05

Our Value Creation Model
Financial Capital
Human Capital
Natural Capital
Intellectual Capital
Social Capital

Intellectual Capital

Information Security and Digital Transformation

Information security and digital transformation are at the heart of modern banking activities. The quality and reliability of the services offered by Banks depend on the robustness of their digital infrastructure and the effectiveness of their information security policies. Protecting customer data, ensuring business continuity, and delivering financial services reliably are the main criteria that Banks aim to achieve through information security and digital transformation.

In this context, within the scope of the digital transformation process that it continued in 2022, Development and Investment Bank of Türkiye is implementing significant improvements in its IT infrastructure in digitalization steps, business continuity, and security in line with its corporate needs regarding measurement and evaluation issues. By focusing on topics such as open-source, open banking, and cloud computing, the Bank aims to increase the effectiveness and efficiency of its processes with artificial intelligence-supported systems and robotic process automation. The Bank’s digitalization practices aim to increase operational efficiency and improve customer service.

In 2022, a change was made in the information technology organization, with teams formed to apply agile working principles, and the general framework of the revision of IT processes was outlined, taking into account related consolidation and improvements.

This work aimed to re-evaluate the Bank’s integrated project management, change management, and supply management procedures and design processes to achieve high levels of efficiency. The Project Management Institute (PMI) based waterfall method, which is classically adopted, and agile techniques together form the basis of the project management process. This allows both the operation of processes to support strategies and flexibility in response to the specific requirements of the project.

In 2022, corporate business processes were transitioned to a point where all Bank processes could be analyzed under a single and centralized architectural model with an activity-based end-to-end design approach (current case analysis, gap analysis, and target case design). This structure has enabled centralized observation of roles and responsibilities and transitions between functions, facilitated the identification of dependencies, enabled rapid implementation and commissioning of improvement designs, and reduced the need for lengthy and repeated business analysis for automation opportunities.

Intellectual Capital

Process mining solutions that support the collection, processing, and interpretation of real process data and process performance reporting to discover, analyze, and improve business processes and identify automation opportunities were examined, and the procurement process was initiated. Process mining will be used for strategies to increase efficiency, such as visualizing how many different forms and variants the Bank’s business processes take, monitoring the losses experienced in the steps in the process (cost, time, etc.), determining the percentage of automation in the operation of the processes and the differences and compatibilities between the designed ideal process and the actual process.

The Innovation and Business Development Committee carries out its activities by introducing new products, services, innovations, and optimizations within Development and Investment Bank of Türkiye in order to take advantage of commercial growth opportunities. Development and Investment Bank of Türkiye ensured the continuity of its digital transformation efforts with the private cloud project completed in 2022. The BRSA’s new information systems legislation, which was published in March 2020 and entered into force at the beginning of 2021, allows Banks to use private cloud and community cloud within certain restrictions.

The Bank dynamically followed these legislative changes, seized this opportunity to rapidly initiate the design of its new information systems architecture based on the cloud, and took its place among the pioneering institutions implementing the private cloud in the digitalization race that continues rapidly across the entire sector. Opportunities for new types of cloud technologies are evaluated, and regulatory bodies and technological developments are monitored. Private cloud technology, which has many advantages such as affordable cost, operational efficiency, scalability, high availability, and, most importantly, being at the center of the technological trend in the world, was implemented for the first time in the sector in 2022.

The Bank assesses and manages the risks associated with this comprehensive transition with a holistic approach and by actively involving non-IT stakeholders.

Throughout 2022, significant work was carried out on this project, which was completed and implemented during the year, while the technological infrastructure of the primary data center and disaster data centers were renewed by the Bank. Subsequently, data centers that meet international standards were put into operation. The new primary center was certified to provide the highest level of availability, security, and resilience with TIER IV, the highest accreditation offered by the Uptime Institute. As part of the ongoing core banking transformation initiative (BCTI), parallel use of ERP modules was initiated, followed by the integration of loans and treasury modules into the parallelization process.

Compliance with the “Regulation on Banks’ Information Systems and Electronic banking” published by the BRSA was achieved, meeting all regulatory requirements, and also compliance with the Information and Communication Security Guidelines prepared by Presidential Digital Transformation Office was ensured.

In terms of information security, the Bank complied with the ISO/IEC 27001:2013 Information Security Management System Standard, the only auditable international standard published by the International Organization for Standardization (ISO), which defines the requirements for information security and includes the controls that institutions and organizations must comply with in information security.

At the same time, the Bank strengthens its measures against potential cyber threats by improving its endpoint security infrastructure while analyzing and positioning endpoint detection products as it regularly informs senior management to increase monitoring and awareness of cyber incidents. These efforts enhance not only the Bank’s digital transformation but also its cyber security approach. With this approach, Development and Investment Bank of Türkiye proactively responds to current and future needs in the field of digital banking and assumes a leading role in the industry in information security.

