Risk & Compliance Management

Legal and regulatory framework

Legal role

What legal role does corporate risk and compliance management play in your jurisdiction?

Corporate risk and compliance management is a still emerging concept in Turkish law and it can be generally described as a preventive legal role in Turkey. The term ‘risk’ is identified as ‘the possibility of threats of existence, improvement and sustainability of the corporation’ in article 4 of the Principles Regarding the Early Detection of Risk and the Auditor's Report on the Committee that is announced in accordance with Turkish Commercial Code (TCC).

While the concept of early detection of risk has been introduced with the new TCC in 2011, there is still no clear definition of corporate risk and compliance management in Turkish Law.

Unlike US and UK law, Turkish Law does not specifically define and oblige corporations to adapt compliance programs or a compliance management system to manage or mitigate the risks. One exception to this can be found in the Regulation on Compliance Programmes Regarding Obligations on Laundering the Proceeds of Crime and Prevention of Financing of Terrorism. According to this Regulation, a compliance programme shall cover: policies and procedures, risk management activities, monitoring and controlling activities, dedicated compliance officer and compliance department, training, internal controls.

With the rise of foreign investment into Turkey, compliance management has had an increasing trend with the Turkish affiliates of multinational companies and local companies doing business with multinationals. With the increasing pattern in regulated industries Turkey adopted various regulative legislations to define preventive legal system framework. This remains an area for improvement and there are indications that risk and compliance management will be more popular with legislation development than to improve global trade and foreign investment in Turkey.

Laws and regulations

Which laws and regulations specifically address corporate risk and compliance management?

There are various laws addressing corporate risk and compliance.

Turkish Commercial Code

The TCC has the highest priority for undertakings since it is a general code regulating different types of corporations. Under the TCC, the board and senior management has the utmost liability to calculate risks and have a responsibility to the company, shareholders or the creditors depending on circumstances. The Board of Directors may establish commissions or committees for internal audit purposes, using its discretion in accordance with TCC article 366/2. However, as a rule, while the board of directors has the discretionary power to establish a committee, unlike other committees, it is mandatory to establish an early detection of risk committee in listed companies. Pursuant to paragraph 1 of article 378 of the TCC, the board of directors is obliged to establish an expert committee to operate and develop the system.

Capital Markets Law

Under the Capital Markets Law and Corporate Governance Principles Communique No. II. 17-1 of Capital Markets Board dated 2014, listed companies are bound to establish corporate governance principles, which can be categorised as the following four sections: transparency, equality, accountability and responsibility. The first section discusses the principles on shareholders’ rights and their equal treatment. Issues such as shareholders’ right to obtain and evaluate information, the right to participate in the general shareholders’ meeting and right to vote, and the right to obtain dividend and minority rights are included in detail in this section. Matters such as keeping records of shareholders and the free transfer and sales of shares are also discussed hereunder.

The second section discusses the principles regarding disclosure and transparency issues. Within this scope, principles for establishment of information policies in companies with respect to shareholders and the adherence of companies to these policies are discussed. The conditions of today’s global financial economy and conditions faced in our country have been taken into consideration while setting single standards for the procedures for providing information via periodic financial statements and reports and detailing such standards through consideration of functionality.

The third section is concerned mainly with stakeholders. A stakeholder is defined as an individual, institution or an interest group that is related to the objectives and operations of a company. The stakeholders of a company include the company’s shareholders and its workers; creditors, customers, suppliers, unions various non-governmental organisations, the government and potential investors who may consider investing in the company. This section includes the principles to regulate the relationship between the company and stakeholders. The fourth section includes principles concerning functions, duties, obligations, operations and structure of the board of directors; remuneration thereof, as well as the committees to be established to support the board operations and the executives.

Data Privacy Regulation

The Turkish Protection of Personal Data Law was enacted in 2016. The Law states that personal data may only be processed in compliance with the procedures and principles set forth in this Law and other laws. The Turkish Data Protection Authority (DPA) was formed in 2017 and its Regulation on Erasure, Destruction, or Anonymisation of Personal Data, obliges data controllers to maintain a data retention and destruction policy setting out minimum specified information and to delete, destroy, or anonymise personal data that is no longer necessary for processing on the next available destruction period as set by the data retention and destruction policy, which cannot exceed six months in any case. The law also regulates the rights of the data subject, transfer of personal data, registration to DPA requirement for data controllers. Failure to comply with the law results in administrative fines and criminal liability for board of directors of the data controllers in case of criminal offences set forth in the Turkish Criminal Code.

