Performing the supervision function effectively requires the use of a wide variety of data sources. The ""Off-Site Supervision Reporting Set"" consisting of daily, weekly, monthly, quarterly and annual forms for monitoring the financial conditions of banks and the limitations they have to comply with the framework of the legislation related to the Law No.5411, the related legislation of factoring, leasing, financing and asset management companies The ""Non-Bank Financial Institution Reporting Set"" is used, which consists of monthly forms for the follow-up of the legal restrictions they have to comply with the framework of their financial status. In addition, the Foreign Financial Institutions Reporting Set, which consists of quarterly forms regarding banks' subsidiaries abroad within the scope of consolidated auditing and branches engaged in off-shore banking activities, is used. In addition, as a result of on-site inspection activities, reports, opinions and other inspection results, independent audit reports, ratio set produced from reported data and analytical information compiled from the early warning system, and other information collected or compiled from institutions subject to audit are used in surveillance activities.

Supervision activities, our Agency's database consisting of data obtained at different periods from organizations that are in our field of surveillance and supervision, data obtained from other public institutions, audit reports and other internal and external information sources, primarily financial performance, the development of banks and the banking sector, compliance with the legislation and its risks are monitored and analyzed together with macroeconomic developments and implemented policies. In addition, current and potential risks and the possible effects of the regulations to be made on banks and the banking sector are evaluated. In this context, reports, studies and information notes prepared on bank and sectoral basis are shared with the related units and senior management.Within the scope of supervision activities, non-routine reports, information notes and opinions are prepared on a bank basis at certain intervals or depending on the developments by the professional staff responsible for the supervision of each bank. Within the scope of sector-based supervision activities; supervision reports, information notes and presentations are prepared in daily, weekly, monthly, quarterly, semi-annual and annual periods, including information on bank and bank group basis on various topics such as market developments, basic indicators, loans, country risks, derivatives, stress testing. Supervision reports prepared on the basis of banks and sectoral surveillance reports complement each other, the potentials and risks of our banking system are evaluated together at micro and macro levels, and the prominent risks are identified with a proactive approach.

Our supervision system consists of two basic activities that complement and support each other under the name of on-site supervision and off-site supervision.

On-site Supervision;

• Analysis of the relationships and balances between banks' assets, receivables, equity debts, profit and loss accounts, liabilities and commitments, and all other factors affecting the financial structure,
• Examining the adequacy and efficiency of risk management and internal control systems,
• Risk assessment and determining the risk profile,
• Auditing the compliance of financial statements and records with accounting principles and standards
• Auditing the activities in accordance with the provisions of the Banking Law No.5411 and the provisions of other laws about the institutions covered by this Law,
• Analysis of the adequacy and reliability of information systems,
• Examination of issues related to specific activities,
• Consolidated audit of financial holding institutions and / or bank subsidiaries and jointly controlled partnerships,
• Evaluation of corporate governance quality,
• Auditing the activities of real and legal persons providing services to financial institutions, and other on-site inspection activities.

Supervision activities are determined within the following scope:

• Monitoring and evaluating the process of change in financial structure and performance through periodic reporting,
• Following the development of ratings by using previous on-site audit results and updated data,
• Ensuring timely perception of changes in financial structure and performance through early warning systems,
• Conducting supervision activities on a bank basis,
• Monitoring and analysis of financial developments on the basis of sector and institutions ,
• Notifying violations of the legislation and reporting errors detected on organization reports to the related units,
• Stress tests and scenario analysis,
• Detection and analysis of potential bad loans,
• Legislative compliance analysis,
• Impact analysis of regulations,
• Other supervision activities

The audit to be carried out by the Agency consists of independent processes that follow each other and repeat cyclically. The dynamic processes involved in the audit cycle may differ on the basis of each bank, depending on the bank's risk profile, size, diversity and complexity of its activities. The processes included in the audit cycle and given below are carried out by the group heads and audit teams.

• Supervision Process: In the audit cycle, the supervisory function is performed by the professional staff assigned in audit teams. Supervision activities are carried out continuously in each process of the audit cycle before organizations.
• Risk Assessment and Risk Profiling: In this process, initial meetings are held with the managers of the relevant bank, the evaluation of supervision data and other analysis techniques, within the framework of other analysis techniques, are the basis for the next processes. The examination method and principles regarding this process are explained in the guidelines for risk assessment.
• Preparation of the Audit Plan: Audit plans are prepared within the framework of the relevant legislation.
• On-Site Supervision Process: Includes on-site supervision activities to be carried out before organizations if required in the audit plan or at any stage of the audit cycle.
• Final Meeting: Audit results are shared in the final meeting to be held with the organization management.
• Audit Results: The audit is concluded with the determination of the rating score indicating the bank's risk level and the preparation of audit reports and other evaluations.
• Implementation of Audit Results: It is ensured that the audit results are communicated to the relevant units within the Agency, and if deemed appropriate by the Board and relevant units, the necessary procedures are established.

Our supervision system consists of two basic activities that complement and support each other under the name of on-site supervision and off-site supervision.

On-site Supervision;

• Analysis of the relationships and balances between banks' assets, receivables, equity debts, profit and loss accounts, liabilities and commitments, and all other factors affecting the financial structure- Examining the adequacy and efficiency of risk management and internal control systems,
• Risk assessment and determining the risk profile,
• Auditing the compliance of financial statements and records with accounting principles and standards,
• Auditing the activities in accordance with the provisions of the Banking Law No.5411 and the provisions of other laws about the institutions covered by this Law,
• Analysis of the adequacy and reliability of information systems,
• Examination of issues related to specific activities,
• Consolidated audit of financial holding institutions and / or bank subsidiaries and jointly controlled partnerships,
• Evaluation of corporate governance quality,
• Auditing the activities of real and legal persons providing services to financial institutions, and other on-site inspection activities.

