AI Terminal
KONTROLMATİK TEKNOLOJİ ENERJİ VE MÜHENDİSLİK A.Ş.
Governance Information • Dec 17, 2025
5935_rns_2025-12-17_8f6a9aa5-0cd9-4313-942a-017007a3ca5d.pdf
Governance Information
Open in ViewerOpens in native device viewer
{0}------------------------------------------------
KONTROLMATİK TEKNOLOJİ, ENERJİ VE MÜHENDİSLİK A.Ş.
COMPLIANCE POLICY
| DOCUMENT NO | : KM.2025.008 |
|---|---|
| REVISION NO | : 001 |
| REVISION DATE | : 12.12.2025 |
| PAGE NUMBER | : 1 / 16 |
| PUBLICATION DATE | : 12.12.2025 |
KONTROLMATİK TECHNOLOGY, ENERGY AND INGENEERING INC. (the "Company" or "We") and its Subsidiaries, Affiliates, Dealers, Suppliers, Agents, Contractors, Representatives, Authorized Agents, and all third parties with whom it does business (the "Company" or "We") as well as all employees working at these entities. They are obligated to comply with the Company's Compliance Policy.
The Company expect all staff to maintain high standards in accordance with Corporate Governance Policies and to report any wrongdoing that falls short of these fundamental principles. It is the responsibility of all staff to raise any concerns that they might have about malpractice within the workplace. The aim of this procedure is to ensure that our workers are confident that they can raise any matters of genuine concern without fear of reprisals, in the knowledge that they will be taken seriously and that the matters will be investigated appropriately and regarded as confidential.
All employees and managers of the Company are obligated to act in accordance with this Compliance Policy, which is an integral part of the Company's Ethical Principles.
The following guidance sets out the procedure by which staff can report concerns about workplace practices. The Ethics Committee has been consulted and has agreed the contents of this procedure. This Policy is for guidance only and does not form part of your employment contract.
1. BASIC PRINCIPLES
An effective Program should be founded on key principles, such as those outlined below, to address the risk of Misconduct. Entities should develop accessible and easy-to-understand policies and documents that clearly and in reasonable detail articulate the Company's values, integrity expectations, and processes and procedures for preventing and addressing Misconduct. Such policies and documents should be regularly reviewed and updated to reflect any new risks or changes in the Company's integrity risk profile.
1.1 Integrity Risk Assessments
The Program should be based on an initial (or updated) comprehensive integrity risk assessment of the Company's business and operations, which takes into account its size, business sector(s), location(s) of operations, regulatory landscape, and other circumstances particular to the Company. Such integrity risk assessment should evaluate the risk of Misconduct across the Company's entire workforce and business operations, including controlled affiliates, transactions, partnerships
{1}------------------------------------------------
(e.g. joint ventures and consortia), and technologies in use. The Program should establish policies and procedures intended to address and minimize the risks identified during such risk assessment.
The risk assessment should be repeated regularly (ideally at least annually) to capture any changes to the Company's operations, legal obligations, and integrity risk profile. Such updated risk assessments also should consider lessons learned from the Company's own experiences and from entities in similar circumstances. After each review, the Program should be revised and adjusted as necessary to address any new risks or different levels of risk.
Integrity risk assessments can be conducted internally or by outside experts depending on the circumstances. In either case, relevant persons should be actively involved, including the Company's Senior Leadership, the Integrity Compliance Team, and those responsible for the design, implementation, and oversight of the Program.
1.2 Prohibition of Misconduct
The Company's primary Program document (e.g. code of conduct or similar document) should explicitly and visibly prohibit Misconduct – including fraudulent, corrupt, collusive, coercive, and obstructive practices – in all forms and at all times, whether direct or indirect. Policies should be updated, as appropriate, to address new and emerging forms of Misconduct relevant to the Company's business.
1.3 Management Roles
Senior Management and the Company's Governance Body (Board of Directors & Senior Management) should provide strong, visible, and continuous support for the Program and its full implementation, in both letter and spirit. Senior Management should:
- (i) be responsible for developing and maintaining the Program and fostering a Culture of Integrity, with oversight from the Governance Body; and
- (ii) regularly communicate integrity-related standards to employees, while also leading by example. Managers at all levels (including Middle Management) should, in turn, reinforce integrity standards and encourage employees to abide by them. The Governance Body should ensure that sufficient resources are provided for the effective development and implementation of the Program.
