Compliance Activities and Compliance Risk Implementation Policy
Article 1: Purpose and Scope
Compliance activities and Compliance Risk Implementation Policy (“Policy”), Çates Elektrik Üretim A.Ş. It determines the general principles, work areas and management principles regarding the compliance and compliance risk activities carried out under the responsibility of the Legal and Compliance Consultancy and Internal Control and Risk Management Unit of the (“Company”). The provisions of this Policy cover all employees of the Company.
With policy; It aims to carry out the Company's activities in accordance with the legislation, regulatory and supervisory procedures of regulatory and supervisory institutions, standards and internal regulatory procedures within the Company.
Article 2: Basis
The policy is regulated within the framework of legal regulations. This Policy must be implemented together with the rules of law and in any case, the principle of supremacy of the rules of law must be accepted.
Article 3: Definitions
“Code of Ethics and Working Principles” refers to the rules that all third parties and employees acting on behalf of the Company must comply with, employee rights, as well as the ethical evaluation and basic principles of the Company.
“General Manager” refers to the general manager of the Company.
“Audit Committee” refers to the audit committee of the Company.
“Early Detection of Risk Committee” refers to the Company's early detection of risk committee.
“Internal Regulatory Procedures” refers to all published procedures and instructions regarding internal company practices. “Compliance universe” refers to the legislation tracking system created by collecting the legislation that all units of the Company are obliged to implement in a single place and processing their changes.
“Legal Compliance Assessment Form” refers to the form prepared by the Legal and Compliance Consultancy, stating the name of the legislation regarding the Company's activities carried out by all business units, the current status of its compliance, the actions to be taken, the deadline and the responsible person.
“Board of Directors” refers to the board of directors of the Company.
Article 4: Duty and Responsibility
Legal and Compliance Consultancy and Internal Control and Risk Management Unit are responsible for the implementation of the Policy. The Board of Directors should encourage compliance activities and management of compliance risk and set an example in this regard.
Article 4.1: Responsibilities of Legal and Compliance Consultancy
I. Ensuring compliance activities are carried out and contributing to the management of compliance risk,
ii. Confirming that legal/internal regulations are compatible with the application,
iii. To inform/express opinions to all employees regarding current legal/internal regulations and regulatory changes,
iv. To guide business unit managers on compliance activities in order to manage compliance risk and to raise the awareness of staff,
v. Compliance activities include providing guidance and training to business units regarding the compliance of the transactions carried out by the Company with legal and technical requirements, all relevant legislation such as laws, regulations, notifications and instructions, regulatory actions of regulatory and supervisory institutions and Internal Regulatory Transactions, and providing any legal services. To support staff and provide legal advice to avoid disputes and non-conformities, to update existing control mechanisms, to ensure supervision and coordination,
vi. Supporting the necessary changes in processes due to changes in legal and/or regulations for the Company,
vii. To ensure that necessary preventive actions are taken against the risk of exposure to legal penalties/sanctions arising from non-compliance with legislation,
viii. To help solve malpractices and problems regarding matters within the scope of compliance activities,
ix. To provide guidance for establishing good relations with regulatory and supervisory institutions,
x. Providing consultancy to the General Manager and unit managers on unexpected issues that arise within the scope of compliance activities/risk,
xi. Regularly conveying the issues within the scope of compliance activities to the Early Detection of Risk Committee,
xii. To take the necessary actions in cases where any legal sanctions are in question,
Article 4.2: Responsibilities of the Internal Control and Risk Management Unit
I. Ensuring compliance activities are carried out and contributing to the management of compliance risk,
ii. Confirming that legal/internal regulations are compatible with the application,
iii. Regularly conveying the issues within the scope of compliance activities to the Early Detection of Risk Committee.
Article 4.3: Responsibility of Employees
All employees of the Company must take personal responsibility for understanding all the issues specified in the Policy and complying with its content, and in case of any non-compliance, they must report the situation to their managers, the Legal and Compliance Consultancy and the Internal Control and Risk Management Unit, and a solution must be provided by these parties. If it cannot be found, it must report to the confidential reporting e-mail address [('etik@aydemenerji.com.tr)] or the reporting line [(0850 575 0 575)].
Article 5: Compliance Activities
With company compliance activities; It aims to carry out all Company activities in accordance with the legislation, regulatory and supervisory procedures of regulatory and supervisory institutions, standards and Internal Regulatory Transactions, against situations that may result in financial loss, revocation of authority or loss of reputation for the Company. In this context, compliance activities;
I. Updating, monitoring and coordinating existing control mechanisms regarding the compliance of the transactions carried out by the Company with legal and technical requirements, all relevant legislation such as laws, regulations, notifications and instructions, regulatory actions of regulatory and supervisory institutions and Internal Regulatory Transactions, ii . Supporting and controlling the necessary changes in processes depending on changes in legal regulations,
iii. Depending on the changes in legal regulations, informing the relevant personnel in writing about the changes in question and monitoring the process by informing the relevant unit of the actions to be taken, iv. It covers activities such as evaluating the contracts to which the Company is or will be a party within the scope of the Anti-Bribery and Anti-Corruption Policy and Code of Ethics and Business Principles.
Article 5.1: Follow-up Mechanism for Legislative Changes
The Legal and Compliance Consultancy regularly follows the changes in legislation in force with the help of the Official Gazette and Compliance Universe program. Relevant personnel and relevant managers are immediately informed about the legislation and changes.
