Annual
Report
2021
Tester
RISK MANAGEMENT DEPARTMENT

IN 2021, CARBON AND WATER FOOTPRINT MEASUREMENTS WERE MADE, AND REDUCTION TARGETS FOR THE COMING YEARS WERE DETERMINED BY COMPARING THEM WITH OTHER STUDIES CONDUCTED IN LITERATURE.

Shaping its activities in line with superior quality standards, KKB carries out its risk management activities, which it has classified under the strategic, operational, financial and reputational categories, in accordance with the COSO ERM international corporate risk management standards and the ISO 31000 Risk Management Standard. The Risk Management Department is organizationally affiliated to the General Manager and reports to the Audit Committee.

Through its activities, the Department contributes to the evaluation of risks and opportunities which need to be managed in line with KKB’s founding mission and the strategic objectives of the institution, and to the delivery of products and services in the most effective, efficient and controlled manner. In addition to strategic planning, targeting and risk management activities, the Department carries out risk assessment activities in accordance with the standards of the Information Security Management System (ISO 27001), the Business Continuity Management System (ISO 22301) and the Service Management System (ISO 20000). These activities were carried out separately on the basis of processes, services and assets, and as a result, KKB’s critical services, the processes and the assets which provide these services underwent risk assessments with different methods and approaches aimed at identifying all possible risks. In 2021, the Risk Management Department continued to conduct risk assessments prior to contracting critical third parties to be outsourced or establishing business partnerships. By evaluating the possible effects of the planned work on KKB, visits to the relevant parties took place and field studies were organized. These efforts not only reduced the risks related to support services but also served to further reduce risks related to all external sources.

KKB, which holds the ISO 27001:2013, ISO 22301:2012 and ISO 20000:2018 certificates, increased its maturity by targeting best practices in these fields in 2021 and renewed all its certificates after successfully passing the audits. In addition, the ISO 14001 015 certificate for the Environmental Management System, which was established in 2020 at the KKB Anadolu Data Center, was renewed.

In 2021, a Sustainability Report study was conducted in order to address environmental management awareness on an institutional basis. The Sustainability Report studies included carbon and water footprint measurements which were carried out throughout of the entire organization, including in the KKB Anadolu Data Center, and reduction targets for the coming years were determined by comparing them with other studies conducted in literature.

An independent audit of the KKB Anadolu Data Center was carried out in 2021, following audits carried out since 2018, with the results were reported in accordance with the ISAE3402 reporting standard and the report shared with customers. While providing customers with assurance regarding the control environment of the KKB Anadolu Data Center, this report also helped reduce the work required during the audit.

At KKB, international COSO ERM and ISO 31000 Risk Management Standards are applied.

In addition to the technological and structural developments in the areas of crisis management, risk management, information security, strategic planning and process management, the Department successfully carried out business continuity and emergency tests in October. These were performed in a broader scope than in previous years. In parallel with these tests, in order to increase preparation for current threats in the field of crisis management, crisis simulations were organized with the participation of the senior management, and possible development areas were revealed by evaluating KKB’s level of preparedness for these crises. The benefit of crisis simulations was especially apparently during the COVID-19 pandemic, which started in 2020 and continued during 2021, and in the management of the pandemic which was carried out by the Risk Management Department with the aim of minimizing the impact of the pandemic on the institution.

All activities and business processes within KKB were established in accordance with the COBIT framework, the ISO 27001, ISO 22301 and ISO 20000 standards and the “Communiqué on Information Systems Management and Audit of Information Exchange Institutions and Risk Center”, which replaced the “Communiqué on Principles to be Based on Information Systems Management in Information Exchange, Clearing and Settlement Institutions, and Business Processes and Audit of Information Systems” published by the BRSA in 2021. The application of Corporate Process Management ensures that all corporate processes are aligned with the current functioning, while analyzing the impact of changes in processes, with the result that changes are disseminated more effectively. In order to identify areas of efficiency in the processes and increase their effectiveness, analytical studies have been carried out and reports have been prepared setting out the processes that have been determined together with the process owners in recent years through the OKR. Robotic Process Automation (RPA) studies have been carried out, leading to increased operational efficiency in the related processes, while improvements were achieved in regard to process quality.

In addition, an end-to-end process was defined and started to be deployed in order to encourage employees to produce ideas which they believe will carry the organization and themselves further or which set out improvements or entrepreneurial ideas about a topic, application or product. These ideas are collected and entrepreneurial ideas are evaluated and rewarded by the senior management once the preliminary research and prototype stages have been completed.

In order to bring information security infrastructure and processes in line with best practices of companies in this field, KKB continued to invest in information security infrastructure and increase its detection capabilities in the field of cyber security in 2021. Some of the prominent studies carried out in this context are listed below:

KKB’s policy on the risk management system includes;

This policy is supported by the written procedures and job descriptions, the first-level controls performed by the units for the risks determined at a corporate level in daily activities, and the periodic evaluation of the risk management activity results by the senior management.

