Money laundering, terrorist financing and the financing of the proliferation of weapons of mass destruction may arise in various forms across different lines of business. A risk-based approach enables the identification, measurement, assessment and mitigation of such risks by defining appropriate criteria, implementing suitable control mechanisms, and ensuring continuous monitoring.

Within this framework, Uğuras Kıymetli Madenler Sanayi ve Dış Ticaret A.Ş. has established a comprehensive compliance program aimed at preventing activities related to money laundering, terrorist financing and proliferation financing.

This document has been prepared to ensure institutional compliance with Law No. 5549, Law No. 6415, Law No. 7262, and the secondary regulations issued pursuant thereto, and to fulfil all related statutory obligations. In this context, the objectives include:

• Ensuring that the intermediary institution’s policies, procedures and control mechanisms are fully compliant with applicable laws and regulatory requirements;
• Proactively identifying, assessing and preventing the misuse of the institution’s activities for money laundering, terrorist financing or the financing of the proliferation of weapons of mass destruction;
• Evaluating customers, transactions and services under a risk-based framework in order to mitigate exposure to financial crime risks;
• Raising awareness among employees regarding anti-money laundering (AML), counter-terrorist financing (CTF) obligations and related legal and administrative responsibilities;
• Establishing effective internal audit and training programs.

In addition, the recommendations and standards issued by the Financial Action Task Force (FATF)—which set internationally binding benchmarks for combating money laundering, terrorist financing, proliferation financing and other financial crimes—are duly taken into consideration.

Assets
Assets refer to any funds or income belonging to a natural or legal person, including:

1. funds and income owned, possessed, or directly or indirectly controlled by such person, as well as any benefit or value derived therefrom or from their conversion;
2. funds and income owned or possessed by a natural or legal person acting on behalf of or for the account of another, together with any benefit or value derived therefrom or from their conversion.

Proceeds of Crime
Any asset or economic value derived from the commission of any criminal offence.

Money Laundering
The process by which proceeds of crime are transferred abroad or subjected to transactions aimed at concealing their illicit origin or creating the appearance that such assets were obtained through legitimate means.

Offence of Money Laundering
The laundering of asset values derived from offences punishable by a minimum of one year’s imprisonment or more, including transferring such assets abroad, concealing their unlawful origin, or subjecting them to transactions designed to give the impression of lawful acquisition.

Financing of Terrorism
The act of knowingly and wilfully providing, collecting, or facilitating funds, assets, rights, receivables, income, or any value convertible into money—whether in whole or in part—with the knowledge that such resources will be used in the commission of terrorist offences.

Risk
The likelihood of financial loss, regulatory exposure, or reputational damage arising from the misuse of the services offered by the institution for money laundering or terrorist financing purposes, or from failure to fully comply with applicable legal and regulatory obligations.

Service Risk
The risk associated with services such as non-face-to-face transactions, private banking, correspondent banking, or new products and services delivered through emerging or advanced technologies.

Customer Risk
The risk arising from a customer’s business activities—such as intensive cash usage, trading in high-value goods, or ease of conducting international fund transfers—or from the possibility that the customer or persons acting on the customer’s behalf may misuse the institution for money laundering or terrorist financing purposes.

Country Risk
The risk arising from business relationships or transactions involving countries that lack adequate AML/CFT frameworks, fail to cooperate sufficiently in combating such crimes, or are designated as high-risk by competent international authorities, including exposure to their citizens, companies, or financial institutions.

Beneficial Owner
The natural person(s) who ultimately owns or controls a customer, legal entity, or legal arrangement, or who ultimately exercises decisive influence over it, including the natural person(s) on whose behalf a transaction is conducted.

Freezing of Assets
The removal or restriction of the right to dispose of assets in order to prevent their dissipation, consumption, conversion, transfer, assignment, or any other form of disposition.

Terrorist Financing
The provision of financial or economic support—whether lawful or unlawful—to terrorists, terrorist organisations, or terrorist activities, including facilitation, assistance, or any form of support.

International Sanctions
Decisions, measures, and regulations issued by international authorities imposing restrictive measures on countries, individuals, entities, or vessels due to money laundering, terrorist activities, or anti-democratic practices.

Suspicious Transaction
Any transaction conducted, attempted, or facilitated through or at the institution where there is information, suspicion, or reasonable grounds for suspicion that the assets involved are derived from unlawful activities, are used for unlawful purposes, or are linked to terrorist acts, terrorist organisations, terrorists, or persons financing terrorism.

