THE FOUNDATION OF MANAGING RISKS SUCH AS NATURAL AND HUMAN-INDUCED DISASTERS, FIRES, AND SAFETY LIES IN EFFECTIVE REGULATIONS AND COMPLIANCE WITH THESE REGULATIONS.
Gürdoğan Yurtsever
Compliance Association Chairman of the Board
We would like to get to know you better, Mr. Gürdoğan. Could you share your educational background and the transition from education to your professional career?
I graduated from Istanbul University Faculty of Political Sciences. Later, I completed my master's degree at Istanbul University Institute of Social Sciences. Currently, I am in the thesis stage of the doctoral program in Insurance at Marmara University Banking and Insurance Institute. After the entrance exam in 1995, I started working as an assistant internal auditor at Tütünbank, later renamed Yaşarbank. After serving as an authorized internal auditor and internal auditor at the same bank, I continued my duty as an internal auditor at Tekstilbank in 1998. I also held managerial positions in internal control, legislation, and compliance at the same bank. After the bank joined ICBC in 2015, worked as the Head of Internal Control and Compliance, as well as the Financial Group and Bank Compliance Officer at ICBC Turkey Bank A.Ş. Since January 2022, I have been Chairman of the Internal Systems and Member of the Audit Committee Türkiye Sigorta and Türkiye Hayat ve Emeklilik companies.
I am currently serving as the Chairman of the Board of Directors at Compliance Association. I was the Chairman of the Board of Directors of the The Institute of Internal Auditing Turkey (IIA Turkey - TİDE) for the 2014-2016 term. Additionally, I am a Board Member of the Turkish Accountants Association (TMUD), Chairman of the Audit Board of the Futurists Association, President of the Media Executive Board of TİDE, and Editor-in-Chief of the Internal Audit Journal.
I hold licenses and certificates as a Certified Public Accountant (CPA), Independent Auditor, Certification in Risk Management Assurance (CRMA), Certified Fraud Examiner (CFE), and licenses in Capital Market Activities Level 3, Derivative Instruments, Credit Rating, and Corporate Governance Rating.
I have 5 published five books, two of which were published by the Turkish Banks Association (TBB), and have written numerous articles published in various newspapers and magazines. I have also served as an editor in various book projects. From 2015 to 2020, I lectured part time at Bahçeşehir University in the Master's Program in Accounting and International Reporting, covering topics such as internal audit, risk management, auditing, and business ethics. Currently, I write monthly columns for the economy and finance magazine Turcomoney.
The Compliance Association, with a vision to be a national and international reference center in the field of compliance, has been actively working since 2020. Could you please summarize the journey of the association until 2024?
The Compliance Association officially commenced its activities on September 9, 2020. As you mentioned, our association is committed to the vision of becoming a national and international reference center in the field of compliance, with the mission to enhance the quality and effectiveness of compliance efforts by developing inclusive leadership through products, services, and projects.
The primary goal of our association is to provide guidance, conduct studies, and advocate best practices to facilitate the effective implementation of laws, regulatory decisions, and international standards, recommendations, and regulations. Our focus is on guiding the improvement of the compliance function, promoting the profession, strengthening its position, ensuring that the profession is carried out by qualified professionals, and facilitating the professional development of our members. In doing so, we aim to contribute to the profession, colleagues, institutions, our country, and the international development of the compliance function.
As the main actor in Turkey for the function and field known as "compliance," which is of great importance and increasing significance globally, the Compliance Association conducts multidimensional activities to guide, contribute to, add value, and enhance compliance activities. These activities include organizing courses, training sessions, seminars, symposiums, conferences, publishing periodic and non-periodic publications, preparing reports, establishing standards, and implementing certification programs for professionals working in the field of compliance. We also aim to develop effective relationships with stakeholders.
Compliance, fundamentally, can be defined as the function that ensures organizations / companies align themselves with relevant laws and other regulatory frameworks. It allows for the management of compliance risks, preventing organizations from facing penalties due to non-compliance, and ensuring that goals and strategies are achieved in accordance with regulatory requirements.
"Compliance with regulations is among the most important roles and responsibilities of all employees, with a primary focus on members of the board of directors and top executives within organizations."
The number of legal regulations and regulatory authorities' directives affecting all sectors and industries both globally and in our country is rapidly increasing, becoming more stringent and complex. Simultaneously, there is a rise in audits related to compliance in all sectors, and penalties for non-compliance with established rules are also escalating. These factors pose significant compliance risks, leading to substantial financial and reputational losses for organizations.
Therefore, achieving compliance with laws and other regulations, understanding regulations correctly, fully meeting specified requirements, and timely and accurately responding to the demands of public institutions and regulatory authorities are of great importance. The effective management of this process, ensuring compliance with regulations in a timely and effective manner, highlights the critical role of the compliance function.
