COMPLIANCE POLICY ON PREVENTION OF MONEY LAUNDERING … · The Compliance Program applies, in terms of their authorities and responsibilities with respect to the prevention of money

COMPLIANCE POLICY ON PREVENTION OF MONEY

LAUNDERING AND TERRORIST FINANCING

Document No : PLT.UYUM.0003.02

Revision No : 2

Effective Date : 14.06.2017

Revision Date : 17.01.2018

Page No : 2/22

CONTENTS

1. PURPOSE AND SUBJECT MATTER ............................................................................................................. 3 2. ABBREVIATIONS AND DEFINITIONS ........................................................................................................... 5 3. DUTIES, POWERS AND RESPONSIBILITIES ................................................................................................. 7 3.1. DUTIES, POWERS AND RESPONSIBILITIES OF THE BOARD OF DIRECTORS ....................................................................... 7 3.2. SENIOR MANAGERS’ DUTIES, POWER AND RESPONSIBILITIES ........................................................................................ 8 3.3. DUTIES, POWERS AND RESPONSIBILITIES OF THE COMPLIANCE OFFICER AND COMPLIANCE UNIT ............................... 8 3.4. DUTIES, POWERS AND RESPONSIBILITIES OF THE EMPLOYEES OF THE BANK ................................................................. 9

4. KNOW YOUR CUSTOMER AND CUSTOMER IDENTIFICATION ................................................................... 10 4.1. GENERAL PRINCIPLES ON CUSTOMER ACCEPTANCE AND TRANSACTIONS ................................................................... 12 4.2. PROHIBITED ACCOUNTS AND REAL AND LEGAL PERSONS WHO CANNOT BE ACCEPTED AS A CUSTOMER .................. 12 4.3. RELATIONSHIP WITH PERSONS RESIDENT IN RISKY COUNTRIES .................................................................................... 13 4.4. TRANSACTIONS REQUIRING SPECIAL ATTENTION .......................................................................................................... 13 4.5. WIRE TRANSFERS ............................................................................................................................................................ 13 4.6. TAKING MEASURES AGAINST TECHNOLOGICAL RISKS ................................................................................................... 13 4.7. PRINCIPLE ON RELIANCE ON THIRD PARTIES IN CUSTOMER IDENTIFICATION .............................................................. 14

5. RISK MANAGEMENT ACTIVITIES ............................................................................................................ 14 5.1. CUSTOMERS WITH HIGH-RISK ........................................................................................................................................ 15 5.2. PRODUCTS AND SERVICES WITH HIGH”-RISK ................................................................................................................. 16 5.3. COUNTRIES, REGIONS WITH HIGH-RISK ......................................................................................................................... 16

6. MONITORING AND CONTROLLING ......................................................................................................... 16 6.1. MONITORING THE CUSTOMER AND CUSTOMER’S TRANSACTIONS .............................................................................. 17 6.2. DETERMINATION AND NOTIFICATION OF SUSPICIOUS TRANSACTIONS ........................................................................ 18 6.3. REJECTION OF TRANSACTION AND TERMINATION OF BUSINESS RELATIONSHIP .......................................................... 18

7. COMPLIANCE TRAININGS ...................................................................................................................... 19 7.1. TRAINING POLICY ........................................................................................................................................................... 19 7.2. TRAINING ACTIVITIES ..................................................................................................................................................... 19 7.3. TRAINING SUBJECTS ....................................................................................................................................................... 20 7.4. REPORTING OF TRAINING RESULTS ................................................................................................................................ 20

8. INTERNAL AUDIT ................................................................................................................................... 20 8.1. PURPOSE AND CONTENT OF INTERNAL AUDIT .............................................................................................................. 20 8.2. INTERNAL AUDIT ACTIVITIES AND REPORTING OF THE RESULTS ................................................................................... 21

9. OTHER PROVISIONS .............................................................................................................................. 21 9.1. COOPERATION WITH NATIONAL AND INTERNATIONAL INSTITUTIONS ......................................................................... 21 9.2. PROVISION OF INFORMATION AND DOCUMENTS, MAINTENANCE AND CONFIDENTIALITY OF THE RECORDS ............. 21 9.3. VIOLATION OF THE LIABILITIES ....................................................................................................................................... 22

10. ENFORCEMENT AND AMENDMENTS .................................................................................................... 22


Revision No : 2



Page No : 3/22

1. PURPOSE AND SUBJECT MATTER

Given the banks occupy a crucial place in the operations of laundering of proceeds of international crimes (AML)

and terrorist financing (TF), both national states and international organizations have agreed that the banking

activities should be closely monitored. When the use of the national and international banking systems for the

purpose of laundering proceeds of crime can be obstructed, the laundering of proceeds of crime by the organized

crime groups can significantly be prevented. The basic methods used in the aforementioned purpose are the

imposition of certain liabilities for the banks to comply with so that they are not subject to such acts and actions,

the monitoring of the banking activities by the local administrative authorities and raising the awareness of the

banks’ employees with regard to this subject.

The most directing and compulsory measures have been developed by the international organizations (United

Nations, Council of Europe, IMF, World Bank, OECD, FATF). The efforts of the international organizations have

brought about the harmonization of the local legislations of the national states. In this respect, several legal

regulations have been issued under the leadership of the Financial Crimes Investigation Board (MASAK), which is

the regulatory authority on the matter mentioned herein.

Vakıf Katılım Bankası A.Ş. adopts combating money laundering and financing of terrorism as one of the most

important responsibilities, for purposes of compliance to laws and regulations as well as preserving its prestige

and its customer quality and it is determined to fight in that respect. The bank adopts:

International agreements, regulations and undertakings to which our country is a party to,

Laws promulgated in the scope of money laundering and terrorist financing, and regulations and

communiqués issued thereunder,

Approaches, methods and implementations generally accepted as a whole by international standards

and recommendations on money laundering and terrorist financing

as basis in constituting implementations regarding the fight against money laundering and terrorist financing.

The Bank has issued this “Compliance Policy on the Prevention of Money Laundering and Terrorist Financing”

under the consideration of the size of the enterprise, the work load and the quality of the operations executed or

to be probably executed, in order to comply with the Law No. 5549 on Prevention of Laundering Proceeds of

Crime and the regulations and communiqués promulgated thereunder. This policy document shall be referred to

as the “Compliance Policy”.

