligence on politically exposed persons. The framework should also require banks to report to the BRSA suspicious activities and incidents of fraud when such activities/incidents are material to the safety and soundness or reputation of the bank.

Recommended Actions and Authorities’ Comments

A. Recommended Actions

Recommended Actions to Improve Compliance with the Basel Core Principles and the Effectiveness of Regulatory and Supervisory Frameworks
Reference PrincipleRecommended Action
Principle 1Subordinate the objective of development of the financial sector to the objective of financial stability in the BL.
Principle 2Review the legislation to limit the cases that require the Minister’s involvement with BRSA activities.



Improve the accountability framework to enhance the scrutiny of the activities of the agency in relation to its objectives.



Create alternative arrangements that facilitate the possibility of hiring experienced experts when needed.
Principle 5Impose requirements and assess if the bank’s board has a collective sound knowledge of the material activities the bank intends to pursue. Determine whether the home supervisor practices global consolidated supervision, for cross-border banking operations.
Principle 8Develop a more profound risk assessment nature for the inspections. Produce a clear view on the risks faced by and posed by the bank. Derive implications of the specific findings for the broader risk assessment of the bank.



Incorporate within the scope of special inspections issues that are currently addressed only during the ratings phase.



Enhance the forward-looking components of the assessments: results of the ICAAP need to be more thoroughly analyzed and discussed with banks; stress tests results should play a larger role in the assessment framework and; the ratings methodology could explicitly incorporate the expected trend for each component.



Require banks to develop recovery plans.



Assess the resolvability of the banks.
Principle 9Develop policies and processes to assess the effectiveness and integration of on-site and off-site functions, and address any weaknesses that are identified. Consider the case for integrating the supervisory and enforcement functions.



Improve communication with banks. The BRSA should consider setting policies establishing at least one annual meeting between supervisors and the board of the bank. Important analyses done by the BRSA, such as the stress testing exercises could also be more clearly discussed with banks.
Principle 11Incorporate the results of forward looking tools more heavily in the BRSA decision making process and act at an early stage to restore weak banks and correct unsound practices, even if formal prudential ratios have not been breached.
Principle 12Make further efforts to monitor and manage risks arising from nonbanking and from foreign activities or parent entities of a financial group. Deepen the analyses and strengthen BRSA techniques, such as group-wide stress testing, to monitor and assess these risks.



Improve the recovery and resolution planning of large banking groups particularly once the necessary power is given to the supervisor by the expected new legislation. Consider scenarios where shocks originate from nonbanking entities or parent groups in such planning.
Principle 13Develop a framework for cross-border crisis coordination with relevant host authorities and the development of resolution plans that pay special attention to cross border issues.
Principle 14Develop a more comprehensive corporate governance regulation (and/or introduce changes to primary law) that completes the elements of governance that already exist in guidelines and regulation. Utilize this type of instrument as a focal point for supervisory corporate governance reviews in the future.



Expand the qualifications of the collective board by requiring the majority to be composed of independent directors. Provide a comprehensive definition of independent.



Expand the minimum number of (independent) directors on the audit committee.



As bank activities warrant, separate risk management responsibilities from the audit committee and require that banks establish risk management committees.



Enhance examination conclusions in special reviews by extending conclusions to comment upon the integrity and independent of relevant internal systems, the quality of management oversight and capacity, MIS and board reporting, etc.



Develop a cross-cutting, more holistic assessment methodology for corporate governance which would, in part, leverage GAR and special examination results and relevant offsite information as well as information generated from any enforcement actions. Introduce such a review in order to enhance and better substantiate conclusions on the adequacy of a bank’s corporate governance.
Principle 15See P 8 recommendation on further strengthening the ICAAP process.



Require banks, commensurate with their size and activities, to have qualified CROs with sufficient stature, position and authority within the organization to oversee risk management activities, as the current level of senior manager as head of risk management (as enumerated in law) may not provide the stature necessary to challenge high level risk decisions and processes.
Principle 17Evaluate and revise the relevant legislative and practical aspects of banks’ credit risk monitoring and risk management organizational arrangements. Address the independence and integrity of the internal credit risk rating process and the need for independent verification of line management ratings and actions and the functions’ ability to generate early warning information. Evaluate the implications of the current structure on the integrity and accuracy of monitoring and reporting to bank boards and the BRSA.



