AML/CFT Policy

Institution Policy and Compliance Program Regarding Compliance with Obligations Related to Prevention of Laundering Proceeds of Crime and Combating Terrorist Financing and Sanction Compliance

INSTITUTION POLICY AND UNDERTAKING OF BOARD OF DIRECTORS

DenizBank is a subsidiary of Emirates NBD Bank PJSC and its policy has been established in accordance with the Emirates NBD Group Anti-Money Laundering and Anti-Terrorist Financing Compliance Policy (Emirates NBD Group Compliance Policy).

DenizBank and DenizBank Financial Services Group (DFSG) shall adopt its policies as an important ethical principal to combat money laundering, financing of terrorism, proliferation and financing of weapons of mass destruction, corruption, bribery, financial fraud and similar crimes, and pay strict attention to collaboration among themselves as well as related authorities. DFSG also complies with the financial sanctions issued by reliable official authorities at national and international platform.

The DenizBank Group is to examine its AML strategies, goals and objectives on an ongoing basis and maintain an effective compliance program and policy for the Group that reflects best practice for a diversified, global financial services provider. The policy covers our Bank Head Office units, branch, agency and similar service units, domestic financial subsidiaries of which our Bank holds the majority of shares, international branches and financial subsidiaries. Implementing sufficient and efficient compliance program is the ultimate responsibility of our Bank’s Board of Directors.

Branches, subsidiaries operating abroad of financial institutions that are a part of the financial group are obliged to apply the provisions of this policy as a minimum requirement to the extent allowed by the legislation of the country and authorized officials of the country in which they operate.

DenizBank headquarter is located in the Republic Of Turkey and is principally regulated and audited by the Banking Regulation and Supervision Agency (BRSA) and Financial Crime Investigation Board of Turkey (MASAK). Due to that the Republic of Turkey is the member of FATF (Financial Action Task Force) since 1991, Turkish regulations comply with the FATF recommendations.

The bank AML & CTF policies comply and will be complied with the following regulatory requirements:

• Law on Prevention & Laundering Proceeds of Crime, dated October 11, 2006 and numbered 5549. (Amended 31/12/2020)
• Law on Prevention of Financing of Terrorism dated on February 16, 2013 and numbered 6415. (Amended 31/12/2020)
• Law No. 7262 on the Prevention of Financing the Proliferation of Weapons of Mass Destruction dated December 27, 2020.
• MASAK Regulation on ‘’Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism’’ dated December 10, 2007 and numbered 26751 and related communiqués.
• MASAK regulation on ‘’Program of Compliance with Obligations of Anti-Money Laundering and Combating the Financing of Terrorism’’ dated September 26, 2008 and numbered 27009.
• Regulation on the Procedures and Principles Regarding the Implementation of the Law on the Prevention of the Financing of Terrorism, dated May 31, 2013 and numbered 28663.
• MASAK Regulation on the Procedures and Principles Regarding the Implementation of the Law on the Prevention of Financing the Proliferation of Weapons of Mass Destruction, dated February 26, 2021.
• Borsa Stock Exchange Precious Metals Responsible Supply Chain Compliance Guideline, 2021.

All staff are responsible for complying with this policy, related procedures and all applicable laws and regulations and for ensuring the effective management of money laundering risk within the scope of their direct organisational responsibilities. Our Bank’s Policy and other related detail procedures are published on an electronic media via intranet to be accessible by employees at any time and kept up-to-date.

Within the framework of international norms and national legislation provisions in its fight against laundering proceeds of crime, financing of terrorism, proliferation of weapons of mass destruction, corruption, bribery, financial fraud and crimes with similar interest; DenizBank:

a. Takes the necessary measures to define, rate, monitor, evaluate and mitigate the risks the Bank may be exposed to.

b. Creates its written compliance policies and procedures by benefiting from recommendations, principles, standards and guidelines issued by national and international institutions to conform to Laws and regulations and communiqués as per the law.

c. Assigns a Group Compliance Officer at an administrative level to carry out the activities within the scope of compliance program policy, ensure internal and external communication and coordination, provides necessary staff and technical support.

d. Risk management within the scope of compliance program, activities related with monitoring-control, training and internal audit is carried out by the Compliance Officer under the supervision audit and responsibility of the Board of Directors.

e. Encourages to cooperate with correspondents and other financial institutions and authorized bodies by adopting fight against crime as an important ethical principle.

f. Does not allow the use of banking service and products it provides for laundering proceeds of crime, financing of terrorism and abuse.

g. Follows the national and international developments to prevent laundering proceeds of crime and financing of terrorism, does not enter customer relations with prohibited persons and institutions, does not intermediate the entry of banned goods and services into the target country.

h. Follows the development published in this area, takes the necessary measures by studying the published standard, guidelines and manuals and implements the procedures.

i. Organizes annual training programs which approved by Board so that the compliance policies and working rules and responsibilities are recognized by the employees

In order to ensure the effectiveness of fighting money laundering and terrorism financing, it is necessary for financial institutions to establish the Three Lines of Defence from the stage of customer acceptance to the monitoring, control and reporting of the transactions.