Suspicious Transaction Report (STR)
A report submitted to the competent authorities concerning customers or transactions identified as suspicious.

The Intermediary Institution and all its employees are strictly prohibited from engaging in, facilitating, or participating in any transaction or activity that constitutes or may constitute money laundering, terrorist financing, or related criminal conduct. Accordingly, employees are required to exercise due care, diligence, and vigilance in all customer relationships to mitigate the risk of money laundering and terrorist financing. Failure to comply with these obligations may result in severe legal sanctions, including administrative fines and criminal penalties, as prescribed under applicable legislation.

 Board of Directors
Ultimate responsibility for the effective, adequate, and comprehensive implementation of the Compliance Program within the framework of this Policy rests with the Board of Directors of the Intermediary Institution.

Within the scope of the Compliance Program, the Board of Directors is authorised and responsible for:

• Ensuring compliance with all obligations related to the prevention of money laundering and the financing of terrorism, and overseeing the effective and efficient operation of the Compliance Program;
• Approving the Corporate Compliance Policy;
• Appointing the MASAK Compliance Officer and the MASAK Deputy Compliance Officer;
• Approving annual training programmes and any amendments thereto;
• Reviewing the outcomes of risk management, monitoring and control, and internal audit activities, and ensuring that appropriate remedial measures are implemented.

MASAK Compliance Officer
The MASAK Compliance Officer is responsible for performing all duties and functions assigned under applicable legislation, as well as any additional tasks assigned by the Board of Directors or by board members duly authorised by the Board. In order to fulfil these responsibilities, the MASAK Compliance Officer is authorised to access all information and documentation held by the Company and its business partners, to take all necessary measures to remedy compliance deficiencies, and to issue instructions within the scope of their mandate.

The duties, powers, and responsibilities of the Compliance Unit and the MASAK Compliance Officer are set out in detail in the document titled “Authorities and Responsibilities of the Compliance Unit and the Compliance Officer,” as approved by the Board of Directors. Any updates to this document shall enter into force upon approval by the Board of Directors or by board members authorised by the Board.

MASAK Deputy Compliance Officer
The MASAK Deputy Compliance Officer is responsible for performing all duties and responsibilities of the MASAK Compliance Officer, within the scope of the authority granted to the Compliance Officer, during periods when the Compliance Officer is absent or unavailable.

The objective of this Risk Management Policy is to ensure that our intermediary institution’s exposure to risks relating to money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction (PF/WMD) is appropriately identified, rated, monitored, assessed, and mitigated.

Within the scope of the Institutional Policy on the Prevention of Money Laundering, Combating the Financing of Terrorism, and Preventing the Financing of the Proliferation of Weapons of Mass Destruction, the Risk Management Policy (Section 5/19) at a minimum encompasses the internal controls, measures, and operational procedures prescribed under Section Three (“Principles Relating to Customer Due Diligence”) of the Regulation on Measures Regarding the Prevention of Laundering Proceeds of Crime and the Financing of Terrorism.

Risk Management activities shall, at a minimum, include:

• Developing methodologies for risk identification, rating, classification, and assessment across customer risk, service/product risk, and country/geography risk,
• Risk-rating and classifying services, transactions, and customers accordingly,
• Ensuring monitoring and control of high-risk customers, transactions, or services; reporting in a manner that alerts relevant units; requiring senior approval for execution where appropriate; and enabling audit when necessary,
• Testing the consistency and effectiveness of risk identification/assessment and risk-rating/classification methodologies retrospectively through case studies and completed transactions, and updating them in line with findings and evolving conditions,
• Tracking and incorporating applicable national legislation and recommendations, principles, standards, and guidance issued by national and international bodies,
• Reporting risk monitoring and assessment outcomes at regular intervals to the Audit Committee and the Board of Directors.

Risk Management activities are carried out by the Compliance Officer under the Board’s oversight, supervision, and responsibility. Results are reported to the Board by the Compliance Unit on a quarterly basis. Risk Management primarily consists of customer risk, service/product risk, and country/geography risk.