Competition law

Law No. 4054 on the Protection of Competition (the Competition Law) enacted in 1994 but since 2011 the Competition Authority started to focus on competition compliance programmes (CCP). According to the CCP Guideline published by the Authority on its website in 2013, a CCP is an application or a set of in-house regulations and rules that enable undertakings and/or associations of undertakings to audit themselves in terms of competition law.  A CCP is based on the principle of preventing competition law violations with a proactive and risk based approach.  The first of its two main objectives is to ensure that the managers and employees of the undertaking are informed about the competition rules. The second is that it allows the detection of behaviour or practices contrary to competition legislation and to cease such actions.

Banking Law

Law No. 5411 defines the general rules and regulations for banks and other financial institutions. The banking industry is one of the most regulated industries in Turkey and Banking Law introduces clear guidelines for sustainability in financial markets and the rights of the depositors. The Banking Regulation and Supervision Agency (BRASA) is the regulatory authority that sets forth the internal control and risk management systems.

Anti-Money Laundering

The Law No. 5549 on Prevention of Laundering Proceeds of Crime, which was drawn up considering international standards in combating laundering proceeds of crime, entered into force in 2006. Since implementation of essential criminal and procedure laws has been adopted in investigating and prosecuting money laundering, this law includes arrangements accordingly. The Law obliges the related parties to report to the Financial Crimes Investigation Board (MASAK) the transactions in which there is a suspicion that the related assets were used for illegal purposes. Thus, it was aimed to take necessary measures against funds used for financing of terrorism and the related persons.

Compliance programmes and the requirement to appoint a compliance officer are regulated in the Regulation on Compliance Programs for Preventing the Laundering Proceeds of Crime and Finance of Terror Regulation published in official gazette in 16 September 2008 and no: 26999. According to the Regulation, an anti-money laundering compliance programme should be based on a risk-based principle with adequate corporate policies and procedures, risk management, monitoring and controlling activities, assignment of a compliance officer and forming a compliance department, training activities and internal controls.

Types of undertaking

Which are the primary types of undertakings targeted by the rules related to risk and compliance management?

Listed companies are scrutinised with a higher level of rules when compared to other undertakings. The Capital Markets Law aims to prevent small shareholders and obliges the listed companies to comply with corporate governance principles.

Financial institutions

Banks are regulated through BRASA. According to the Banking Law, banks are required to determine principles and procedures to establish guarantee and sustainability in financial markets, effective functioning of the credit system, and the protection of the rights and interests of investors. According to the Regulation on Banks’ Internal Systems dated 2012, internal control, internal audit and risk management systems for banks by specifying various types of risks and how to mitigate and process such risks are defined.

Private companies

Joint stock Companies are represented through Boards of Directors (BoD). BoD have legal and criminal liability and they have the obligation to act diligently when performing its duties and managing the business of the company. Such obligations consist of; monitoring and overseeing the day-today management and long term strategy of the company, acting in good faith by ensuring compliance to the laws and in the interest of the company and its shareholders; keeping confidentiality, not to engage in any transaction of commercial nature within the scope of the company on their behalf(non-compete). Ensuring management of conflict of interest by refraining from participating in BoD meetings related to matters concerning the interest of their own or that of certain close relatives of them as per article 393 of the TCC. Failure to comply with the rules set forth in the TCC and other laws can lead to civil and tort liabilities for the board of directors and the management of a privately held company. Compliance failures could also lead to criminal liability on the part of the BoD or the managers of private companies. Turkish criminal code also lists a number of white-collar crimes such as: forgery, bribery, fraud, money-laundering, embezzlement, insider trading and similar crimes. Since the legal persons do not have any criminal standing in the Turkish Criminal Code only some measurements can be applied to legal persons but the real person representatives of legal persons like BoD of private and listed companies can be subject to investigation under Turkish Criminal Code.

Regulatory and enforcement bodies

Identify the principal regulatory and enforcement bodies with responsibility for corporate compliance. What are their main powers?

The following are the principal regulatory and enforcement bodies with responsibility for corporate compliance.

Turkish Commercial Code Compliance: the Ministry of Trade (TC TB) has the powers to apply administrative fine and administrative measures.

