Compliance Policy

1. Purpose and Scope

This Compliance Policy (“Policy”) is established and implemented to determine the principles to be adopted by Group Company Board of Directors, Top Management, employees; to be taken into account the compliance objectives carried out in practice, to ensure continual reviewing and auditing of compliance management performance within the scope of compliance requirements, in accordance with the purpose, structure, values and principles of Company organization.

This Policy covers Group Company and all its subsidiaries.

2. Compliance Approach, Compliance Management System and Compliance Function

In accordance with the Vision and Mission of Company, Compliance Approach of Company reveals uncompromising compliance with the current local legislation, Code of Conduct, Company policies and procedures, instructions and rules, relevant legislation regarding the prevention of bribery and corruption, capital market law, competition law, electricity market law, protection of personal data law, information security rules, counterparty checks and to the provisions of international agreements which are applicable in terms of their relevance.

Company, by this Policy, makes commitment to meet applicable Compliance Management System requirements and to the continual improvement of the Compliance Management System. Accordingly, the Policy is regularly reviewed to ensure such commitments by the Compliance Function.

Company has established a Compliance Management System (“CMS”) considering ISO 37301:2021 Compliance Management System standard. CMS is implemented according to the principle of continual improvement, subject to the supervision and control of the Board of Directors and Top Management.

A Compliance Function at Company has been established by the Board of Directors (Governing Body) of Company. Compliance Function is responsible for the effective execution of compliance management throughout Company by organizing compliance trainings, guiding employees, anticipating and preventing compliance risks, creating and maintaining compliance awareness and regular reporting of compliance management performance.

Compliance Function is managed by Corporate Compliance Officer who has been appointed by the approval of the Board of Directors and who has direct access to the Board of Directors (Governing Body) through legally mandatory committees. In addition, Distribution Business Unit Compliance Officer has been appointed to be responsible for compliance management in subsidiaries. In all other subsidiaries, Compliance Officers may be appointed if deemed necessary by the Top Management, taking into account the field of activity, financial and/or operational size, dynamics of the supply chain and similar criteria. Compliance Officers in the subsidiaries work in the matrix structure, reporting functionally to the Corporate Compliance Officer in terms of compliance management responsibility.

Accordingly, the Governing Body and the Top Management are informed by the Corporate Compliance Officer regularly regarding compliance performance, and also ad-hoc regarding compliance risks, findings and actions without delay.

Compliance Function makes regular compliance risk assessments in order to define potential compliance threats to Group Companies’ important activities and the level of risk that the Company is exposed to. Under the supervision and control of the Board of Directors and Top Management, it is ensured that the necessary measures are taken in a timely and complete manner to prevent possible violations and compliance risks by regularly evaluating and identifying risks. In addition, the Compliance Function, considering compliance risk map, in order to evaluate possible conflicts of interest and other compliance risks; involves in the processes and gives opinion in important organizational changes that may have effects in terms of compliance such as changing the functions of the business units.

In this way, the Company, which eliminates compliance risks, is protected from high fines, administrative and criminal sanctions, and behaviors that damage its reputation.

It is the responsibility of all business units of Company to ensure that the CMS achieves the intended outputs and to ensure the effectiveness and continuity of the system. All Company employees are obliged to report a potential or existing compliance violation. These notifications can be made anonymously. The highest level of confidentiality of notifications is ensured.

Following any matter reported to be in violation of particularly Code of Conduct and all other company policies within Company, employees who honestly and in good faith report a violation and/or suspected violation and/or request of information shall not be subject to any retaliation (including but not limited to discrimination, suspension, loss of rights, downgrading, prevention of promotion, threats or harassment) as per “Anti-Retaliation Policy”.

3. Final Provisions

This Policy has been prepared in Turkish and English and is available on the Company website and Quality Document Management System (“QDMS”).

This Policy is an integral part of Company’s sustainability approach and Code of Conduct.

This Policy has been approved and entered into force by the Board of Directors.