Information Technologies Governance Committee

Purpose

The Committee aims to; Establish a series of standards and procedures to increase the operational efficiency of information technology systems and thereby ensure corporate discipline in the Bank’s management. Besides, by applying these standards and procedures transparently and reasonably within the framework of the best international practices,

• Ensure the harmony between the Bank’s business strategies and Information Technologies (IT) strategies,
• Strengthen the communication and collaboration between the committees operating in the fields of IT governance and risk management at the Bank’s Head Office level and the Board of Directors of the Bank,
• Make sure that information technologies enable the Bank to seize opportunities and maximize profitability,
• Establish an IT infrastructure with an organizational structure, resources, policies and procedures, control systems,
• Ensure that bank management creates the necessary systems and processes that will best manage and mitigate all risks related to information technologies, including cyberattacks. b. Composition of the Committee Provided that the number of members is not less than two, the number of members of the Committee will be determined by the Board of Directors. The members to be elected to the Committee, other than the members of the Board of Directors, should have sufficient knowledge and experience in the field of information technologies.

Functions of the Committee

• To evaluate, monitor and review the budget regarding IT resources, IT initiatives and projects within the framework of the Bank's strategic objectives,
• To evaluate, monitor and review IT strategy targets and organizational structures planned to be established (especially the structures of IT Committees operating at the level of the Bank's Senior Management) in order to achieve the Bank's strategic goals and maximize the expected benefits from IT projects and investments,
• To evaluate and monitor systems regarding the management, regulation and control of IT resources and projects within the framework of legal requirements (especially the "Regulation on Information Systems and Electronic Banking Services of Banks") and best international practices (especially "Control Objectives for Information and Related Technology" COBIT). and review,
• To review, monitor and approve corporate goals regarding information technologies and the technologies related to these goals and to ensure that these goals are achieved,
• To evaluate and review the responsibility matrix (Obligor, Responsible, Consulted, Informed Table) regarding IT governance processes to monitor the following; primarily responsible person, institutions or parties (obliged), ultimately responsible, consulted, in this context (Informed) about all processes guided by the “COBIT 5 Enabling Processes” standard,
• To ensure the creation of an IT Risk Management plan and program integrated with the Bank's general risk management plan and program,
• To monitor the suitability of IT processes, resources, initiatives and projects and whether they meet the Bank's business requirements.
• Evaluating internal and external IT audit reports and ensuring that the Bank takes the necessary actions regarding the findings determined by these reports.
• To submit reports to the Board of Directors on the issues specified under this heading and to submit to the approval of the Board of Directors the issues that require the decision of the Board of Directors in accordance with Article 375 of the Turkish Commercial Code and the Bank's internal legislation.

Working Principles of the Committee

The Committee may request all kinds of information and documents from the Bank’s senior management, provided that the matters fall within the duties and responsibilities of the committee. The number of committee members and committee members are determined by the Board of Directors. Committee Chairman and Deputy Chairman are determined by the Board of Directors. At least three members of the Committee are elected from among the Members of the Board of Directors. Albaraka Tech Global CEO or his deputy is a permanent participant of the meeting. Other than the members of the Board of Directors, the members to be elected to the Committee must have sufficient knowledge and experience in the field of information technologies. Committee meetings are held by the Committee Chairman. The committee convenes at least 4 times a year, upon the invitation of the chairman or one of the members. The committee meetings could completely be held electronically or by the participation of some members electronically in a meeting where some members are physically present. The meeting agenda shall be sent by the Chairman together with the meeting invitation. In addition to the agenda sent, the points of interest can also be discussed and resolved at the meeting. The committee convenes with the participation of the majority of the members and takes decisions with the majority of the members present at the meeting. The Committee may invite Bank executives and personnel, as it deems necessary, to their meetings and obtains their opinions. The Committee may also benefit from the opinions of independent experts and consultants on legal, financial, administrative and technical issues where necessary, and costs are to be covered by the Bank. Meeting minutes and decisions are kept by the Committee Secretariat, which will be composed of a person or unit to be determined by the Committee. The Board of Directors has been informed about the activities of the Committee.