Fair Commercial Practices Compliance: the Turkish Ministry of Trade Advertisement Board (TBRK) has the right to apply administrative fines and sua sponte investigations to impose consumer protection rules and fair advertisement rules.

Labour Law Compliance: the Ministry of Family, Labour and Social Services (TC AÇSHB) has the powers to apply administrative fine and administrative measures and sua sponte investigations.

Corporate Governance Compliance: the Turkish Capital Markets Board (SPK) has the powers to apply administrative fine, administrative measures, cancelling the licenses and sua sponte investigations.

Competition Law Compliance: the Competition Board (RK) has the powers to apply administrative fines and administrative measures to the extent of imposing changes in shareholding status and sua sponte investigations.

Data Privacy Compliance: the Turkish Data Protection Board (KVKK) has the powers to apply administrative fine and administrative measures and sua sponte investigations.

Anti-Money Laundering Compliance: the Financial Crimes Investigation Board (MASAK): has the powers to apply administrative and criminal fines and imprisonment and sua sponte investigations.

Banking Law Compliance: the Banking Regulation and Supervision Agency (BDDK) has the powers to apply administrative fines and sua sponte investigations.

Telecommunications Compliance: the Turkish Radio and Television Supreme Board (RTUK): has the powers to apply administrative fines and administrative measures as stopping the broadcast and cancelling the license of the broadcast licence holders of radio, television and platforms broadcasting through internet.

Healthcare Compliance: the Turkish Pharmaceuticals and Medical Devices Agency (TITCK) has the powers to apply administrative measures such as stopping the promotion and cancelling the licences of pharma and medical device and cosmetic companies.

Energy Market Compliance: the Energy Market Regulatory Authority (EPDK) apply administrative fine and administrative measures and sua sponte investigations.

Definitions

Are ‘risk management’ and ‘compliance management’ defined by laws and regulations?

There is no general definition of risk and compliance management. The TCC only defines the early detection of risk committee. However, according to the Regulation on Compliance Programs For Preventing the Laundering Proceeds of Crime and Finance of Terror Regulation published in official gazette in 16 September 2008 and no: 26999, compliance programmes are defined as all necessary measurements to comply with anti-money laundering laws.

In 2011 the Turkish Competition Authority published a Competition Letter for compliance programmes defining management as one of the most effective mechanisms to manage the risk in competition failures. In this letter compliance programmes’ effects are defined as awareness and proactive risk mitigation.

Processes

Are risk and compliance management processes set out in laws and regulations?

There is no general definition of risk and compliance management process defined. The TCC only defines the early detection of risk committee in article 378. According to this article, the committee is obliged to send the auditor a report bi-monthly indicating the risks, threats and remedies. However according to the Regulation on Compliance Programs For Preventing the Laundering Proceeds of Crime and Finance of Terror Regulation published in official gazette in 16 September 2008 and no: 26999, compliance programmes processes are as risk-based approach programmes with adequate corporate policies and procedures, risk management, monitoring and controlling activities, assignment of a compliance officer and forming a compliance department, training activities and internal controls. The Regulation also mentions the need to appoint a dedicated Compliance Officer to ensure compliance with anti-money laundering legislation.

Standards and guidelines

Give details of the main standards and guidelines regarding risk and compliance management processes in your jurisdiction.

According to article 378 of the TCC, BoD of listed companies are obliged to establish an early detection of risk committee. For other companies, if the auditor deems it necessary, the board of directors will establish a committee.

The BoD may establish commissions or committees for internal audit purposes, using its discretion in accordance with article 366/2 of the TCC. However, as a rule, while the BoD has the discretionary power to establish a committee, unlike other committees, it is mandatory to establish an early detection of risk committee in listed companies.

Regarding Turkish Competition Law, the Turkish Competition Authority published a Competition Compliance Program Guideline in 2013. Inspired by EU law, the Guideline set forth basic principles for an effective competition compliance programme as:

  • tone from the top;
  • adequate policies and procedures;
  • continuous training;
  • regular risk assessment; and
  • proportionate discipline and reward system

The Guideline also recommends the corporations to have a dedicated expert legal department or an external consultant, an effective and confidential reporting (hotline) system to ensure compliance with the competition law.

Obligations

Are undertakings domiciled or operating in your jurisdiction subject to risk and compliance governance obligations?

