Financial Information and Risk Management

Under article 199 of the Turkish Commercial Code (Statute 6102), which went into force on 1 July 2012, the Board of Directors of Aksigorta A.Ş. is required, within three months of the end of its fiscal year, to draw up a report about any dealings the Company had with its controlling shareholder or with any affiliates of its controlling shareholder during the fiscal year just ended and to include the conclusions of that report in its annual report. The required statements about Aksigorta A.Ş.’s related-party transactions are presented in footnote 45 to the financial statements.

The conclusion reached in the report dated 16.02.2024 prepared by the Board of Directors of Aksigorta A.Ş. is, to the best of the Board’s knowledge of the circumstances and conditions at the time that a transaction took place or a measure was taken or refrained from, in each and every transaction which Aksigorta A.Ş. entered into with its controlling shareholder or with any of the affiliates of its controlling shareholder during 2023, that an appropriate mutual performance was achieved, that there were no measures taken or refrained from which might have caused the company to suffer a loss, and that there were no such transactions or measures whose consequences need to be offset.

Financial Position, Profitability and Solvency

With a solid financial structure that included TL 3,276 million in shareholders’ equity at end-2023, Aksigorta is one of the leading companies in the Turkish insurance sector. Continuing to grow upon sustainable profitability, Aksigorta completed the year with TL 27,299 million of premium production.

In 2023, the Company reached to TL 27,299 million premium production. A breakdown of premiums by business line during the most recent two years is shown below.

Breakdown of Premiums by Business Line

As of end-2023, 36% of generated premiums amounting to TL 9,902 million in value were retained by the Company. The charts below show the amounts and relative percentages of produced premiums that were retained by the Company during the most recent two years, broken down by business line.

As of end-2023, Aksigorta retained TL 7,676,713 in premiums which it had earned in the non-life branch. Meanwhile, the Company’s share of incurred non-life claims amounted to TL 6,621,835. As of the same date, the ratio of incurred non-life claims to earned premiums (net) was 86%. The charts below show the amounts and relative percentages of the Company’s incurred claims and earned premiums during the most recent two years, broken down by business line:

Technical Profit Balance

At end-2023, Aksigorta showed a total technical profit amounting to TL 1,690,544 thousand. The charts below show the amounts and relative percentages of the Company’s technical profit during the most recent two years, broken down by business line.

In 2023, Aksigorta earned TL 2,870,185 thousand in net investment income in addition to the earnings generated by its insurance business activities. The Company’s investment income during the most recent two years is shown below.

Based on all of these technical and financial results, Aksigorta booked profit before tax of TL 1,185 million. The Company’s shareholders’ equity amounted to TL 3,276 million at end-2023. The breakdown of shareholders’ equity items during the most recent two years is shown below:

At end-2023, Aksigorta’s principal investments amounted to TL 6,349 million in value. Developments in the Company’s investments during the most recent two years are shown below:

Aksigorta does not have affiliates as of the end of 2023.

Quality Policy

As a strong, reputable and trustworthy company together with our agents, employees and suppliers, we are committed to provide quality service and continuous improvement of our services by prioritizing customer satisfaction in line with our vision, mission and values and in conformance with national and international laws, regulations and standards regarding insurance business.

Quality Management System

Aksigorta is committed to providing quality service to all its customers, business partners, stakeholders and employees.

According to this principle, Aksigorta established the quality assurance system and obtained the BS EN ISO 9001:1994 Quality Standard Certificate from BVQI (Bureau Veritas Quality International) in 1998 Quality Assurance System standard has been revised regarding the customer needs and current conditions, and ISO 9001: 2015 Quality Management System has been published in 2015 Aksigorta has aligned its current systems with the up-to-date version.

Aksigorta established ISO 10002: 2015 Customer Complaints Management System and upgraded customer relationship management to international standards’ line which based on customer-oriented service approach.

Risk Management Framework

The Company’s Risk Management Framework includes the strategies, policy models, processes, and reporting procedures required to identify, measure, manage, monitor and report the risks to which the Company is or may be exposed.

It is the responsibility of the Board of Directors to identify the risk management principles and standards to be applied throughout the Company, to update the risk policies depending on the changes in the operating conditions, and to establish and operate an effective risk management system and relevant processes. The Board is also ultimately responsible for monitoring the risk level of the Company, controlling the situation against these limits by establishing risk limits, and putting the necessary measures into practice.

The tools required for determining, measuring, managing, monitoring, and reporting of risks vary according to the type of the risk. There are five risk classes: such as Insurance risks, Financial risks, Compliance risks, Operational risks, and Strategic risks.

Aksigorta is exposed to business risk in relation to its operations in the non-life insurance sector. Likewise, the Company also faces financial risks related to its operations, such as loan, market, and liquidity risks. Operational risks are related to the management of all risks, as they occur as a result of errors in humans, processes and technology used. Strategic risks are associated with changes in strategic planning, sector, competitive environment and technological changes. Sustainability risks, on the other hand, are assessed as strategic risks.

Emerging risks are the result of new trends that may pose a threat or risk to the Company. These trends are ambiguous by nature, making it challenging to measure them and perform an impact analysis. The emerging risks inventory is regularly reviewed in light of global and local researches in the insurance industry.