The Compliance Policy constitutes “VAKIF KATILIM BANKASI A.Ş. COMPLIANCE PROGRAM” (hereinafter referred

to as “Compliance Program”) created as per the “Regulation on Program of Compliance with Obligations of Anti-

Money Laundering and Combating the Financing of Terrorism” issued with reference to article 5 of the Law No.

5549, together with the documents of the Bank in the form of procedures, regulation, job definition which are

mentioned below and which shall be referred to in the related sections herein for the explanations and details.

- PLT.UYUM.0003 – The Compliance Policy on Prevention of Money Laundering and Terrorist Financing

- PRS.UYUM.0003 – Know Your Customer and Customer Acceptance Procedure

- PRS.UYUM.0002 – Customer/Transaction Monitoring and Suspicious Transactions Reporting Procedure


Revision No : 2



Page No : 4/22

- PRS.UYUM.0004 – Customer Compliance Risk Classification Procedure

- PRS.BOSM.0001 – Customer Identification and Account Opening Procedure

- YNT.UYUM.0001 – Compliance Unit Regulation

- GRT.UYUM.0001 – Compliance Director (Compliance Officer) Job Description

The objectives of the Compliance Program are ensuring the fulfillment of the liabilities with respect to the

prevention of money laundering and terrorist financing, the designation of the strategies aiming to diminish or

eliminate the risks that the customers, their operations and services may be exposed to by evaluating them with

a risk-based approach, determination of the internal control of the Bank and the measures, the operation rules

and the responsibilities therein, and raising awareness of the employees with regard to these subjects. The

Compliance Program includes the following measures:

The creation of the Bank’s compliance policies and procedures,

The conduct of the risk management activities,

The conduct of the monitoring and control activities,

The appointment of a compliance officer and the foundation of a compliance unit,

The conduct of training activities,

The conduct of the internal audit activities.

The Compliance Program applies, in terms of their authorities and responsibilities with respect to the prevention

of money laundering and terrorist financing, to the Board of Directors of the Bank, the Senior Management of the

Bank, the Head Office units, branches, subsidiaries, and the branches and units abroad and their managers and

employees on at each level to the extent the laws and administrative authorities of the countries where they

operate permit.


Revision No : 2



Page No : 5/22

2. ABBREVIATIONS and DEFINITIONS

Ministry; means the Ministry of Finance,

MASAK means the Financial Crimes Investigation Board,

FATF (Financial Action Task Force) means the inter-governmental organization established in 1989 by the G7

countries (USA, Japan, Germany, France, England, Italy and Canada) before OECD, and the primary purpose of

which is to implement several standards in scope of the fight against proceeds of crime and to coordinate the

activities of the member-states,

Financial Institution means Banks, institutions having the authorization to issue bank cards or credit cards,

authorized establishments determined in foreign exchange legislations, loan institutions in scope of the legislation

in regards with loans, financing and factoring companies, capital markets intermediary institutions, intermediary

institutions for futures products and portfolio management companies, investment funds’ managers, investment

companies; insurance, reinsurance and pension companies and insurance and reinsurance brokers, financial

leasing companies, institutions providing settlement and custody services in scope of the capital markets

legislation and General Directorate of Turkish Post and Telegraph Administration to the extent limited with its

banking activities,

Law means the law no. 5549 and dated 11.10.2006 on the Prevention of the Laundering of Proceeds of Crime,

Bank means Vakıf Katılım Bankası A.Ş.,

Asset means money, all movables or immovable, all tangible and intangible rights that have monetary value, and

all legal documents or instruments certifying the rights upon them,

Proceed of Crime means money, any security replaceable with money and assets and all benefits obtained

because of committing the crimes with prison sentence of 6 months minimum under the Turkish Criminal Law

No.5237 dated 26.09.2004,

Money Laundering means transfer of any asset incoming from any crime with prison sentence of 6 months

minimum abroad, concealing the illegitimate source of such assets, put these assets through several transactions

so as they give the impression they have been gained in legitimate means,

Terrorism means actions made in order to terrorize a community or to force a government or an international

organization to execute or abstain from executing certain action. It includes the following actions made by using

force and violence with one of the methods of oppression, terrorizing, intimidation, suppression or threat;

Change the characteristics of the Republic, the political, legal, social, laic and economic order,

Disrupt the in integrity between the Country, the Nation and the State,

Endanger the existence of the State and the Republic,

Debilitate, break down or occupy the authority of the State,

Demolish fundamental rights and liberties,

Break the State’s domestic and foreign security,

The acts committed to disturb the public order or general health.

Crime of Terrorist Financing means the provision and collection of funds for a terrorist or terrorist organizations

for the execution or knowing and wanting the executions of the acts prohibited under Article 3 of the Law on

Prevention of the Financing of Terrorism no. 6415 and promulgated on 07.02.2013


Revision No : 2



Page No : 6/22

Acts of willful murder or grievous injury with the intent of scaring or intimidating a community or to

force a government or an international organization to execute or abstain from executing certain

action,

The acts accepted as crime of terror under the Anti-terror Law no. 3713 dated 12.4.1991,

The acts defined as crime and prohibited under 9 Agreements and Protocols attached to the International

Agreement on Preventing Terrorist Financing dated 1999 and to which Turkey is a party,

Obliged Party means a person who operates in the field of banking, insurance, individual pension, capital markets,

money lending and other financial services, and postal service and transportation, lotteries and bets; those who

deal with exchange, real estate, precious stones and metals, jewelry, all kinds of transportation vehicles,

construction machines, historical artifacts, art works, antiques or intermediaries in these operations; notaries,

sport clubs and those operating in other fields determined by the Council of Ministers,

Risk means the financial loss or loss of reputation that our bank or our employees may be exposed to due to use

of our services for the purpose of money laundering and terrorist financing or not complying completely with the

obligations established through the Law or Regulations and Communiques issued in accordance with the Law,

Customer Risk means the fact that the Customer’s business line easily allows the intense use of cash, the purchase

and sale of the goods with high value or the international fund transfers; the risk of the abuse of the Bank because

of the Customer or the Customer’s representatives acting with the intention of laundering proceeds of crime and

terrorist financing,

Country Risk/Geographical Risk means the risk the Bank may be exposed to because of the business relations

and transactions entered into with the citizens, companies and financial institutions of the countries that are

announced by the Ministry of Finance out of those lacking appropriate money laundering and terrorist financing

laws and regulations, being non-cooperative in the right against these offenses or being identified by competent

international organizations as risky,

Service Risk means the risk the bank may be exposed to in scope of non-face-to-face transactions, the services

such as private or correspondent banking or new products to be offered by using developing technologies,