Pursuant to paragraph 1, article 378 of the TCC, the BoD is obliged to establish an expert committee, to operate and develop the system. The committee to be established does not have the authority to make decisions independently, it is formed only to assist the BoD, to prepare for decisions and to provide consultancy. It is stated that the early detection of risk committee may consist of expert board members or expert third-party real persons, or both. The members of the BoD in the committee must be non-executive members. The committee is required to submit a report to the BoD every two months, in which the committee evaluates the situation of the company and shows the dangers and remedies. The committee must submit its first report at the end of one month after its establishment.

The early detection of risk committee for limited liability companies is regulated in Article 625 / 1- e of the TCC. Unlike joint stock companies, it counts the establishment of the committee among the non-transferable and indispensable duties of managers in all other limited liability companies, except for small-scale companies.

In order to detect risks early, they must be known and learned by the committee to be established. For this, first, the purpose of the company should be determined, the current risk potential of the company should be determined according to its purpose and estimated evaluations should be made. Early detection is the determination of the causes that may pose a risk before they reach a situation that will affect the existence of the company. In terms of necessary precautions and remedies, the TCC does not provide a clear regulation on the measures and remedies required for early detection of risks. Therefore, if it can be predicted that the necessary information will be available to the committee in a timely manner, the measures and remedies can be accepted as necessary. The necessary measures and remedies include appropriate tools and employees who can identify risks. Therefore, measures for collecting and storing information and documents should be taken in accordance with the TCC. If there is a risk of the company being liquidated then the liquidation plan may be an appropriate measure.

The risk committee has discretion to take and implement appropriate measures and remedies. Factors such as the size of the company, the markets in which it operates, and its structure determine the measures to be taken. However, in any case, risk awareness should be increased in the company with the precautions and remedies to be taken to detect the risk early, risk areas that may endanger the existence of the company should be determined, risk assessment and risk communication should be provided, and measures and remedies should be shaped according to the risks.

What are the key risk and compliance management obligations of undertakings?

For private companies the first and foremost obligations is to comply with the TCC. The TCC sets forth several obligations for companies BoD and managers to protect the shareholders and related third parties. For listed companies the Turkish Capital Markets Law also obliges listed companies to comply with corporate governance principles.

All companies also have an obligation to comply with the Turkish Data Privacy Regulation, the Labour Law and the Competition Law. In addition to that other compliance requirements are regulated in various laws according to the scope of the work that the corporation deals with.

Liability

Liability of undertakings

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

Joint stock Companies are represented through Board of Directors (BoD). BoD have legal and criminal liability and they have the obligation to act diligently when performing its duties and managing the business of the company. Such obligations consist of; monitoring and overseeing the day-today management and long term strategy of the company, acting in good faith by ensuring compliance to the laws and in the interest of the company and its shareholders; keeping confidentiality, not to engage in any transaction of commercial nature within the scope of the company on their behalf(non-compete). Ensuring management of conflict of interest by refraining from participating in BoD meetings related to matters concerning the interest of their own or that of certain close relatives of them as per article 393 of the Turkish Commercial Code (TCC). Failure to comply with the rules set forth in the TCC and other laws, can lead to civil and tort liabilities for the board of directors and the management of a privately held company.

In limited companies, managers represent the companies for all matters except that those fall under the responsibility of general assembly. Like BoD in joint stock companies, managers in limited companies have the utmost duty to act in diligence and serve the interests of the shareholders and company in good faith. The managers also have the duty to act with non-competition with the company, treat all shareholders equally. The managers have the right to delegate some powers to third parties however in article 625 of the TCC, sets forth the non-transferrable duties of the managers as follows:

  • to execute ultimate direction and management; to give necessary instructions;
  • to determine the company management organisation in accordance with law and the articles of association;
  • to develop accounting, financial auditing and financial planning when necessary for the management of the company;
  • to supervise whether the persons to whom one or more divisions of company management have been entrusted are acting in accordance with law, articles of association, internal regulations and instructions;
  • to establish a committee for early risk detection and management, except for small sized limited liability companies;
  • to prepare the company’s financial statements, annual report, and where necessary the group of companies’ financial statements and annual report;
  • to organise GA meetings and to execute GA resolutions; and
  • to notify the court should the company’s liabilities exceed its assets

Do undertakings face civil liability for risk and compliance management deficiencies?

