The priorities of financial companies that operate on international platforms and whose goals are to grow and develop are auditing and risk management. Internal audit includes all measures and methods that aim to protect the organizational plan and assets of institutions, investigate the accuracy and reliability of accounting information, increase the efficiency of their activities, and encourage adherence to pre-determined management policies. Adequate and auditable controls carried out within the company are the most effective means of protecting existing assets and risks to growth. The Capital Markets Board (CMB), the Banking Regulation and Supervision Agency (BDDK) and the Risk Center of the Banks Association of Turkey (TBB) require studies on auditing and risk management. Ekspo Faktoring attaches great importance to the effective implementation of its internal control system in order to achieve its objectives, demonstrate the reliability of financial reports, and ensure compliance with pre-determined policies and legal and administrative regulations.

Ekspo Faktoring, which has been conducting internal audits with its expert teams since its establishment, also secures its financial data and information by adhering to the principles of transparency and accountability through audits performed by international independent audit firms. In addition to internal audits, the company’s tax and financial statement audits are carried out by two different international independent audit firms, which are among the best in the market. In addition, necessary notifications are made regularly to the BRSA and the Ministry of Finance. A report is prepared in BRSA format for the Independent Audit Report.

The responsibilities of the Internal Audit Department include the effective management of company activities in accordance with the Financial Leasing, Factoring and Financing Companies Regulation and the company’s management policies. The Internal Audit Department also works to obtain the information in the account and record order and the data system in a timely manner. Within the scope of the management and organizational structure determined by the Board of Directors, the control of the activities that must be carried out by employees at all levels in order to maintain the company’s work completely is among the responsibilities of the Internal Audit function. Operational, financial and other controls performed independently by this department, where the Internal Audit Manager works, are reported and shared simultaneously with the Board of Directors and Senior Management.

Internal Audit activities include inspecting the transactions performed by relevant departments and reporting the results thereof pursuant to the Code of Obligations (TBK), Turkish Commercial Code (TTK), Tax Procedure Code (VUK), applicable statutory decrees, as well as regulations and communiqués issued by Personal Data Protection Authority, Banking Regulation and Supervision Agency (BDDK), Financial Crimes Investigation Board (MASAK), and the Ministry of Treasury and Finance and other related legislation. On the other hand, Financial Control involves inspecting the financial statements prepared in compliance with BDDK standards, preparing quarterly Non-Bank Financial Institutions Supervision System reports and submitting them to BDDK and obtaining confirmation that these reports are imported to the database.

Since January 9, 2008, non-bank finance companies have been included as obligated parties within the scope of Law No. 5549 on Prevention of Laundering Proceeds of Crime and the related Regulation No. 26751. Accordingly, the Company management assigns tasks to the Internal Audit Department to take informative and preventive measures in compliance with MASAK notices and provisions of the regulation. Pursuant to Regulation No. 26999 of September 16, 2008, the Board of Directors has assigned the duties of the Compliance Officer to the Internal Audit and Financial Control Manager. The Compliance Officer attends the training given by the Association of Financial Institutions and MASAK and informs the employees about important seminar notes. Law No. 6698 on Protection of Personal Data (KVKK) was published in the Official Gazette No. 29677 on April 7, 2016. Ekspo Faktoring has fulfilled its obligations under this law and uploaded its data inventory to the Data Controllers Registry Information System (VERBIS) on November 11, 2019. The Internal Audit Manager has been designated as the Company’s contact for KVKK. The Manager is responsible for attending the KVKK meetings and seminars, managing the KVKK Working Group and updating the data inventory. The Manager’s responsibilities also include searching the sanctions lists (UN, OFAC, EU Blacklist) issued by international organizations for background checks of people and companies in relation to foreign transactions. Pursuant to the BDDK Communiqué on the Management and Supervision of Information Systems that entered into force on April 6, 2019, The Company constituted the necessary policies, procedures and processes, and the audits are completed.

Another duty of the Internal Audit Department is to monitor the domestic and international transactions of clients, minimize risks, and predict and mitigate possible issues. For this purpose, the activities of the Marketing, Operations, Treasury, Accounting, Risk Assessment and Foreign Transactions Departments are audited by this Department according to defined workflows. The issues identified are resolved within the day and weekly and monthly reports are prepared to present to the senior management and the Board of Directors.