1.4 Individual Responsibility
Compliance with the Program should be mandatory and the responsibility of individuals at all levels of the Company and its controlled affiliates. These individuals should include employees, senior management, members of the Governance Body, and, where possible, relevant individuals at joint ventures and consortia in which the Company or its controlled affiliates participate.
{2}------------------------------------------------
A senior officer with adequate independence, authority, autonomy, and stature, as well as the necessary resources and expertise, should oversee and manage the Program. The reporting lines of that officer should allow for direct communication with top-level management and the Governance Body, including any Audit Committee. Other members of the Company's integrity compliance function should similarly be empowered to perform their responsibilities with sufficient independence and autonomy. The Company should establish rules and processes to address potential and actual conflicts of interest involving the members of the integrity compliance function, especially any part-time members.
Persons responsible for the Program should:
- (i) receive proper training to perform their roles effectively; and
- (ii) have sufficient access to relevant sources of data to allow for timely and effective monitoring and testing of procedures and controls, as relevant.
1.6 Decision-Making Process
The Company should establish a sound decision-making process and designate appropriate decisionmakers, including senior management and the integrity compliance function where appropriate, taking into account the value, complexity, and perceived integrity risk of each transaction. Decisions should be recorded appropriately, indicating that pertinent risks were considered.
1.7 Training and Communication
The Company should periodically communicate the Program and provide effective training tailored to relevant needs, circumstances, roles, and responsibilities. Such training and communication should be provided to all levels of the Company and its controlled affiliates (including for members of the Governance Body) and, where appropriate, to Business Partners. Targeted training should also be provided for specific functions, such as employees in sensitive and high-risk roles or areas. The Company's senior management should publicly communicate details of the Program – whether through annual reports or other channels – and ensure that the Program and related policies and procedures are easily accessible to employees and Business Partners as relevant, including in multiple languages if appropriate.
Entities should periodically assess the impact of their training and communication efforts on employee behavior and overall integrity culture. Entities also should seek feedback about the Program, and explore ways of receiving such feedback, including by using exit interviews and surveys where appropriate.
{3}------------------------------------------------
Entities should adopt effective, confidential mechanisms for providing timely advice and guidance to employees, senior management, members of the Governance Body, and Business Partners on complying with the Program, including when they need to contact relevant individuals for urgent advice on difficult situations in overseas jurisdictions.
The Company should publicize such mechanisms, including how they can be accessed and used by relevant persons, and make them available in multiple languages as needed.
Entities that use technology systems (e.g. chatbots) to provide advice and guidance under the Program should ensure that:
- (i) information provided by such systems is accurate and consistent with the Program;
- (ii) consultations with such systems remain confidential and only accessible by authorized persons in accordance with Program requirements; and (iii) such systems remind users of their reporting obligations under the Program and their options for submitting such reports, whether through whistleblowing channels or directly to relevant individuals.
1.9 Duty To Report
Employees and members of the Governance Body should be required to report integrity concerns – including any known or suspected Misconduct as well as other relevant suspected breaches of the Program – through designated channels, in compliance with applicable laws and regulations. In situations where mandatory reporting is not permitted by applicable laws or regulations, such persons should be strongly encouraged to report. External parties, including Business Partners, should similarly be required or encouraged, as appropriate, to report such concerns and breaches. Retaliation against persons who report in good faith should be prohibited and subject to appropriate disciplinary action.
1.10 Whistleblowing/Reporting Channels
Entities should provide secure, confidential, and appropriately scaled mechanisms for employees, members of the Governance Body, and external parties to report any integrity concerns, including any known or suspected breaches of the Program. Options for anonymous reporting should be available, to the extent possible under applicable laws and regulations. The Company should establish procedures to protect Whistleblowers and Reporters (including Business Partners and other third parties) from retaliation. The Company also should periodically assess employees' awareness of the whistleblowing/reporting mechanisms and their comfort level in using them.