Compliance with regulations is among the most important roles and responsibilities of all employees, with a primary focus on members of the board of directors and top executives within organizations.
Moreover, many organizations, particularly financial institutions, have established compliance departments and units to successfully manage compliance risks. It is safe to say that compliance has become one of the top priorities for national and international organizations in the present day.
Regulatory compliance, anti-money laundering and combating the financing of terrorism (AML/CFT), sanctions compliance, anti-bribery and corruption compliance, financial crime compliance (FCC), and regulatory technologies (RegTech) are significant subtopics within the compliance function.
Since its establishment, our association has garnered significant interest and support. Our activities and membership have been rapidly increasing. In a relatively short period since its inception, our membership has approached 400, and it continues to grow every day.
Many of our members volunteer and contribute diligently to our association and profession through working groups. Currently, we have active working groups in Regulatory Compliance, AML/CFT, Financial Technologies and Regulatory Technologies, Corporate Communication, and Publishing.
We have been rapidly expanding our activities through structured service channels, such as Compliance Conferences and the Compliance Academy, which we have implemented. So far, we have organized three conferences. The III. Compliance Conference, themed "Regulations Shaping the Future and Compliance" took place on December 8, 2023, at the Yapı Kredi Headquarters Conference Hall, attracting significant attention. The conference addressed comprehensive evaluations of key topics in the compliance agenda, including combating money laundering, sanctions compliance, artificial intelligence regulations, disaster risk management, digitalization, cyber risks, regulatory technologies, sustainability, and the future of compliance. Representatives from nstitutions such as the Ministry of Treasury and Finance, Ministry of Environment, Urbanization, and Climate Change, Capital Markets Board (SPK), Insurance and Private Pension Regulatory and Supervisory Authority (SEDDK), Information Technologies and Communication Authority (BTK), and the Turkish Insurance Association (TSB) participated as speakers in the opening speeches and sessions. Major institutions in our country supported our conferences as sponsors.
Within the Compliance Academy, we conduct various seminars, webinars, and training activities. Through webinars, we bring important topics in compliance to the forefront. Experts from regulatory authorities and various sectors participate as speakers in these events.
To date, we have conducted nearly 50 webinars, with approximately 4,000 attendees. These webinars cover areas such as banking, capital markets, insurance, central banking, anti-money laundering, personal data protection, foreign trade, competition regulations, and sustainability, discussing important considerations for complying with regulatory frameworks. We share the videos and presentations of these talks for free on our association's website and social media channels, making them accessible to all interested parties. We continue to carry out various initiatives, developing sharing platforms, sustainable products, services, and projects for the advancement, promotion, and development of the compliance function, the profession, and fellow professionals.
The insurance sector, due to its structure, encompasses various risks. Stakeholders have become more attuned to risk issues, seeking greater assurance in understanding and managing current and future risks across the entire company. What are the expectations of stakeholders in this process?
As you mentioned, the insurance sector, given its structure, plays a vital role in preventing or mitigating losses arising from the risks faced by individuals and organizations. The insurance industry globally serves a crucial role in compensating for damages and losses that may arise from risks.
We are living in an environment where risks are increasing and diversifying for both individuals and organizations. Rapid developments due to globalization and technological advancements have significantly increased the variety and magnitude of risks that companies and institutions face. The heightened competitive environment forces companies to enhance efficiency, conduct more profitable operations with less cost, and engage in risky investments. Various risks, such as economic, financial, social, and environmental, deeply impact our lives. Managing and coping with these risks has become more challenging.
For a company or institution to sustain its operations securely and achieve its goals, it has become extremely important to identify, measure, evaluate, and effectively manage all the risks it may encounter. Risk management can be defined as a set of practices that involve identifying, defining, evaluating, measuring, and implementing measures to reduce or eliminate risks that may arise during a company's activities.
Risk management, providing benefits such as preventing losses, measuring potential damages in various scenarios, preventing uncertainties, enabling quick decisionmaking in situations requiring maneuvering, reducing income fluctuations, better assessing risks in business decisions, and utilizing resources more effectively, is a crucial management tool for companies and institutions. Risk management not only protects companies from various adversities but also provides an opportunity to capitalize on favorable circumstances. The goal of risk management is not to avoid risk but to maximize benefits for the company by managing risks and seizing opportunities.
As you mentioned, company stakeholders have become more attuned to risk issues, seeking greater assurance in understanding and managing current and future risks across the entire company. The inability of companies to effectively manage their risks can result in adverse outcomes and damages, affecting company stakeholders both directly and indirectly.