5.1. Customer Due Diligence Principles
Reasonable measures are undertaken, and required information/documents are obtained, to establish:

• The customer’s true identity and address and verification through reliable and valid documents, data, or information,
• Internal consistency of the information and documentation,
• The customer’s profession/line of business and financial standing,
• Whether the customer acts on behalf of another person and the identification of the beneficial owner; for legal entities and partnerships, the ownership and control structure,
• Transaction profile and capacity,
• Main counterparties (buyers/sellers),
• Place of business or place of activity.

Customer relationships are not established with persons or entities that refuse to provide information/documents or provide misleading or unverifiable information.

5.2. Identification / Verification Methodology (KYC)

A) Natural Persons
The following are obtained and verified:

1. Full name (verified by national ID card, driver’s license, passport, or other legally recognized official ID containing a national ID number),
2. Date of birth (verified as above),
3. Nationality (verified as above),
4. Type and number of the identity document (verified as above),
5. Address (verified via residence certificate, utility bill issued within the last 3 months, or other methods/documents acceptable to the Ministry, including documentation issued by public authorities),
6. Signature specimen (verified through notarized signature circular/specimen),
7. Employment/occupation information,
8. Telephone / fax / email (verified through contact via these channels where applicable),
9. For Turkish citizens: national ID number,
10. For non-Turkish nationals: place of birth is also obtained (verified through passport, residence permit, or other identification accepted by the Ministry).

B) Legal Entities Registered with the Trade Registry
The following are obtained and verified:

1. Legal name (verified via trade registry registration documents),
2. Trade Registry Number (verified via registry documents),
3. Tax identification number (verified via documents issued by the Revenue Administration),
4. Scope of activity (verified via registry documents),
5. Registered address (verified via registry documents),
6. Telephone/fax/email (verified through contact via these channels where applicable),
7. Identification procedures are also applied to the authorized signatories/representatives as natural persons.

If, within an existing ongoing business relationship, a transaction is requested on behalf of the legal entity by written instruction of an authorized representative, the accuracy of the representative’s identity information may be verified via notarized signature circulars, provided the instruction is confirmed to belong to the authorized person.

C) Associations / Foundations / Unions & Confederations / Political Parties
Identification is conducted based on their constitutional documents and relevant official registries, and the identification procedures for natural persons are applied to authorized representatives.

D) Foreign Legal Entities
Equivalent documents from the relevant jurisdiction are accepted where:

1. Approved by Turkish consulates, or
2. Apostilled under the Hague Apostille Convention (where applicable).

Where required under the risk-based approach, verification may be completed using notarized Turkish translations.

E) Trusts Established Abroad
Identification is conducted through the trust deed and related documentation approved by Turkish consulates or apostilled, with additional steps taken to identify the settlor, trustee, beneficiaries (or beneficiary class), protector (if any), and ultimate controlling persons, applying reasonable measures to verify such information.

F) Unincorporated Structures / Ordinary Partnerships
Identification is conducted through decision books/contracts and official records, and the identification procedures for natural persons are applied to authorized representatives.

For all identification processes, readable copies or electronic images of the original or notarized copies of verification documents are retained, or the relevant identity information is recorded, to be produced upon request by competent authorities.

G) Public Institutions
Where the customer is a public administration or professional organization within the scope of the Public Financial Management and Control Law No. 5018, the identity of the person acting on behalf of such customer is verified, and authorization is confirmed via legally compliant authorization documentation.

5.3. Declaration of Acting on Behalf of Another & Identification of Beneficial Owner
Pursuant to Article 15 of Law No. 5549, any person acting in their own name but on behalf of another in transactions requiring identification must declare in writing on whose behalf they act prior to execution; otherwise, criminal sanctions may apply.

In addition, under Article 17 of the relevant regulation, obligated parties must:

• Take necessary measures to determine whether a person acts on behalf of another and to identify the beneficial owner,
• Display customer notices prominently at all service locations, and
• Obtain a written customer declaration in establishing an ongoing business relationship.

Accordingly, the required notice is displayed in a place visible to customers.

Where transactions are requested through authorized parties, the following are performed as applicable:

• Identification of the principal customer/entity,
• Identification of the authorized representative,
• Identification of the person acting under authorization,
• Where the authorized representative is not present, verification may be performed through notarized signature circulars,
• Authority may be confirmed by comparing notarized signature circulars with written instructions.

Where a transaction is conducted by a person on behalf of a natural-person customer:

• Identification of the principal customer is performed,
• Identification of the authorized person is performed, and
• Authority is verified via notarized power of attorney.