Legislative changes are notified to the Integrated Management Systems unit by the Legal and Compliance Consultancy, and are published in the QDMS document management module by the Integrated Management System. In addition, the Legal and Compliance Consultancy notifies the Legal Compliance Evaluation Form to the relevant department manager. Each department manager; Ensures that necessary actions are taken regarding legislative changes regarding the issues included in the Legal Compliance Assessment Form.
These forms, in which commitments and deadlines regarding the compliance of the legislation that are followed and under the responsibility of the relevant department are notified by the department managers or the employees they assign, are examined by the legal and compliance consultancy and the compliance check is carried out. The Internal Control and Risk Management Unit ensures regular monitoring of the process to ensure that the regulations and/or changes specified in the Legal Compliance Assessment Form are compatible with the application.
Article 5.2: Powers
While managing compliance activities, the Legal and Compliance Consultancy and Internal Control and Risk Management Unit has the authority to directly access the information it needs, provided that it complies with all legal regulations. As an example of this information; Information in the system/physical environment, complaint applications, notification reports and administrative correspondence can be provided.
Article 6: Reporting
Compliance activities and matters within the scope of compliance risk (legal/internal regulations/regulatory changes, legislative effects, lawsuits filed against the Company due to transactions contrary to legislation, complaints, investigations, matters related to contracts, confidential notification practices, etc.) are regularly conducted by Legal and Compliance. It is conveyed to the General Manager and the Early Detection of Risk Committee by the Consultancy and Internal Control and Risk Management Unit.
In addition, the Legal and Compliance Consultancy and Internal Control and Risk Management Unit reports the compliance report stating the Company's current compliance status, risks and actions taken and/or to be taken to the General Manager and the Audit Committee on a quarterly basis.
Article 7: Confidential Notification Application
All employees of the Company shall report any transaction, practice or behavior that is illegal in terms of legislation, any transaction or action contrary to the Code of Ethics and Working Principles, any situation that they suspect may be contrary to general morality and work ethics, without delay [etik@aydemenerji.com.tr]. is obliged to notify the e-mail address or the reporting line at 0850 575 0 575. As examples of these situations; Forgery, bribery, theft and other crimes, rule violations, negligence or violations that may lead to violation of the Company's internal rules and legal obligations, unacceptable donations, unacceptable gifts, questionable business practices, shedding/destroying documents and disclosure of confidential information. Access to e-mails sent to the e-mail address is provided only by the General Manager and Internal Audit Manager.
Article 8: Operational Compliance Risk Management
Compliance risk is the risk of legal or regulatory sanctions or financial loss that will damage the Company's reputation as a result of errors made in compliance with laws, regulations and rules. With effective management of compliance risk; While the Company continues its activities, evaluates opportunities in the market, competes and communicates with business partners, it is ensured that it builds trust in the market / industry / business partners / regulatory and supervisory institutions. Effective management of compliance risk; It also helps to protect the Company's reputation, minimize problems/penalties that may occur before regulatory/supervisory authorities, and provide financial benefits.
All employees of the Company are obliged to comply with all regulations stated below while ensuring that compliance risk is managed; It is obliged to closely follow the regulations that have been revised/entered into force after the publication of these application principles and procedures and to comply with these regulations.
Article 8.1: Compliance Risk Regarding Business Partners Management
Compliance risk related to business partner management; It includes risks related to money laundering and financing of terrorism, and this risk is managed by complying with the applicable legal legislation and internal regulations and strengthening the control environment. The legal legislation and internal company regulations in force in this regard are given below.
I. Law on Prevention of Laundering Proceeds of Crime dated 11.10.2006 and numbered 5549 and regulations and communiqués issued pursuant to the Law,
ii. Regulation on Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism, published in the Official Gazette dated 09.01.2008 and numbered 26751,
iii. Regulation on Compliance Program with Obligations Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism, published in the Official Gazette dated 16.09.2008 and numbered 26999,
iv.Turkish Penal Code No. 5237,
Article 8.2: Compliance Risk Regarding Personnel Management
Compliance risk regarding personnel management; It includes gifts accepted or given and risks related to deviation from the Anti-Bribery and Corruption Policy, Code of Ethics and Business Principles or legislation; This risk is managed by complying with legal legislation and internal regulations and strengthening the control environment.
The legal legislation and internal company regulations in force in this regard are given below.
Turkish Penal Code No. 5237,
Labor Law No. 4857,
Procedures published by the company
Anti-Bribery and Corruption Policy
Code of Ethics and Working Principles
Other company rules
Article 8.3: Compliance Risk for Financial Services
Compliance risk regarding financial services; It includes risks related to (ethical) approach/behavior in market/sales practices, information to business partners regarding the products offered, recording and monitoring of their complaints, and data protection and confidentiality; This risk is managed by complying with legal legislation and internal regulations and strengthening the control environment.
The legal legislation and internal company regulations in force in this regard are given below.
Law No. 4077 on Consumer Protection,
Company rules
Article 8.4: Compliance Risk regarding Organizational Governance
Compliance risk regarding organizational governance; It includes risks within the scope of compliance with competition rules and regulations of regulatory/supervisory institutions and sector practices; This risk is managed by complying with legal legislation and internal regulations and strengthening the control environment. The legal legislation and internal company regulations in force in this regard are given below.
Law No. 4054 on the Protection of Competition,
Regulation on Agreements Limiting Competition, Concerted Actions and Decisions and Fines to be Imposed in Case of Abuse of Dominant Position, Company procedures and instructions rules
Article 9: Audit
The structure, operation and effectiveness of the Company's compliance activities and compliance risk management are evaluated within the scope of internal audit and the results are reported to the Board of Directors.