Access Classification Scheme: The classification scheme or method made to limit access to some internal information except for those who use it for a valid and legitimate business need.

Access Control: Prohibition or control of the use of a resource, including preventing unauthorized use of information.

Accounting Control: The methods and procedures applied by an institution to ensure the validity and accuracy of its financial statements.

Accountability: Accountability, clear definition of the rules and responsibilities regarding corporate management, the observance of the parallelism between management and shareholders’ interests by the boards of directors. [1]

Active Bribery: Offering an improper benefit, directly or through intermediaries, to a public or private sector official or any other person to in order to perform or not perform a task related to their duties [2].

Actual conflicts of interest: The situation in which the personal interests of an employee/person bound by contract in an institution conflict with the interests of the institution while performing their duty

Administration Guideline: Written documents designed by a management unit to achieve compliance and effective task performance.

Administrative Monetary Penalty: Fines imposed by state administrative institutions.

Agency: There are different definitions in different legal systems.

In Turkish Law: Without having a legal position depending on the business such as a commercial agent, commercial agent, sales officer or an employee of the enterprise, the person who has the profession to mediate in contracts that concern a commercial enterprise continuously in a specific place or region or to perform them on behalf of that merchant. nobody – TTK 102

In the Anglo-Saxon Law: It is defined as the independent persons who mediate on the client’s account in contracts related to the purchase and sale of goods or who conclude these contracts on behalf and account of the client.

Anonymization: Making personal data not to be associated with any identified or identifiable real person in any way, even when paired with other data.

Anti-Corruption Policy: In addition to the definition of corruption, the policy that includes the principles, rules, and standards required by institutions in the field of anti-corruption.

Anti-Money Laundering: All of the legislation against the operations and actions aimed at showing the assets obtained from a crime as income obtained from a legitimate source in order to conceal the illegal source. [3]

Antitrust: All of the legislation against a group of companies acting together with the aim of eliminating competition in the market and providing price control.

Approved Exception: An alternative to or exclusion from established rules, guidance or standards documented and agreed upon by an agreed oversight body under certain conditions.

Asset confiscation: Continuous loss of assets by the order of a court or other competent authority, including the loss of a certain right where applicable [4]

Asset freezing: Temporary prohibition of the transfer, conversion, disposition, or movement of assets, or the temporary taking of the preservation or control of assets based on a decision made by a court or other competent authority [5]

Audit: A systematic process that objectively collects and evaluates evidence to investigate the extent to which claims related to economic activities and events comply with predetermined criteria and communicate the results to interested parties.  (Audit Concepts Committee)

Audit-Proof Manner : A method of performing a task that does not raise suspicion of non-compliance during a systematic assessment

Authority: The right, authority, and permission to carry out a task under certain conditions according to the provisions provided by the laws.

Benchmarking: The search for, purchase, and/or comparison of information that an institution attempts to find the most accurate and the best at any time or anywhere (including within itself), and, as a result, the adaptation of the organization according to these findings, in order to increase its level of success.

Big Data: Converted form of all data collected from various sources such as social media posts, network logs, blogs, photographs, videos, log files into meaningful and processable form

Bribery: Offering, promising, or giving an improper benefit, directly or through intermediaries, to a public or private sector official or any other person to in order to perform or not perform a task related to their duties.

Business Continuity Plan : Managerial processes and strategies for being prepared in an organized manner against the risks that will arise in case of interruption in the business continuity of the company. [6]

Business Ethics: It is the branch of applied ethics or professional ethics that examines ethical principles and moral or ethical issues that may arise in a business environment. It applies to all aspects of workflow and relates to the behavior of individuals and all organizations.

Certified Fraud Examiner (CFE): ACFE certified fraud (or misconduct) reviewer whose work is bribery, financial statement fraud, other fraud and irregularities.

Clean Company Act: The law that aims to fight corruption in Brazil, commonly known as the Clean Company Act (Lei da Empresa Limpa), which entered into force in 2014.

Code of Conduct / Code of Ethics :  A set of rules that summarize the responsibilities of the employees towards institutions, people, and other institutions they do business with, and the public, that reflect their basic values and principles and guide them about acceptable and unacceptable behavior.