Information on Risk Management Policies by Risk Type

Risk Management Framework Policy

Aksigorta’s risk management strategy, implemented risk management system, and risk governance approach across the Company, as well as the roles and responsibilities for risk management are established in the Risk Management Framework Policy and approved by the Board of Directors.

The basic objectives of this policy are determining the basic principles and standards of the risk management systems and processes, implementing such systems and processes, and complying with the determined risk limits. The Company’s Risk Management Framework Policy defines the risk management roles and responsibilities of the Board of Directors, the Early Detection of Risk Committee under the Board of Directors, and the General Manager. The said policy also explains the role of each level in the triple line of defense model and the functioning of the delegation of authority in Aksigorta.

The activities covered by the Risk Management Framework Policy are carried out within the framework defined by the insurance legislation and the other relevant legislation to which the Company is subject.

Insurance Risk

In any insurance contract, the risk is that one party (the insurer) accepts a significant insurance risk from the other party (the insured) by agreeing to indemnify the insured if a specific uncertain future event (the insured event) negatively affects the insured.

The Company has adopted a central risk assessment policy. This policy is carried out within the framework of predetermined activities and limits. In general, the probability of damage occurring is determined during risk assessment by methods of past damage experiences, comparison of similar risks, and process risks within the production process. Location, geographical region, field of activity, and fire and theft measures are the primary criteria considered in risk assessment.

Insurance risks are managed by the Company through a policy production strategy, reassurance agreements, and effective liquidation and payment transactions. The policy generation strategy of the Company is based on the most effective risk assessment during policy production, as well as the most accurate distribution of assumed risks based on their types, sizes, industries, and geographical regions.

The Company enters into reassurance contracts for excess of loss, quota share, surplus, and catastrophic guarantees to manage insurance risk. The company has combined surplus and quota share contracts in the fire, transportation, engineering and general accident branches. Annual quota share contracts with a certain proportional turnover rate are included in the auto, professional liability, electronic devices, machinery breakdown, mandatory bus passenger, cyber risks, credit, health, and individual accident branches. Also, there are Risk & CAT, Transportation and Optional Financial Liability Non- Proportional Reassurance contracts that protect the net risks the Company holds.

Market Risk

The Company is generally exposed to interest rate risks as a result of its financial investments, as well as credit risks as a result of insurance receivables.

Changes in market interest rates cause fluctuations in the costs of financial instruments, forcing the Company to deal with interest rate risk. The primary risk to which the Company’s portfolio’s available-for- sale financial assets are exposed is the damage that will result from a decrease in the actual values of financial assets due to changes in market interest rates.

The Company is exposed to currency risks, which arise from foreign exchange rate changes caused by the conversion of its foreign exchange and foreign exchange indexed assets and liabilities into Turkish Lira.

Market risk components the Company faces, like the interest risk and currency risk, are periodically measured and reported via stress and scenario tests.

Liquidity Risk

Liquidity risk is the likelihood of the Company failing to meet its net funding liabilities. Liquidity risk is caused by events that reduce funding resources, such as market disruptions or credit score reductions.

In the event that the Company’s financial resources are insufficient, there is a risk of ceasing current operations or reducing the scope of operations.

The Company’s investment strategy approved by the Board of Directors has been established considering the liquidity conditions of the Company and the band widths (lower and upper limits) movable during the management of assets for investment and asset management and especially taking into account the potential liquidity profile of the liabilities. The liquidity risk management contains an approved limit structure and a series of triggering arrangements which provide that management is informed about potential problems.

Credit Risk

Credit risk arises from the counterparty failing to meet its obligations under the contracts to which the Company is a party. Limits and guarantees are determined by evaluating criteria such as financial strength and business capabilities of related parties. The Company’s credit risk is arises from insurance activities such as: the investment activities in banks and finance corporations, bond market investments, and receivables from agencies, insured customers, and reinsurance companies. Credit risk is managed with the credit risk rating and limit framework defined for the Company and organizations involved in the transactions made as counterparty.

Capital Management

The primary goal of Capital Management is optimizing the Company’s capital structure, composition, and distribution, as well as protecting its financial capacity and productivity. The Capital Management Policy has been established and approved by the Board of Directors to define the roles and responsibilities, capital risk appetite, and reporting requirements in order to achieve the goals set.

Operational Risk

Operational risk is the loss that may arise due to uncontrolled business processes, human or system errors or external factors. It is essential to evaluate the probability of the operational risks and the level of impact they will create, and take the necessary measures accordingly. In the first line of defense, it is aimed to manage operational risk by effective follow-up and monitoring of the processes. Efficiency and adequacy of controls and implementation of action plans are primarily the responsibility of the first line of defense and are monitored and reported by the Internal Control, Risk Management and Compliance Directorate. Aksigorta’s target is to keep the operational risk at the lowest level that is commercially reasonable.

Information on Risk Management and Internal Control System

As per the Law on Insurance No 5684, Article 4 and the Regulation on Internal Systems in Insurance and Private Pension Industries, insurance companies must set up an effective internal control system to ensure that the Company’s assets are protected; that its activities are conducted in accordance with the requirements of the Law and related other legislation, with in-company policies and with established insurance industry practices; and in such a way as to be both effective and productive; and that the accounting and financial reporting system as well as all systems used in the provision of the main services are secure, coherent, and capable of providing timely access to information.