{4}------------------------------------------------
Entities should develop and implement protocols for investigating suspected Misconduct and other alleged violations of the Program (whether encountered, reported, or discovered) and should assign responsibility for such investigations to appropriate persons. The Company should prohibit retaliation against persons (including Business Partners and other third parties) who support or assist an investigation or audit. The Company should establish clear protocols for responding to external investigations and audits in a timely and legal manner, as directed by the Company's leadership with input from the integrity compliance function where relevant.
1. 12 Remediation & Disciplinary Mechanisms
When Misconduct is identified, the Company should take reasonable steps to respond with appropriate remedial action and prevent further Misconduct. Such steps should, where appropriate, include disciplinary measures (up to and including termination) to address violations of the Program at all levels of the Company and its controlled affiliates. The Company should designate suitable individuals or committees to determine the appropriate disciplinary action or other remedial measures and implement or oversee them.
1.13 Collective Action
Entities should participate in appropriate integrity and Collective Action initiatives – for example, with businesses as well as trade, professional, and civil society groups – to promote integrity and encourage other entities to put in place effective integrity compliance measures.
2. INTERNAL CONTROLS
Internal controls, such as those detailed below, are essential for building a robust Program that prevents, promptly detects, investigates, and appropriately remediates Misconduct.
2.1 Employee Due Diligence
Prospective employees and prospective members of the Governance Body should undergo integrity vetting before employment – to the extent permissible under applicable laws and regulations – to identify any history of Misconduct, behavior inconsistent with an effective Program, or potential or actual conflicts of interest.
Such vetting may include background and reference checks, searches of public data, and other measures.
While all candidates should be subject to some degree of vetting, high-risk individuals or positions should receive more scrutiny. The Company should consider the findings of the integrity vetting process when making hiring decisions. The Company also should consider vetting existing employees and members of the Governance Body, using a Risk-Based approach, especially before promotion or reassignment to sensitive positions.
{5}------------------------------------------------
Employment contracts should include integrity-related obligations, including requiring employees to abide by the Program, act in good faith, and disclose any potential or actual conflicts of interest. The contracts also should state that the Company may impose remedies and/or penalties for Misconduct (including possible termination of employment, where appropriate). Similar obligations should apply to other relevant persons such as members of the Governance Body, as appropriate.
2.3 Periodic Certification
To the extent permitted under applicable laws and regulations, employees, especially those with decisionmaking authority or in a position to influence business outcomes, should periodically (at least annually) certify, in writing, that they have:
- (i) reviewed and understand their obligations under the Program;
- (ii) complied and will continue to comply with the Program and applicable laws; and
- (iii) reported and will report any known or suspected Misconduct through the appropriate channels. Similar obligations should apply to other relevant persons such as members of the Governance Body, as appropriate.
2.4 Relationships with Current and Former Public Officials & Politically Exposed Persons
The Company should impose appropriately tailored restrictions on remunerative arrangements and other
commercial arrangements with current and former Public Officials, Politically Exposed Persons, and entities associated with such persons, particularly when such arrangements relate to positions or functions that such persons hold, have held, or could materially influence. Clear protocols should be in place to prevent undue influence or the appearance of impropriety if such persons are engaged by the Company, regardless of whether their roles are full-time, part-time, or unpaid.
2.5 Gifts, Hospitality, Entertainment, Travel & Expenses
The Program should establish controls and procedures to ensure that Gifts, Hospitality, and Entertainment (G&E), whether offered or received:
- (i) are reasonable and comply with the Company's guidelines;
- (ii) do not violate applicable laws and regulations; and
- (iii) do not improperly influence, or create an appearance of improperly influencing, the outcome of any process or transaction, or otherwise result in an improper advantage. Such controls should include, to the extent necessary, limits on the type and monetary value of G&E, reporting requirements, and requirements for pre-approval by the integrity compliance function or other highranking persons in high-risk situations. Similar controls and procedures should be established for travel and other business expenses.