Evaluate and revise the definition of credit classifications, particularly the special mention and substandard categories, making them more concise and clear cut, thereby enhancing their application by bankers and BRSA.



Enumerate the BRSA’s position on rebooking of charged off credit in the REPL.
Principle 18Upgrade written conclusions and write ups of credits classified during the examination process in order to more clearly substantiate the context of the classified credits and implications of findings on other areas, including management oversight and capacity, risk management process and accuracy, and ultimately corporate governance and financial statement accuracy.



Present additional relevant information in examiner loan write ups to further substantiate the overall credit relationship, the creditworthiness of the borrower and its impact on the overall credit exposure, and further support for the credit re-classification.



Substantiate findings in credit areas where no re-classifications were determined necessary by the examiner(s).



Develop historical and statistical support for required provisioning levels, documenting whether amounts are adequately covering loss experience on standard, special mention, and classified loans.



Develop clear parameters for periodic valuation of underlying collateral on NPL exposures.
Principle 20Enumerate explicit legal provisions that require *prior* approval of related party transactions by the bank’s board as well as board approval of related party exposures that are written off the bank’s books.



Expand the requirements surrounding related parties to capture all transactions with related parties, not just loans.



Exercise caution on relaxing related party risk parameters and possible revocation of parameters surrounding board member borrowings.
Principle 22Deploy trained specialists to assess banks’ stress test approaches and the mathematical integrity therein and to leverage resulting advice/input on specialized exams.



Enhance examiner expertise in the area of model evaluation to provide added assurance to the BRSA on the integrity of models used by banks.
Principle 23Develop specialized examination procedures for interest rate risk in the banking book.



Deploy specialized expertise with which to evaluate scenarios and assumptions used for more complex stress testing as well as to review model validations during onsite examinations or, as an offsite exercise
Principle 24Expand written analysis during liquidity/funding risk examinations to capture the impact of and relation to of other areas of the balance sheet, growth trends, asset quality, and management processes, etc. to support higher level conclusions.



Strengthen liaison between the BRSA and the CBRT on the monitoring and management of foreign liquidity risk. Consider increasing the ultimate target for the FX LCR from 80% to 100% to further strengthen the management of liquidity risk.
Principle 29Include in the CDD framework a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks and enhanced due diligence on politically exposed persons.



Require banks to report to the BRSA suspicious activities and incidents of fraud when such activities/incidents are material to the safety and soundness or reputation of the bank.

B. Authorities’ Response to the Assessment80

25. The BRSA of Turkey would like to thank the IMF, the World Bank, and the FSAP mission team for their BCP assessment work. It must be noted that the whole FSAP mission brought forward essential value added to the effectiveness of the supervisory process. BRSA intends to fully utilize the assessment outcome as an opportunity to further improve and strengthen Turkey’s banking regulation and supervision. BRSA will take into account and carefully consider recommendations drafted by the FSAP mission team both within the scope of the actions that BRSA has already started to take and for future arrangements towards increasing compliance with the Basel Core principles for effective banking supervision. In fact, BRSA has already started on some of the mission team’s recommendations and plans to work on the remaining recommendations under an appropriate timetable.

26. It must be noted that since the assessments conducted in 2006 and 2011, the bar of the standards has been raised by BCBS (the BCP methodology was revised in 2012). This assessment, consequently, is not appropriate for comparison with either previous assessments or other countries’ assessments.

27. BRSA has prepared a list of action points towards increasing compliance with the Basel Core principles for effective banking supervision. BRSA also would like to express additional arguments for some of the CPs in order to bring greater balance to the FSAP mission team’s assessment.

Responsibilities, Objectives and Powers; Independence and Accountability (Principle 1-2):

28. Although there is no explicit statement in the BL regarding financial safety and soundness is being the primary objective, it is implied in BRSA’s regulatory and supervisory functions. All regulations and sub-regulations as well as supervisory manuals issued stress the financial safety and soundness objective of BRSA. Nevertheless, BRSA will review the current objectives and consider subordinating the objective of development of the financial sector to the objective of financial stability in BL.