Risk management is the Company’s main means of avoiding undesirable outcomes in the pursuit of its targets and ensuring the continuity of its activities. The Risk Management Department’s functions are to identify, measure and monitor the risks to which the Company is exposed, to ensure that actions are taken to keep the risks within the limits determined as per the risk appetite and report such actions. Within this scope, it ensures that the business decisions are taken in a risk-based approach and the resources are used efficiently, so that the expectations of the entire Company and its business partners, including customers and shareholders, are met at the highest level.

The general risk level to be assumed for each type of risk, as well as the maximum risk limits allocated to management and their implementation procedures are specified in the policies which have been approved by the Board of Directors.

In order to monitor incurred risks and to provide control, the Company established and operates a structure of internal systems complying to the scope of its activities as specified by the legislation. In this approach, dubbed “the triple defense line,” the division of authority and responsibility is as follows:

Line of Defense Officials, Authorities and Duties

1. Line of Defense: Company Management

Identifying, assessing, managing and reporting risks in an effective and risk-oriented manner, and ensuring compliance with company policies. Establishing and maintaining an effective internal control system.

2. Line of Defense: Risk Management, Internal Control and Compliance Directorate

Supporting the Company management in identifying, assessing, managing and reporting risks, overseeing compliance with Company policies and correcting any noncompliance; in short, assisting in the functioning of Aksigorta’s Risk Management Framework. Providing an acceptable assurance regarding the following subjects: Company assets are protected with internal control structure; its activities are carried out effectively, efficiently and in compliance with laws and other relevant legislation, in-house policies and rules of the Company, insurance business customs; the accounting and financial reporting systems are functioning reliably; the integrity of all systems used in the provision of services, and timely irretrievability of the information.

3. Line of Defense: Internal Audit Directorate

Assuring the Board of Directors about the effectiveness of the Company’s risk management and internal control mechanism from an impartial and independent viewpoint.

Risk Management, Internal Control and Compliance Directorate

It was structured in accordance with the Regulation on Internal Systems of Insurance and Private Pension Sectors issued in the Official Gazette dated November 25, 2021, and numbered 31670 Pursuant to Article 48/8 of the Regulation on the Internal Systems in Insurance and Private Pension Sectors, internal system functions can be structured jointly within the insurance group. Within this scope, the internal systems of Aksigorta A.Ş., Agesa Hayat ve Emeklilik A.Ş., and Sabancı Ageas Sağlık Sigorta A.Ş. are structured jointly to the extent permitted by the legislation.

It is aimed to provide assurance to the Board of Directors through risk management and internal control activities on:

• Ensuring compliance with legal obligations and the Company’s risk management policies and risk appetite limits,
• Establishment and effective operation of a control framework in order to identify all structural risks exposed and to ensure that risks are managed within specified tolerance limits,
• Designing and implementing actions to take risks within tolerance limits and reporting these risks transparently.

The reports which include the risk monitoring, assessment, management activities, and internal control activities are submitted to the Board of Directors and the Early Detection of Risk Committee regularly.

Internal Control Directorate

Internal control activities are primarily the responsibility of the business units that perform them. The Internal Control Directorate is responsible for supporting business units in the design of the processes carried out or controls made by these units, evaluating the adequacy and effectiveness of said processes and controls, and monitoring the effectiveness of the internal control function.

The Internal Control Directorate targets to make contributions under the following categories through its operations:

• Implementation of the Internal Control Regulation determined by the Board of Directors,
• Implementation of a robust and reliable control framework by creating strong and effective internal control awareness,
• Implementation and supervision of the control framework to ensure that operational risks are managed within the determined risk appetite,

The activities carried out by the Internal Control Directorate during the year are summarized below:

• The control activities performed by the business units have been supervised in line with the Annual Internal Control Plan. The results of the supervision were published quarterly in the Aksigorta Internal Control Report.
• Claims, Technical Evaluation, Reinsurance, and Debts Management control frameworks were reviewed with the relevant business units in order to activate the Company’s existing control environment.
• The results of the internal control activities carried out by the business units are monitored through the IRM- GRC application, and all determinations and findings are tracked depending on the relevant risks.
• In order to monitor Aksigorta’s compliance with legislation and regulations, work to update the control points defined in the IRM application continued during the year with the relevant teams. Newly designed compliance controls were ensured to be defined in the IRM system.
• Significant legislative changes concerning the Company’s field of activity were monitored, and compliance projects and actions were closely followed.

Risk Management Directorate

The Directorate is responsible for ensuring the adequacy and effectiveness of the risk management function across the Company. The Company ensures that the design and effectiveness of the control framework is aligned with its risk appetite and that risks to business plans, projects, and other critical business decisions are assessed.

Risk management policies and implementation procedures need to adapt to changing conditions. Within this scope, the Risk Management Directorate regularly evaluates the adequacy of the relevant policies by utilizing the outputs of the internal control system and the internal audit system and submits the necessary revisions to the Board of Directors for approval.

