Milli Re 2025 Annual Report

Assessment of Capital Adequacy The Company’s capital adequacy is measured according to the provisions of “Regulation in Respect of Measurement and Assessment of Capital Adequacy of Insurance, Reinsurance and Pension Companies”, which was published by Insurance and Private Pension Regulation and Supervision Authority and assessments regarding the results are submitted to the Board of Directors through the Audit Committee and Subsidiaries Division of İşbank via the “Risk Assessment Report”. The factor-based method, used according to the aforementioned regulation, determines the amount of capital required for each type of risk, and thus allows the calculation of the total required capital. Emergency and Business Continuity Management It is critical to determine and implement the appropriate measures in the face of emergencies that may result from external factors such as natural disasters, cyber-attacks, epidemics, civil disturbances, or internal factors such as hitches in the IT infrastructure and workplace accidents, and thus minimizing the risk of interruption to business operations. In this respect, our Company has been working on emergency preparedness and ensuring business continuity. Succeeding in this respect requires a holistic planning of the Company’s core and supporting activities. Likewise, all related efforts are steered by the Emergency Management Committee comprised of the members of senior management, which is supervised by the Board of Directors. The coordination between the business units taking part in the efforts is provided by the Risk Management Department. Conducting the business impact analysis that is specific to each business unit is the priority task in relation to Emergency and Business Continuity Management. Within the business impact analysis, the negative events that may result from a potential interruption in business processes are evaluated in terms of their impact on the Company’s reputation, as well as their financial, operational and regulatory implications. In this way, maximum interruption durations that may be tolerated in business processes and recovery time objectives are set, which will guarantee that a possible interruption will not exceed such interruption durations. Then, business requirements are matched with the Company’s employee, IT and supplier needs and the operational planning that is needed to achieve recovery objectives is carried out. Starting with these steps, the Emergency and Business Continuity Plan is updated and then presented for the approval of the Board of Directors. The Emergency and Business Continuity Plan is tested once a year to verify its operability. In 2025, an emergency drill was carried out by establishing a remote access to the applications and systems in the Disaster Recovery Server Center within the scope of the Company’s business processes and information systems including the Singapore branch. In addition, the Company’s disaster recovery location was visited and the hardware there was tested. During the drill, all applications and systems specified in the Plan, data and documents business units need for critical business processes were accessed within recovery point objectives and data entries were completed successfully. The feedback testing in relation to data entries was also conducted successfully. The Company depends on information technology at the highest extent in the conduct of all its activities. Therefore, the principles associated with assignments and resource management in relation to information technologies, which is essential for implementing the plans made, are individually addressed in the Information Technology Department Contingency Plan. In addition to the matters mentioned above, new products, procedures and planned activities undergo evaluation by internal systems units; this process also entails ensuring conformity to business continuity practices. Additionally, the Risk Management Department explores improvement areas in relation to business continuity practices, makes related suggestions to relevant authorities when necessary, and organizes online and face-to-face training programs for employees. GENERAL INFORMATION FINANCIAL RIGHTS PROVIDED TO THE MEMBERS OF THE GOVERNING BODY AND SENIOR EXECUTIVES RISKS AND ASSESSMENT OF THE GOVERNING BODY ACTIVITIES AND MAJOR DEVELOPMENTS RELATED TO ACTIVITIES RESEARCH & DEVELOPMENT ACTIVITIES FINANCIAL STATUS FINANCIAL INFORMATION 99