During this process, all stakeholders, particularly public institutions and regulatory authorities, expect companies to establish and operate an effective risk management system and mechanism. For this, it is crucial for the company's board of directors to take ownership of the subject. Considering that risk management is a system that encompasses all personnel, effective establishment of policies, procedures, roles, authorizations, and responsibilities related to risk management should be prioritized, and these should be communicated to all staff. Creating risk management mechanisms that identify, evaluate, measure risks and include measures to reduce or eliminate these risks is essential. Additionally, transforming risk management into a culture within the institution through information and education mechanisms is of great importance.
Additionally, in the context of the three lines of defense model, taking into account the size of the company and regulations, it is necessary for companies to establish units in the second defense line that develop methodologies for risk management, internal control, and compliance. These units should provide consultancy and support to employees in the first defense line, as well as conduct second-level control and oversight activities. Effective mechanisms are required for prompt actions to be taken against issues identified by these units. Furthermore, it is crucial to conduct audit activities to assess whether the company's risk management and control system operates effectively. Establishing internal audit units that provide assurance and advisory services on the effectiveness of risk management mechanisms is also significantly important.
In addition to these measures, stakeholders also expect companies to obtain independent external assessment and assurance services by engaging independent audit firms to evaluate the effectiveness of their risk management mechanisms.
Could you give information about the role of regulations and the importance of compliance in the management of natural and human-induced disasters, fire and life safety risks?
Earthquakes, floods, floods, forest fires, and other disasters are becoming increasingly common in daily life, causing significant damage both globally and in our country. The growing impact of disasters is highlighting the importance of efforts to combat disaster risks and prevent or minimize the damage caused by disasters. In the earthquakes that occurred in Kahramanmaraş on February 6, 2023, we once again confronted this reality, bringing deep sorrow to all of us.
The foundation of managing risks such as natural and human-induced disasters, fires, and safety lies in effective regulations and compliance with these regulations. In this context, it is crucial that legal regulations be up-to-date, incorporating contemporary developments worldwide. Additionally, clearly defining the sanctions to be applied in case of non-compliance with these rules is important. Other sub-regulations, such as regulations issued by relevant public institutions based on these laws, should also be created in a similar manner. It is important to establish effective supervision and inspection mechanisms for identifying situations of non-compliance with these regulations and applying necessary sanctions.
However, it is evident that the establishment of supervision and inspection mechanisms by public institutions alone may not be sufficient for compliance with regulations. Efforts for all citizens and companies to voluntarily comply with these regulations are of great importance.
Unfortunately, in our country, significant mistakes, negligence, and abuses are occurring in the implementation of rules. Rules that are not enforced lose their purpose and meaning. Buildings that are not constructed in compliance with earthquake and building regulations, not earthquake resistant, and use inadequate and substandard materials can collapse or sustain significant damage in earthquakes, leading to the loss of many lives. There are also significant negative economic consequences. We confront this reality with every earthquake.
Therefore, constructing earthquake-resistant buildings is crucial for our country, which is located in the earthquakeprone zone. For this purpose, every process from soil analysis and project planning to the delivery of the construction must be meticulously executed, monitored, and supervised in accordance with regulations.
Individuals, contractors, relevant companies and organizations involved in the process, civil society organizations, and the relevant government institutions all bear significant responsibilities in this process. It is important to use compliant soil, materials, and methods in construction, and to operate control and inspection mechanisms and necessary sanctions without compromise. In this process, professionals in legislative compliance also play important roles and responsibilities. Identifying shortcomings in the management processes of compliance risks within companies by legislative compliance professionals, reporting them to top executives, and creating effective and swift action plans for these shortcomings are crucial.
Analyzing and revealing disaster risks, especially earthquakes, through scientific methods, preparing general and local plans to reduce these risks, conducting projects for the transformation of risky buildings, and engaging in an ethical and comprehensive struggle against disasters are of great importance. Therefore, legislation should be enacted to increase societal awareness and consciousness in this field, and processes that comply with these regulations need to be established to promote a culture of safe living.
In today's rapidly changing world, where economies, social life, and technology are evolving quickly, and risks, especially climate change and disasters, are rapidly increasing, the responsibility of regulatory institutions and regulations is becoming more critical with each passing day. Regulations, on the one hand, attempt to address the needs arising from significant transformations and increased risks, and on the other hand, they bear the responsibility of shaping the future in a pioneering role. Innovative regulations become increasingly important. The compliance function and profession contribute significantly to this shaping process, playing a critical role.
In line with Turkey's second century goals, what is on the risk agenda of companies and what are the measures they should take to turn these risks into opportunities?
In recent years, it is evident that risks have become multidimensional and diversified globally and in our country. Climate change, sustainability, pandemics, inflationary developments, inequalities and income distribution issues, increasing protectionism, interventions in freedom of expression, disaster risks including earthquakes, the Russia-Ukraine war and related sanctions, supply chain issues, Israel's invasion of Gaza, regional conflicts/struggles especially between the U.S. and China, and crises and developments such as energy, migration, and refugee issues are increasing risks. We are transitioning from a bipolar world to a period where regional powers come to the forefront.
