Risk Management System
In compliance with ISO 27001 Information Security Management System and ISO 22301 Business Continuity Management System certificates which are owned by our organization, the risk management system developed within the framework of ISO 31000 Risk Management System Standards is implemented. In this context, based on the Enterprise Risk Management Policy and Procedure approved by the Board of Directors, all internal and external risks that our organization might be exposed to in its activities are identified, evaluated, analyzed, reported, corrective measures and actions to be taken against them are determined and continuously monitored. Risk assessment studies are conducted regularly every year, reviewed on a quarterly basis and developments regarding risks are reported to the Senior Management, Early Detection of Risk Committee and the Board of Directors.
Within the framework of the internal control system developed with the COSO Internal Control System approach, our organization's internal control system is evaluated each year during internal audit terms and the results are presented in the internal audit reports. Necessary corrective and preventive measures are taken in case of detection of internal control weaknesses.
Within the framework of the legislation regulating our organization, consistency checks of Central Registry System records are carried out on an hourly and daily basis. In these controls, Automatic security reports running on the Central Registry System and various applications are used. If any inconsistency is detected through these security reports, the necessary corrective and preventive measures are taken immediately.
Access to systems and system performances are continuously monitored with various information system monitoring and security tools, and necessary measures are taken in case of a problem. Furthermore, in addition to the existing information system control and protection tools, there is a data loss prevention system to prevent unauthorized release of critical information, especially the Central Registry System records, to the outside of our organization.
In order to inform our employess about global and local developments and current threats, information security awareness trainings are given periodically, and the risks that might be encountered are presented to our employees in the form practical examples.
In order to prevent the risks that our organization might be exposed to, physical assets claims insurance, crime insurance, professional liability insurance and manager liability insurance policies are also issued.
Restructuring Plans
Within the framework of payment and securities reconciliation systems legislation; based on the "CPMI-IOSCO Principles for Financial Market Infrastructures-April 2012" and "Recovery of Financial Market Infrastructures- July 2014" and the "Financial Stability Board Key Attributes of Effective Resolution Regimes for Financial Institutions-October 2014" documents, under the assumption that catastrophic risks might occur, restructuring plans aimed at managing the financial problems our organization might encounter have been developed and approved by the Board of Directors.
While central clearing, central counterparty and central securities depository agencies are subject to credit, liquidity and collateral management risks as part of their responsibilities in financial markets, MKK does not undertake these risks within the context of central securities depository responsibility. In terms of its duties and structure, MKK is only subject to operational risks, including general operation and deposit.
MKK undertakes functions in a way that does not make a loss from its commercial activities. By keeping the financial structure of MKK strong, it is ensured that the investments it will make for its services are covered by equity. MKK has not used any loans since 2001, when it started its operations and has been financing the hardware and software it needs for its services by using its own resources. In addition, it is aimed to generate a reasonable profit in return for the services it offers in the fee schedule approved by the Regulatory Bodies. Thus, this reasonable profit is ensured to support a strong equity target that will enable MKK to continue its critical services without interruption.
In this context, in the restructuring plans, the critical services of MKK have been defined, stress scenarios have been developed, it has been taken as the basic assumption that stress scenarios may occur despite all the measures taken in the current situation, the possible impact will be significantly catastrophic and the financial status of MKK will be significantly affected. After explaining in detail the issues requiring the restructuring plans to be partially or fully implemented, the financial measures to be taken in case these issues occur were determined in detail.