Robotic Process Automation (RPA) studies have been carried out, leading to increased operational efficiency in the processes.

THE ROLE OF KKB IN SUSTAINABILITY OF FINANCIAL AND COMMERCIAL LIFE

KKB contributes to the sustainability of financial and commercial life with the products and services it offers.

As Turkey’s first and only credit bureau, located at the heart of financial and commercial life, KKB deals with sustainability under the headings of Environmental Protection, Economic Growth and Social Development. While serving individuals and the real sector, and the financial sector in particular, with its innovative products and effective risk management solutions, KKB contributes significantly to the sustainability of the financial and commercial ecosystem by enabling its members and customers to manage their risks more effectively with these solutions. With services such as the Cheque Report and the Risk Report offered within this scope, but also individuals and the real sector, as well as financial institutions, are provided with the opportunity to manage their financial risks more effectively. The QR Code Cheque System, which was introduced on 1 January 2017, has contributed to the transparency and reliability commercial life. In addition to risk management solutions, the system also helps reduce the impact of the pandemic on the banking and finance sector with centralized products such as Personal ID number and GSM authentication, especially for remote authentication processes which have become vital during the COVID-19 pandemic. Aiming for a more reliable financial and commercial life with the services it offers, KKB contributes directly to the sustainability of the entire financial and commercial ecosystem, especially in the banking and financial sector, offering nearly 100 products and services.

KKB contributes to the sustainability of financial and commercial life with its investments and the governance structure which it has established in order to offer its products and services with a minimum of interruption.

With the awareness of the importance of the services offered to the banking and finance sector and their impact on the sustainability of the sector, the uninterrupted delivery of services is one of KKB’s most important priorities. In order to ensure the continuity of services, a Business Continuity Management System structure has been established in accordance with the ISO 22301 standard. In order to prevent the impact of a possible crisis caused by a potential outage in the sector, KKB’s secondary systems have been set up in the KKB Anadolu Data Center and are ready to work. Within the scope of the Business Continuity Management System, business continuity exercises are organized every year, with situation testing is tested by providing services from the KKB Anadolu Data Center for a period of one day. In addition, investments have been initiated for the KKB systems in the KKB Anadolu Data Center to work with the primary center in an active-active structure.

The KKB Anadolu Data Center, which also holds the TIER IV certificate in the field of uninterrupted service delivery, offers a secondary system in which members, especially those who receive service as a disaster recovery center, can rely on in case of an outage in their primary data centers. This ensures an uninterrupted service not only for the members of the KKB Anadolu Data Center, but also for millions of their customers.

THE CONTENT OF THE “RISK CENTER INTERACTIVE REPORTING SYSTEM” WAS ENRICHED WITH A PROJECT LAUNCHED IN 2021.

With the investments undertaken in the KKB Anadolu Data Center, which is of vital importance in the banking and finance sectors in particular, KKB contributes to reducing the environmental impact of the entire sector.

Providing emergency center, cloud services, central product and technological infrastructure services, the KKB Anadolu Data Center plays a vital role in supporting the sustainability of the banking sector by meeting the needs of its members in these areas from a central point. In the establishment and operation of the KKB Anadolu Data Center, energy efficiency and reducing the impact on the environment were always prioritized and investments were carried out in this vein. The KKB Anadolu Data Center, the first data center in Turkey to hold the “LEED Platinum” Green Building Certificate, has also held ISO 14001 Environmental Management System certification since 2020. The energy efficiency provided by the investments carried out in the in the KKB Anadolu Data Center contributes to the sustainability of the environment in which we live by reducing the carbon footprint of all service members, especially the banking and finance sectors.

Along with the published KKB 2020 Sustainability Report, annual carbon and water footprint values of KKB started to be calculated throughout the organization and it was revealed that investments in energy efficiency, especially within the KKB Anadolu Data Center, cause significantly less carbon emissions than other similar technologies that can be used.

KKB ensures that the control environment regarding the hardware, software and data which it maintains is regularly audited and provides assurance to its members regarding their security and continuity.

In addition to its impact on the environment, many audits have been organized by independent auditors in order to ensure the security of the systems, data and employees of the members who receive services from the KKB Anadolu Data Center. With the publication of the ISAE 3402 Type 2 Independent Audit Report, independent auditors confirmed that the KKB Anadolu Data Center works in accordance with the Regulation on Information Systems and Electronic Banking Services published by the BRSA, in addition to the COBIT 4.1 framework. In addition to the assurance provided in this report, the entire organization, including the KKB Anadolu Data Center, holds ISO 27001 certificates in the field of information security, ISO 22301 in the field of business continuity and ISO 20000 in the field of service management. With these certificates obtained after the audit of the established management systems by independent auditors, KKB contributes to the sustainability of the banking and finance sectors, especially in the fields of information security, continuity and service delivery.