Politically Exposed Persons (PEP’s) mean any head of state or government who is vested with a high public

service, any high-level politics, government officers, judicial or military staff, political party representatives

occupying important positions and senior managers in public institutions in Turkey or in any foreign country, their

families and the persons they have close relationships with,

Permanent Business Relationship means a business relationship between the Bank and the customer established

through services such as opening a bank account, extension of a loan or issuance of a credit card, safe-deposit

box rent, financing, factoring, financial lease, life insurance or personal pension and that is, in nature, a permanent

relationship,

Transient Business Relationship means a random relationship established upon an act and/or transaction, with

persons or institutions that do not have any relationship with the bank such as an account or any relation which

would define them as a Customer,

Suspicious Transaction means any situation where there is an information, a doubt or a reason that would raise

a doubt with respect to the asset subject to the transaction made or intended to be made before or by the

intermediary of the Bank, in terms of its unlawful provision, its usage by unlawful means, its use in scope of

terrorist attacks or made by terrorist organizations, terrorists or people financing terrorism, or such transaction

is concerns them or is connected to them.


Revision No : 2



Page No : 7/22

Complex and unusual transactions mean during the evaluation pertaining to risk profile or fund sources, any

transaction giving the impression that there is a disproportion between the customer’s financial ability and the

transactions he/she made or the business is not compatible with the transaction’s economic, commercial or legal

aims, and transactions with high volume, in scope of the information about the customer and additional

information received during the request of transaction,

Regulation on Measures means the Regulation on Measures Regarding Prevention of Laundering Proceeds of

Crime and Financing of Terrorism,

Regulation on Compliance Program means the Regulation on Program on Compliance with Obligations of Anti-

Money Laundering and Combating the Financing of Terrorism,

Compliance Program means the set of measures intended for the prevention of money laundering and terrorist

financing and created under the related legislation within the Bank and the Bank’s Compliance Policy,

Compliance Officer means the officer who is employed for the purpose of ensuring the compliance with

obligations established under the Law on the Prevention of Proceeds of Crime and the legislation issued as per

the Law and who is entrusted with the provision of the Bank’s compliance with the liabilities in the

aforementioned legislation,

Compliance Unit means the unit which is directly attached to the Compliance Officer and composed by taking

into account the Bank’s business size, business volume, number of branch or staff, or the size of the risks it may

encounter, in order to provide the Compliance Officer fulfills his/her duties and responsibilities effectively in scope

of the laundering of proceeds of crime and terrorist financing legislation and who is charged with the conduct of

the compliance program.

3. DUTIES, POWERS AND RESPONSIBILITIES

Every manager and employee in any level of the Bank is liable with knowing completely his/her local and

international legal and administrative obligations and responsibilities on combating money laundering and

terrorist financing, with recognizing the regulatory and supervisory authorities involved in this combat. The

competent and supervisory authority in Turkey on the prevention of money laundering and terrorist financing is

the Financial Crimes Investigation Board (MASAK).

3.1. Duties, Powers and Responsibilities of the Board of Directors

The Board of Directors is ultimately responsible for carrying out the whole compliance Program in scope of the

“Regulation on Compliance Program” efficiently. Under the scope of related regulation, the Board of Directors is

authorized and responsible for;

Assigning a compliance officer,

Explicitly determining in written form the authorities and responsibilities of the compliance officer and

the compliance unit,

Approving Bank’s policies, annual training programs and amendments to be made in accordance with

developments,

Assessing the results of risk management, monitoring, control and internal audit activities carried out

under the Compliance Program,


Revision No : 2



Page No : 8/22

Taking necessary measures for timely elimination of the detected errors and deficiencies,

Ensuring an efficient and coordinated performance of all the activities carried out under the scope of the

Compliance Program.

In scope of the Regulation on Compliance Program, the powers stated under Article 6, paragraph 2 of the

Regulation shall be performed by the Audit Committee by using the opportunity provided in Article 6, paragraph

3 of the same Regulation. This kind of power assignment shall not remove the power of the Board of Directors in

the related fields. The Board of Directors may annul such empowerment at any time it deems appropriate. Audit

Committee shall inform the Board of Directors on important issues regarding the compliance such as the

appointment of the Compliance Officer, the amendments made in compliance policies. On the other hand, the

Audit Committee has the discretion not to use the power attached to itself and to submit the subject to the Board

of Director’s approval.

3.2. Senior Managers’ Duties, Power and Responsibilities

The Senior Management of the Bank is responsible towards the Board of Directors for the expedient and effective

implementation of this policy, related procedures and connected documents and this Compliance Program in the

Head Office of the Bank and in the branches, by all employees, and to provide measures for the Bank is not

exposed to the risks relating to money laundering and counter terrorist financing shall be taken.

3.3. Duties, Powers and Responsibilities of the Compliance Officer and Compliance Unit

A Compliance Officer has been appointed and a Compliance Unit has been established to implement the standards

on national and international level regarding the AML/CTF in the Bank’s Head Office and branches, to follow-up

the legal amendments, to perform the necessary works to ensure the full compliance to the liabilities in the

legislation in the Bank’s operations, hence to arrange training programs on laundering of proceeds of crime and

terrorist financing and provide the Bank and the employees shall be informed.

The Compliance Officer shall carry out its activities by reporting to the Audit Committee to which the Board of

Directors assigned its powers in scope of the related legislation, provided that the ultimate responsibility remains

with the Compliance Officer.

In this respect, the duties and responsibilities of the Compliance Officer are as follows:

To perform necessary works to ensure that the Bank complies with the Law and the regulations issued

pursuant to the Law and to provide the necessary communication and coordination with MASAK,

To develop bank’s policies and procedures and to submit institutional policies for the approval of the

Board of Directors,

To develop risk management policy,

To develop monitoring and controlling policies and to carry out activities related to it,

To submit its works regarding training program on the prevention of money laundering and terrorist

financing to the approval of the Audit Committee and to ensure the effective implementation of the

approved training program,

To evaluate the information and findings obtained through researches that she/he carried out to the

extent of his/her power and the possibilities regarding eventual suspicious transactions which were


Revision No : 2



Page No : 9/22

forwarded or detected by his/her initiative and to report the transactions which he/she considered to be

suspicious to MASAK,

To take necessary measure for ensuring the confidentiality of reports and other relevant matters,

To regularly keep information and statistics on internal audit and training activities and to send them to

MASAK within the periods specified in the Regulation.