If the customer is not physically present, identification may be performed via the power of attorney. If a prior face-to-face identification has already been completed in earlier dealings, transactions may also be accepted on the basis of written instruction without a power of attorney, subject to risk-based controls.

For minors and legally restricted persons, the authority of legal representatives (parent/guardian/trustee) is verified via court decision or notarized copy. Where a parent transacts on behalf of a child, identification is performed for both the child and the parent(s).

5.4. Authenticity Checks for Verification Documents
If there is doubt as to the accuracy of documents used during identification, the intermediary institution verifies authenticity, to the extent feasible, by obtaining confirmation from the issuing institution or competent authorities.

5.5. Identification in Subsequent Transactions
For customers previously identified in accordance with procedure, in subsequent face-to-face transactions within an ongoing business relationship, identity information is obtained and compared against records. The name of the person executing the transaction is recorded on the relevant document and a signature specimen is obtained. Where doubt exists, information is verified by comparison to identity documents or notarized copies.

5.6. Transactions Requiring Enhanced Attention
We apply enhanced scrutiny to complex or unusually large transactions and those lacking an apparent legal or economic purpose. Necessary measures are taken to understand the purpose and nature of such transactions. Information, documents, and records are retained for submission to competent authorities upon request.

5.7. Ongoing Monitoring of Customer Profile and Transactions
Customer transactions are monitored on an ongoing basis to assess consistency with the customer’s occupation, business activities, history, financial standing, risk profile, and source of funds. Customer records are kept up to date. Contact information obtained during onboarding (phone, fax, email) may be verified through these channels where necessary under the risk-based approach.

Appropriate measures are also taken to monitor non-ongoing transactions on a risk-based basis, supported by a suitable risk management system.

5.8. Reliance on Third Parties
We may establish a business relationship or execute a transaction by relying on measures performed by another financial institution regarding identification and purpose of relationship/transaction. However, ultimate responsibility remains with our institution under applicable laws and regulations. In such cases, we must be satisfied that the other financial institution:

• Applies adequate CDD/recordkeeping measures,
• Is subject to effective AML/CFT regulation and supervision, and
• Will provide identification documents promptly upon request.

Where such assurance cannot be obtained, we do not enter into a business relationship.

5.9. Additional Measures for High-Risk Categories
For entities assessed as high-risk, we apply Enhanced Due Diligence and additional control measures.

5.10. Relationships with High-Risk Countries
To mitigate risks arising from relationships and transactions involving countries identified by the Ministry or deemed high-risk by competent international bodies due to insufficient AML/CFT frameworks or inadequate cooperation, we implement necessary measures. We take into account FATF country risk categorizations and conduct transactions in accordance with FATF standards and international compliance principles.

5.11. Measures Against Technological Risks
We apply heightened attention to risks that technological developments may be exploited for ML/TF. In particular, we apply enhanced monitoring and controls to:

• Non-face-to-face onboarding and ongoing relationships established through remote systems,
• Cash deposits and withdrawals,
• Electronic transfers,and closely monitor transactions that are inconsistent with the customer’s financial profile or business activity.

5.12. Customers Not Accepted / Rejection of Transactions / Termination of Relationship
A customer must meet the criteria set out in this Policy. The following are not accepted as customers, and the rejection/termination of transactions and relationships is evaluated where:

• True identity or address cannot be established or verified,
• The customer seeks to open an account under a name other than their true identity,
• The customer provides misleading information or is unwilling to provide information,
• Inconsistencies or inaccuracies are found following further review,
• Beneficial owner cannot be determined,
• The nature/purpose of the business cannot be understood,
• Required documentation cannot be obtained,
• The customer appears on official prohibited lists or lists monitored by the institution,
• Shell banks and shell companies are involved.

Anonymous accounts are not permitted. If a customer is later added to sanctions lists after the relationship is established, the relationship is terminated. Whether the relevant situation constitutes a suspicious transaction is additionally assessed by the Compliance Officer.

5.13. Simplified Measures
In low-risk cases permitted by regulation, simplified measures may be applied. Subject to Ministry permission, this may include:

• Transactions between financial institutions,
• Transactions with public administrations or professional organizations within the scope of Law No. 5018,
• Relationships established via bulk onboarding under payroll payment agreements,
• Pension plans/contracts funded by payroll deductions,
• Transactions with publicly listed companies whose shares are admitted to trading on an exchange.