Our country is directly and indirectly affected by these risks. In addition, risks such as the negative effects caused by high inflation, high interest rates, deterioration in the economy and income distribution, unemployment, high-cost access to credit, exchange rate risk, brain drain, and related issues of qualified personnel, misinformation, and fake news are also prominent. Sustainability risks and related new legislative regulations are causing significant changes in the markets. All these naturally affect companies' risk agendas and take a prominent place. Managing risks such as inflation, exchange rates, liquidity, and potential market losses due to changing market dynamics is crucial for companies to sustain their existence. The problems with qualified personnel due to brain drain are increasingly affecting companies.
As I mentioned earlier, it is important for companies to accurately identify, analyze, and create effective mechanisms to manage the risks they face. Risk management issues need to be on the agenda of the board of directors and top management, and decisions to manage these risks must be made in a timely and accurate manner.
In addition, it is important to view risks as opportunities as well. Analyzing the opportunities created by the risks faced, closely monitoring changes, creating dynamic processes that adapt quickly to changes in technological developments along with ongoing developments, integrating new technologies, especially artificial intelligence, into projects and products, and going beyond the minimum requirements in sustainability efforts by including more advanced practices in business processes are necessary. If these steps are taken, companies can effectively manage the risks they face and turn them into business results by presenting new opportunities.
Türkiye is a country of disasters and a major earthquake is expected in Istanbul soon. Could you please talk about the importance of increasing companies' disaster risk awareness against natural and humaninduced disasters, fire and life safety risks, and making Emergency Management a corporate culture, starting from the Chairman of the Board of Directors of a company and internalizing it by all management levels and employees?
As you rightly pointed out, being a country prone to disasters, especially earthquakes, it is crucial to make necessary preparations before these disasters occur. These preparations need to be carried out by all organizations and individuals, with a particular emphasis on state institutions. In the context of businesses, it is important to ensure the participation of all employees in these efforts and make it an integral part of the organizational culture.
The concept of "crisis management" employed after disasters to cope with losses is not sufficient for effectively combating disaster risks. It is essential to establish a "risk management" approach that involves making necessary preparations before disasters occur to prevent or minimize their harmful effects, along with an integrated disaster management system.
The approach to disaster risk management includes predisaster preparation, planning, and risk reduction efforts, as well as education and awareness activities, early warning systems, and uninterrupted communication. These steps need to be effectively planned, implemented, and sustained. A planned, systematic, and comprehensive effort is required throughout this process.
In this regard, there is an observed acceleration in efforts in our country. The "Turkey Disaster Risk Reduction Plan (TARAP)," prepared under the coordination of AFAD and published in the Official Gazette in July, covering the years 2022-2030, represents a significant step in this direction. TARAP aims to minimize potential damages resulting from disaster risks through effective and efficient use of resources by defining the activities that need to be carried out before disasters occur, along with the responsible parties and their responsibilities within a defined process. The plan sets out the fundamental principles for creating resilient, safe, prepared, sustainable, and disaster-resistant living environments, as well as identifying the key principles for disaster risk reduction efforts that need to be prepared and implemented before disasters occur. The plan also includes an analysis of strengths and weaknesses, as well as opportunities and threats, concerning disaster risk management.
"The concept of "crisis management" employed after disasters to cope with losses is not sufficient for effectively combating disaster risks"
The plan is aligned with internationally accepted strategic priorities for disaster risk reduction, outlining goals, objectives, actions, and the responsible organizations, with relevant institutions and organizations that will support them. The plan includes 17 objectives, 66 targets, and 227 actions for 11 different types of disasters. It defines strategies for earthquakes, mass movements, floods, climate change, forest fires, infectious and epidemic diseases, chemical-biological-radiological nuclear threats, major industrial accidents, hazardous substance transportation, mining accidents, mass migration, and other disasters. The strategic priorities in the plan include understanding disaster risks, strengthening disaster risk governance for managing risks, investing in activities for disaster risk reduction, and enhancing and improving preparedness and response capacities.
While it is crucial for relevant state institutions to take ownership and implement the plan, it is also important for companies to consider its implications. Companies should establish business continuity and emergency management systems within their organizations, prepare emergency management plans approved by the board of directors, define the roles and responsibilities of emergency teams and their members, ensure coordination among relevant departments, conduct regular tests and drills to verify the effectiveness of the plan, raise awareness of risks within the company through information and training activities, integrate this process into the corporate culture, effectively use digital and technological resources, and collaborate with relevant state institutions, nongovernmental organizations, and other companies in the sector.
"The insurance industry globally serves a crucial role in compensating for damages and losses that may arise from risks"
Comments