Risk Management Framework documents are reviewed annually and approved by the Board of Directors. Operational Risks are managed under the supervision of the Early Detection of Risk Committee of the Board of Directors.

As risk management has become a part of the Company’s business culture, the risk dimension is considered in all important business decisions made.

The findings obtained as a result of the second line of defense supervision activities are regularly presented to the Early Risk Detection Committee of the Board of Directors through management reports (CRO Report, Internal Control Report, etc.).

The activities carried out by the Risk Management Directorate during the year are summarized below:

• Phase 2 of the “IRM (GRC) Application Development” project, including the Operational Risk Management methodology, was completed by August 2023 The results of risk management and internal control activities carried out by business units are monitored through the application, and all determinations, findings, and risk events are tracked depending on the relevant risk and/or legislation.
• Trainings were organized to increase the level of knowledge and awareness of employees regarding the reporting of risk/loss events to the Risk Management Department by business units with the standard flow determined through the IRM-GRC application.
• A workshop was organized in July 2023 with the participation of all managers to evaluate emerging risks, and the risk inventory was updated with the feedback of the management.
• Insurance Risk Policy was established, and Risk Management Framework Policy was updated.
• The following activities related to the execution of the Risk Management function in 2023 were reported to the Insurance and Private Pension Regulation and Supervision Agency in accordance with the Regulation:
• a. Information on risk management policies and changes made in these policies during the year, as well as information on risk limits and changes made in these limits during the year,
• b. Capital adequacy impact analysis report, which measures the long-term impacts of the risks assumed and exposed on capital adequacy and Company continuity,
• c. Results of monitoring and tracking activities carried out during the year as part of the execution of the risk management function.

Actuarial Supervision Unit

The Actuarial Supervision Unit is responsible for monitoring the Company’s general pricing policy, portfolio profitability, the actuarial adequacy of reinsurance agreements, the adequacy and reliability of technical provisions, and the development and change of the risk level of the Company’s portfolio, as well as reporting the measures deemed necessary to senior management and the Early Detection of Risk Committee.

The Actuarial Supervision Unit also submits the following periodic reports to the Insurance Regulation and Supervision Agency:

• a. Actuarial Report, the scope of which is determined by the institution,
• b. Tariff profitability determination report and summary report on the proposals made during the year to ensure tariff profitability,
• c. Report on the actuarial methods applied and the models and assumptions used by the Company and the changes made in these models and assumptions during the year and their justifications,
• d. Periodic reports on the operations carried out during the year as part of the execution of the actuarial function.

Information Technologies and Information Security Risks Management

Information Technology (IT) risk is the potential for losing automation systems, networks, or other critical IT resources, which can adversely affect business processes. With technology becoming a part of business processes, effective management of information technologies and information security risks are among the Company’s primary goals.

Information Technologies and Information Security risks are handled within business risks management and managed with reference to the internationally accepted Information Security Standards (Cobit, ISO27001).

The main risk areas that are addressed within the Information Technologies risks and for which the levels of control targets adapted to the Company are tracked are being summarized below:

• BT IT Management and Strategy Risk
• BT IT Architecture Risk
• İş Business Continuity Risk
• Supplier Management Risk
• Service Management and Resilience Risks
• Change Management Risk
• Development and Adaptation Risk
• Malicious Service Interruptions
• Hackers and Cyber Criminals
• Malicious Internal Resources

Information Systems Risks and checkpoints, which are also part of the regulatory requirements, continue to be studied. As part of the COBIT 2019 compliance program, control targets are reviewed and necessary updates are performed at these controls. During these works, priority is given to the areas of the COBIT 2019 framework that are deemed risky for the Company.

Work was initiated to track information technologies and information security risks on the IRM platform and to record findings, determinations, and vulnerabilities on a common platform. The platform went live in 2023 Thus, it is aimed to track information security risks over the platform.

In order to ensure sound governance of risks arising from Information Technologies, modern methods are being applied in Information Technologies management. Agile, AI integrations, and Devsecops adaptations applied in the Company’s system and solution development processes are examples of these efforts.

The Emergency Center located outside Istanbul is tested annually to ensure IT continuity and for geographical redundancy.

For Information Security risks and emerging threats, as well as ensuring compliance with legislation, current technological solutions related to Information Security are designed and adapted to the Company, and the Company’s resistance to Information Security risks is being increased. Technological updates and adaptations are continued in the data leakage systems (DLP), endpoint data security solutions (XDR), and asset and data management areas, which are mandated by the legislation within this framework.

Business Continuity and Crisis Governance Risks

Aims to provide the continuity of Aksigorta operations, to effectively and seamlessly maintain value- creating critical products, services, and service activities, to reduce negative impacts, to predetermine risks for the continuity of processes providing value to customers and stakeholders, and to be prepared in times of crisis by developing measures. Human life and health are the top priority in business continuity efforts.

A Business Continuity Plan is created in order to protect business processes and valuable assets and to maintain the ability to do business after crises and events, and the effectiveness of the process is ensured through tests and exercises.