Commercial bribery: The type of bribery given from the private sector to the private sector, aiming to gain an advantage over commercial competitors.

Common Controls  : Sharing control over an economic activity on a contractual basis.

Compliance: To check whether an institution regulates the basic rules and principles in its relations with all stakeholders and the public, and then whether the activities are carried out in accordance with these rules and principles.

Compliance Assessment: Evaluating how well an organization complies with applicable rules and standards.

Compliance Audit: Examination of records and activities to assess the adequacy of the institution’s compliance with rules such as legislative laws, international binding laws, ethical standards, and internal principles.

Compliance Awareness: Having knowledge or awareness about compliance with rules such as legislative laws, international binding laws, ethical standards, and internal principles.

Compliance Deficiency: Violating the boundaries of a program that ensures compliance with and monitors rules such as legislative laws, international binding laws, ethical standards, and internal principles.

Compliance Department: The department established to create and develop a culture of compliance in institutions, to advise on the problems faced by personnel regarding ethical behavior principles, and to carry out ethical and compliance practices.

Compliance Exception: A situation that is an exception to the general rules of compliance with legislative laws, international binding laws, ethical standards, internal principles, and contracts.

Compliance Framework: Any intervention implemented at strategic, systemic, or operational level to develop ethics and compliance programs in institutions

Compliance Function: Person or team responsible and authorized for the execution of the compliance management system.

Compliance Gap: A field of institutions that does not comply with the legislative laws, international binding laws, ethical standards, internal principles, and contracts

Compliance Indicator: Indicator that defines the status or level of achieving compliance goals.

Compliance Monitoring  :  Regular internal monitoring, control, and auditing activities carried out by institutions to see whether their ethics and compliance programs and rules are being implemented.

Compliance Performance: Measurable results of the organization’s fulfillment of all compliance obligations

Compliance Plan: A control and balance system aimed at identifying potential compliance problems with applicable legislation and regulations and designing reasonable solutions to eliminate or reduce these problems

Compliance Policy: A written quality document designating the principles and values on ethics & compliance issues, arranged according to the risk analysis and compliance program developed within the organization.

Compliance Procedure: A written detailed quality document designating the rules, scope, sanctions, and procedures on ethics & compliance issues, arranged according to the risk analysis and compliance program developed within the institution

Compliance Roles and Responsibilities: Defining the roles and responsibilities of everyone involved in the organization’s compliance management.

Compliance Training: The process of training employees on the legislative laws, internationally binding laws, ethical standards, internal principles and contracts that are required in order to perform daily job descriptions.

Compliance Violation: (see: misconduct)

Conflicts Of Interest: A conflict between the personal interests (financial or otherwise) of a person or an organization (private of public) while fulfilling their duty with the organization they represent or are contractually bound to. Conflicts of interest are divided into three groups: actual, potential, and perceived. Conflict of interest may not always constitute a breach on its own, but if not managed, it may lead to serious compliance violations.

Control: The power of an institution to manage its financial and operational policies in order to benefit from its activities.

Corporate Governance: The combination of laws, regulations, and voluntary private sector practices that enable a company to attract financial and human resources, operate efficiently, and thus achieve stability by generating long-term economic gain for its shareholders, without harming the interests of beneficiaries and the public.

Corporate Social Responsibility: The determination of an organization to consider social and environmental aspects in decision-making processes and to be responsible for the impact of its decisions and activities on the society and the environment

Corrective Control: Control system designed to reduce the impact on the organization when an adverse situation occurs.

Corruption: Abuse of public power, duty, and authority to obtain private benefits through bribery, extortion, favoritism, fraud, and embezzlement. [7]

Courage: Not just knowing what is the right thing to do in ethical dilemmas, but speaking the right thing and doing the right thing in every condition and situation.

Cybersecurity: All of the technical, administrative, and legal measures taken for operational security, security of technical devices, and protection of personal information in order to protect the institution from cyber attacks.

[1] Business Ethics and Ethical Management in the World and in Turkey / TÜSİAD 2002

[2] In the crime of bribery to TCK and FCPA, the perpetrator can only be Public Officials.

