Liability for risk and compliance management in Turkey

Liability

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

Boards of directors are the main governing bodies in Turkish corporations, both privately held and listed. As a general principle, the board of directors is required to manage and represent the company by contemplating the long-term interests of the company with a rational and cautious approach to risk management, keeping the risk, growth and return balance of the company at an optimum level. Members of a board of directors owe a duty of loyalty and a duty of care to their company. The standard for the duty of care introduced by the TCC echoes the well-known ‘business judgment rule’. The legislature, however, has left the scope of the Turkish business judgment rule unclear, and has deferred the interpretation surrounding the new standard to the Turkish courts. See question 14 for board liability matters.

The TCC clarifies the distinction between the representation and governance functions of boards of directors, which are both delegable. A board’s governance power can be partially or wholly delegated to one or more management officers or third persons through an internal company bylaw to be prepared by the board, provided that the company’s articles of association permits such delegation. If the governance power is delegated to management, then management officers would also be bound by the foregoing principles.

In addition to the foregoing, the TCC prohibits members of a board of directors from entering into any transactions with the company unless they are explicitly permitted to do so by the general assembly of shareholders. This is regardless of whether the board members act for themselves or on behalf of another person. If board members enter into such transactions with the company without shareholder authorisation, the company may choose to ratify the transaction or treat it as invalid. Furthermore, board members and their relatives who are not shareholders in the company must refrain from being indebted to the company by way of cash indebtedness. The company cannot provide sureties, guarantees or security interests to these persons. The creditors of the company are allowed direct recourse from persons acting in violation of this rule. The involvement by board members in activities competing with the company’s business is also prohibited unless approved by the general assembly prior or subsequent to the transaction. In order to avoid conflicts of interest, board members are restricted from attending and voting at meetings where their or their relatives’ interests will be discussed. Board members violating this restriction may be held personally liable for any losses suffered by the company in this connection.

For listed companies, the board of directors is also required to establish internal control systems, including risk management and information systems and processes. These internal control systems may ultimately reduce the effects of any risks that may influence the company’s stakeholders or shareholders by taking into account the views of the board committees. Privately held companies may also adopt these methods to increase compliance oversight.

Do undertakings face civil liability for risk and compliance management deficiencies?

Yes, undertakings with risk and compliance management deficiencies may face civil liabilities. This liability could arise from the general principles of tort law or from provisions of specific legislation such as the TCC or the Banking Code.

Companies and employers can be held liable for the acts of their employees unless it is proven that the company was diligent in selecting, instructing and supervising the employee.

Under the TCC, parent companies are prohibited from using their control rights to the detriment of their subsidiaries. If they do, they would be obliged to compensate the affiliate’s loss within the same year. If the parent company fails to do the foregoing, any shareholder of the subsidiary has the right to request compensation for damages of the subsidiary. The parent company’s board of directors would then be held liable along with the parent company. Creditors of the subsidiary may also request payment of the company’s loss to the subsidiary.

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

Yes, they do. Undertakings with risk and compliance management deficiencies may be subject to regulatory consequences or administrative fines imposed by the regulatory authorities referred to in question 4.

Do undertakings face criminal liability for risk and compliance management deficiencies?

Under Turkish law, legal entities may not face criminal liability. However, for certain crimes specified under the Turkish Criminal Code or other legislation (such as bribery, embezzlement, money laundering, purposefully polluting the environment or breach of competition), security measures may be taken against the legal entity, such as the cancellation or confiscation of an operation licence, if it is active in a regulated sector.

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

Yes, they do. Board members and senior management will be held liable for damages to the company, its shareholders or creditors proportionate to the extent their fault has been proven for breach of obligations, including their risk and compliance management obligations. They are held responsible on a pro rata basis with respect to the proportion of fault found attributable to them.

The liability system of the TCC exposes board members and senior management to claims not only from shareholders but also from creditors and puts the burden of proof on the board members rather than the claimant who challenges the presumption that the directors have acted in line with their duties. Board members and senior management are held exempt from liability for fraudulent acts that are beyond their control.

Under the TCC’s liability principles, a company’s internal bylaws set out guidelines for governance including the definition of the board members’ and senior management’s duties, delegation of powers with respect to specific fields, exchange of information and reporting systems within the board. This clear-cut delegation of governance power made by internal bylaws also provides guidance on the allocation of liability. If the governance powers of the board have been delegated through the company’s internal bylaws, liability will attach to the delegated powers. As a result, board members and senior management who have delegated certain powers or duties will not be held liable for the actions or decisions of their delegates provided that they have acted with reasonable diligence (ie, unless proven to have acted with insufficient diligence) in delegation, instruction or supervision of such delegates. This ‘differentiated liability’ system has replaced the established liability system of the former TCC (abolished in 2012) where all directors sitting on the board were held jointly and severally liable for damages incurred by the company arising from the breach of duties and responsibilities.

Similarly, the senior management and auditors of banks can be held personally liable for the loss incurred by the bank itself owing to their action in breach of the banking regulations.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

Yes, they do. The TCC stipulates various administrative monetary fines for breach of certain provisions, such as non-compliance with bookkeeping requirements or inaccurate statements on capital adequacy, to be imposed on the relevant individual (from the board or senior management) that fails to comply with the obligation in question. Board members may also be held personally liable for unpaid public debts such as taxes or social security payments to the extent that the company itself is unable to pay them.

The Capital Markets Code grants broad powers to the CMB on that matter. Accordingly, for breaches of the capital markets regulations, the CMB may adopt measures such as cancelling the signatory authorities, dismissing individuals from their duties, appointing temporary individuals to vacant positions or issuing administrative fines on the individual.

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

Yes, they do. Criminal liability is generally governed under the Turkish Criminal Code. Therefore, if the members of governing bodies or senior management act in a way that falls within the scope of a specific crime (eg, bribery, embezzlement, forgery), they may face criminal liability.

In addition to the general scope of the Turkish Criminal Code, there are other pieces of more specific legislation under which criminal liability may arise, such as insider trading and market manipulation under the Capital Markets Code or forgery of company books under the Tax Procedure Code, which can lead to imprisonment or judicial monetary fines.