Undertakings are deemed as legal persons in Turkish law and they are responsible for risk and compliance management deficiencies against the parties they are transacting with. In general the Turkish Law of Obligations no 6098, article 49 defines the tort principle and according to this article legal and real persons are liable for their deliberate or negligence tort actions to the affected parties.

In addition to that undertakings may also be liable to their employees where they are positioned as employers under Turkish Labour Law. The law sets forth basic principles in employment contracts and obliges the employers to protect the employees diligently. In addition to that employers have the obligation to ensure the health and safety at work of all his employees. Employer must take every necessary measure, provide information, instruction and training, oversee and supervise whether the health and safety precautions in workplace are properly abided by, make and maintain arrangements; to prevent occupational risks, record and notify the occupational accidents and sicknesses. Turkish Law of Obligations no 6098 article 417, Employers also have the responsibility to protect the employees from physical or psychological abuse. Thus protecting the employee from sexual harassment and mobbing is also mentioned in Turkish law.

Undertakings may also face civil liability from a failure to comply with Data Privacy and Competition Laws.

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

Undertakings may face administrative or regulatory consequences for risk and compliance management deficiencies. According to the industry of the undertaking the regulatory requirements can vary.

Do undertakings face criminal liability for risk and compliance management deficiencies?

Turkish law does not accept legal entities as perpetrators of crime. However, according to article 20 of the TCC, undertakings may be subject to ‘security measures’ rather than crimes. The security measures to be imposed on legal entities are prescribed in article 60 of the TCC are the cancellation of permit and confiscation.

Liability of governing bodies and senior management

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

In joint stock Companies the civil liabilities of the BoD are listed among the articles 549-553. The TCC categorises civil liability and separates legal liability into six categories.

  • Failure to comply with documents and declarations obligations. This liability is triggered when documents required for procedures, transactions and structural changes. Examples are incorporation, capital increase and decrease, merger, division or conversion and issuance of securities.
  • False declarations of capital and insolvency. This liability is triggered when there is misconduct or similar fraudulent transactions with respect to the protective provisions regarding the capital, deliberately knowing the insolvency of the parties who make capital commitment and the approval of this. Examples include showing capital as paid although it is not, providing a note payable instead of payment in cash and endorsing a bad cheque, and commitment by a party who is insolvent or bankrupt.
  • Misconduct in valuation: This liability is triggered when the non-monetary assets to be contributed as capital or to be acquired are valued at a higher price than similar non-monetary assets, their attributes are stated inappropriately (for instance indicating a real estate as having a proper zoning status or another type of misconduct (such as the valuation of non-existent bonds).
  • Collection of money from the public without the permission of the Capital Markets Board.
  • Liabilities of founders, BoD members, managers and liquidators: This liability is to company and its shareholders and it is a fault liability. The liability occurs from the commitment of the management function. If the management function is partially or completely delegated (for example, if an executive director is assigned), the BoD is released from the liability if the BoD proves that it acted in accordance with due diligence for the selection of the delegated parties.
  • Liabilities of auditors: Auditors are liable to the company, shareholders and creditors of the company for failure to comply with statutory obligations to audit the financials and accounts of the company.

In limited liability companies the managers are the governing body and they have similar liabilities of the BoD in joint stock companies. According to article 626 of the TCC, managers and persons in charge of management shall be liable to perform their duties with due care, and to protect the interest of the company in good faith. Managers cannot perform any activity that is against the interests of the company unless expressly permitted by the articles of association and all other partners have given written consent. Managers have the obligation to provide equal treatment to the shareholders under similar conditions.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

Article 562 of the TCC defines several administrative and criminal monetary fines for failure to comply with certain articles. Administrative fines include the articles 64-65-66 and 88 related to bookkeeping, inaccurate financials, inaccurate statements on capital. In joint stock companies, failure to comply with general assembly obligations may result in losing the signatory powers for the BoD members of the company.

According to the Procedure of State Debt Collection Law no. 6183 joint stock and limited liability companies’ legal representatives are personally liable for the debts that are not paid by the companies.

Pursuant to article 58 of Public Procurement Law no. 4734 the shareholders holding more than 50 per cent in joint stock and limited companies are subject to be banned from tender bidding for up to two years for failure to comply with the law.

Turkish Capital Markets Law no. 6362 article 96 grants wide range of authorities to the Capital Markets Board over governing bodies of listed companies. The Board has the authority to annul the signatory authorities, discharge individuals from their duties, appoint temporary individuals to vacant positions or issue administrative fines to the individual for failing to comply with the law.