{6}------------------------------------------------
The Company should only make contributions to organized political parties, candidates for elections, or other political entities in accordance with applicable laws and regulations. The Company also should take appropriate steps to publicly disclose all such contributions (unless secrecy or confidentiality is legally required). To reduce the risk of Misconduct, entities may implement controls such as conducting due diligence, requiring senior management approval before such contributions are made, or having the integrity compliance function review such contributions for integrity risks.
2.7 Charitable Donations & Sponsorships
An effective Program should include safeguards to prevent donations and sponsorships from being used as a subterfuge for Misconduct. In this regard, donations and sponsorships should be free from conflicts of interest, should be publicly disclosed as far as possible, and should not confer improper advantages or create an appearance of impropriety.
The Company also should conduct Risk-Based due diligence on proposed recipients of its donations and sponsorships to ensure that they are reputable and that no improper purpose is intended. Donations and sponsorships should take into account the findings of such due diligence and, where appropriate, should be formalized through written agreements that outline integrity-related expectations and rights.
2.8 Facilitation Payments
The Company should prohibit facilitation payments, as well as require prompt reporting to the integrity compliance function and proper recording in the Company's books and records if such payments are requested or exceptionally made (e.g. in case of duress). To the extent necessary, the Company should establish clear protocols for avoiding, as far as possible, and responding to requests for facilitation payments, and conduct training on how to handle such situations.
2.9 Record Keeping
Appropriate records should be maintained regarding all aspects of the Program. The records should be kept in an auditable format and be accessible to relevant persons, including for purposes of inspections, audits, and investigations. The Company's policies should assign responsibility for creating, accessing, and maintaining different types of records under the Program.
2.10 Business Development
Particular safeguards and procedures should be adopted to prevent and address Misconduct in the Company's business development efforts. In this context, the Company should seek to ensure that all bidding and other business development activities are based on accurate and complete disclosures and representations (which should be reviewed and verified for their accuracy and completeness), comply with applicable laws and rules, and do not otherwise involve Misconduct.
{7}------------------------------------------------
The Company should consider segregating sales or business development functions from those responsible for preparing, reviewing, or approving bid submissions and business proposals, where appropriate.
2.11 Merger & Acquisition
Other companies or organizations that come under the Company's control through a merger or acquisition should be subject to the Program and undergo an integrity risk assessment as a basis for their integration into the Program. The integrity compliance function, with input from the risk assessment and due diligence findings, should guide the Program integration process, including decisions on adding resources to the integrity compliance function, training and communications, updating policies or procedures, and amending contracts where necessary. The Company also may consider reserving the right to exit or cancel the transaction if material integrity compliance problems are discovered.
2.12 Business Partners
The Company should take steps to mitigate integrity risks in its engagements with Business Partners. In this respect, the Company should:
- i) conduct Risk-Based integrity due diligence on Business Partners prior to engagement, and update such due diligence periodically during any period of engagement, to assess potential integrity risks associated with the Business Partner (e.g. if they have engaged in Misconduct or have potential or actual conflicts of interest), with the understanding that different types of Business Partners should undergo due diligence tailored to their specific risk profiles; the Company should avoid dealing with Business Partners known or reasonably suspected to be engaging in Misconduct, except where appropriate mitigating measures are put in place;
- ii) inform Business Partners of its integrity-related expectations and make it clear that the Company expects all activities carried out on its behalf to comply with the Program;
- iii) use its best efforts to require or encourage, as appropriate, all Business Partners to adopt an equivalent commitment to prevent, detect, investigate, and remediate Misconduct;
- iv) include in its Business Partner contracts:
- (a) appropriate contractual obligations outlining integrity-related expectations (e.g. audit rights, obligations to disclose conflicts of interest and not engage in Misconduct); and
- (b) remedies and/or penalties in relation to Misconduct, including a plan to exit the arrangement if necessary (e.g. a contractual right of termination if the Business Partner engages in Misconduct, is reasonably thought to have engaged in Misconduct, or has behaved in a manner inconsistent with the Program);
- v) conduct Risk-Based monitoring of Business Partners on an ongoing basis to ensure, as far as is reasonable, that there is no Misconduct in the business engagement; and
- vi) document fully and accurately its relationships with Business Partners.
