Board Committees

The Operational Risk Committee is established to examine and evaluate the Bank's operational risks on solo and consolidated bases and to take decisions on issues where measures need to be taken, to evaluate the risk analysis reports to be prepared for events exceeding the risk appetite and risk limit, and to contribute to raising operational risk awareness.

The main duties of the Committee are to examine and evaluate the Bank's operational risks on a solo and consolidated basis and to take decisions on issues where measures need to be taken, to make suggestions in order to ensure that the operational risk loss database established for monitoring operational risks can adapt to changes arising from both national and international legislation and non-legislative developments, and to ensure that decisions are taken for risk prevention/transfer/acceptance.

The Operational Risk Committee consists of relevant IT and business unit managers.

The Credit Committee performs credit-related duties with which it is charged by the Board of Directors. This committee consists of the general manager and of at least two board members who satisfy all the qualifications required of a general manager save for term of office. When a Credit Committee member is unable to attend a meeting, he or she will be replaced by an alternate member who will be selected from amongst the board members who satisfy all the qualifications required of a general manager save for term of office. The general manager is the head of the Credit Committee. In the general manager’s absence, one of the other associate committee members serves as the chairman. The chairman of the Credit Committee is responsible for the effective and sound coordination of the committee’s activities. The Credit Committee must convene at least once a week in a meeting attended by all of its members.

The Credit Committee’s duties are:

• Implementing lending policies approved by the Board of Directors concerning the dimensions of the Bank’s total placements portfolio and its distribution by sector, geographical region, and credit type;
• Making recommendations to the Board of Directors for the determination of principles and procedures relevant to the Bank’s credit policies and to its lending on a portfolio and private individual/corporate entity basis;
• Ensuring that the credit portfolio is managed within the framework of generally accepted risk management principles.
• The Credit Committee may delegate some of its duties and authorities, provided that the scope and limits of these powers are explicitly defined; but it may not delegate any authorities concerning any type of unsecured credit other than retail loans and it is responsible for monitoring and checking the activities of the body to which it has delegated such authorities.

The Assets and Liabilities Committee's primary responsibility is to determine policies regarding the management of the Bank's assets and liabilities and related fund movements, to make decisions to be implemented by the relevant units for the management of the Bank's balance sheet, and to monitor the implementations.

The Assets and Liabilities Committee consists of IT and business unit managers.

The Compensation Committee is established to monitor and oversee the Bank's compensation practices on behalf of the Board of Directors.

The main duties of the Committee are to ensure the establishment of a written compensation policy that is compatible with the scope and structure of the Bank's activities, strategies, long-term goals and risk management structures, that prevents excessive risk-taking and contributes to effective risk management, and to ensure the effectiveness of the compensation policy, to monitor and audit the compensation practices on behalf of the Board of Directors, and to ensure the compliance of the compensation policies with the Bank's ethical values, strategic goals and internal balances.

The Compensation Committee consists of two non-executive members of the Board of Directors.

The Sustainability Committee is established to coordinate the Bank's sustainability efforts.

The main duties of the Committee are to follow up and ensure the implementation of Türkiye Halk Bankası A.Ş. Sustainability Policy determined by the Board of Directors, to coordinate the Bank's efforts on sustainability and to evaluate the economic, environmental and social impacts of its activities, to make necessary determinations to reduce the possible negative impacts of the Bank's activities on sustainability, to determine the Bank's energy management procedures and principles, to report to public disclosure platforms such as CDP (Carbon Disclosure Project) when deemed necessary, to prepare the appropriate infrastructure for the Bank in cases requiring legal or non-legal obligations in the field of sustainability.

The Sustainability Committee consists of relevant IT and business unit managers.

The Information Technologies (IT) Strategy Committee is established to assist the Information Technologies (IT) Directive Committee and senior management.

The main tasks of the Committee are to review the IT strategy plan at least once a year and to monitor whether the IT strategy plan is properly implemented; to oversee the appropriate use of IT investments and the alignment of the Bank's business objectives and IT objectives; to oversee the provision of financial and human resources to meet the business requirements set out in the IT strategy plan.

The Information Systems Strategy Committee is composed of relevant IT and business unit managers in accordance with the provisions of the “Regulation on Information Systems and Electronic Banking Services of Banks” published by the Banking Regulation and Supervision Agency.

The Personal Data Protection Committee is established to ensure that the obligations of the Bank's Board of Directors, which determines the purposes and means of processing personal data as a data controller within the scope of the Law No. 6698 on the Protection of Personal Data (KVKK), and is responsible for the establishment and management of the data recording system, are fulfilled within the scope of the KVKK and its secondary regulations.

The main duties of the Committee are to fulfill the duties the Bank's Board of Directors bear due to being data controller on behalf of the Board of Directors, to create and keep the Bank's Personal Data Processing Inventory up to date, to create and keep VERBIS registration up to date, to prevent unlawful processing, access and transfer of personal data, to take all kinds of technical and administrative measures to ensure the appropriate level of security in order to ensure its preservation and to include them in the business processes of our Bank, to ensure the creation and implementation of a Personal Data Breach Response Plan, the creation and follow-up of internal bank procedures to be applied in foreign data transfers, the determination and execution of the process of receiving and responding to the applications of the relevant persons within the scope of KVKK in accordance with the legal legislation on the protection of personal data, Board decisions and the recommendations of the Authority, and the necessary correspondence with the Authority and the Board, and the execution of this process.

