PASHA_BANK_ANNUAL REPORT 2022

104 PASHA Bank 2022 Annual Report first level of controls were defined by business units considering their risks. The Internal Control Unit realized second level controls for all functions based on a certain methodology, taking into consideration the scope and sample size. Control activities regularly performed by different departments for operations of Head Office business units were closely monitored and inspections were made to observe they are being performed timely, completely and accurately. Internal Control team continuously monitors the IT activities to ensure they are being performed securely within the scope of legal regulations and the rules defined by the Bank. Similarly, internal control points were designed by the Internal Control Unit for the IT processes based on legal regulations and the Bank’s internal control model. These control points were adopted into the control activities in accordance with the methodology and tools. Suggestions were made for deficiencies and weaknesses detected as a result of the activities of the Internal Control Department and resolutions of findings were monitored based on a specific action plan. Control activities designed for this purpose were conducted by internal control personnel competent and experienced in their areas. Local and international developments in internal control area were followed up and the Bank’s internal control applications were updated. In 2022, all operational activities of the Bank were reviewed on a changing frequency and on a need basis for control points. In this context, control results were reported to the Audit Committee and senior management on a regular basis. Additionally, using control assertion forms implemented by the Internal Control Unit and key control results prepared by business units responsible for first level controls, the effectiveness of the general control environment was assessed and second level controls were realized. Moreover, management assertion tests and asset confirmation studies were performed; Validation Report for ICAAP Report was prepared and business continuity tests were attended as an observer. Furthermore, Internal Control Unit team attended various trainings during the year for their professional development. Taking into consideration the training times which employees who work at the information systems internal control function of the department are legally required to get trainings were delivered in areas of internal control governance and establishment of controls or information security. Internal Control Unit will continue to perform their tasks and responsibilities to establish an objective, transparent and effective internal control system and ensure its sustainability, in accordance with legal requirements and the Bank’s internal regulations and procedures. Compliance Department Compliance Department performs its activities with the objective of conducting and developing control and monitoring activities which are designed within the scope of a risk‑based approach. Activities performed in 2021 in accordance with Laws 5549, 6415, 7262 and related legislation are presented below: • Through Combat Against Laundering of Crime Proceeds and Financing of Terrorism Unit; conducting monitoring and control activities within the framework of recommendations issued by prestigious institutions at international platforms in the areas of prevention of laundering and financing of terrorism with a risk- based approach in accordance with Laws 5549, 6415, 7262 and related legislation. • Development of monitoring and control activities designed for the Bank’s areas of operations with a risk-based approach, • Start of the activities to implement the project which is based on a risk- based scenario to provide for full compliance of the Bank’s activities with MASAK (Financial Crimes Investigation Board) regulations and all other related legislation, • Conducting activities for internal regulations, codes and procedures to comply with MASAK, BRSA, domestic and international legislation, • Providing an effective, efficient and strong internal control environment to conduct the operations of the Bank in accordance with recommendations developed by FATF and similar international authorities, • Review of new products and services with a risk-based approach within the scope of MASAK and BRSA regulations and providing an opinion before implementation, • Coordination of support service procurement process based on BRSA regulations. • Within the scope of compliance with ethical principles; management of the internal communication Assessments of the Audit Committee on the Activities of Internal Systems