29. Regarding the limiting of the related ministry’s involvement with BRSA’s activities, there is an ongoing process of drafting an amendment to BL that proposes the revocation of article 105 which enables related ministry to file a lawsuit to revoke BRSB’s regulatory decisions.

30. BRSA will review its alternatives regarding the transparent scrutiny of its activities in relation to its objectives and responsibilities without hindering its independence and autonomy.

Supervisory Approach, Techniques and Tools (Principle 8-9):

31. BRSA would like to note that within the current framework of supervision, all risks that banks are exposed to as well as the financial safety and soundness of banks are adequately supervised and BRSA has a well understanding of both individual banks and banking industry as a whole. However, BRSA agrees with the assessment that supervision products need to have explicit and clear narratives about supervisory view on the risks faced by banks. In this respect, BRSA has already developed actions and started to revise its supervisory manuals and processes as part of an established ongoing improvement framework.

32. BRSA will enhance forward-looking components of its supervisory framework by incorporating an expected trend element for each CAMELS component and risk type within its ratings and risk assessment methodology. Furthermore, BRSA is planning to fully incorporate the results of ICAAP and stress tests to its supervisory framework and to increase the depth of the current analysis conducted on stress test and ICAAP results.

33. In 2013, BRSA and SDIF have jointly established a working group to conduct a self-assessment of current resolution procedures with respect to the FSB Key Attributes. Based on the recommendations of this working group, a draft legislation has been prepared to align the national framework with the above mentioned international standards. Currently, joint task group established by BRSA and the SDIF has been reviewing the technical details to finalize the mentioned draft, which includes the principles of recovery planning and resolvability assessment. BRSA will continue its efforts to decrease the gaps in its regulatory and supervisory framework regarding recovery planning and resolvability assessments.

34. In the organization of BRSA, on-site and off-site examination functions are organized under different departments. Nevertheless, there are both formal and informal communication channels between on-site and off-site functions in order to ensure effective supervision of banks. Periodic bank-specific surveillance reports and sector-wide reports are sent to on-site examiner, and off-site function is notified about the on-site supervision findings continuously. Enforcement departments, which are responsible for formal correspondence of supervisory findings, are also organized separate from on-site and off-site functions to serve as a mean for internal review and evaluation of examination products. All of the supervisory findings stated in reports are communicated to bank without exception formally by enforcement departments.

35. BRSA will review its alternatives in order to further improve coordination and integration among its on-site, off-site examination and enforcement functions.

36. On-site examiners are in constant dialogue with banks management during the regular examinations. In addition to entry and exit meetings held with senior management and audit committee members, on-site examiners hold several meetings with banks managers and directors, when needed. Furthermore, BRSA management also hold meetings with bank managers and directors (especially the audit committee members) when there is an issue to discuss, although there is no periodic meetings held with the whole board of directors. On the other hand, if there are serious issues regarding bank and the actions stated in article 68, 69 and 70 are required, the instructions are directed to BOD of the bank. In order to further improve the communication with banks, BRSA will consider establishing periodic meetings between supervisors and the board of the bank.

Corporate Governance (Principle 14)

37. The Turkish banking legislation is based on one-tier structure where the members of the board who do not have any management responsibilities are non-executive members. In practice except the general manager (CEO) who is a natural member of the board, the members generally do not have management responsibilities in the bank. In order to ensure the existence of non-executive members in the boards the BL has imposed banks to have minimum 2 non-executive board members while in practice the majority of domestic systemically important banks do have more than 2 independent members in the board. This regulation is in line with the paragraph 47 of “Guideline on Corporate Governance Principles of Banks”, issued by the Basel Committee on Banking Supervision in July 2015, stating that board of the bank should be comprised of a sufficient number of independent directors”. Furthermore, current executives (except general manager) of banks cannot be elected as board members according to BRSB resolution.

38. Besides, RICAAP Article 6 defines the non-executive members in a way that is very similar to the definition of independence given in the CMB Communiqués. Therefore, the non-executives are expected to be objective and independent from the influence of other parties according to this sub-regulation.

39. CMB’s Communiqué on Corporate Governance (CMB’s Communiqué), which is applicable to publicly traded companies including banks, requires that (1) majority of board of directors should consist of non-executive directors, (2) there should be independent directors who are able to perform their tasks without any influence from the third parties, (3) the number of independent board members should correspond to at least one thirds of the total number of members. Also, CMB’s Communiqué elaborates the required qualifications of the independent board members, which are very similar to the ones mentioned for non-executive members given in RICAAP.