The structure of business continuity is developed based on the results of business impact analysis and risk assessment studies, and targets and performance criteria are identified based on data included in analysis activities, so that the organizational structure, business unit requirements, location, and system infrastructure are in harmony, and the development areas are determined.

Audit and control activities, management reviews and corrective actions required for the continuous improvement of the business continuity management structure, and the necessary actions to identify risks and opportunities are provided by the management and the teams that the management assigns the responsibility for business continuity.

Within the framework of these principles, the following crisis governance activities were completed during the year:

• Disaster scenarios for long- term business interruptions and, in the event of a crisis, Aksigorta’s existing business continuity management and development areas are evaluated in collaboration with key stakeholders and the Senior Management team.
• A time-based crisis simulation was carried out with the interactive participation of the Company’s crisis management team members to assess the Company’s readiness for crisis management.
• The Business Continuity team developed the crisis exercise scenario prior to the simulation, and at the end of the simulation, it was discovered that the Company Crisis Management team was aware of and prepared for crisis response. Also, additional areas for development were determined regarding the crisis management fundamentals.
• Sabancı Holding and Group companies determined the points where companies may act jointly in the event of a possible disaster, and studies were carried out to determine emergency action plans regarding the actions that can be taken before and during the disaster.
• Assessments were made by the Business Continuity teams and Risk teams on the preparations for a possible disaster, and a road map study was made to cover the preparations for the disaster and the scaling of maturity, the development of sub-scenarios, the determination of action and implementation processes, and the preparations of the responsible teams.
• An analysis of geographical backup requirements for the continuity of business processes in the event of a possible disaster was initiated.

Legal Department, Compliance and Physical Damage

All processes regarding legal questions and issues that have arisen or may arise as a result of the Company’s services and practices during its daily operations were examined as per legal regulations, and opinions were given.

Correspondence addressed to the Company from official institutions was reviewed and shared with the relevant departments of the Company. When necessary, meetings were held with the departments regarding the possible repercussions and risks of the relevant official letters to the Company, and preventive and regulatory activities were carried out. Responses to the relevant letters were prepared in accordance with the Company’s official correspondence rules, and meetings were held with official institutions on behalf of the Company when necessary.

All changes in legislation that are significant and related to the Company’s activity area have been closely monitored and reviewed, and all actions have been taken to comply with legislation.

All contracts that need to be concluded regarding the processes to which the Company is a party were prepared and reviewed. In addition, the renewal processes of the contracts that were due for renewal were legally reviewed and evaluated in the most appropriate manner for the Company’s current situation and conditions, and the renewal processes were completed. Support was provided to the consultancy requests submitted by different departments of the Company regarding ongoing contracts.

Pursuant to the Law No. 6698 on the Protection of Personal Data, activities were carried out to increase the awareness of all departments of the Company by following the current developments regarding the issues that the Company is obliged to and the applications made by the relevant persons were responded as per the legislation. Similarly, support was provided to all teams in awareness-raising activities and consultancy processes regarding the obligations to which the Company is subject due to the Competition Law.

Application, objection, and trademark processes on the intellectual and industrial rights owned by the Company were followed up, and mechanisms in accordance with legal processes were executed to prevent possible damages to the Company in this regard.

Legal support was provided for the projects initiated by different departments within the Company to ensure that new products, new services, business partnerships, and arrangements were created in accordance with the legislation.

Within the scope of MASAK compliance, the project designed has been completed, and related processes have been transferred to a digital environment with effective software applications in order to effectively monitor sanction decisions, institutions, and persons subject to sanctions. In addition, a project was initiated to profile the policyholders in the active portfolio according to risk criteria.

In 2023, the Company’s Claims and Law Department pursued a high number of lawsuits in different departments for material, physical, liability, subrogation, and receivables lawsuits and concluded settlements in many files by conducting settlement studies.

Within the scope of the decisions taken by the Constitutional Court, paragraphs a, b, and c of Article 90 of the Road Traffic Law, which regulate the calculation of compensation for loss of value, deprivation of support, and permanent disability, and the paragraph regulating the determination of the procedures and principles by the SEDDK, were annulled. In summary, it is justified that the calculation of compensation should be made in accordance with the Turkish Code of Obligations and that a different calculation method would not be appropriate. Regarding Article 92, the request for annulment of “l) (Addition: 9/6/2021-7327/19 art.) Claims for loss of value compensation for vehicles that were withdrawn from traffic or scrapped due to damage” in the article regulating the issues outside the scope of the KTK was made, but the request was rejected and the regulation was not annulled.

The Insurance and Private Pension Regulatory and Supervisory Agency published the “Tariff and Instruction on Optional Earthquake and Volcanic Eruption Coverage” on 31.07.2023 and amended the tariff and instruction on optional earthquake, fire, and related coverage to be effective as of August 1.