The Group operates a Three Lines of Defence model for AML and CTF oversight.

Within this scope, the risk management policy of our Bank covers the following activities:

• Developing risk definition, rating, classification and assessment methods which are based on customer risk, country-service-product and transaction risk,
• Rating and classifying services, transactions and customers according to the risks,
• Making sure that risky customer, transactions or services are monitored and controlled, reporting them to warn the related units; realizing the transaction upon the approval of the senior body,
• Reassessing and updating the policy based on developing conditions,
• Following up national legislation, recommendations, principles, standards and guidelines introduced by international institutions about issues that fall within the scope of risk and conducting necessary development studies
• Reporting risk monitoring and assessment results to the board of directors within regular intervals.

Within this scope, the risks based on customer risk, service risk, country, transaction and product risk are defined as follows:

i.Customer Risk

• Risky Sector and professions
• Politically Exposed Persons
• Charities, Foundations and Associations
• Mediators (attorney, broker, funds, trust, asset management companies)

ii.Service Risk

• Private Banking Services and Persons with High Volume of Assets
• Customers acquired not via face-to-face
• Correspondent Banking

iii. Country Risk

Our bank’s country risk assessment are determined based on the criteria below in line with the FATF guidelines on this subject, and get published on the country policy and Country Watch List:

• Sufficiency of country’s legislation in the fight against Money Laundering and Financing of Terrorism,
• Tax regime, Off-shore financial regions
• Ratio of Unofficial economy and cash transactions
• Political structure and democracy culture
• Political and economic unions which it is a member to
• Controls and regulations regarding financial markets
• Its practices concerning fight against corruption
• Geographical position it holds in terms of smuggling or terrorist activities
• Its status against the financial embargoes

iv.Transaction and Product Risk

• Transactions realized by high risk customers
• Correspondent banking, foreign trade, transfer and credit transactions related with risky countries,
• Complex transactions of extraordinary size
• Cash transactions that are high volume or at high frequency and/or divided
• Transfer transactions that are high volume or at high frequency and/or divided
• Transfer messages with missing sender’s name/title or written as an abbreviation
• Transfer transactions sent to or received by name
• Cash-covered blocked check, money exchange and cash/noncash credit transactions,
• Collecting personal checks drawn up on international banks
• Depositing money in, withdrawing money from prepaid card, account or credit and electronic transfers realized in a non-face-to-face manner
• Transactions that do not match the customer’s income level, business and fund sources
• Products recently presented and technological/digital banking transactions
• Crypto money transactions
• Crowd Funding transactions

In our bank it is not allowed to enter into continuous business relationship, mediate the transactions, accept collaterals and sureties even if they are not our direct customers for the persons and institutions mentioned below under any name:

The DFSG is prohibited from conducting business with;

1. Shell Companies

2. Coded accounts

3. Payable Through / Nested Accounts)

4. Shell Banks and banks without license

5. Anonymous or Fictitious Accounts

6. Gambling and illegal betting

7. Those who have issued Bearer Shares

8. Personal accounts which are being used for business operations or proceeds

9. Anyone involved in illegal or prohibited activity in accordance with Turkish and / or local law

10. Real and legal persons which are currently under blacklists connected to AML, terrorism and financial sanctions,

11. Companies which are currently under sanctions (international, national, applicable sanctions)

12. Real person customers that are known to be or are strongly suspected of being involved in money laundering or terrorism financing activities

13. Businesses / Companies that are known to be or are strongly suspected of being involved in money laundering or terrorism financing activities

14. Mass destruction weapons; those who build and trade nuclear, biological and chemical weapons,

15. Individuals and companies which don’t have specific license/permission that their fields of activities required legal license/permission in Turkey or where DFSG operates. (Such as, defense and arms sector, electronic currency and transfer companies, exchange offices, gas stations etc.)