If ML/TF risk is assessed in any transaction, simplified measures are not applied, and the transaction is evaluated for suspicious activity risk.

5.14. Enhanced Measures
Where special attention is required (unusual transactions, technological risk, high-risk countries), one or more of the following measures are applied:

1. Obtain additional customer information and update customer/beneficial owner information more frequently,
2. Obtain additional information on the nature of the relationship,
3. Obtain information on the source of wealth and source of funds to the extent possible,
4. Obtain information on the purpose of the transaction,
5. Subject initiation/continuation/execution to senior management approval,
6. Increase the number and frequency of controls and identify transaction types requiring additional controls,
7. Require that the first financial movement in an ongoing relationship be executed through another financial institution applying CDD principles.

5.15. Monitoring of Asset-Freezing Decisions
We do not establish relationships with persons, entities, or organizations whose assets are frozen under Law No. 6415 and Law No. 7262. We treat the prevention of terrorist financing and PF/WMD as a priority responsibility. Accordingly, screening against relevant sanctions lists and additional measures are addressed under our institutional procedures.

5.16. Correspondent Relationships
In correspondent relationships we apply the following principles:

1. Obtain reliable information from public sources regarding whether the counterparty has been subject to AML/CTF investigations, sanctions, warnings; and assess its reputation and adequacy of supervision,
2. Evaluate the counterparty’s AML/CTF framework and ensure it is appropriate and effective,
3. Obtain approval from the Chair of the Board before establishing new correspondent relationships,
4. Define mutual responsibilities contractually,
5. Where payable-through (nested) accounts are involved, ensure the counterparty has applied adequate measures and can provide customer identification upon request.

We do not enter into correspondent relationships with shell banks, nor with financial institutions where we cannot be satisfied that they do not permit shell banks to use their accounts.

5.17. Information Requirements for Electronic Transfers
We comply with applicable information requirements for domestic and cross-border electronic transfers.

For electronic transfers of TRY 15,000 and above, at least one sender identifier must be included in the transfer message, such as:

• Full name / trade name,
• Account number (or transaction reference), and
• Address, place/date of birth, customer number, Turkish national ID number, passport number, or tax number, and the accuracy of such information is verified by our institution.

For the recipient in such transfers, the name/trade name and account number (or transaction reference) are included; verification of recipient information is not mandatory.

For transfers below TRY 15,000, only name/trade name and account number (or transaction reference) for both sender and recipient are included; verification is not required.

Where mandatory information is missing, we request completion of missing data or return the transfer. If deficiencies recur and are not remedied, transactions with the relevant financial institution may be rejected, restricted, or the relationship may be terminated. Throughout the transfer chain, particular care is taken to ensure that sender information is transmitted in full.

Article 11 of the Regulation on Compliance Programs Regarding Obligations for the Prevention of Laundering Proceeds of Crime and the Financing of Terrorism defines the risk management policy and states that “obligated entities shall establish a risk management policy by taking into account their size, business volume, and the nature of the transactions they conduct.”

The purpose of the risk management policy is defined as ensuring the identification, classification, monitoring, assessment, and mitigation of the risks to which the obligated entity may be exposed. At a minimum, this policy encompasses internal measures relating to customer due diligence.

In order to prevent money launderers and individuals or entities seeking to finance terrorism or the proliferation of weapons of mass destruction from conducting transactions through our Intermediary Institution—and to ensure that suspicious transaction reports can be submitted where necessary—the principles and rules set forth in the legislation issued by the Financial Crimes Investigation Board (MASAK), and reflected in this document, must be strictly observed.

Failure to comply with these requirements may expose the Intermediary Institution and its employees to the following risks:

• Legal Risk:

 Intermediary institutions may face significant legal consequences if they fail to fulfil their anti-money laundering and counter-terrorist financing obligations. In cases where such violations persist, regulatory authorities may impose severe sanctions, including the revocation of operating licenses.

• Reputational Risk:

As intermediary institutions operate on the basis of trust, public perception regarding the integrity of an institution and the confidence of its clients constitute among its most valuable assets.

