Credit Risk

Overall Principles Regarding the Credit Risk Management Process:

1. The procedures and standards regarding transactions causing credit risk are set down in writing and announced to all employees concerned. As a general principle, the procedures and standards are reviewed at least annually and updated when needed.

2. Transactions causing credit risk with counterparty exposure must be conducted so as not create a concentration and be characterized as "well-diversified" by considering the level of risk. For this purpose, credit risk is monitored by criteria such as counterparty, collateral, sector, maturity and currency.

3. The credit worthiness of the counterparty is assessed by concrete data. For this purpose, a rating and/or grading system has been established and is used as a decision-supporting tool. A satisfactory performance of the counterparty with regard to liabilities is not based on the liquidity of collateral as a principle.

4. In transactions causing credit risk, the standards for acquiring collateral from the counterparty is determined in writing. The types of collateral to be obtained must be in conformity with regulations, conducted activities, market conditions and the essence of this policy.

5. Signs of complications observed in all variables that might hinder the counterparty in the fulfillment of its liabilities and which are both systemic and unique to the debtor, are evaluated as early warning signals. To fulfill this purpose, credit risk is monitored closely by the Board of Directors.

Problematic assets should be transformed into normal assets in a short period of time by judgment of efficiency. The economic value of the asset in question must be more than the resource to be allocated for this purpose.

Market Risk

Overall Principles Regarding the Market Risk Management Process:

1. Transactions performed in money and capital markets must be conducted so as not to cause a concentration of parameters such as instrument, maturity, currency, type of interest accrual and be characterized as "well-diversified" by considering the level of risk. As part of diversification, parameters such as maturity, monetary unit, etc. are monitored to avoid concentration.

2. Monitoring of the credit worthiness of issuers of financial instruments causing market risk is given particular importance. In this context, the issuer should hold an "investment grade" level rating from a credit risk rating organization or must be at the "healthy" category in internal ratings.

Liquidity Risk

Overall Principles Regarding the Liquidity Risk Management Process:

1. The primary priority is the compliance of the firm's liquidity risk to the limits set down in legislation and conformance of this risk with the basic strategies of the firm.

2. In order to maintain efficiency and sustainability in liquidity management, a range of available funds, markets, instruments and maturities must be utilized for maximum diversification.

3. In managing liquidity risk, a portfolio structure is formed to derive profit from and comply with market risk management functions, and a risk-return balance is consistently monitored without compromising liquidity requirements.

4. The firm prepares and applies an Emergency State Action and Funding Plan for extraordinary periods.

Operational Risk

Overall Principles Regarding the Operational Risk Management Process:

1. Within the firm, there is a business continuity plan approved by the Board of Directors that displays the continuity of activities in the event of extraordinary conditions, minimizing monetary and reputational loss, clearly defining the duties and responsibilities of employees in such situations, the priority of activities and the manner in which these activities will be carried out. The functionality of the plan is reviewed regularly and results are reported to the Board of Directors. Required actions are taken with respect to non-functional issues.

2. The firm must reserve and back up important documents and information apart from the regular field of activity in a safe location.

3. Operational risks must be assessed in terms of the probability of occurrence as well as the level of the effect in the event of occurrence, and necessary measures must be taken.

4. The firm systematically monitors and reports core operational risk indicators and loss data and implements the necessary measures.