Supervision activities are determined within the following scope:

• Monitoring and evaluating the process of change in financial structure and performance through periodic reporting,
• Following the development of ratings by using previous on-site audit results and updated data,
• Ensuring timely perception of changes in financial structure and performance through early warning systems,
• Conducting supervision activities on a bank basis,
• Monitoring and analysis of financial developments on the basis of sector and institutions ,
• Notifying violations of the legislation and reporting errors detected on organization reports to the related units,
• Stress tests and scenario analysis,
• Detection and analysis of potential bad loans,
• Legislative compliance analysis,
• Impact analysis of regulations,
• Other supervision activities

Yes it is done. BRSA has adopted the CAMELS rating system. UFIRS (The Uniform Financial Institutions Rating System), generally referred to as CAMELS, was first adopted as an examination method by the FFIEC (Federal Financial Institutions Examination Council) in 1979. In the following years, it is generally accepted that this method is an effective internal audit tool on the basis of the standard used to evaluate the soundness of financial institutions. In addition, this method is a tool used to identify institutions that require special audit. Due to the development of the banking and supervision system in the following years, sensitivity to market risk, which was the sixth component, was added in 1996. UFIRS takes into account financial, managerial and regulatory compliance factors that are common to all organizations. With this system, supervisors aim to provide a comprehensive and standardized assessment of all financial institutions and to distinguish organizations that show financial and functional weaknesses. In UFIRS, each financial institution is given a composite rating based on the component rating and evaluation of 6 components. These components; capital adequacy (C), asset quality (A), management capability (M), income-expense balance and profitability (E), liquidity (L) and market risk sensitivity (S). The assessment of these components takes into account the size, complexity, nature and risk profile of the bank. The final and composite ratings in the financial analysis report are given between 1 and 5. While 1 indicates the highest score, the strongest performance and risk management system and the least audit requirement, the 5 indicates the lowest score, the weakest performance and inadequate risk management and hence the need for the highest level of supervision. In determining the composite ratings, the evaluations regarding the sub-components are taken into account. However, the final rate is not calculated by taking the arithmetic mean of the composite degrees. The rate of each component is based on the qualitative analysis of the factors and their relationship to other components, and it is possible that some components can be taken into account more when awarding the composite rating. The ability of the bank management to adapt to changing conditions and risks, and to manage new problems that the organization may encounter in its newly entered fields of activity is an important factor in evaluating the overall risk profile of the financial institution. Therefore, special attention is paid to the ""management"" component in composite rating. The ratings given as a result of the audits conducted by the BRSA are not disclosed to the public.

The Agency conducts audits with a dynamic approach with a risk-oriented perspective in order to ensure the effectiveness, continuity, adequacy of the audit and the effective use of audit resources. Risk-focused audit is an audit approach that aims to shape the scope, intensity, allocation of audit resources and audit activities based on the risk profile of each institution and the existence of internal control and risk management system and their adequacy. The audit to be carried out by the Agency consists of independent processes that follow each other and repeat cyclically. The dynamic processes involved in the audit cycle differ on the basis of each bank, depending on the bank's risk profile, size, diversity and complexity of its activities.

BRSA; It is responsible for issuing establishment and operating licenses of banks, foreign bank representative offices, factoring, financial leasing and financing companies defined as non-bank financial institutions, financial holding companies and asset management companies, and regulating and supervising these ınstitutions. Insurance companies is audited by the Undersecretariat of Treasury Insurance Supervisory Board and is not within the scope of the supervision area of the BRSA.

Yes. It is possible to categorize these audits under three headings: audits made by the Agency's personnel, audits carried out by independent auditing institutions, and audits performed by bank personnel. The Authority carries out information systems audits in line with the plans it has prepared. Independent audit firms carry out information systems audits in line with the framework set out in the ""Regulation on the Audit of Bank Information Systems and Banking Processes to be Conducted by Independent Auditing Firms."" The regulation included the partnerships within the scope of consolidation and the support service organizations providing information systems services to banks, limited to the purpose of preparing reports on the audit of information systems and banking processes, within the scope of the audit to be carried out by independent audit institutions. It is essential that independent audit institutions that will carry out information systems audit are authorized by the Authority. The conditions required to be authorized to conduct independent information systems audit are defined in the above-mentioned Regulation, and it is also stipulated that the institution that will carry out the independent information systems audit in a bank is the institution that audits the financial statements of the said bank for the same period. Independent audit firms, which did not have the necessary qualifications to perform information systems audits and could not be authorized in this context, were given the opportunity to carry out information systems audits through outsourcing. The annual information systems audits carried out by independent audit institutions, the part referred to as ""Information Systems Audit"" in the Regulation and carried out for the scope of the audit and general controls, and the part referred to as ""Banking Processes Audit"" in the Regulation. It is regulated to be made every year. Regulations regarding the audits carried out by the Bank's personnel are made under both the Regulation on Internal Systems of Banks and the Communiqué on Principles to be Based on Information Systems Management in Banks. Accordingly, the bank personnel who have the minimum knowledge and skills in information technologies and audit techniques based on information technologies, which can be proved by their education or with the training certificates they have received, on the basis of the procedures and principles laid down in the Regulation on the Supervision of Bank Information Systems and Banking Processes to be Conducted by Independent Audit Institutions. Continuous monitoring and evaluation of the effectiveness, adequacy and appropriateness of information systems controls as well as their performance to reduce the impact of the risk or risks targeted by the control was stipulated.