{8}------------------------------------------------
Third party remuneration should be justifiable for legitimate services to be rendered or goods to be provided. Likewise, payments to Business Partners and other third parties should be for legitimate services rendered or goods provided, paid through bona fide channels, and duly recorded in the Company's books and records.
Payments and expenses incurred by the Company should also be supported by proper documentation and
receipts, and any reward-based remuneration to be offered to Business Partners (e.g. commissions, incentives) should be evaluated for potential integrity concerns. Business Partner contracts should:
- (i) clearly describe the services to be performed and/or the goods to be delivered; and
- (ii) specify payment terms.
2.14 Financial Controls & Audits
Entities should establish and maintain effective internal controls over their financial, accounting, and recordkeeping practices, and other business processes, in compliance with applicable laws and regulations.
The internal control systems, including financial and accounting controls as well as other aspects of the Program, should be subjected to regular, independent, internal and external audits and testing to provide assurance on their design, implementation, and effectiveness. Appropriate persons within the Company should review relevant audit findings with a view to implementing any recommendations and addressing any identified issues or gaps, as appropriate.
2.15 Incentives
Entities should promote compliance with the Program by adopting and implementing suitable incentives for employees, management, and members of the Governance Body. They also should seek ways to encourage ethical behavior and compliance with the Program by their Business Partners, to the extent appropriate.
3. COMPLIANCE OBLIGATIONS
3.1 General Explanations Regarding Obligations
Effective compliance management can only be achieved by adopting a well-designed compliance structure that takes into account the needs of the relevant Company. The compliance structure can only be sustainable if it is integrated into all processes and activities and reflected in the Company culture and employee behavior.
The Company's compliance obligations are not limited to complying with mandatory regulations (legislation, permits, licenses, guidelines and guiding principles prepared by regulatory authorities,
{9}------------------------------------------------
court decisions, customs, etc.) or contractual obligations, but also include organizational standards such as contracts, policies, and procedures undertaken by the Company, such as contracts with third parties, policies, and procedures, as well as voluntary compliance commitments.
3.2 Compliance Impact Areas & Risk Analyses
The company's compliance-responsible department or officers, together with the business units, conduct periodic risk assessments for Compliance Impact Areas and, accordingly, analyze the compliance risks to which the company's activities, personnel, and/or Business Partners may be exposed (through surveys, workshops, one-on-one interviews, and similar methods). Once this process is complete, policies and procedures related to specific compliance impact areas are prepared or existing documents are updated, if necessary.
Potential risks that may be encountered, risk appetite, management mechanisms, areas of activity, products and services, sectors in which the company operates, market competitiveness, legal environment, potential customers and Business Partners, transactions and payments made with other countries, third-party usage, gifts, travel and entertainment expenses, contributions to charities, including but not limited to Company-specific characteristics, are taken into account in the assessment of Compliance risks.
However, this study aims to evaluate all relevant compliance impact areas based on their likelihood of occurrence and the impact of their consequences, and to make recommendations for action to minimize the identified compliance risks. To achieve this goal, priority is given to the following areas in all work to be carried out:
- Ø Combating Bribery and Corruption
- Ø International Sanctions
- Ø Preventing Money Laundering
- Ø Protecting Data Privacy
- Ø Competition
- Ø Human Rights
The Company's Legal and Compliance Officer monitors these activities carried out throughout the Company and seriously considers and evaluates relevant risk indicators, internal audit reports, incident-based investigations, examples of compliance cases encountered, and control results in order to identify compliance risks that could affect the Company and take the necessary measures.
{10}------------------------------------------------
4.1. Main Components of the Compliance Program
The Company's Compliance Program ("Compliance Program") is a set of rules, policies, and procedures that aims to identify and manage the Company's compliance-related issues using a riskbased approach.
The Compliance Program brings together the corporate Compliance Culture, which is monitored by the Legal and Compliance Officer and supported by the Board of Directors and the Executive Board, and the standards documented throughout the Company, with the participation of all employees.
The key components of the Company's Compliance Program are outlined below:
Prevention > Detection > Response
The table below shows the components of the Compliance Program and their composition. This structure defines the general approach and strategy to Compliance, in other words, the overall framework of the Company's Compliance Program:
- Ø Prevention Function is managed through compliance risk analyses, situation assessment studies, written policies and procedures, as well as communication and training.