The Compliance Officer and Compliance Unit staff is entitled to require any document and information they need

to fulfill their obligations, to examine them, to research and request additional explanation from the Bank’s staff

pertaining to the duty and consult with the Bank’s staff, and also to warn related management levels so that they

take necessary measures.

The Compliance Unit shall perform the operations pertaining to its liabilities of managing risks, monitoring and

control regarding the combating the laundering of proceeds of crime or terrorist financing, and training liabilities.

The duties and responsibilities of the Compliance Unit are set out in detail in its job description based on the

position.

3.4. Duties, Powers and Responsibilities of the Employees of the Bank

The employees of the Bank are obliged to

Prevent the Bank being used in money laundering and terrorist financing activities,

Take necessary actions when they encounter a suspicious transaction and report to Compliance Unit and

Compliance Officer,

Comply with the applicable legislation pertaining to money laundering and terrorist financing.

This policy is delivered to the Bank’s employees against their due signature and/or it is ensured they read it from

the main electronic banking system (EBS) and this fact is tracked over electronic records. The subsequent

amendments to this policy shall be deemed delivered to the relevant staff when notified by the system or by

other electronic means and media, or by other means deemed appropriate.

Employees of the Bank shall not provide any banking services, consultancy or any other assistance to the

persons and/or institutions intending to violate or avoid the legislation on the anti-money laundering and

terrorist financing and the methods and principles set out in this Policy. The said legislation shall not only apply

to the criminal who intend to launder unlawful proceeds, but also to the financial institutions and their employees

who are related to the mentioned transactions even though they are aware that the asset subject to the financial

transaction(s) constitutes a crime factor. In this respect, “information” or “to know” includes the concepts of

“intentional blindness” and “intentionally avoiding the information”. An employee of a financial institution who

notices suspicious transaction(s) but who intentionally does not perform necessary research and inquiry and/or

who prefers to be indifferent to the situation is deemed to have the necessary “information”.

The employees of the Bank who do not comply with this Policy shall incur disciplinary punishment including

dismissal. The violation of the legislation on the combating laundering of proceeds of crime and terrorist financing

may cause the Bank’s employees get prison sentence and that their money and assets are seized together with

the Bank, additionally they may be exposed to another set of sentences.


Revision No : 2



Page No : 10/22

The employees of the Bank shall not abstain from asking questions about any suspicious transaction or reporting

the relevant event. Should an employee of the Bank is aware that she/he believes he/she or the Bank is used for

the laundering of proceeds of crime and/or terrorist financing, when she/he feels pressure on that subject or

she/he has to compromise his/her judgment values, he/she shall be responsible for notifying such event or

situation to the Compliance Officer or the Compliance Unit. It is obvious that such employee shall not be punished,

dismissed or receive a negative reaction when he/she asks any question or mentions about any event regarding

these responsibilities and obligations.

4. KNOW YOUR CUSTOMER AND CUSTOMER IDENTIFICATION

“Know Your Customer” principle shall consist of the Bank having sufficient knowledge about the customers and

customers’ activities and the development of policies and procedures before the Bank to obtain such information.

By the execution of this principle a relationship based on mutual trust by providing a disclosure in customer’s

transactions and information shall be established and maintained, the determination if a transaction i is suspicious

or not shall be possible and the minimization of the risks of the Bank shall be ensured. In scope of “Know Your

Customer”, during the establishment of the permanent business relationship and execution of the requested

transactions, necessary measures are taken under the legislation and Bank’s Compliance Policy and procedures

with respect to;

Identification,

Determination if the customer is acting vicariously or on his/her own behalf,

Detection of the beneficial owner,

Provision of sufficient information about the requested transaction and its content,

Monitoring the customer’s situation and transactions throughout the customer relationship duration,

Customers, activities and transactions requiring special attention.

As per the banking regulatory and supervisory authorities the “Know Your Customer” principle goes beyond the

opening of a bank account with a simple identification and address and with a simple registration, this principle

requires being informed in respect with;

The consistency of the information and documents received from the customer,

Customer’s aim in preferring the Bank and opening an account,

Customer’s profession, main business branch providing an income, the principles of his/her work,

his/her commercial past and the business in which he/she carries out activities, his/her experience in

his/her branch, business volume and his/her education,

The sources where the funds subject to the opened accounts or activities come from or go to.

The essential point in money laundering and terrorist financing is the customer. Therefore, the customer’s

identification is crucial in combating the proceeds of these unlawful activities. During the establishment of

permanent business relationship with customers and the execution of the requested transactions, the essential

condition precedent is the correct, complete and timely determination of customer's identity. The identification

is performed by the provision, detection, control and confirmation of the information regarding the customer’s

identity. In this scope the identification is done;


Revision No : 2



Page No : 11/22

Without taking into consideration any amount during the establishment of a permanent business

relationship,

Without taking into consideration any amount if any doubt arises regarding the sufficiency and

accuracy of the previously received customer’s identity,

Without taking into consideration any amount in situations where the suspicious transaction shall be

notified,

When the amount of the transaction or the total amount of several transactions connected to each

other exceed the amount set out in the legislation.

By taking information regarding the identity of the customers and people acting on customers’ behalf and by

confirming the accuracy of this information. In permanent business relationship, information regarding the aim

of the business relationship and its content shall be taken.

As a general rule, the business relationship shall absolutely not be established and the transactions required by

related persons shall absolutely not be executed unless and until the potential customer’s identity is duly

determined or sufficient information on the objective of the business relationship is received. Similarly, when the

identification and identity confirmation which should have been done in case of any doubt about the sufficiency

and accuracy of previously obtained customer’s identity information is not done, the business relationship shall

be ended.

The inadequacy in implementation of the “Know Your Customer” may cause loss in reputation and

trustworthiness for the banks towards national and international regulatory and supervisory banking authorities,

their customers, their shareholders, their foreign correspondences, and may give rise to fraud and serious

customer, transaction and credit risks such as legal and condensation risk.