16. Companies engaging in crypto currency mining and stock exchanges

Real time or periodical controls are exercised in cases below via special software (PayGate Inspector & World Check) to check banned persons, institutions, country or products (including those with dual use) listed by reliable institutions in the national or international arena within the scope of fight against money laundering, terrorist acts and financing:

• New Customer Acquisition - Real Time
• Control of Existing Customers - Periodic
• Walk-in customers - Real Time
• Foreign trade and Transfer Transactions - Real time

Our Bank adopts the lists and countries of activity below published by reliable institutions in the national and international area while controlling the banned persons, institutions, country or products and services as minimum:

• Türkiye (TRMOI)
• TRMASAK / TRCOM
• UN Lists
• EU List
• OFAC List
• UK List
• U.A.E
• BaFin
• FMA
• MINEFI
• Bahrain
• Terror Lists Published in the Official Gazette Upon the Request of Foreign States
• Bank Internal List

Solid ‘know your customer’ policies and procedures are critically important in terms of integrity, reliability and soundness of the banking system. Insufficiency or lack of the “know your customer” standards may lead to decline in the bank’s reputation, significant customer, activity and credit risks such as legal and concentration risks.

According to FATF, customer refers to persons for whom an account is opened or product-service are provided within the scope of continuous business relationship and real and legal persons who make transactions temporarily via cash tellers.

Know Your Customer principle shall be applied not only for customers but also for those who act on behalf of these persons or who are in the position of actual (final) beneficiary¹ position.

According to the Regulation on Measures, Banks have to identify the identity of the actors or the actual final beneficiary acting on behalf of or on behalf of the customers and clients.

In this context:

• For real persons, it is necessary to receive information about the identity and address of the client and to confirm the accuracy of this information. During identification, contact, work, profession information and signature of customers are taken.
• For legal persons are required to obtain and confirm the identity information of the trade registry gazette, tax levy, business activity, communication information, and partnership share with 25% or persons authorized to represent.

Knowing customer and ID verification are obligatory to be conducted as per the related legal regulations in cases below:

a. Regardless of the transaction amount:

• In continuous customer relationship² ,
• Suspicious cases,
• When the authenticity of the current ID information and documents is suspected,

b. Depending on the transaction amount:

• When the total amount of transaction or multiple transactions connected to each other is equal to or more than TL 185.000.
• When the total amount of transaction or multiple interconnected transactions in electronic transfers³ is equal to or more than TL. 15.000.

ID verification is completed before the establishment of customer relationship or realization of transaction in cases except simplified ID verification is allowed where the risk is little.

While establishing continuous customer relationship, information is obtained about main types of transaction, purpose of opening an account and its nature through our Bank.

Information regarding telephone number and email address obtained from persons who come with the request of becoming a customer and who are unknown to branch, do not have reference, whose reason for preferring our Bank is not known shall be confirmed by contacting the related party using these tools.

In case of giving false, misleading, contradictory information and documents during the identification and verification of the identity information, the customer relationship is not entered and whether the transactions of the specified situations are suspicious is also evaluated.

Actual (Final) Beneficiary is the real person benefiting from the transaction realized, getting affected from the results of transactions and controlling the transaction made finally.

FATF (Financial Action Task Force) defines the actual final beneficiary as “real person or persons who keep under possession or control a customer or real or legal person on whose behalf a transaction is realized.”

In our legislation (Measures Regulation a.3/h), the actual beneficiary is defined as “real person or persons who have under final control real or legal persons on whose behalf transaction is realized in the bank or who have final influence over them”.

According to the Measures Regulations, measures are taken to reveal the actual beneficiary of the transaction in legal entities registered with trade registry and other legal entities as well as organizations without legal entity and real persons and real person or persons who are under their control within the scope of continuous business relationship.

Within this scope;

• While establishing continuous customer relationship with legal entities registered with trade registry, identity of real person partners who have more than twenty five percent of shares of the legal entity is verified to identify the actual beneficiary.
• In case the real person partner of the legal entity with more than twenty five percent of the shares is suspected to be not the actual beneficiary or there is no real person partner who has shares at this rate, measures are taken to reveal the real person or persons who finally hold the legal entity under control. Person or persons identified are accepted as an actual beneficiary.
• In cases when the actual beneficiary cannot be identified within the scope of transactions above the account opening applications are rejected. In exceptional cases where the actual beneficiary cannot be identified, (Such as cooperatives, portfolio management companies, public companies etc.) real person or persons who hold the highest level of execution authority registered with the trade registry are accepted as an actual beneficiary as senior level manager.
• When a person requesting transaction or legal entity incorporated in off-shore regions declares to be acting to someone else’s account, identity and authority status of the person requesting the transaction and identity of the person on whose behalf the formerly-mentioned person is acting are identified separately and Final Beneficiary Declaration Form is received.