With this amendment, important regulations have entered into force to protect the rights and interests of the policyholders. With this amendment, in order to prevent the risk of underinsurance of dwellings, the minimum square meter value for optional coverage has been set as TL 12 thousand for reinforced concrete dwellings and TL 8 thousand for other dwellings. Within this scope, the relevant coverage for policies with a maturity date on or after August 1, 2023 were restructured. The Circular on the Amendment of the Circular (2019/10) on Package Policy and Additional Coverage in the Compulsory Motor Third Party Liability Insurance (2023/6), the Circular on the Annulment of Circular No. 2017/1 on Compulsory Motor Third Party Liability Insurance Premiums (2023/7), the Circular on the Amendment of the Circular (2019/9) on the Implementation of Compulsory Motor Third Party Liability Insurance (2023/8) were published. With the relevant regulations, a transition to a 9-tier system was made, the monthly rate of increase in maximum premiums was reduced, the possibility of 6 installments in compulsory traffic insurance payments was introduced, and the additional coverage offered by the companies to the policyholder as 10% was revised as 20% in case of payment in installments.

The Communiqué on the Amendment of the Compulsory Earthquake Insurance Tariff and Instruction Communiqué (“Communiqué”) was published in the Official Gazette dated 28.12.2023, and the minimum premium amounts of the TCIP policy, premium tariff according to the type of building, maximum coverage amount, and square meter values based on the calculation of insurance amount were updated.

A Guide on Recommendations for the Protection of Privacy in Mobile Applications:

On December 25, 2023, the Personal Data Protection Authority (“Authority”) published A Guide on Recommendations for the Protection of Privacy in Mobile Applications (“Guide”). The Guide includes recommendations for personal data processed in mobile applications, persons whose personal data is processed in mobile applications, and persons who process personal data through mobile applications. Mobile applications contain personal data within the scope of the purpose of the usage activity.

The guide contains recommendations for compliance with the general principles and processing conditions of personal data within the Law No. 6698 on the Protection of Personal Data. The Guide addresses existing and potential risks and provides guidance on the possible measures to be taken for persons who process personal data through mobile applications.

Our Company continues to work on compliance with the TFRS 17 standard, which is mandatory for insurance contracts. This standard sets out the principles for the recognition, measurement, presentation, and disclosure of insurance contracts within its scope in financial statements. The standard introduces significant changes to financial reporting, including changes to systems, processes, and data requirements. The Company follows the guidelines and timetable communicated by SEDDK for the first time implementation of the standard and ensures compliance with these guidelines.

The internal audit system of Aksigorta was structured in accordance with the Communiqué on the Internal Systems of Insurance and Private Pension Sectors issued in the Official Gazette dated November 25, 2021, and numbered 31670 As per Article 6 of the Communiqué no. 16/2022 Concerning Enforcement of Some Articles of the Regulation on the Internal Systems of Insurance and Private Pension Sectors, it is possible to jointly use an audit committee, internal control, risk management, actuarial and internal audit unit of any of the insurance, reassurance and pension companies under the Insurance group, without the need to form another such separate unit in other companies, too. Therefore, the Agesa Emeklilik ve Hayat A.Ş. Internal Audit team has been restructured accordingly so that it can serve both Aksigorta A.Ş. and Agesa Hayat ve Emeklilik A.Ş. companies Pursuant to the Board of Directors resolution dated October 31, 2007, and numbered 2007/31, and in accordance with applicable laws, rules, regulations and practices, an Audit Committee was set up to help protect the interests of the Company’s stakeholders.

As stipulated by the Board of Directors resolution dated October 17, 2014, and numbered 2014/62, the aforementioned Committee was restructured and replaced by the current Audit Committee to ensure compliance with Capital Markets Board Corporate Governance Principles. The Audit Committee consists of two members, namely Hüseyin Gürer and Yeşim Uçtum, both Independent Members of the Board of Directors. According to the organizational chart, the Internal Audit department reports directly to the Board of Directors and operates independently. The Company aims to manage the internal control system within the maximum risk limits which determine risk factors which may prevent reaching strategic and operational goals. The Risk Management and Internal Audit Departments are responsible for ensuring operational productivity and efficiency, issuing financial and managerial results in a timely, accurate and reliable manner, overseeing compliance with applicable laws and regulations, protecting shareholder investments and Company assets, and managing risks effectively and efficiently.

The scope of internal audit activities includes analysis and assessment of the efficiency and capability of internal control, risk management and administrative processes in order to yield reliable, independent and impartial opinions on these processes, and to present proposals for improvement and development. As part of the annual audit plan for 2023, a total of 16 audits, 13 in the field of business processes and 3 in the field of information technologies, were completed, and the associated reports were submitted to the Audit Committee. The actions taken by the Company executives in connection with the internal control deficiencies observed within the framework of Audit Reports were subsequently followed up and the adequacy of the actions were questioned by monitoring their effect on the risk level and the results were reported to the Audit Committee.

The Internal Audit team consists of 1 Chairman, 2 Managers, 9 Auditors and 1 Audit Data Analyst, who possess the qualifications specified in the Regulation on Internal Systems of Insurance, Reinsurance and Pension Companies. The internal audit personnel were provided with the necessary training courses to support their professional development and improve their knowledge. The Internal Audit Department staff members have no responsibility, authority or influence on the audited operations of the Company, and their full independence is ensured.

AGENDA:

Determination of allocation of annual profit of 2023, dividend pay-out rate and terms of dividend payment

RESOLUTION:

In accordance with the accounting principles and standards in force as per insurance legislation and audited by PwC Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik A.Ş. (PwC), our financial statements for the period from 01.01.2023-31.12.2023 reveal a “Net Profit for the Period” of 1.150.606.227-TL.