The following measures set out in section 3 entitled “Principles Regarding Know Your Customer” in the

Regulations on Measures;

- Identification,

- Identification of natural persons’ identity,

- Identification of legal entities registered to the trade registry,

- Identification of associations and foundations,

- Identification of trade unions and confederations,

- Identification of political parties,

- Identification of non-resident legal persons,

- Identification of unincorporated organizations,

- Identification of public institutions,

- Identification of persons acting on behalf of others,

- Identification of the ultimate beneficial owner,

- Control of the authenticity of documents subject to verification,

- Identification in subsequent transactions,

- Simplified measures,

- The details of the procedures and principles to be executed regarding enhanced measures and about the

matters mentioned herein


Revision No : 2



Page No : 12/22

are set out in the below documents that are complementary to this Policy and the elements of the Bank’s

Compliance Program that are



- PRS.UYUM.0002 – Customer/Transaction Monitoring and Suspicious Transactions Reporting Procedure

4.1. General Principles on Customer Acceptance and Transactions

The provision of

The real identity and address of the customer,

The consistency between the information and the documents received,

Customer’s aim in preferring the Bank and opening an account,

Customer’s profession, main business branch generating income, the principles of his/her work,

Sufficient information on the transaction profile and capacity of the customer, his/her work place or

activity location

has the utmost importance in establishing a relationship between the bank and the customer based on

transparency and trust.

Additionally, the utmost care and attention shall be paid on the followings:

When there is a doubt about the legitimacy of the acquisition of a person’s or institutions’ funds or wealth

they shall not be accepted as customer,

When a third person cannot clearly certify that he/she has been authorized by the customer, his/her

request to open bank accounts for more than one person shall not be met,

When there is not any notary approval on the proxies, no transaction shall be effectuated.

During a new customer acquisition to the bank (opening an account and similar transactions where customer

relationship is permanent), the authorized personnel of the branches and customer representatives are

responsible for the identification of the customer and his/her address, the provision and confirmation of all

information and documents envisaged under the related legal and administrative legislation and set out in our

Bank’s internal regulations and implementations.

4.2. Prohibited Accounts and Real and Legal Persons who Cannot be Accepted as a Customer

In the Bank;

Those who abstain from giving information or providing any record,

Those who want to open an account with a pseudonym or an anonymous name,

Those who do not want to provide satisfactory information about the source of his/her money and his/her

transactions,

Those whose name match with the lists announced by the government agency and who are

unobjectionable, and qualified as such by the Compliance Department.

The banks which do not have any physical presence in any country (shell banks),

Enterprises of which the owner cannot be identified

shall not be accepted as customer and the transactions requested by them may not be performed.


Revision No : 2



Page No : 13/22

The related branch or unit shall communicate such situation to the Compliance Unit or Compliance Officer so that

the business relationship established with the persons or institutions realized to be in the abovementioned

situation shall immediately be terminated and that necessary operations shall be executed.

4.3. Relationship with Persons Resident in Risky Countries

The Bank shall pay particular attention to its relationships and transactions with real and legal persons, with

unincorporated organizations resident in risky countries and with citizens of those countries, shall gather as much

information as possible with respect to the purpose and content of the transactions that seemingly does not have

any reasonable legitimate and economic purpose and shall register them.

4.4. Transactions Requiring Special Attention

The Bank shall be required to pay special attention to complex and unusually large transactions and the ones with

no apparent reasonable legitimate economic purpose, which are against “the nature of things” or “the ordinary

course of life”, to take necessary measures in order to obtain adequate information on the purpose of the

requested transaction and to keep information, documents and records obtained in this scope in order to submit

upon request of authorities.

4.5. Wire Transfers

In national or international wire transfers of TRY 2,000.00 or more, the below information shall be included in the

message;

a) Name and surname, title of the legal entity registered to the trade registry, full name of the other legal

persons and unincorporated organizations,

b) Account number, or reference number of the transaction where no account number exists,

c) The address or birth of place and date at least one of the numbers such as TR-ID number, passport

number, tax ID number for identifying the originator.

The transfers carried out between banks on behalf of themselves or for their own benefit and the transfers carried

out by using credit or bank cards provided that card numbers are included in the messages shall be out of the

scope of the above paragraph. In the event the Bank receives a wire transfer message not including the

information specified in subparagraphs (a), (b) and (c), either it shall return the said wire transfer message or it

shall complete short-coming information through the financial institution who sent the message. In the event that

the messages sent include short-coming information permanently and they are not completed despite the

request, either the wire transfer received from originator financial institution may be refused or transactions

carried out with related financial institution may be restricted or business relationship with related financial

institution may be ceased.

4.6. Taking Measures against Technological Risks

The Bank shall, in order to prevent the risk of using facilities introduced by new and developing technologies for

money laundering and terrorist financing and shall take appropriate measures including creating secure

transaction webs for non-face-to-face transactions executed in electronic media, using passwords to identify and

verify the identity of the person requiring the transaction or giving an order for its prevention. The Bank is required

to take appropriate and effective measures including paying special attention to operations such as depositing,

withdrawing and wire transfers which are carried out by using systems enabling the institutions to conduct non-


Revision No : 2



Page No : 14/22

face-to-face transactions, closely monitoring the transactions that are not consistent with financial profile or

activities of the customer or do not have connection with his/her activities, and establishing a limit to amounts

and number of transactions.

4.7. Principle on Reliance on Third Parties in Customer Identification

The Bank can establish business relationships or carry out transactions by relying on measures taken with respect

to the customer by another financial institution on identification of the customer, the person acting on behalf of

customer and ultimate beneficial owner, and on obtaining of information regarding the purpose of business

relationship or transaction.

Reliance on third parties shall be possible only if;

The required measures are taken for meeting the requirements of identification, record keeping and know

your customer,

The third parties are also subject to regulations and supervision in combating money laundering and

terrorist financing in accordance with international standards if the third parties are resident abroad,

The relying party is sure that certified copies of documents relating to customer identification can

immediately be provided from the third party when requested. The customer’s identification are

immediately taken from the third party when the Bank established a business relationship by relying on

a third party.

The transactions which the banks conduct between themselves on behalf of customers and relationships between

financial institution and its agents, similar units or outsourcing entities are not within the scope of the principle

of reliance on third parties”. The principle of “reliance on third parties” may not be applied to the cases where

the third party is resident in a risky country.