Processes and systems designed to achieve these objectives are implemented effectively under the responsibility of the MASAK Compliance Officer and the executive responsible for internal control. This procedure, at a minimum, provides clarity with respect to the following matters:

• The definition of the internal control framework and allocation of responsibilities,
• Risk-based control methods to be applied,
• Principles governing transaction monitoring,
• Reporting principles,
• Monitoring and evaluation of the effectiveness of controls, and the implementation of action plans to enhance effectiveness where necessary.

Risk mitigation and preventive measures, as well as the implementation of action plans—together with procedures relating to the identification and reporting of suspicious transactions—are carried out under the responsibility of the MASAK Compliance Officer.

Our Intermediary Institution conducts monitoring and control activities by taking into account the nature, volume, and characteristics of transactions carried out by its customers.

The purpose of monitoring and control is to ensure that the Institution is protected against risks and that its activities are continuously reviewed and verified for compliance with applicable laws, secondary legislation issued pursuant to such laws, as well as the Institution’s internal policies and procedures.

Within this framework, monitoring and control activities carried out in accordance with the relevant legislation include, but are not limited to, the following:

7.1 Monitoring and control of customers and transactions classified as high-risk.
7.2 Monitoring and control of transactions involving high-risk or sensitive jurisdictions.
7.3 Monitoring and control of complex, unusual, or non-routine transactions.
7.4 Sample-based verification of transactions exceeding thresholds determined under the Institution’s risk policy, to assess consistency with the customer’s risk profile and transaction history.
7.5 Sample-based monitoring and control of linked or related transactions which, when aggregated, exceed the thresholds requiring customer identification.
7.6 Sample-based review of information and documentation required to be retained electronically or in writing in relation to customers, as well as mandatory data included in electronic transfer messages; completion of missing information and periodic updates of such records.
7.7 Ongoing monitoring of transactions conducted by customers to assess their consistency with the customer’s business activities, risk profile, and declared sources of funds throughout the duration of the business relationship.
7.8 Regular screening and monitoring of individuals, entities, or organizations whose assets have been frozen pursuant to Law No. 6415 on the Prevention of the Financing of Terrorism and Law No. 7262 dated 27 December 2020 on the Prevention of the Financing of the Proliferation of Weapons of Mass Destruction.
7.9 Risk-focused monitoring and control of services that may become vulnerable to misuse due to newly introduced products or technological developments.
7.10 Ongoing monitoring of customers subject to sanctions as announced in the Capital Markets Board (CMB) Bulletins.

For many years, our Intermediary Institution has applied an assessment methodology that goes well beyond a review of customer documentation alone. Our approach evaluates the overall coherence between documentation and the corporate reality, including the company’s operational capacity, market credibility, transaction volumes, ownership structure, and the standing and integrity of both the company owner and key personnel.All such elements are analysed in conjunction with prevailing market supply-and-demand dynamics, with a view to determining whether the underlying transactions are consistent with the ordinary course of business and whether the economic benefit or the ultimate beneficiary aligns with reasonable commercial expectations.

Within this framework, our reviews include, but are not limited to, the following considerations:

• The alignment between capital structure and business volume,
• Consistency between declared company equity and actual market activities,
• Financial market pricing behaviour and the transactions executed in response to such pricing,
• Verification that executed transactions fall within acceptable and prevailing market margins,
• Confirmation that transaction documentation is duly executed by the ultimate beneficial owner, including written authorisations for transactions initiated via electronic correspondence, followed by submission of wet-ink signed confirmations to our Institution,
• Market-behaviour analysis whereby movements in financial instruments (such as gold, silver, or similar assets) are evaluated. In cases where prices reach extreme overbought or oversold levels—indicating a unidirectional market movement—our Institution examines whether any individual or corporate counterparty has acted contrary to prevailing market trends and, if so, whether such behaviour can be reasonably justified.
• Our trading activities are predominantly conducted with counterparties operating within Borsa İstanbul, all of which are entities fully aligned with OECD criteria.For transactions conducted on the other side , following the standard Borsa İstanbul counterparty framework, we obtain and securely archive wet-ink signed documentation from individuals or corporate entities, in accordance with the relevant communiqué provisions (including Article 5.9). In this context, particular attention is paid to proof of residence for individual counterparties and, for corporate entities, to ownership structure, registered premises, and changes in financial standing. Such documentation is refreshed and re-verified at least once every six months.

