PASHA_BANK_ANNUAL REPORT 2022

108 PASHA Bank 2022 Annual Report The risk management process of PASHA Yatırım Bankası A.Ş. is laid out and implemented in accordance with the “Banking Law” and the “Regulation on Internal Systems and Internal Capital Adequacy Assessment Process of Banks” that was published by the Banking Regulation and Supervision Agency and other relevant regulations and the principles and implementation procedures contained in good practice guidelines It is essential that the Risk Management Unit works independently of other business lines. Risk management function at our Bank was established in accordance with this independence principle and reports to Risk Management Committee. The Bank’s risk management approach is based on an integrated risk management structure overseeing risk‑return‑equity balance by establishing necessary infrastructure required for a healthy risk management system including human resources, information technologies, risk assessment models, regulations, procedures, practice manuals and reports. Risk awareness and management is an important component of the bank culture and utmost attention is paid to compliance with domestic legislation and in the implementation of internationally accepted standards. The establishment and pursuance of an effective risk management system is among the priorities of the top management at PASHA Yatırım Bankası A.Ş. The Bank’s risk appetite strategy is determined by overseeing equity and liquidity capacity, by considering potential risks to be assumed in financial markets, position boundaries limiting these risks and control points of risks to be taken. The managers and the employees at all levels of the bank have been tasked with assessing the risks that are faced, knowing the techniques for managing possible risks that may be encountered in the areas within their job descriptions, as well as providing the necessary support for the control and audit procedures implemented by other units within the internal systems. Accordingly, first level controls were put in place that need to be performed by each operational area, in addition to second and third level controls monitored by the Bank’s internal systems department. Policies and procedures for measurement, analysis, monitoring, reporting and control of the identified risks are being defined by the Risk Management Department and the relevant departments of the Bank. These policies and procedures are adopted upon the review of the Risk Management Committee and approval of the Board of Directors. The risk management unit is responsible for monitoring the risk appetite and limits and submitting them to the Board of Directors after updating them when necessary, and the Board of Directors has the ultimate responsibility. Limits are set by using methods developed in accordance with the Bank’s risk appetite in that field of activity and the volume and complexity of the products and services offered and with early warning limits, when appropriate. Risk management activities carried out in accordance with the policies are checked in periods determined by the Internal Audit Unit and findings are reported to the Audit Committee and Board of Directors for their information and for actions to be taken if necessary. Risk Management Policies