40. Since 10 deposit banks in Turkish Banking Industry are publicly traded (6 of them are large scale banks), they are subject to CMB’s Communiqué. As a result, a publicly traded bank with 5 members of the board of directors is required to have at least 3 independent directors.

41. According to CMB’s Communiqué, these banks are required to include the Corporate Governance Principles Compliance Report as a separate section in their annual reports. These reports should involve explanations about the proper adoption of the CMB corporate governance principles (as articulated in the Communiqué) and the conflicts of interest resulting from not wholly adopting these principles. Furthermore, in these reports, banks are required to disclose the structure of their board of directors, with reference to the number of non-executive as well as the number of independent directors.

42. According to the above mentioned corporate governance compliance reports, number of board members of the large scaled publicly traded banks range between 9 and 14. Five of these banks have 2 members and one of them has 5 members in their audit committee. In addition to the independent members, who are also non-executive and members of the audit committee, publicly traded banks have additional independent members in order to meet the requirements of the CMB’s Communiqué. In that context, five of the large scaled publicly traded banks have 3 and one of them has 5 independent members. All of these banks have the non-executive directors corresponding to the majority of the total number of members, the number of non-executive directors ranging between five and ten. In all cases, the chairman of the board of directors is nonexecutive.

43. With regard to the independency and objectivity of the board, principle 3 of the RCGP requires the board of directors to be able to make independent evaluations about the operations of the bank. In that context, the board of directors should make objective recommendations and should consist of a sufficient number and composition of members providing the basis for a decision making process free of any influence from other parties and free of conflicts of interest.

44. Furthermore, BRSA has communicated its expectations to banks regarding corporate governance principles through RICAAP, RCGB and the best practice guidelines issued recently.

45. Nevertheless, for following the recommendations of FSAP mission team, BRSA will review its current regulatory framework for Corporate Governance and will consider expanding the qualifications of the collective board, reviewing its definition of “nonexecutive/independent member”, expanding the minimum number of directors on the audit committee and explicitly requiring banks to establish risk committees.

46. Currently, governance structures of banks are examined in detail within the scope of Special Inspections conducted for Organization, Management and Strategy. In fact, in 2014 and 2015 three Special Examinations were conducted in three banks and those examinations focused on corporate governance issues. Besides, effectiveness and efficiency of corporate governance structure is also assessed during CRRE process based on a number of criteria under the component of “M”anagement. This assessment mainly focuses on effectiveness of board oversight, capabilities of board of directors, board meetings, implementation of policies and procedures approved by board, treatment of exceptions to limits or policies and procedures, contents of Board MIS. The conclusions from this assessment affect the Management component rating and the final rating of the bank.

47. Furthermore, during Special Inspections conducted in other areas like loan portfolio or liquidity, if examiners identify an issue that may be an indicator for a serious weakness in corporate governance structure of bank, it is most certainly included in report in writing and it is communicated to the bank immediately before the examination is finalized.

48. In order to further improve its supervisory framework for corporate governance, BRSA will enhance its examination procedures for corporate governance issues in order to incorporate clear narratives on implications of supervisory findings over integrity of internal systems, quality of management oversight and capacity, MIS. BRSA will also consider conducting holistic assessment for corporate governance in an appropriate time frame.

Credit Risk, Problem Assets, Provisions and Reserves (Principle 17-18)

49. In Turkey, organization of Credit Risk Management in banks, which is governed by RICAAP and GCM, has four key parts: active board and senior management oversight over credit function, adequate loan policies and procedures, adequate credit risk measurement, monitoring and MIS, adequate internal control and internal audit functions over loan activities.

50. Risk Management Unit within internal systems and credit monitoring departments are parts of the credit risk management framework together with credit operations (back office), financial control, internal control and internal audit functions etc.

51. According to GCM, loan activities of banks should be organized in a way that enables functional segregation of duties and prevents any conflict of interest. In practice, in line with the principles stated in GCM, loan activities of banks are organized under three main functions generally: marketing, underwriting and monitoring, which are all line management functions. GCM requires banks to establish these three functions separately without causing any conflict of interest.