For many years, our gold trading activities have been conducted with a strong emphasis on international regulatory alignment. Gold, by its nature, is a globally convertible asset and is therefore governed not only by domestic laws and practices, but also by internationally recognised standards and market conventions. Accordingly, our operations are structured in full consideration of OECD criteria, as well as the global compliance frameworks applied by international correspondent banks.Following the achievement of LBMA accreditation by Borsa İstanbul in 2008, a domestic trading framework fully aligned with OECD standards was established within Türkiye’s precious metals market. Subsequently, in 2020, the Ministry of Treasury and Finance of Türkiye undertook a comprehensive restructuring of companies and intermediary institutions in accordance with OECD principles, thereby ensuring that domestic market participants operate within a framework compatible with the management of international financial engagements.Although Türkiye is classified among emerging markets, Borsa İstanbul has developed a robust and highly sophisticated regulatory infrastructure, supported by internal regulations and procedural guidelines comprising more than 400 individual provisions. As a result, the operational and compliance standards applied within the Turkish capital and precious metals markets are comparable in quality and rigor to those implemented across G7 capital markets.

Our Intermediary Institution operates actively within Borsa İstanbul. In line with Borsa İstanbul’s operational framework, all gold transactions are executed through a fully documented process in which the gold certificate and corresponding certificate number are identified, verified for validity, and systematically recorded within an end-to-end documentation chain. This process ensures full traceability, regulatory transparency, and alignment with both domestic and international compliance expectations.

Pursuant to Article 4 of Law No. 5549 on the Prevention of Laundering of Proceeds of Crime and Article 27 of the Regulation on Measures Regarding the Prevention of Laundering of Proceeds of Crime and the Financing of Terrorism, where a transaction executed, attempted, or intended to be executed through our Intermediary Institution:

• is suspected to involve assets derived from illegal activities, or to be used for unlawful purposes such as money laundering, terrorist financing, or the financing of the proliferation of weapons of mass destruction;
• even if lawfully obtained, is suspected to be used by terrorist organizations, terrorists, or persons or entities financing terrorism or the proliferation of weapons of mass destruction;
• is determined, through findings, information, suspicion, or reasonable grounds for suspicion, to be linked to money laundering, terrorist financing, or the financing of the proliferation of weapons of mass destruction;

then, following the necessary examinations and assessments, transactions deemed suspicious shall be reported by the Compliance Officer to the Financial Crimes Investigation Board (MASAK) within the timeframes and in accordance with the procedures stipulated under the relevant legislation.

The Compliance Officer is authorized to request from all departments any information and documentation relevant to their respective areas of responsibility in connection with a suspicious transaction. All units receiving such requests are obliged to promptly provide the requested information and documents and to extend full cooperation to the Compliance Officer.

In accordance with the legal provisions governing confidentiality of suspicious transaction reports and the protection of reporting persons, any employee who becomes aware, in any manner, that a suspicious transaction report has been made or will be made is strictly prohibited from disclosing such information to any party whatsoever—including the parties to the transaction—except to authorized supervisory authorities conducting compliance inspections and to judicial authorities during legal proceedings.

Where documentary evidence or strong indications exist that assets involved in an attempted or ongoing transaction are related to money laundering, terrorist financing, or the financing of the proliferation of weapons of mass destruction, the transaction shall be reported to MASAK together with a request for deferral, including the underlying reasons. Until a decision is rendered by the competent authority, execution of the transaction shall be suspended for the period prescribed under applicable laws and regulations.

The purpose of the Training Policy of the Intermediary Institution, which covers both employees and business partners, is to strengthen institutional awareness and compliance culture with respect to money laundering and terrorist financing risks, and to ensure that personnel are fully informed of the Institution’s legal obligations, internal policies, procedures, and practical applications in this field, based on up-to-date knowledge.

Processes and systems designed to achieve these objectives are established and overseen by the MASAK Compliance Officer and the executive responsible for training, and are implemented in a manner that ensures their effective and continuous operation.

This policy sets out, at a minimum, the following principles:

• Allocation of responsibilities related to training activities,
• Principles governing the design and implementation of training programs,
• Training methodologies to be applied,
• Criteria for the selection and training of instructors,
• Methods for measuring and evaluating training effectiveness,
• Principles governing training content.