- Ø Detection Function is supported by technology and data analysis, as well as monitoring, testing, and auditing activities.
- Ø Response Function relates to investigations and reporting activities.
{11}------------------------------------------------
The Company's approach to compliance has been shaped by the importance attached to compliance issues by the Board of Directors and the Executive Board. The Company's Board of Directors and Executive Board act as role models throughout the organization by implementing core values, generally accepted Corporate Governance Principles, and Ethical Standards, and lead all employees in ensuring that Compliance is embraced as part of the Company's culture and reflected in the attitudes and behaviors of employees.
Having a fundamentally sound and robust compliance organization is extremely important for the effectiveness of the Compliance Management Process. The compliance organization refers to the individuals and organizational structure responsible for deciding, developing, implementing, monitoring, and overseeing matters related to the Compliance Program.
The Company's Corporate Structure reflects the compliance organization:
As shown in the table above, the functions of the Compliance organization are:
-
Compliance Committee with the Company Legal & Compliance Officer ("LCO") and
- Early Risk Management Committee
are carried out and implemented.
{12}------------------------------------------------
The leadership of the Company's Board of Directors is extremely important in matters related to compliance. Therefore, in all matters related to compliance, the Company's CEO, General Manager, and Board of Directors are responsible for demonstrating leadership across the Company by monitoring the implementation of core values and generally accepted Corporate Governance and Ethical Principles.
5. KEY FEATURES OF THE COMPLIANCE PROGRAM
The key features and standards that the LCO role must possess in order to create a successful Compliance Program are as follows:
- Ø Authorization: Possess full and clear/understandable authority to fulfill duties and responsibilities in a senior management position.
- Ø Independence: While reporting directly to the CEO/General Manager, maintain independence by reporting to the Board of Directors through the Early Risk Management Committee.
- Ø Participation: Have the authority to participate in meetings and discussions where important business decisions are made.
- Ø Monitoring: Have the authority to set Compliance Risk Standards related to the activities of other business units, even if they are implemented by those business units.
- Ø Resources and Budget: Have sufficient budget and necessary resources to manage the Compliance Program.
The HUG carries out and fulfills its duties and responsibilities with the support of the LCO.
The final responsibility for the activities to be carried out by the Legal and Compliance Officer lies with the LCO.
The LCO has three main functions. These are: Primary Duties, Monitoring Responsibilities, and Advisory Activities:
5.1 Priority Duties
The following fundamental risks, identified as a result of the Systematic Risk Analysis process and listed below, are covered, but are not limited to these:
- Ø Identifying and managing compliance risk areas (including risks related to Business Partners);
- Ø Ensuring the classification, analysis, and prioritization of compliance risks based on the results of the analysis;
- Ø Establishing and defining policies, procedures, and controls that enable the organization to prevent, detect, and manage compliance violations;
- Ø Providing or organizing ongoing training support for employees and conducting compliance
{13}------------------------------------------------
awareness campaigns to ensure that all employees are aware of what is expected of them in order to act in accordance with company policies;
- Ø Establishing a compliance reporting and documentation system for the company;
- Ø Establishing compliance performance indicators, monitoring and measuring Company compliance performance;
- Ø Analyzing Company performance to determine the need for corrective action plans;
- Ø Ensuring that the Compliance Program is reviewed and evaluated at planned intervals;
- Ø Ensuring access to appropriate professional opinions and advice in the creation, implementation, and maintenance of the Compliance Program;
- Ø Ensuring that compliance policies, procedures, and other documents are appropriate and adequate and accessible to employees and Business Partners;
- Ø Ensuring that the compliance structure is applied equally and consistently throughout the Company.