5. RISK MANAGEMENT ACTIVITIES

An approach with risk focus is an effective method to diminish the risks of the laundering of proceeds of crime

and terrorist financing with the stages of defining, grading, monitoring, evaluation and managing the risks.

The Bank defines notions such as customer risk, service risk and country risk through policies and procedures on

the laundering of proceeds of crime and terrorist financing risks, and it grades and classifies the services provided

to customers, the transactions and the Customers according to the risks. As the result of this classification, the

Bank develops procedures with respect to the monitoring of the transactions and the customers on the next step,

provides additional information and document regarding the asset subject to the transaction as much as it can,

in scope of know your customer.

The principles and procedures pertaining to the risk management policy, risk management activities and

additional measures aimed for the risky groups with high risk mentioned under Section 3 titled “Risk

Management” of the Regulation on Compliance Program, and the details of the implementations mentioned in

this section are set out in the below documents which are the complements of this Bank and the Bank’s

Compliance Program;




Revision No : 2



Page No : 15/22

- PRS.UYUM.0002 – Customer/Operation Examination and Reporting of Suspicious Transactions Procedure

- PRS.UYUM.0004 – Customer Compliance Risk Classification Procedure

Risk management activities carried out by the Bank in the scope of the Risk Management Policy cover at least:

Improving risk defining, rating, classifying and assessing methods based on customer risk, service risk and

country risk,

Rating and classifying services, transactions and customers depending on the risks,

Developing proper operational and control rules for ensuring monitoring and controlling risky customers,

transactions or services; reporting in a way that warns related units; developing proper operational and

control rules so that the transaction is carried out in accordance with the superior’s approval and is

audited when necessary,

Questioning retrospectively the coherency and effectiveness of risk defining and assessing methods and

risk rating and classifying methods depending upon sample events or previous transactions, reassessing

and updating them according to achieved results and new conditions,

Carrying out required development works through pursuing recommendations, principles, standards and

guidelines established by national legislation and international organizations related to issues under the

scope of risk,

Reporting risk monitoring and assessing results regularly to the board of directors.

The risks relating to money laundering and terrorist financing the Bank may be exposed to due to its customers,

activities and transactions are classified under three main titles:

Customer risk

Service risk

Country risk

In the scope of the monitoring and controlling activities the Bank rates the risks in terms of its customers, services

and transactions as LOW, MIDDLE and HIGH risk and the customers with low, middle and high risks are determined

in terms of money laundering and terrorist financing according to their professions, professional past, activities,

economic situation, accounts and transactions and the country where the customer resides/carries out activities

and similar up-to-date information and the customers are monitored according to their risk profiles.

During the process of the identification of high-risk customers Branch Manager’s and, as the case may be,

Compliance Unit’s approval shall be needed. In such event the Branch Manager and/or Compliance Unit controls

and confirms information and documents they deem necessary, completes necessary examination and research

in regards with the real/legal person requesting account opening and gives and accepts or rejects the account

opening request. If necessary, he/she can consult the higher management’s view and decision.

5.1. Customers with High-Risk

The customers with the risk of the laundering of proceeds of crime and terrorist financing are accepted by their

nature as customers with risk. In the Bank, the below customers are considered risky by their nature and defined

as with “high-risk”:

Non-governmental, non-profit organizations (Associations and Foundations etc.),

Politically Exposed Persons – PEP’s,


Revision No : 2



Page No : 16/22

Institutions such as Political Party Organizations,

Embassies and consulates,

Unions and Trade Unions,

Correspondent Banks,

Competent establishments (exchange offices),

Jewelers, those who trade valuable stones and metals such as gold and diamond,

Those who operate in lines of work where there is an intense use of cash.

5.2. Products and Services with High-Risk

In general cash transactions, instruments to bearer and customers’ funds deriving from electronic fund transfers

and transactions of which the reason of activity is unknown and which cannot be related to the customer’s field

of activity are monitored with empowered procedures. The below products are deemed to be high-risk

products/service by the Bank:

Wire Transfers

Collection of the Personal Checks Drawn to Foreign Banks,

Systems that can make non-face-to-face transactions,

Private banking products and services.

5.3. Countries, Regions with High-Risk

The following countries and regions and the customers residing in or in connection with these countries and

regions are closely monitored since they are considered being in high-risk category in terms of the country risk:

Countries in the list of “Non-Cooperative Countries” announced by the Bank,

Countries in the list of “Risky Countries” announced by related Ministry,

Countries sanctioned by the United Nations Security Council, European Union or OFAC (Office of Foreign

Assets Control linked to USA Ministry of Treasury) due to their policies and implementations pertaining

to the laundering of proceeds of crime and terrorist financing.

Cross-border Centers, Free Zones and Financial Centers,

Regions called as tax heaven,

Countries deemed to be risky according to international legislation in terms of the laundering of proceeds

of crime and terrorist financing.

6. MONITORING AND CONTROLLING

The purpose of monitoring and controlling is to protect the Bank against risks and to permanently monitor and

control whether their operations are carried out in accordance with the Law and regulations and communiques

issued under the Law, and the Bank’s policies and procedure. Monitoring and controls are established with a

risk-based approach. Within this scope, monitoring and control programs are developed according to the

quality and levels of the risks with respect to the customers, transactions and services of the Bank and they are

implemented effectively. Moreover, the Bank takes appropriate measures to monitor the transactions made

out of the permanent business relationship and creates a risk management system within this purpose.


Revision No : 2



Page No : 17/22

Monitoring and controlling activities carried out in the Bank shall at least include the following activities;

Monitoring and controlling the customers and transactions in the high-risk group,

Monitoring and controlling transactions conducted with risky countries,

Monitoring and controlling complex and unusual transactions,

Control of the institution, through sampling method, of whether the transactions exceeding the amount

that the Bank will determine according to the risk policy are consistent with the customer profile,

Monitoring and controlling linked transactions which, when handled together, exceed the amount

requiring customer identification,

Control of customer related information and documents which are required to be kept in electronic

environment or in written form and the information required to be placed in wire transfer messages,

completing the issuing information regarding business, risk profile and fund resources of the customer,

During the business relationship, ongoing monitoring whether the transaction conducted by the customer

is consistent with information regarding business, risk profile and fund resources of the customer,

Control of the transactions carried out through using systems enabling the performance of non-face-to-

face transactions,

Risk based control of services that may become prone to misuse due to newly introduced products and

technological developments.