The Personal Data Protection Committee consists of the Deputy General Manager in charge of Information Technologies, and other relevant departments.

The Bank Business Continuity, Emergency and Contingency Committee was established to fulfill the duties specified in the Business Continuity, Emergency and Contingency Plan Guidelines, within the scope of Business Continuity Management, in accordance with the provisions of the Regulation on Banks' Internal Systems and Internal Capital Adequacy Assessment Process, in the event that an emergency decision needs to be made.

The main duties of the Committee are to convene in case it is necessary to take an emergency decision, to determine the principles to be followed by the relevant units in case of emergency and unexpected situations and to give the necessary instructions for the fulfillment of these principles, to ensure direction and administration, to put the Business Continuity Emergency and Contingency Plan into practice and to make assignments, to ensure business continuity by making decisions and providing guidance in national and international interruptions that will affect the Bank in general, to ensure communication and coordination with external institutions regarding the emergency and unexpected situation in crisis management, to ensure internal and inter-institutional cooperation and coordination, to ensure the initiation, management and completion of the entire response method, to ensure that tests and drills of Business Continuity Emergency and Unexpected Situation Scenarios are carried out and to evaluate the results, to make changes in emergency codes, to close codes and to declare codes, to determine the unit that will temporarily replace the General Directorate Unit that is affected by the emergency and unexpected situation and unable to carry out its activities, and to ensure that a management and working environment that is not exposed to the same risks as the environment where the main services are provided is established to be used when necessary.

The Bank's Business Continuity Emergency and Contingency Committee consists of IT and business unit managers.

The Information Technologies (IT) Steering Committee is set up to provide assistance to the IT Strategy Committee and senior management.

The primary duties of the Committee are to set the priority levels of IT investments and projects; to monitor the state of ongoing IT projects, to settle the conflicts regarding resources between the projects; to ensure and supervise the regulatory compliance of the IT architecture and projects; and to provide required guidance for the implementation of IT requirements in line with strategic priorities.

The IT Steering Committee is comprised of the relevant IT and business unit directors, as per the provisions of the “Regulation on the Information Systems of the Banks and Electronic Banking Services” published by the Banking Regulation and Supervision Agency.

The Information Security Committee is set up to perform, on behalf of the Board of Directors, the tasks of developing and implementing the information security policy.

The primary duties of the Committee are to ensure that the Bank’s information security policy is developed and implemented on behalf of the Board of Directors; to oversee the application of the information security system in all processes and technologies applied by the Bank; to lead the efforts to make information security consistent with business requirements and strategies, and to ensure the effective involvement of the directors of business units, along with the adoption of the process throughout the Bank; and to ensure the implementation of the efforts to increase information security awareness levels.

The Information Security Committee is comprised of the relevant IT and business unit directors, as per the provisions of the “Regulation on the Information Systems of the Banks and Electronic Banking Services” published by the Banking Regulation and Supervision Agency.

The Information Technologies (IT) Continuity Committee is set up for the tasks of declaring a crisis situation taking all factors concerning the events occurring into account, deciding on the implementation of the IT plan, and ensuring coordination with other recovery, continuity and response teams.

The primary duties of the Committee are to establish the Bank’s IT continuity strategies and to develop short-, medium-, and long-term plans regarding the strategies; to assess the IT Continuity Management Process performance in the relevant time frame; to come up with actions to be introduced to achieve continuous improvement of the process; and to review the state of ongoing efforts.

The IT Continuity Committee is comprised of the relevant IT and business unit directors, as per the provisions of the “Regulation on the Information Systems of the Banks and Electronic Banking Services” published by the Banking Regulation and Supervision Agency

The Information Technologies (IT) Risk Management Committee is set up to analyze, reduce, monitor and report the risks to arise due to the use of information technologies in the banking operations.

The primary duties of the Committee are to review the areas where Information Technologies (IT) risk assessments are required; to oversee IT risk analyses, risk responses, and action plans; to review the risks and action plans requiring approvals / comments; to provide information to relevant management levels and committees with respect to the risks and action plans requiring approvals / comments; and to ensure the execution of corrective action within the framework of the continuous improvement plan, through a review of the IT Risk Management Process.

The IT Risk Management Committee is comprised of the relevant IT and business unit directors, as per the provisions of the “Regulation on the Information Systems of the Banks and Electronic Banking Services” published by the Banking Regulation and Supervision Agency.

The Ethics Commission is established to fulfill the duties specified in the Ethical Principles Compliance, Notification and Action Procedure, being responsible to the Corporate Governance Committee, which is the final appeal authority, in accordance with the provisions of the Banking Code of Ethics, Law No. 5176 on the Establishment of the Ethics Committee for Public Officials and Amendments to Certain Laws, and the Regulation on the Code of Ethical Conduct for Public Officials and Application Procedures and Principles.

The main duties of the Committee are to evaluate and improve the Ethical Principles document and ethical practices, to submit its suggestions for changes and improvements to the competent authority, to establish an ethical culture in the Bank, to organize or have organized in-house ethics trainings and seminars and awareness-raising activities, and if deemed necessary, to evaluate the general situation of the personnel reported to the Human Resources Department due to a failure to achieve positive results through the first and second tier actions and the actions to be taken.

The Ethics Commission is composed of business unit managers.