5.2 Monitoring Responsibilities
This includes monitoring and analyzing specific Compliance Risks that are considered the primary responsibilities of other departments or business units within the company. These responsibilities include, but are not limited to, the following activities and tasks:
- Ø Encouraging the inclusion of compliance responsibilities in job descriptions and employee performance evaluation processes, and supporting business units in this regard;
- Ø Developing and implementing processes for reporting and managing information such as complaints and/or feedback through whistleblowing systems or similar mechanisms;
- Ø Ensuring that whistleblowing mechanisms are easily accessible and well-known; ensuring that reports submitted are kept confidential;
- Ø Ensuring that confidential information related to the Compliance Program is only accessible to authorized persons.
5.3 Advisory Activities
This refers to activities in which the Legal and Compliance Officer performs an advisory function for all Compliance Risks identified through the Systematic Risk Analysis study.
Considering their duties and responsibilities, the Legal and Compliance Officer must have sufficient budget and resources and must have a staff consisting of a sufficient number of competent Compliance Officers and Compliance Managers assigned to work solely on compliance matters.
The Compliance Committee ("CC") aims to enhance the effectiveness of the compliance structure by consulting with the LCO. The Committee, consisting of the Human Resources (HR) Director, CFO, and, if necessary, other Presidents or Directors, acts as an advisory board that supports the LCO in the decision-making process when required.
The Risk Management Committee consists of at least two (2) non-executive members of the Board of Directors. The Committee acts as a liaison between the LCO and the Board of Directors.
{14}------------------------------------------------
All stakeholders and employees who witness or become aware of any behavior, irregularity, or abuse of authority that is not in line with the Company's Ethical Principles, or who have suspicions about such a situation, should report their concerns to the Senior Manager or HR at the relevant Company. If, for any reason, you do not find this method appropriate or are not sure that it is the most suitable way to resolve the issue, you can report the situation via the Reporting/Notification Website: https://kontrolmatik.etikmerkezi.com or by calling the Ethics Hotline during business hours (09:30- 17:30) at 0850 406 3195.
The Ethics Hotline is designed to protect the confidentiality and, if desired, anonymity of those making reports.
It is extremely important that the person(s) reporting an incident feel comfortable and safe when raising or communicating their concerns and that they do not refrain from reporting. For this reason, all complaints submitted are kept confidential, and individuals who report in good faith are protected against any possible retaliation.
In good faith, no negative action will be taken against the person raising the concern, even if the accuracy of the incident they raised is not proven as a result of the investigation conducted on the matter. On the other hand, individuals who knowingly or intentionally make false or misleading reports may be subject to various disciplinary penalties.
7. INVESTIGATIONS & DISCIPLINARY ACTIONS
All matters reported through the Ethics Hotline or other communication channels are reviewed and evaluated to determine whether an investigation into the matter is warranted.
If an investigation is initiated and a disciplinary action is recommended as a result, the matter is brought to the attention of the Company Ethics/Disciplinary Committee or the relevant company's Ethics/Disciplinary Committee, depending on the nature of the incident and the position of the person subject to the investigation, and the necessary disciplinary measures are taken based on objective criteria.
In disciplinary matters to be reviewed by the Company, the Ethics/Disciplinary Committee is authorized to decide whether any disciplinary action will be taken and the type of action to be taken.
8. AUTHORITY & RESPONSIBILITIES
If you become aware of any action that you believe violates this Policy, applicable laws, or the Company's Ethical Principles, you may consult with or report this matter to a Senior Manager.
Alternatively, you may report it to the Company Ethics Hotline at https://kontrolmatik.etikmerkezi.com
{15}------------------------------------------------
The Company employees may consult the Company Legal and Compliance Officer (LCO) regarding questions about this Policy and its implementation.
9. CORRECTIVE ACTION & COMPLIANCE
As part of the investigation into disclosures made under this policy, recommendations for change will be invited from the investigative team to enable the Company to minimize the risk of the recurrence of any malpractice or impropriety which has been uncovered.
The Ethics Committee will be responsible for reviewing and implementing these recommendations in the future and for reporting on any changes required to the Board of Directors.
10. MONITORING & REVIEW OF POLICY
- 10.1 Personnel are invited to comment on this policy and suggest ways in which it might be improved by contacting the LCO.
- 10.2 This Policy reflects the Company's practice as of December 12, 2025. The LCO, in conjunction with the Ethics Committee, is responsible for reviewing this policy at least once a year.