In accordance with the 7th paragraph of Article 9 of the Regulation on the Measurement and Evaluation of Capital Adequacy of Insurance, Reinsurance, and Pension Companies, the company is prohibited from distributing profits if such distribution would result in the equity falling below the required level of equity. As of December 31, 2023, the company’s capital adequacy ratio fell below the threshold of 115%. Therefore, it has been decided to inform the shareholders that no profit distribution will be made for the fiscal year 2023 This matter will be presented to the approval of the General Assembly at the Ordinary General Assembly meeting for the year 2023, which will be held on March 19, 2024

INDEPENDENT AUDITOR'S REPORT ON THE ANNUAL REPORT

To the General Assembly of Aksigorta A.Ş.

1. Opinion

We have audited the annual report of Aksigorta A.Ş. (the “Company”) for the 1 January - 31 December We have 2023 period.

In our opinion, the financial information and the analysis made by the Board of Directors by using the information included in the audited financial statements regarding the Company’s position in the Board of Directors’ Annual Report are consistent and presented fairly, in all material respects, with the audited full set consolidated and unconsolidated financial statements and with the information obtained in the course of independent audit.

2. Basis for Opinion

Our independent audit was conducted in accordance with the Independent Standards on Auditing that are part of the Turkish Standards on Auditing (the “TSA”) issued by the Public Oversight Accounting and Auditing Standards Authority (“POA”). Our responsibilities under those standards are further described in the Auditor’s Responsibilities in the Audit of the Board of Directors’ Annual Report section of our report. We hereby declare that we are independent of the Company in accordance with the Ethical Rules for Independent Auditors (including International Independence Standards) (the “Ethical Rules”) and the ethical requirements regarding independent audit in regulations issued by POA that are relevant to our audit of the financial statements. We have also fulfilled our other ethical responsibilities in accordance with the Ethical Rules and regulations. We believe that the audit evidence we have obtained during the independent audit provides a sufficient and appropriate basis for our opinion.

3. Our Audit Opinion on the Full Set Financial Statements

We expressed an unqualified opinion in the auditor’s report dated 8 February 2024 on the full set consolidated and unconsolidated financial statements for the 1 January - 31 December 2023 period.

4. Board of Director’s Responsibility for the Annual Report

Company management’s responsibilities related to the annual report according to Articles 514 and 516 of Turkish Commercial Code (“TCC”) No. 6102 and Capital Markets Board’s (“CMB”) Communiqué Serial II, No:14.1, “Principles of Financial Reporting in Capital Markets” (the “Communiqué”) are as follows:

• a) to prepare the annual report within the first three months following the balance sheet date and present it to the general assembly;
• b) to prepare the annual report to reflect the Company’s operations in that year and the consolidated and unconsolidated financial position in a true, complete, straightforward, fair and proper manner in all respects. In this report financial position is assessed in accordance with the financial statements. Also in the report, developments and possible risks which the Company may encounter are clearly indicated. The assessments of the Board of Directors in regard to these matters are also included in the report.
• c) to include the matters below in the annual report:
• events of particular importance that occurred in the Company after the operating year,
• the Company’s research and development activities,
• financial benefits such as salaries, bonuses, premiums and allowances, travel, accommodation and representation expenses, benefits in cash and in kind, insurance and similar guarantees paid to members of the Board of Directors and senior management.

When preparing the annual report, the Board of Directors considers secondary legislation arrangements enacted by the Ministry of Trade and other relevant institutions.

5. Independent Auditor’s Responsibility in the Audit of the Annual Report

Our aim is to express an opinion and issue a report comprising our opinion within the framework of TCC and Communiqué provisions regarding whether or not the financial information and the analysis made by the Board of Directors by using the information included in the audited consolidated and unconsolidated financial statements in the annual report are consistent and presented fairly with the audited financial statements of the Company and with the information we obtained in the course of independent audit.

Our audit was conducted in accordance with the TSAs. These standards require that ethical requirements are complied with and that the independent audit is planned and performed in a way to obtain reasonable assurance of whether or not the consolidated and unconsolidated financial information and the analysis made by the Board of Directors by using the information included in the audited financial statements in the annual report are consistent and presented fairly with the audited financial statements and with the information obtained in the course of audit.

PwC Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik A.Ş.

ORIGINALLY ISSUED IN TURKISH

Talar Gül, SMMM
Partner

Istanbul, 15 February 2024

INDEPENDENT AUDITOR’S REPORT

To the General Assembly of Aksigorta A.Ş

A. Audit of the Unconsolidated Financial Statements

1. Opinion

We have audited the accompanying unconsolidated financial statements of Aksigorta A.Ş. (the “Company”) which comprise the balance sheet as at December 31, 2023 and the statement of unconsolidated income, unconsolidated statement of changes in shareholders’ equity, unconsolidated statement of cash flows and statement of profit distribution for the year then ended and the notes to the unconsolidated financial statements and a summary of significant accounting policies and unconsolidated financial statement notes.