Risk based monitoring and controlling activities are developed and carried out under the supervision and

coordination of the Compliance Officer in scope of the Regulation on Compliance Program and these Policies,

before the Compliance Unit. The Bank benefits from technological facilities in monitoring the customers and

transactions and in the detection of the suspicious transactions in scope of the central monitoring and controlling

activities carried out by the Compliance Unit.

In the scope of the monitoring and controlling activities, the deficiencies detected as a result of the controls

related with the compliance with the liabilities established under the Law are reported to necessary units so that

required measures are taken, and the results thereof are followed up. The effectiveness of the Compliance

Program under the applicable legislation, the effectiveness of the related implementations under the Bank’s

Policy and procedures, and the supervision and compliance inspection on the transactions are carried out by the

internal audit and internal control departments. The deficiencies detected as the result of these controls carried

out for the purpose of compliance with the liabilities are notified to the Compliance Officer. The data containing

information regarding the works carried out in this scope are notified to MASAK by the Compliance Officer.

Monitoring and controlling activities are determined in the scope of article 15 of the Regulation on Compliance

Program at minimum and the activities to be implemented are set out by a procedure, process or a dependent

document. The Bank created PRS.UYUM.0002-Customer/Transaction Examination and Reporting of Suspicious

Transaction Procedure to be applied in this purpose. Bank’s employees are liable with monitoring, controlling and

reporting to related units and authorities its customers and any of their transactions in necessary situations as

per the procedures and principles set out in this procedure.

6.1. Monitoring the Customer and Customer’s Transactions

The Bank continually monitors if the transactions executed by the customer are consistent with the information

regarding customer’s profession, commercial activities, professional past, economic situation, risk profile and


Revision No : 2



Page No : 18/22

fund resources in scope of the permanent business relationship and keep any information, document and records

about the customer updated. In addition, the accuracy of customer’s telephone and fax number and electronic

mail address taken for the identification of the customer are confirmed by communicating with the related person

when necessary by using these means within a risk-based approach.

6.2. Determination and Notification of Suspicious Transactions

In any situation where there is an information, a doubt or a reason that would raise a doubt with respect to the

asset subject to the transaction which is made or intended to be made before or by the intermediary of the Bank,

in terms of its unlawful provision, its usage by unlawful means, its use in scope of terrorist attacks or made by

terrorist organizations, terrorists or people financing terrorism, or such transaction concerns them or is connected

to them, providing that necessary investigations are carried out to the extent it is possible, the transactions

deemed to be suspicious are notified by the Compliance Officer to MASAK within the durations and principles set

forth in the legislation. Suspicious transactions shall be reported to MASAK within ten business days starting from

the date when the doubt occurred.

When the Bank’s branches and Head Office Units encounter a transaction deemed to be suspicious, they shall

report it immediately to the Compliance Officer by an e-mail or by other means, in written, by filling in a Suspicious

Transaction Reporting Form (STRF). The customer and transactions decided to be reported as suspicious by the

Compliance Officer upon additional investigation and assessment are sent to MASAK together with additional

information and documents.

During the reporting process of the suspicious transaction, the decision on maintaining the relationship with the

customer, maintaining the relationship with the customer by cautiously monitoring the transactions or closing

the customer’s accounts and termination of the relationship with customer notwithstanding the notification of

the subject or the request as a suspicious transaction by the Compliance Officer to MASAK is given by the

Compliance Officer or the senior officer to whom the matter has been notified by the Compliance Officer (General

Director or Deputy General Director).

All persons involved with and having knowledge about the suspicious transaction and its reporting shall show

maximum care and skill under the legislation with respect to the confidentiality and protection of the reporting

of suspicious transactions and internal reports made accordingly in the Bank, and with respect to the protection

of those who are a party to the reports. Detailed procedures and principles pertaining to the suspicious

transactions that may be encountered in the Bank and their reporting when deemed necessary are applied as set

forth in the document titled as PRS.UYUM.0002 – Procedures on Customer/Transaction Examination and

Reporting of Suspicious Transaction.

6.3. Rejection of Transaction and Termination of Business Relationship

In cases where customer identification or gathering of information on the purpose of the business relationship

cannot be achieved, the business relationship shall not be established and the transaction for which they are

requested shall not be executed. In such a circumstance, they cannot open an anonymous account or account in

a fictitious name.


Revision No : 2



Page No : 19/22

When the identification and verification which should have been conducted in case of any suspicion about the

adequacy and accuracy of previously obtained customer identification information is not carried out, the business

relationship shall be terminated.

The Bank also assesses if the situation specified above is a suspicious transaction or not. For the matters

mentioned in this sub-section PRS.UYUM.0002 – Procedures on Customer/Transaction Examination and

Reporting of Suspicious Transaction shall be applied.

7. COMPLIANCE TRAININGS

7.1. Training Policy

The aim of the training policy is to ensure compliance with the obligations imposed by Law on the Laundering

of Proceeds of Crime and Terrorist Financing and the regulation and communiques issued in accordance with

Law, creating an institution culture by increasing the sense of responsibility of staff on the compliance policy

and procedures of the Bank and on risk-based approach and updating of staff information.

The employees are trained by the Compliance Officer or the Compliance Unit or with the support of an

institution outside the Bank providing such training services, in the scope of national and international

legislation with respect to the Anti-Money laundering and terrorist financing, and the internal regulations and

standards of the Bank. Employees of the Bank shall attend these training programs in case they are invited and

they shall read the documents distributed for the training and show due care and diligence.

7.2. Training Activities

The training activities shall be conducted under the supervision and coordination of the Compliance Officer.

The training program shall be prepared by the Compliance Officer and participation of the relevant units. The

effective implementation of training program shall be observed by the Compliance Officer.

The training activities shall be carried out so as to cover the subjects, details of which are given under

the title Training Subjects and following a certain training program.

The training program is prepared yearly and approved by the Board of Directors.

Training activities are reviewed with the participation of the related units as per the results of

assessment and evaluation and are repeated on regular basis according to the needs.

The Bank benefits from training methods such as organizing seminars and panels, creating study groups,

using audio-visual materials during training activities, using computer-based training programs working

on internet, intranet or extranet etc. so as it is ensured that the training activities are expanded

throughout the institution.

The trainings are organized by Training Department in accordance with the request of the Compliance

Officer.