52. Banks are required to have information systems that enable credit monitoring department to conduct those functions on the basis of customer, group, and portfolio. According to GCM Principle 7, banks’ information systems related to credit monitoring are required to be based on reliable data and should be validated periodically.

53. Besides to credit monitoring departments, internal audit is also an important function in credit risk management framework. According to GCM, loan activities of banks are reviewed regularly by internal systems units. Accuracy and reliability of reports submitted to the board of directors and the audit committee is also reviewed by internal audit units according to RICAAP article 21.

54. According to REPL, banks are required to review their loan portfolio in terms of classification at least quarterly and they are required to document those review for the largest 200 loans (or the ones above 250.000 TL). The loan review documentation for the largest 200 loans is usually prepared by internal audit. Besides, internal audit units conduct loan review within the scope of regular audit activities.

55. The adequacy of banks’ credit risk management is assessed regularly by on-site examinations both in Special Inspections and CRRE process. Loan activities are frequently subjected to Special Inspections. In fact, in 2014 and 2015, 70 Special Inspections were conducted in 27 banks. During Special Inspections, both size of the credit risk and the adequacy of the credit risk management are assessed. If any weakness is identified during these special inspections, the issues are communicated to banks both during the inspections and the formal correspondence stage. Furthermore, the conclusions from special inspections are fed into CRRE process in which the final rating of the bank is assigned.

56. Therefore, banks in Turkey have generally well established credit risk monitoring structures and these structures are adequately supervised by BRSA. Nevertheless, following the recommendations drafted by FSAP mission team, BRSA will review regulatory and practical aspects of credit risk monitoring and risk management organizational arrangements in order to further improve the independence, effectiveness and efficiency of the credit risk management organizations in banks. Also, BRSA is planning to increase the standardization in examiner loan write-up so that they include all relevant information needed to further substantiate the overall credit relationship, the creditworthiness of the borrower and its impact on the overall credit exposure, and to incorporate clear narratives in loan review reports regarding implications of findings on other areas such as management oversight and capacity, risk management process and corporate governance.

57. Furthermore, BRSA will consider reviewing current definition of credit classifications in order to make them more concise and clear cut.

58. To conclude, BRSA has recently issued an extensive number of best practice guidelines and made numerous changes in regulations in order to increase compliance level of its regulatory framework to international best practices. Although there is a natural time gap between regulations and implementations, BRSA has committed itself to increasing compliance level of its regulatory and supervisory framework and will take the remaining recommendations of FSAP mission in the Report into consideration for future arrangements towards increasing compliance with the Basel Core principles for effective banking supervision.