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

Article 562 of the TCC defines both administrative and criminal consequences for governing bodies of corporations. According to the article false declarations of the capital, collecting money from the public without permission, recording misleading information to company books by intention or forgery of documents are subject to imprisonment.

In addition to that the Turkish Penal Code, defines several white-collar crimes and crimes for data privacy offences. The Customs Law, the Bankruptcy Law and the Capital Markets Law also set forth specific crimes for members of governing bodies.

Corporate compliance

Corporate compliance defence

Is there a corporate compliance defence? What are the requirements?

Despite recommended as best practice by various institutions, no corporate compliance defence regulated under Turkish Law. However according to the general provisions in the TCC, BoD and managers in companies can be cleared from liability in case they have delegated their powers with a due diligent selection, instruction and supervision of the delegates.

The Turkish Competition Authority has been very active in promoting competition compliance programmes in the course of its competition advocacy activities; the Turkish Competition Board has remained rather indifferent to such programmes in its decisions; it has never regarded them as a mitigating factor in setting fines or rewarded in any way the undertakings that have applied a competition compliance programme.

Turkish Data Privacy Board also advocates the need for compliance programmes but there is not enough evidence for the application of corporate compliance defence.

Recent cases

Discuss the most recent leading cases regarding corporate risk and compliance management failures.

Unlike the US Foreign Corrupt Practices act (FCPA), the UK Bribery Act (UKBA) or France's Loi Sapin II, Turkey does not have its own dedicated anti-bribery and anti-corruption (ABAC) legislation to combat foreign bribery. The Turkish Penal Code is built upon the territoriality principle. The principle covers all crimes committed under the jurisdiction of Turkey regardless of the nationality of the person. Bribery to foreign public officials is regulated under article 252/9 of the TPC, however the enforcement of this rule is not comparable with the above mentioned extra-territorial legislation. Both the FCPA, UKBA and Loi Sapin II regulate a strict corporate liability for acts or omissions of their employees, agents, and other associated entities. Companies falling under the jurisdiction of these laws are required to adopt effective compliance programs. According to article 20 of the TPC, companies are not within the scope of criminal liability, and only some security measures can be applied to individuals. Adopting a compliance programme is not required by the TPC. Private to private bribery and failure to prevent bribery are not listed as separate crimes in the TPC unlike the UKBA. 

Recently Fresenius Medical and Alexion Pharma Settlements for FCPA has shed light to the relevant corporations’ allegations for bribery for transactions involving Turkey. The content of these allegations involves corporate risk and compliance failures.

Government obligations

Are there risk and compliance management obligations for government, government agencies and state-owned enterprises?

The Public Financial Administration and Control Code no. 5018, regulates structure and functioning of the public financial management, preparation and implementation of the public budgets, accounting and reporting of all financial transactions, and financial control in line with the policies and objectives covered in the development plans and programs, in order to ensure accountability, transparency and the effective, economic and efficient collection and utilisation of public resources.

Furthermore the Law Related To The Establishment Council Of Ethics For Public Service And Making Modifications On Some Laws no. 5176 determines the establishment, duty and working procedures and fundamentals of the Council of Ethics for Public Service as to adopt and observe the implementation of ethical attitude principles such as transparency, impartiality, honesty, accountability, that should be abided by the public officials. This Law covers all the personnel employed at departments included at the master budget, annexed budget administrations, public economical enterprises, floating capital establishments, local administrations and unions thereof; all the public establishments and institutions founded under the names of committee, upper committee, institution, institute, enterprise, organisation, fund and similar possessing public judicial entity; chairmen and members of the management and auditory committee and council and supreme councils.

Finally, the Regulation on the Principles of Ethical Behaviour of the Public Officials and Application Procedures and Essentials Entered into effect as published in Official Gazette dated 04/13/2005 and numbered 25785 defines the prohibition of receiving gifts and deriving benefits for public officials with below exceptions:

Donations which mean contribution to the organization for which the public officials work, which will not affect the execution of the organization services in accordance with the law and which are received, provided that they are allocated for the public service, recorded in the fixed assets list of the organization and that they are declared to the public (except from the official car and other gifts received in order to allocate for the service of a specific public official) and the donations which are granted to the institution and organizations, book, magazine, article, cassette, calendar, compact disc or such goods, gifts or rewards acquired in publicly held competitions, campaigns and activities, gifts having the value of souvenir which are given in publicly held conferences, symposium, forum, panel, meal, reception or similar activities, advertisement and handicraft products which are distributed to everyone and which have symbolic value, credits taken from financial organizations according to the market conditions are outside the scope of the prohibition of receiving gifts.