The training activities in the classrooms are executed with the support of the Compliance Officer, staff

of the Compliance Unit or employees of the Bank who are competent in that subject or institutions

providing services in that area from outside.

The training programs may be organized as on-line seminars as well as in classrooms where the

employees of the Bank are gathered.


Revision No : 2



Page No : 20/22

The content of the training may be altered expediently by taking into consideration the term of office, title and

duties of the staff in the Bank and it is ensured that each employee shall periodically have the appropriate training

accordingly. Necessary updates in the content of the training are done in accordance with the amendments in the

legislation and other developments with respect to the subject. The trainings to be given to the staff shall at least

cover the subjects set forth in the applicable legislation. Functioning of the training activities, determination of

the participants to the training activities, determination and educating the trainer, training methods, periods of

the trainings and training subjects are set forth by procedures, process or a linked document.

7.3. Training Subjects

The trainings to be given to the staff by the Bank shall at least cover the following subjects:

Concepts of money laundering and terrorist financing,

The stages, methods of money laundering and case studies on this subject,

Legislation regarding prevention of money laundering and terrorist financing,

Risk areas,

Institutional policies and procedures

In the framework of Law and related legislation;

- Principles with respect to know your customer,

- Principles relating to the reporting of a suspicious transaction,

- Obligation of data keeping and submitting,

- Obligation of providing information and documents,

- Sanctions to be implemented in case of violation of obligations,

- International regulation on combating money laundering and terrorist financing.

7.4. Reporting of Training Results

The staff to attend the training activity shall cover all of the Bank’s staff (including the staff in the head office and

branches) who are responsible for the operation rules as per the institution’s procedures, who execute, certify,

reports, monitors the transactions. The Bank shall operate the training activities by using methods such as face-

to-face training, internet (e-learning) or intranet so as the training activities expand throughout the institution.

The Bank pays particular attention for the choice of the trainers who will give the trainings and to due training of

the trainers.

The Bank’s Compliance Officer, relating to the training activities to be implemented, shall report the information

and the statistics regarding training dates, the territory or provinces where training is given, training method, total

training hour, number of staff to whom training is given and the ratio of the staff trained to the total number of

staff, distribution of staff training given according to their unit and title, content of training, title and area of

expertise of trainers to MASAK up to the end of March of every year.

8. INTERNAL AUDIT

8.1. Purpose and Content of Internal Audit


Revision No : 2



Page No : 21/22

The purpose of the internal audit reviews is to ensure security for the Board of Directors of the efficiency and

sufficiency of the Compliance Program of the Bank issued under the legislation on the Prevention of Money

laundering and terrorist financing.

The Bank shall ensure, annually and on a risk-based approach, examination and controlling of Bank’s policy and

procedures, risk management, monitoring and controlling activities and whether the training activities are

sufficient and efficient, sufficiency and efficiency of risk policy of the Bank, whether the transactions are carried

out in compliance with Law and Regulations and Communiques issues under the Law.

8.2. Internal Audit Activities and Reporting of the Results

The internal audit activities in the scope of the Compliance Program, related implementation and the principles

and methods of reporting are set out and implemented by internal audit unit appointed by the Board of Directors

under this Policy. These activities carried out by the internal audit unit of the Bank comprise of the following

matters:

The deficiencies, mistakes and abuses determined as the result of internal audit and control reviews

and the opinions and proposals for prevention of reappearance of them shall be reported to the Board

of Directors.

While the scope of the audit is determined, the faults detected during the monitoring and controlling

works and risky customers, services and transactions shall be included in the scope of the audit.

While determining the units/branches and transactions to be reviewed, the business size and business

volumes of the Bank shall be taken into consideration. In this scope, it is ensured that units/branches

and transactions in the quantity and characteristics of which may represent all of the transactions

carried out by the Bank are audited.

With respect to the works carried out in the scope of internal audit activities, the statistics containing information

regarding the annual business volume of the Bank, the total number of staff and total number of branches, agency

and similar affiliated units, the number of branches, agency and similar affiliated units which were controlled,

total control period, the number of staff employed during controls and the number of transactions controlled

shall be reported to MASAK by Compliance Officer up to the end of March of every year.

9. OTHER PROVISIONS

9.1. Cooperation with National and International Institutions

It is essential to be in cooperation with any institution and establishment with respect to combating money

laundering and terrorist financing provided that it is conform with the laws and the policies of the Bank. In this

scope, the examination requests coming from competent authorities are performed, the findings are duly

reported to the related authority. All requests with legal foundation such as freezing the accounts, blocking,

reporting the accounts are performed within the determined period.

9.2. Provision of Information and Documents, Maintenance and Confidentiality of the Records

All information, documents and records related to the customers and transactions to be obtained and kept as per

the Law No. 5549 and applicable legislation under the Law are diligently kept and shall be available when

necessary in scope of the principles and durations set forth in legislation.


Revision No : 2



Page No : 22/22

The requests made in the scope of information and documents provision and permanent information provision

liabilities are fulfilled with maximum care and diligence. The confidentiality of information, documents and

records pertaining to the customers and transactions shall be maintained. The activities regarding maintaining

information, document and records in scope of the Law No. 5549 are set out by procedures, process or linked

documents.

9.3. Violation of the Liabilities

The administrative and penal sanctions to be exposed to in case of violation of the liabilities set forth in the Law

and under the Regulation and Communiques issued as per the Law are regulated in the Law, and the content and

amount of the sanctions are in the procedures, processes or linked documents.

As already mentioned above (in 3.4, Duties, Powers and Responsibilities of the Employees of the Bank), any

employee of the Bank causing weakness with respect to the compliance with liabilities explained in this Policy are

sanctioned including being dismissed. The violation of the legislation on the combating laundering of proceeds of

crime and terrorist financing may cause the Bank’s employees are sentenced with prison and that their money

and assets are seized together with the Bank and they may be exposed to another set of sentences.

10. ENFORCEMENT AND AMENDMENTS

This Compliance Policy on prevention of money laundering and terrorist financing constituting the frame of the

Compliance Program of Vakıf Katılım Bankası A.Ş. is effective as of its approval after being submitted by the

Compliance Officer of the Bank to the Board of Directors and it is published throughout the Bank.

Bank staff shall always abide by any internal regulation prepared or to be prepared in this scope by the Bank,

under the leadership and monitoring of the Senior Management.