1This Detailed Assessment Report has been prepared by Caio Fonseca Ferreira, IMF and Laura Ard, World Bank.
3In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries, affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for example non-bank (including non-financial) entities, may also be relevant. This group-wide approach to supervision goes beyond accounting consolidation.
4The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the subsequent Principles.
5Such authority is called “the supervisor” throughout this paper, except where the longer form “the banking supervisor” has been necessary for clarification.
6In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.
7In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global systemically important banks: assessment methodology and the additional loss absorbency requirement, November 2011.
8Please refer to Principle 1, Essential Criterion 1.
9Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host relationships” (13) and “Abuse of financial services” (29).
10The Committee recognizes the presence in some countries of non-banking financial institutions that take deposits but may be regulated differently from banks. These institutions should be subject to a form of regulation commensurate to the type and size of their business and, collectively, should not hold a significant proportion of deposits in the financial system.
11This document refers to a governance structure composed of a board and senior management. The Committee recognizes that there are significant differences in the legislative and regulatory frameworks across countries regarding these functions. Some countries use a two-tier board structure, where the supervisory function of the board is performed by a separate entity known as a supervisory board, which has no executive functions. Other countries, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these differences, this document does not advocate a specific board structure. Consequently, in this document, the terms “board” and “senior management” are only used as a way to refer to the oversight function and the management function in general and should be interpreted throughout the document in accordance with the applicable law within each jurisdiction.
12Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January 2003.)
13Please refer to Principle 14, Essential Criterion 8.
14Please refer to Principle 29.
15While the term “supervisor” is used throughout Principle 6, the Committee recognizes that in a few countries these issues might be addressed by a separate licensing authority.
16In the case of major acquisitions, this determination may take into account whether the acquisition or investment creates obstacles to the orderly resolution of the bank.
17Please refer to Footnote 33 under Principle 7, Essential Criterion 3
18On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on supervisory concerns, etc.
19Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of further off-site and on-site work, etc.
20Please refer to Principle 10.
21In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle 27.
22Please refer to Principle 2.
23Please refer to Principle 1, Essential Criterion 5.
24As of May 31, 2016, 1 TL equals 0.34 US$
25Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions.
26Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisor, yet it is ultimately the supervisor that must be satisfied with the results of the reviews conducted by such external experts.
27Please refer to Principle 1.
28Please refer to footnote 19 under Principle 1.
29Please refer to Principle 16, Additional Criterion 2.
30See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on supervisory colleges for further information on the extent of information sharing expected.
31Please refer to footnote 27 under Principle 5.
33The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the company. Often interpreted as requiring the board member to approach the affairs of the company in the same way that a ‘prudent man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual board members from acting in their own interest, or the interest of another individual or group, at the expense of the company and all shareholders.”
34“Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and “risk tolerance” are treated synonymously.
35For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure, encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or members of the banking group through other entities in the wider group.
36To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by the underlying reference documents.
37It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a bank’s Board and senior management.
38New products include those developed by the bank or by a third party and purchased or distributed by the bank.
39The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions that have declared that they have voluntarily implemented it.
40The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business. Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test that banks are adequately capitalized on a stand-alone basis.
41Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital measurement and capital standards: a revised framework, comprehensive version, June 2006.
42In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses, among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls. Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the appropriate level of capital to support the risks it is running and the risks it poses.
43“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses and reverses stress testing.
44Please refer to Principle 12, Essential Criterion 7.
45Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.
46Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities.
47Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.
48“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or counterparty risk associated with various financial instruments.
49Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.
50Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions (“above the line” charges to profit).
51It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.
52Export trade 0%.
53general provision is 2.5% for group SME credits that have had their loans extended, for group-cash commercial corporate = 5%.
54Retail loans carry a higher provisioning rate due to efforts to slow credit growth in this area. General provisions for retail loans excl mortgages and credit cards = 4%. Provisioning requirements go up to 10% for group retail loans that have been extended.
55Connected counterparties may include natural persons as well as a group of companies related financially or by common ownership, management or any combination thereof.
56This includes credit concentrations through exposure to: single counterparties and groups of connected counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures (including guarantees and other commitments) and also market and other risk concentrations where a bank is overly exposed to particular asset classes, products, collateral, or currencies.
57The measure of credit exposure, in the context of large exposures to single counterparties and groups of connected counterparties, should reflect the maximum possible loss from their failure (i.e., it should encompass actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).
58Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of September 2012, a new Basel standard on large exposures is still under consideration.
59Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related interests, and their close family members as well as corresponding persons in affiliated companies.
60Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as, dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party.
61An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g., staff receiving credit at favorable rates).
62Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk as all forms of lending or investment activity whether to/with individuals, corporate, banks or governments are covered.
63Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics – Guide for compilers and users, 2003.)
64Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book. Interest rate risk in the trading book is covered under Principle 22.
65Reference Document: Basel III: The Liquidity Coverage Ratio and liquidity risk monitoring tools, January 2013, BCBS.
66The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk.
67Business units imply basic units such as corporate financing, retail banking etc.
68In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee.
69The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance who should be independent from business lines.
70The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small banks to implement a system of independent reviews, e.g., conducted by external experts, of key internal controls as an alternative.
71In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for ensuring that financial statements are prepared in accordance with accounting policies and practices may also be vested with securities and market supervisors.
74For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting, stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.
77The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU), rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8 and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the criteria mentioned in this Principle.
78Consistent with international standards, banks are to report suspicious activities involving cases of potential money laundering and the financing of terrorism to the relevant national centre, established either as an independent governmental authority or within an existing authority or authorities that serves as an FIU.
79These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions.
80If no such response is provided within a reasonable time frame, the assessors should note this explicitly and provide a brief summary of the authorities’ initial response provided during the discussion between the authorities and the assessors at the end of the assessment mission (“wrap-up meeting”).

Other Resources Citing This Publication