Digital transformation

Framework covering digital transformation

Please provide an overview on the risk and compliance governance and management framework covering the digital transformation (machine learning, artificial intelligence, robots, blockchain, etc).

There is no recent development for the digital transformation of risk and compliance governance. Multinational companies operating in Turkey are driving the risk and compliance culture and innovation. Turkey is in the emerging step towards fostering a compliance culture among its business environment. Machine learning, data analytics, AI, robots and blockchain are all debated in Turkey within academic environments.

Updates and trends

Key developments of the past year

What were the key cases, decisions, judgments and policy and legislative developments of the past year?

Measures on corporate governance

To prevent the spread of the coronavirus, the Ministry of Trade taken measures regarding the ordinary general assembly meetings of the companies, which must be conducted until March.

Accordingly, the Ministry of Trade made an announcement and stated that the ordinary general assembly meetings of the joint-stock companies and limited liability companies, which were invited to the meeting, can be postponed with a board of directors’ resolution without the general assembly decision on postponement.

In addition, the companies were allowed to conduct their general assembly meetings through the electronic system without gathering in the company headquarters, even the allowance for electronic general assembly meetings is not registered with the articles of associations of the company.

Another measure was introduced for protecting the equity capital of the companies. In this regard, provisional article 13 is enacted to the Turkish Commercial Code, which provides restrictions to the dividend distribution of the joint-stock companies, limited liability companies and limited partnerships in which capital is divided into shares.

Measures on capital markets

The Capital Markets Board has also taken some measures to relieve the companies during the covid-19 pandemic.

Reporting periods of portfolio management companies, investment funds, enterprises whose capital market instruments are traded in exchange or other organised marketplaces, enterprises subject to capital market legislation but whose capital market instruments are not traded in exchange or other organised marketplaces, enterprises with a special accounting period were extended.

Measures on banking

Due to the covid-19 pandemic, flexibility was provided in the minimum ratios of banks' liquidity levels. In addition, restrictions relieved regarding the risk models used by banks for loan classifications and loss calculation.

Measures on competition

The Competition Authority postponed the oral hearings, taking into account the requests from the undertakings and covid-19 pandemic.

Also, the Competition Authority requested that all applications, petitions and information-document submissions that will be made to the Competition Authority be made electronically through the Competition Authority Application Portal.

Measures on data protection

Turkish Data Protection Board postponed the deadlines for registration to the Data Controllers’ Registry since most of the establishments are not able to complete their registration due to remote working model implemented with the covid-19 pandemic.

Accordingly, the deadline for the registration extended to 30 September 2020 and 31 March 2021 for the data controllers in various categories.

Measures on labour law

Termination of the employment contracts has been prohibited unless the contract is terminated due to (1) the employee’s violation of the moral rules and goodwill, (2) expiration of the contract term, (3) workplace being closed, or (4) the work being over which the employee is assigned for.

While the termination prohibition protects the employees from unemployment the government allowed the employers to give unpaid leave to their employees for a maximum term of three months.

In addition to the above, the government allowed businesses to apply to the Turkish Employment Agency for short-time working allowance during the pandemic, provided that their business operations are decreased due to the pandemic.

Coronavirus

What emergency legislation, relief programmes and other initiatives specific to your practice area has your state implemented to address the pandemic? Have any existing government programmes, laws or regulations been amended to address these concerns? What best practices are advisable for clients?

The covid-19 pandemic affected both the enterprises operating in various sectors and the government bodies since the enterprises and government bodies started to work remotely for the sake of public health. Accordingly, Turkish government bodies enacted measures for avoiding the enterprises to omit their responsibilities due to the loss of labour force during the covid-19 pandemic while keeping the workload of the government bodies low.

Also, the government has taken measures considering the financial effect of covid-19 on the enterprises and the Turkish market.

Law stated date

Correct on

Give the date on which the information above is accurate.

March 2021.

This article was published on Lexology GTDT in March 2021. See our Lexology content here.