Within this scope, our branches hang necessary announcements on places that are easily seen by customers in order to remind those who act in their own name but to another one’s account of their responsibility. Furthermore, while establishing continuous customer (business) relationship, Main Banking Services Agreement and written and signed statement of the customer are obtained to find out if one is acting to another one’s account

Where the identity cannot be determined, the actual beneficiary cannot be determined, or where sufficient information cannot be obtained about the person's business and professional information, funding sources and the intention to open an account; the customer relationship is not established and the requested transactions are not carried out.

No account shall be opened and transaction requests are not fulfilled by proxies acting behalf of the third parties without a valid reason in the legal ground.

Within this scope they cannot open an account for nameless, anonymous or imaginary names.

The transactions which directly or indirectly violate the national and international financial embargoes or bank's weapons policy cannot executed and no account is opened who act for this purpose.

When the ID verification and confirmation which shall be made due to having suspicion about the sufficiency and authenticity of the customer ID information which is previously obtained cannot be made, the business relationship is ended.

International money transfer transactions against cash except for MoneyGram transactions are not mediated.

It is also assessed whether the above-mentioned cases are suspicious transactions.

The risk status of our bank’s customers are assigned automatically as follows as 1. Low, 2. Medium, 3. High, based on the total risk score considering the criteria under the risk management heading of this policy:

In cases when the customer risk is assessed as low (1); simplified KYC principles can be applied to the extent allowed by legal regulations and on the condition of being subject to restrictions. For customer groups with Customer Risk Status determined as medium risk (2), transactions are made as per the obligations mentioned in the third chapter titled “Principles Regarding ID Verification and KYC” of the Measures Regulation⁴ .

Aggravated (detailed) KYC principles are applied for persons and institutions whose Risk Status is assessed to be high (3) and sent to the approval of the AML Department or the customer acquisition is realized upon the approval of the senior level manager of the related business line.

Banks must develop gradual customer acceptance and monitoring procedures in a way to do more comprehensive due diligence for high-risk accounts and proactive account monitoring for suspicious activities.⁵

Including customer profiles containing higher than normal risk, employees must make careful examination before opening an account for the customer groups listed below:

i. Non Face to Face Relationship

ii. Citizens and Residents Of High-Risk Countries

iii. High-Risk Sectors and Businesses

iv. Arms And Defense Industry

v. Charities, Foundations and Associations

vi. Electronic Money and Money or Value Transfer Business

vii. High Net Worth Individuals (Private Banking Customers)

viii. Correspondent banking

ix. Politically Exposed Persons (PEPs)

Any face to face transaction with any customer is considered by maker and checker as an opportunity to update customer information. For customers in 1-Low and 2-Medium risk classes, there is no need for periodical information update except for any special circumstance.

For customers in 3-High risk category, their information and documents are updated every three years.

For PEPs and customers in 3- High Risk category, their information and documents are updated every year or every 2 years. Customer information is updated by related Branch staff and Head Office staff.

It is required to maintain the following documents for a period of at a minimum 10 years from the last transaction:

a. Identity information and documents for the recognition and transaction profile of the customer.

b. Records and documents regarding the transactions,

c. Records and documents regarding the transactions,

d. Reports sent to the official authorities regarding the suspicious transactions, and documents used as the basis for preparation of these reports,

e. Training documents and participation lists,

f. Other documents containing legal documents, correspondences, and information.

In this context, the following monitoring and control activities are carried out risk-based approach;

• Checking new and existing customers, transactions, transaction parties, goods and services against blacklists and financial embargo lists,
• Making high-risk customer acceptance possible only upon approval by the senior manager, obtaining information about economic purpose of transactions that apparently do not have any economic purpose, obtaining approval from branch manager or another officer on transaction documentation,
• Monitoring and controlling transactions with high-risk countries,
• Monitoring and controlling high-risk, complicated and extraordinarily large amount transactions,
• Controlling transactions above a certain amount by customer category, transaction type, geographical area, product risks against customer profile through sampling,
• Monitoring and controlling associated transactions that require customer identification or official reporting as per volume when combined,
• Controlling information and documents of existing customers that must be kept electronically or in hard copy format, getting deficiencies completed and updates done,
• Controlling compulsory sender information fields in electronic transfer message and getting deficiencies completed,
• Continuously monitoring high risk customers’ transactions to check if it fits customers’ profession, risk profile and funds resources along the lifecycle of customer relation,
• Controlling transactions that are made through systems such as internet, ATM, card terminals where there is no face-to-face contact with customers,
• Risk-based control of services that can be subject to fraud within the framework of newly offered products and technological developments,

The Compliance Policy and annual training programs are approved by the Board of Directors or the Audit Committee members, which it transferred its authority to. The Compliance Policy is created in writing under the supervision and coordination of the Compliance Officer and it is made sure to be announced for implementation.