Some of the other projects realized in 2022 are listed below:

In 2022, the Bank renewed its information technology infrastructure in all areas, such as location, capacity, technological direction, architecture, and security. With the project, all systems were switched to an active-active structure with backups. Bank IPs were replaced with operator-independent RIPE IPs, ensuring high accessibility.

As security threats continued to spread and grow on a global scale, the Bank maintained its security-oriented approach to information technologies.

Activities within the scope of the paperless banking project continued.

New security solutions continued to be implemented in 2022 as the legislation was updated in parallel with the potential threats. In this context, an SSL encryption solution was commissioned and started to be used. The dissemination of open-source systems, which have many advantages such as low cost, reduced supplier dependency, integrated management, and provided high quality, continued. Monitoring, reporting, and visualization activities of the IT platform were provided with open-source systems.

Development and Investment Bank of Türkiye continued its corporate architecture studies in 2022. In this context, various globally accepted architectural models and frameworks were examined in detail, and the most suitable TOGAF-based corporate architecture framework was decided upon for the Bank, and adaptation studies were initiated. By increasing the processes on the incident, problem, and service management system, the digital channel for all units’ demand management was expanded, integrations with supplier call systems were increased, and automation and SLA-based measurements continued in call management processes.

In 2022, the Bank continued to develop innovative services for its customers through mobile and online channels.

Interactive decision support reports on the Bank’s BI portal were accessible on mobile devices, and activities to increase the effectiveness of teams in business processes continued.

Based on the principle that all elements of information technologies should be up-to-date, secure, and efficient, version upgrade projects and technology renewal efforts were emphasized in 2022. E-mail systems were upgraded to the latest versions. User computers were renewed, and operating systems and office applications were upgraded to the latest versions.

In 2022, the Bank modernized the technological infrastructure of its primary data center and emergency centers (EC) within the scope of the data center renovation project of the entire information technology platform and started to operate in data centers with international standards. The new primary center has been certified to offer the highest level of availability, security, and resilience with TIER IV, the highest certification awarded by the Uptime Institute.

Within the scope of the 2022 security plans, the Bank started to test and then procure to use a product suitable for ensuring endpoint security with the aim of strengthening the security infrastructure on end-user computers.

The Bank continued to work on raising staff awareness regarding information security.

The Bank ensured its controls against negative information and notifications that it monitored and identified through the cyber intelligence application and continued to take immediate actions against cyber intelligence that turned out to be positive.

Penetration testing services were procured, and penetration tests were carried out for all modules and applications to be commissioned, especially the Core Banking System, which plays a vital role in the Bank’s transformation process.

The development of the derivatives module, which includes forward/swap transactions, execution of risk, limit, collateral and diversity processes, transaction valuation, and taxation functions, was completed on the new main banking SKY platform. The development and migration processes of this application were automated end-to-end, and efficient and high-performance deployment processes were created on Docker technologies.

Centralized reporting and infrastructure fed from all data sources of the Bank, business intelligence, and reporting applications continued to be expanded. Interactive and dynamic decision support reports were increased and updated by 370% in 2022, ensuring effective monitoring and reporting. Data warehousing efforts to improve data quality continued.

New core banking applications were run on Kubernetes infrastructure, and the use of scalable, high-performance, flexible, secure, and low-cost container architectures was expanded.

With the renewal of the existing rating model, the Bank’s rating model was modernized with a new IFRS-compliant rating model in a way that takes into account quantitative, qualitative, warning signals and expert opinions for corporate/SME, project loans, and financial institutions, with the aim of providing more accurate, consistent and objective credit risk analysis and management, ensuring healthier and sustainable loan portfolio growth, and transitioning to a system designed with modern algorithms and more convenient for users.

Within the scope of secure software development, the implementation of OWASP standards continued, test process automation studies were carried out, and automation was achieved in the test steps of the software development life cycle, resulting in resource savings, efficiency, and quality improvement in testing and quality processes.

As part of efforts to improve the quality and assurance process in the application development lifecycle, Selenium test automation continued to be extended to all test processes.

Efforts will continue to develop a software development framework based on an agile, fast, low-code approach that enables error-free and rapid application development.

A mobile intranet application was created to strengthen internal communication among the Bank’s employees, enabling them to share social posts, send messages of thanks and support based on cultural values, and access announcements, surveys, and internal documents.

In order to offer value-added services to customers, investment processes are ongoing for initiatives operating in the fields of open banking channels and FinTech (Financial Technology) cooperation.