Training programs provided to personnel shall, at a minimum, cover the following topics:

1. Concepts of money laundering and terrorist financing,
2. Stages and methods of money laundering, including case studies and typologies,
3. Applicable legislation on the prevention of money laundering and terrorist financing,
4. Risk areas and risk indicators,
5. Institutional policies and procedures,
6. Within the framework of applicable laws and regulations:
7. Customer due diligence and know-your-customer (KYC) principles,
8. Principles governing suspicious transaction reporting,

• Record-keeping and retention obligations,

1. Obligations to provide information and documentation,
2. Sanctions and penalties applicable in cases of non-compliance,
3. g) International regulations, standards, and best practices in the fight against money laundering and terrorist financing.

Training activities conducted are periodically reviewed, with the participation of relevant departments, based on assessment and evaluation results, and are repeated at regular intervals as required by operational needs and regulatory developments.

All information and statistics relating to training activities are duly recorded in accordance with applicable legislation and are reported, within the prescribed timeframes and procedures, to the Financial Crimes Investigation Board (MASAK) through the MASAK Compliance Officer.

In order to provide the Board of Directors with reasonable assurance regarding the effectiveness and adequacy of the policies and operational practices adopted by the Intermediary Institution in combating money laundering and the financing of terrorism, an Internal Audit Manager has been appointed under the Institution’s Internal Audit Policy and granted the necessary authority to perform internal audit activities effectively and independently.

In determining the scope of the audit, deficiencies identified through monitoring and control activities, as well as high-risk customers, services, and transactions, are incorporated into the audit universe. Taking into account the size, operational scale, and transaction volume of the Intermediary Institution, the units and transactions subject to audit are determined accordingly. In this context, audits are designed to cover a representative sample of units and transactions, both in quantitative and qualitative terms, that adequately reflects the Institution’s overall operations.

Within the scope of the audit, the efficiency and effectiveness of the Intermediary Institution’s policies, procedures, risk management, monitoring, control, and training activities are assessed, together with the compliance of its operations with applicable legislation, internal policies, and procedures. Any deficiencies, errors, or instances of abuse identified within the regulatory framework, as well as recommendations and corrective actions aimed at preventing their recurrence, are reported to the Board of Directors, and the implementation of related action plans is closely monitored.

A copy of the Internal Audit Report submitted to the Board of Directors is also transmitted to the MASAK Compliance Officer. In addition, all information and statistics relating to internal audit activities are duly recorded in accordance with applicable legislation and are reported, within the prescribed timeframes and procedures, to the Financial Crimes Investigation Board (MASAK) through the MASAK Compliance Officer.

Pursuant to Law No. 5549 on the Prevention of Laundering of Proceeds of Crime, together with the secondary legislation issued thereunder, including applicable regulations and communiqués, the Intermediary Institution ensures the systematic retention, secure preservation, and prompt availability of all records related to its statutory obligations and transactions, irrespective of the format or medium in which such records are maintained.

Within this framework, the Intermediary Institution:

• Retains documents for a period of eight (8) years from their date of issuance,
• Retains books and accounting records for eight (8) years from the date of the last entry, in accordance with MASAK compliance requirements,
• Retains customer identification, know-your-customer (KYC), and due diligence records for eight (8) years from the date of the last transaction,
• Retains commercial books and related supporting documentation for ten (10) years, in accordance with the provisions of the Turkish Commercial Code (TCC).

All records are maintained in secure, access-controlled, and integrity-protected environments, ensuring that they are complete, reliable, and readily retrievable. Such records are made available for inspection and submission to the competent authorities upon request, including the Financial Crimes Investigation Board (MASAK) and other duly authorized supervisory and regulatory bodies.

Suspicious Transaction Reports (STRs) and all related supporting documentation are subject to the same record-keeping, confidentiality, and disclosure obligations, and are retained in full compliance with applicable legal, regulatory, and supervisory requirements.

This updated Policy shall enter into force upon its approval and execution by the Board of Directors. Any subsequent amendments, revisions, or updates to this Policy shall likewise become effective only upon approval and execution by the Board of Directors.Within the scope of this Policy, the MASAK Compliance Officer is authorized to prepare, implement, and put into effect all related procedures, guidelines, and instructions.Provided that they are fully consistent with this Policy and with the procedures and instructions issued by the MASAK Compliance Officer—and subject to the prior approval of the MASAK Compliance Officer—business units may establish supplementary internal rules aimed at ensuring the effective implementation of applicable legislation. Such rules may be incorporated into the respective units’ internal documents, including policies, procedures, or operational guidelines.