In our opinion, the unconsolidated financial statements present fairly, in all material respects, the unconsolidated financial position of the Company as at December 31, 2023, and its unconsolidated financial performance and its unconsolidated cash flows for the year then ended in accordance with accounting and financial reporting regulations enforced by insurance legislation and Turkish Financial Reporting Standards (“TFRS”) for the matters not regulated by insurance legislation “Regulation on Insurance Accounting and Financial Reporting Principles”.

2. Basis for Opinion

Our audit was conducted in accordance with the regulations on the principles on auditing as set out in the insurance legislation and the Standards on Independent Auditing (the “SIA”) that are part of Turkish Standards on Auditing issued by the Public Oversight Accounting and Auditing Standards Authority (the “POA”). Our responsibilities under these standards are further described in the “Auditor’s Responsibilities for the Audit of the Financial Statements” section of our report. We hereby declare that we are independent of the Company in accordance with the Ethical Rules for Independent Auditors (including Independence Standards) (the “Ethical Rules”) and the ethical requirements regarding independent audit in regulations issued by POA that are relevant to our audit of the unconsolidated financial statements. We have also fulfilled our other ethical responsibilities in accordance with the Ethical Rules and regulations. We believe that the audit evidence we have obtained during the independent audit provides a sufficient and appropriate basis for our opinion.

3. Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the unconsolidated financial statements of the current period. Key audit matters were addressed in the context of our independent audit of the unconsolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

4. Responsibilities of Management and Those Charged with Governance for the Unconsolidated Financial Statements

The Company management is responsible for the preparation and fair presentation of the unconsolidated financial statements in accordance with the Regulation on Insurance Accounting and Financial Reporting Principles and TAS, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the unconsolidated financial statements, management is responsible for assessing the Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless management either intends to liquidate the Company or to cease operations, or has no realistic alternative but to do so.

Those charged with governance are responsible for overseeing the Company’s financial reporting process.

5. Auditor’s Responsibilities for the Audit of the Unconsolidated Financial Statements

Responsibilities of independent auditors in an independent audit are as follows:

Our aim is to obtain reasonable assurance about whether the unconsolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an independent auditor’s report that includes our opinion. Reasonable assurance expressed as a result of an independent audit conducted in accordance with the regulations on the principles on auditing as set out in the insurance legislation and SIA is a high level of assurance but does not guarantee that a material misstatement will always be detected. Misstatements can arise from fraud or error. Misstatements are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these unconsolidated financial statements.

As part of an independent audit conducted in accordance with the regulations on the principles on auditing as set out in the insurance legislation SIA, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement in the unconsolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
• Assess the internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control.
• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.
• Conclude on the appropriateness of management’s use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Company ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the unconsolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our independent auditor’s report. However, future events or conditions may cause the Company to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence. We also communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the unconsolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

B. Other Responsibilities Arising From Regulatory Requirement

1. No matter has come to our attention that is significant according to subparagraph 4 of Article 402 of Turkish Commercial Code (“TCC”) No. 6102 and that causes us to believe that the Company’s bookkeeping activities concerning the period from January 1 to December 31, 2023 period are not in compliance with the TCC and provisions of the Company’s articles of association related to financial reporting.

2. In accordance with subparagraph 4 of Article 402 of the TCC, the Board of Directors submitted the necessary explanations to us and provided the documents required within the context of our audit.

3. In accordance with subparagraph 4 of Article 398 of the TCC, the auditor’s report on the early risk identification system and committee was submitted to the Company’s Board of Directors on February 8, 2024.

Additional Paragraph for Convenience Translation into English

As discussed in Note 2 to the accompanying financial statements, the effects of differences between the accounting principles as set out by the related insurance laws and accounting principles generally accepted in countries in which the accompanying financial statements are to be distributed and International Financial Reporting Standards (“IFRS”) have not been quantified in the accompanying financial statements. Accordingly, the accompanying financial statements are not intended to present the financial position and results of operations and changes in financial position and cash flows in accordance with accounting principles generally accepted in such countries and IFRS.

PwC Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik A.Ş.

Talar Gül, SMMM
Independent Auditor

Istanbul, February 8, 2024

In accordance with the “Communiqué on the Preparation of Consolidated Financial Statements of Insurance and Reinsurance Companies and Pension Companies” (“Consolidation Communiqué”) published by the Ministry of Treasury and Finance in the Official Gazette dated December 31, 2008, and 27097, insurance, reinsurance, and pension companies; In addition to the unconsolidated financial statements, an obligation has been issued to publish the consolidated financial statements.

In this context, September 30, 2022, our Company prepares consolidated financial statements by taking into consideration financial tables of 100% subsidiary Sabancı Ageas Health Insurance Joint Stock Company and by using the full consolidation method.

Sabancı Ageas Health Insurance Joint Stock Company established as a subsidiary of Aksigorta A.Ş. in August 2022 and the main field of activity is to carry out all kinds of co-insurance, reinsurance, and retrocession works within the scope of health insurance health insurances. Sabancı Ageas Health Insurance Joint Stock Company has no share in our Company.

Unconsolidated / Consolidated Summary Financial Data (thousands TL):

Financial statement items, which have changed as a result of consolidation, are shown below in terms of their unconsolidated and consolidated amounts.