DenizBank trains its employees on the relevant AML & CTF laws, regulations and internal AML & CTF rules, related to following:

• International Regulations and recommendations. (FATF Recommendations, EU Directives, UN-Security Council Resolutions, Wolfsberg Principles, Basel Committee Papers, Transparency International etc.)
• Domestic regulations, legal obligations, penalties, duties and powers of Turkish FIU.
• Bank policy and procedures. (AML & CFT Policy, Sanction Policy, Defence Policy, Ethics, Corruption & Bribery Policies etc.)
• Concepts of struggle against money laundering finance of terror, proliferation of weapons of mass destruction, abuse of non-profit organizations, corruption and bribery, violating financial embargoes etc.
• Stages, methods and new trends of money laundering and case studies.
• Main sources of financing terror and watch list checks (new & existing customers, transfers) & abuse of non-profit institutions.
• Bank defence policy & preventing the proliferation of weapons of mass destruction.
• Bank sanction policy & financial embargoes and their implications for banking transactions.
• Risk Assessment; risky geographical areas, operations and professions, transactions and banking products and service channels.
• Risk Based KYC Policy & Procedures (Principles Regarding Customer Identification And Due Diligence, Knowing And Detecting Final Beneficial Owners, Determination Of Customer Risk Status, Enhanced CDD and sending risky customers to the approvals of Compliance, keeping Customer Information Updated And Customer Reviews prohibited customer relations such as shell banks, listed persons, casinos, companies related to weapons of mass destructions etc., ban of executing directly or indirectly transactions to target countries under embargoes, transparency in electronic Transfers .)
• Definition of suspicious transactions, Monitoring and detections and reporting of suspicious transactions, Confidentiality of suspicious transaction reporting
• Record keeping and submitting obligations
• Information and document submitting obligations

AML & CTF related activities, such as monitoring, controlling will be handled by Compliance Department, ICU (Internal Control Unit) and the Internal Audit Team as a combination of strong collaboration.

AML & CTF activities are planned and operated on a risk-based approach. The Denizbank Board of Directors will provide work-power and systems for the implementation of risk based AML & CTF approach. The Board of Directors is responsible for ensuring efficiency of Compliance Program and independency of Compliance. The Board of Directors takes measures in terms of AML & CTF.

All AML & CTF related applications will be in line with this policy. The AML & CTF policy is a main framework in terms of Preventing Money Laundering & Combating Terrorist Financing and it is a commitment of the Denizbank Board of Directors.

It is the ultimate responsibility of our Bank’s Board of Directors to sufficiently and efficiently conduct the compliance program. The Board of Directors may partially or fully transfer its authorities to one or more than one board member (openly and in writing). Consequently, the delegation of said authorities to a board member by the Bank’s Board of Directors, does not alter the obligation of the Bank’s Board of Directors for this responsibility.

Our Bank Compliance Program is executed under the coordination and observation of the Compliance Officer.

Compliance Group executes its duty directly under Compliance Officer in order to efficiently fulfil the duties and responsibilities brought forward by this policy.

Compliance Officer has an authority to issue the compliance program and related procedures under the structure of this policy that was approved by the Board of Directors.

Board of Directors ensures that Compliance Officer has the authority to decide independently, to demand and access any relevant information and document from units under his control and, is provided necessary personnel, equipment and resources to be able to duly fulfil his duties.

¹Refers to real persons who realize transactions before obligor, real person or persons who have the final control of real person, legal person or organizations without legal entity on whose behalf transaction is made or who have the final influence over them.

²Refers to the business relationship established between the obligor and customer due to services such as opening an account via any channel, issuing credit or credit card, safety deposit, financing, factoring, financial leasing, life insurance or private pension and which feature continuity as of its nature.

³Refers to the transaction made in order to send a certain amount of money and securities by using electronic tools from a financial institution on behalf of the sender to the recipient in another financial institutions.

⁴Regulation About Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism

⁵Banks’ due diligence on their customers, Basel Committee on Banking Supervision, Bankers Journal, Vol: 39, 2001.