Risk Management
The risks of the Türk Telekom Group are determined through Risk Assessment and Evaluation surveys conducted each year. The risks identified in 2020 are classified under the headings of Financial, Strategic and Operational Risks.
The identified risks are then prioritized with the assessments of senior executives of Türk Telekom, and action plans are made to determine their responsibilities and manage the risks or eliminate them altogether. Detailed root cause analysis studies for the basis of action planning are carried out with the related departments and the joint studies are carried out with the Corporate Risk Management Department for the identified risks.
The general assessment of these risks is as follows:
Financial Risks
The Türk Telekom Group is exposed to financial risks such as liquidity risk, currency risk, interest rate risk and counterparty risk. Within the framework of the strategy to minimize liquidity risk, financing is raised from different regions (The Americas, Europe, the Gulf, Japan, China, and Turkey) and a diversified pool of investor groups (commercial banks, international financial institutions, official export credit agencies and bonds) with long-term maturities. This strategy allows the Group to have access to long-term financing on competitive terms, by eliminating any dependence on a single geographical region and investor group. With regard to the Eurobonds issued by Türk Telekom, the Group actively monitors the price and yield dynamics of these bonds, which are tradable instruments in the secondary markets, in order to formulate optimum cash management strategies on a total return and cost basis. As a result of long-term credit terms for investments and diversified funding sources, Türk Telekom carries liabilities in foreign currency. Due to the net liabilities being denominated in foreign currency and the fluctuations in foreign exchange rates, the company may be exposed to currency risk, which may have an impact on its financial statements. By planning foreign currency cash flow, Türk Telekom can minimize the negative impact of currency risk on its financial statements. With respect to the fluctuations in the value of the TL against hard currencies, the Group initiated a long-term hedging strategy in 2015, and in this framework, the Company has a hedge position of USD 2 billion, details of which are provided in the footnotes to its financial statements. In addition, Türk Telekom holds a significant portion of its cash assets in hard currency as a natural hedge against currency risk. Efforts continue to convert the supply contracts into TL to manage the currency risk driven by investment expenses. While 88% of the total value of major supply contracts concluded in 2016 was in foreign currency, only 32% of the total value of the contracts signed in 2019 was in foreign currency. In addition to the aforementioned derivate instruments, for management of the interest rate risk, Türk Telekom entered an interest-rate swap position equivalent to USD 450 million, details of which are provided in the footnotes to the financial statements. Together with the use of fixed interest funds such as bonds, Türk Telekom reduces its exposure to the floating interest rate risk. With regard to its financial assets, Türk Telekom maintains a position to minimize counterparty risk in accordance with the framework of the limits and diversification policy applied to the other parties. Türk Telekom carries out the hedge transactions regarding financial risks within the framework of the guidance and authorizations set by the Board of Directors.
Strategic Risks
Türk Telekom operates in a sector with high levels of technological innovation, competition and regulatory developments. With an awareness of the sector, Türk Telekom carefully analyzes both the positions of its competitors and the technological developments in the market and the varying customer preferences. Taking these factors into consideration, proactive risk management activities are carried out within the framework of the Company’s strategic priorities, which contribute to both increasing company revenues and meeting customer expectations. In line with the strategic objectives, information technologies are used and solutions are developed to facilitate lives of individuals and the public sector. With this target, Türk Telekom has achieved a number of firsts in its sector, and continued to bring the latest stateof-the-art communication technologies to the Turkish public. In order to prepare for the future and focus on its strategic objectives, the Company decided to provide the infrastructure required for the products and technologies to a high performance and using the risk management products and models to maintain and strengthen the market position and goodwill in order to create a competitive edge. Moreover, with its structure strengthened with its subsidiaries, the Company substitutes the areas in which it might lose market share because of the changes in legislation and the developments to cause significant changes in the market with new products and services and evaluates the opportunities in the country and abroad.
Operational Risks
Operational risks are defined as the risk of loss caused by inadequate or failed internal processes, human resources and systems or external events. Türk Telekom provides services that are dependent on technological infrastructure. Thus, correct identification of the risks exposed by these services and successful management of these services are important in delivering business targets. Factors such as malfunctions, power cuts and natural disasters which may have an impact on the communication infrastructure and critical systems of Türk Telekom may weaken the Company’s capacity to provide services to its subscribers. Business Continuity Management can be defined as a holistic management process that determines the potential threats and if realized, their impacts on key activities, and which provides protection for internal and external stakeholders, its reputation, goodwill and value-adding activities, as well as corporate flexibility. Critical products and services are subject to Business Impact Analysis and Risk Assessment, and necessary performance improvements are undertaken in the light of continuity objectives following performance assessments. Cyber security risk may arise as a result of the combination of threats and weaknesses in the digital environment, disrupt the confidentiality, integrity and accessibility of information and impact the delivery of the strategic objectives. Events such as the interruption of critical systems (Denial of Service (DDoS) attacks), disruption of competitive power as a result of loss of strategic data (trade secret theft), loss of the customer’s trust and reputation as a result of personal data breach, financial and operational losses caused by the destruction of corporate data and systems, and penalties that may be faced as a result of failure to comply with the applicable laws and regulations, as well as their consequences are assessed. All Information Technologies and Network operations are carried out within the scope of security policies. Problems in this scope are continuously analyzed and are controlled within the scope of the early detection mechanisms established. Türk Telekom undertakes extensive efforts to protect itself and its subscribers from business interruptions and security breaches, ensures compliance with the best practices, standards and policies, and takes significant steps including obtaining certificates such as ISO 22301 and ISO 27001. In addition, Türk Telekom holds PCI-DSS certification for the mobile network.
It is often impossible to produce a product or service and make it available for the customers using internal resources only. The nature of the sector requires working with a limited number of suppliers producing advanced technology. In this context, realization of risks related to suppliers and subcontractors could result in an adverse effect on Türk Telekom’s business, negative customer experience due to reduced quality of service provided to customers, or a security breach and data leakage that causes disruption of service that could result in reputational damage. Thus, an effective procurement is aimed by taking into account main factors such as the TCO (Total Cost of Ownership), supply chain risks and sustainability. The increased demand for skilled and specialist labor increases the importance of employees further. Finding, recruiting, training and retaining the right employees are critical factors in the success of the company. Türk Telekom employs many human resources practices in order to effectively manage human resources at the company. The Türk Telekom Academy continues to launch training projects supporting the employee development. Türk Telekom aims to create a working environment which respects human rights and to act in accordance with human rights in its operations. With this target, the Türk Telekom Human Rights Policy was approved by the Board of Directors and disclosed to the public.