Compliance Activities And Compliance Risk Management Policy

Article 1: Purpose and Scope

Compliance Activities and Compliance Risk Management Policy ("Policy") determines the general principles, fields of study and the management principles regarding the compliance and compliance risk activities conducted under the responsibility of the Legal and Compliance Consultancy and Internal Control and Risk Management Unit of ADM Elektrik Dağıtım  A.Ş. ("Company"). The provisions of this Policy apply to all the employees of the Company.

With the policy; it has been aimed to carry out the activities of the Company in accordance with the legislation, regulatory and supervisory procedures of the regulatory and supervisory institutions, standards and internal regulatory procedures.

Article 2: Grounds

The policy is regulated within the framework of legal regulations. This Policy should be implemented together with the legal rules and in any case, the principle of rule of law should be accepted.

Article 3: Definitions

“Codes of Conduct and Business Principles” refers to the codes that all third parties and employees acting on behalf of the Company must comply with and to the employee rights, as well as the ethical evaluation and basic principles of the Company.

“General Manager” refers to the general manager of the Company.

Audit Committee” refers to the audit committee of the Company.

“Early Risk Detection Committee” refers to the early risk detection committee of the Company.

Internal Regulatory Transactions” refers to all the published procedures and instructions regarding in-house practices.

“Compliance Universe” refers to the legislation follow-up system formed by gathering up in one place of the legislation that all units of the Company are obliged to implement and by processing of the changes.

“Legal Conformity Assessment Form” refers to the form, in which the name of the legislation regarding the activities of the Company, which is prepared by the Legal and Compliance Consultancy and carried out by all business units, the current status regarding its compliance, the actions to be taken, the deadline and the responsible person is specified.

“Board of Directors” refers to the board of directors of the Company.

Article 4: Duties and Responsibilities

Legal and Compliance Consultancy and Internal Control and Risk Management Unit are responsible for the implementation of the Policy. The Board of Directors should encourage compliance activities and management of the compliance risk and set an example in this regard.

Article 4.1: Responsibilities of Legal and Compliance Consultancy

I. To ensure the execution of compliance activities and to contribute to the management of compliance risk,

ii. To confirm that legal / internal regulations are compatible with the application,

iii. To inform / give opinion to all employees about the current legal / internal regulation and regulation changes,

iv. To guide the managers of business units regarding compliance activities and increase the awareness of the personnel with the purpose of managing of the compliance risk,

v. To guide the business units and provide training for to maintain the conformity of the Company's compliance activities with the legal and technical requirements, with all the relevant legislation such as laws, regulations, communiqués and instructions, and with the regulatory procedures of regulatory and supervisory institutions and Internal Regulatory Operations, to support the staff and to provide legal opinions, to update the existing control mechanisms, to ensure their supervision and coordination in order to avoid any legal disputes and non-conformities,

vi. To support the necessary changes in the processes depending on the changes in the legal regulations and/or in the regulations for the Company,

vii. To ensure that necessary preventive actions are taken against the risk of exposure to legal penalties / sanctions arising from non-compliance with the legislation,

viii. To help to solve the problems and misapplications within the scope of compliance activities,

ix. To provide guidance to establish good relations with regulatory and supervisory institutions,

x. To provide consultancy to the General Manager and unit managers on unexpected issues arising within the scope of compliance activities / risk,

xi. To regularly convey the issues within the scope of compliance activities to the Early Risk Detection Committee,

xii. To take the necessary actions in matters where a legal sanction is in question.

Article 4.2: Responsibilities of Internal Control and Risk Management Unit

I. To ensure the execution of compliance activities and to contribute to the management of compliance risk,

ii. To confirm that legal / internal (in-house) regulations are compatible with the application,

iii. To regularly convey the issues within the scope of compliance activities to the Early Risk Detection Committee.

Article 4.3: Employee Responsibility

All employees of the Company should take personal responsibility in understanding all the matters stated in the Policy and adapting to its content, in case of any incompatibility, they should report the situation to their managers, to the Legal and Compliance Consultancy and to the Internal Control and Risk Management Unit, and if a solution cannot be found, a remedy cannot be provided by these parties, a reporting should be made to the confidential denunciation e-mail address of or to the denunciation hotline.

Article 5: Compliance Activities

The company, with its compliance activities; aims to carry out all Company activities in accordance with the regulations, regulatory and supervisory procedures and standards of the regulatory and supervisory authorities and with the Internal Regulatory Operations against situations that may result in financial loss, authorization cancellation or loss of reputation for the Company.

In this context, the compliance activities include activities such as follows;

I. Updating, monitoring and coordination of existing control mechanisms for the compliance of the operations carried out by the Company with the legal and technical requirements, all relevant legislation such as laws, regulations, communiqués and instructions, regulatory procedures of regulatory and supervisory institutions and Internal Regulatory Operations,

ii. Supporting and controlling the necessary changes in the processes depending on the changes in the legal regulations,

iii. Depending on the changes in the legal regulations, informing the relevant personnel about the said changes in writing and following the process by notifying the relevant unit of the actions to be taken,

iv. Evaluating the contracts to which the Company is and will be a party to within the scope of the Anti-Bribery and Anti-Corruption Policy and Codes of Conduct and Business Principles.

Article 5.1: Tracking Mechanism for Legislation Changes

The Legal and Compliance Consultancy regularly monitors the legislative changes in force with the help of the Official Gazette and Compliance Universe program. The relevant personnel and the relevant managers are immediately informed about regulations and changes.

Legislative changes are notified to the Integrated Management Systems unit by the Legal and Compliance Consultancy and published in the QDMS document management module by the Integrated Management System. In addition, the Legal and Compliance Consultancy conveys the Legal Conformity Assessment Form to the relevant department manager.

Each department manager ensures that necessary actions are taken regarding legislative changes concerning the matters included in the Legal Conformity Assessment Form.

These forms, in which the department managers or their assigned employees inform the commitment and deadline for the compliance of the legislation under the follow-up and responsibility of the relevant department, are examined by the Legal and Compliance Consultancy and the compliance checks are performed. Internal Control and Risk Management Unit ensures regular follow-up of the process so that the regulations and/or changes specified in the Legal Conformity Assessment Form are compatible with the application.

Article 5.2: Powers

The Legal and Compliance Consultancy and Internal Control and Risk Management Unit have the authority to directly access to the information they need while managing compliance activities, provided that it complies with all legal regulations. As an example of such information; Information in the system / physical environment, complaint (grievance) applications, denunciation reports and administrative correspondence can be given.

Article 6: Reporting

Compliance activities and matters within the scope of compliance risk (legal / internal regulations / regulatory changes, legislative effects, lawsuits filed against the Company due to transactions contrary to the legislation, grievances, investigations, contractual matters, confidential denunciation practices, etc.) are regularly conveyed by the Legal and Compliance Consultancy and Internal Control and Risk Management Unit to the General Manager and to the Early Risk Detection Committee.

In addition, the Legal and Compliance Consultancy and Internal Control and Risk Management Unit reports the compliance report, which includes the Company's current compliance status, risks, and actions taken and / or to be taken, to the General Manager and to the Audit Committee every 3 months.

Article 7: Confidential Denunciation Application

All employees of the Company are liable to immediately report any transaction, practice or behavior that is not legal in terms of legislation, any operation and action contrary to the Codes of Conduct and Business Principles, any cases which they suspect that may be against the general morality and business ethics, without delay to the e-mail address or to the denunciation hotline. As an example of these situations; forgery, bribery, theft and other crimes, rule violations, negligence or violations that may lead to violation of the Company's internal rules and legal obligations, unacceptable donations, unacceptable gifts, suspicious commercial practices, shelving / destroying of documents and disclosure of confidential information may be named. The e-mails sent to the e-mail address can only be accessed by the General Manager and Internal Audit Manager.

Article 8: Operational Compliance Risk Management

Compliance risk is the risk of legal or regulatory sanctions or financial loss that will cause damage to the Company's reputation as a result of the mistakes made in compliance with laws, regulations and codes. With an effective management of compliance risk; it has been ensured that the Company builds trust in the market / sector / before the business partners / regulatory and supervisory institutions while continuing its activities, evaluating the opportunities in the market, competing and communicating with business partners. Effective management of compliance risk, at the same time, helps to protect the reputation of the Company, to minimize the problems / penalties that may be experienced before the regulatory / supervisory institutions and to provide financial benefits.

All employees of the Company are obliged to comply with all the regulations stated below while managing the compliance risk as well as being obliged to closely follow the regulations that shall be revised / entered into force after the principles and procedures of this application are published and to comply with all these regulations.

Article 8.1: Compliance Risk Regarding Business Partners Management

Compliance risk related to management of business partners includes the risks related to money laundering and the financing of terrorism and this risk is managed by complying with the applicable legal and in-house regulations and by strengthening the control environment. The legal regulations and internal regulations in effect on this matter are given below:

I. Law on Prevention of Laundering Proceeds of Crime numbered 5549 dated 11.10.2006 and the regulations and communiqués issued pursuant to the mentioned law,

ii. Regulation on Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism published in the Official Gazette dated 09.01.2008 and numbered 26751,

iii. Regulation on Compliance with Obligations Program Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism published in the Official Gazette dated 16.09.2008 and numbered 26999,

iv. Turkish Penal Code numbered 5237.

Article 8.2: Compliance Risk Regarding Personnel Management

Compliance risk regarding personnel management includes the gifts accepted or given and the risks related to the Anti-Bribery and Anti-Corruption Policy and to the Codes of Conduct and Business Principles or to the legislation and this risk is managed by complying with the legal and in-house regulations and by strengthening the control environment.

The legal regulations and internal regulations in effect on this matter are mentioned below:

  • Turkish Penal Code No. 5237,
  • Labor Law No. 4857,
  • Procedures published by the Company,
  • Anti-Bribery and Corruption Policy,
  • Codes of Conduct and Business Principles,
  • Other Company rules.

Article 8.3: Compliance Risk Regarding Financial Services

Compliance risk related to financial services includes (ethical) approaches / behaviors in market / sales practices, informing of business partners about the products offered, recording and monitoring of their grievances, and the risks related to data protection and privacy and this risk is managed by complying with the legal and in-house regulations and by strengthening the control environment.

The legal regulations and internal regulations in effect on this matter are specified below:

  • Law on Consumer Protection No. 4077,
  • Company rules.

Article 8.4: Compliance Risk Regarding Organizational Management

Compliance risk regarding organizational management includes the risks within the scope of compliance with the competition rules and compliance with the regulations of regulatory / supervisory institutions and the industry practices and this risk is managed by complying with the legal and in-house regulations and by strengthening the control environment. The legal regulations and internal regulations in effect on this matter are given below:

  • Law on Protection of Competition No. 4054,
  • Regulation on Agreements, Concerted Actions and Decisions Restricting Competition and Fines to be Imposed in Case of Abuse of Dominant Position,
  • Company procedures and instructions rules.

Article 9: Audit

The structure, functioning and effectiveness of the Company's compliance activities and compliance risk management are evaluated within the scope of internal audit and the results are reported to the Board of Directors.