[3] Reference Guide to Anti-Money Laundering and Combating the Financing of Terrorism

[4] UN ANTI-CORRUPTION CONVENTION

[5] (UN ANTI-CORRUPTION CONVENTION

[6] Ziraat Bank / Business Continuity Plan

[7] UNDP

Data Breach: Unlawful access to processed personal and corporate data by others without permission.

Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. [8]

Data Destruction: The process of making personal data inaccessible and unavailable in any way for relevant users

Data minimisation: (Continuous review of the processed personal data and minimizing the risk of data load and data breach as possible.

Data mining: Data engineering methods that provide meaningful results from large data.

Data Processor : The natural or legal person who processes personal data on behalf of the person responsible for the data based on the authority given by the responsible person. [9]

Data Protection Impact Assessment: Privacy Impact Assessment: Due diligence and risk analysis assessment of processed personal data generally carried out by an institution. According to GDPR, this is a risk analysis activity that includes technical, administrative, and legal risk assessment before the processing activity, which the data controller has to do before processing personal data, especially where the processing activity has a high impact on the rights of the persons.

Data protection officer: According to article 37 of the GDPR, the data controller and the experts who are responsible for the general compliance program on data protection laws within the institution, especially at the points where the processing activities of the institution are required to achieve the goals of the institution, which the data processor has to appoint under certain conditions.

Data security: The process of protecting data from unauthorized use, unauthorized disclosure, unauthorized destruction, unauthorized alteration, damage to information, or the process of preventing unauthorized access to data.

Data subject: The real person whose personal data is processed [10].

Data Subject Rights: All rights regulated in article 11 of the KVKK that the person concerned can use against the data controller and data processors against the processing of their data. It is regulated in GDPR 12-23 articles and the definition of “”data owner”” is used for the related person.

Data subject: The real person whose personal data is processed.

Data Transfer: Transmission of data on network or internet between two points.

Declaration of Conflict Of Interest : The system in which employees in an institution transparently declare all situations that have occurred, which may be subject to potential and perceived conflicts of interest.

Duty of Loyalty: The employee’s obligation to protect the rightful interests of the employer, which is based on the principle of honesty, and to avoid any behavior that may harm the interests in question.

Deferred Prosecution Agreement: The agreement between the prosecutor and the accused in US law that includes the terms of adjournment of the prosecution of financial crimes and is supervised by the judge and relevant institutions

Department of Justice: U.S. Department of Justice 

Discrimination: Prejudice against or negative treatment of a person or social group due to certain characteristics such as religious belief, political opinion, ethnic origin, gender, age, marital status, or physical disability

Disclosure: To reveal something hidden, to spread it.

Disgorgement: Returning the profit. The process of returning the bribery given within the scope of the FCPA and the profits obtained from this to the competent authorities.

Donation: Transfer of a certain amount of goods or money to someone else for free

Due Diligence: Detailed analysis of the current situation in technical areas such as Legal, Compliance, Finance, Information Technologies. Generally based on identifying and reporting all risks and red flags that will affect the business partnership decision of other institutions and persons in company mergers, acquisitions and third party risk analysis, and in the business partnership process of the institution

Equal Employment Opportunity: Ensuring that all employees within the organization are employed without any discrimination.

Ethics: The branch of knowledge consisting of universal principles and values about doing the right thing, acting for the benefit of individuals and society, which are effective in the attitudes, behaviors, actions and decisions of individuals and institutions.

Ethical Consumption: The behavior in which consumers take into account the effects of the product they consume on the nature, productive workers and communities, animal welfare, and society in general when making consumption decisions.

Ethical Principals : Guiding values, principles, and standards that help individuals and organizations to do the right thing in their business process.

Ethical Procurement: A procurement approach that provides benefits to both companies that make purchases and sales, and to the general public, where the environment and socioeconomic factors are prioritized over the sales price.

Ethical Decision Making: The process of evaluating views and making decisions in accordance with ethical principles and values

Ethical Dilemmas: The problem of deciding between two potentially necessary behaviors that cannot be confirmed or accepted with certainty.

Ethical Leadership: The type of leadership in which employees decide on ethical principles and values, for the benefit of both individuals and society, act as a role model for other employees, and exhibit proactive behavior as much as laws and policies while achieving corporate objectives.

Ethics and Compliance Committee: The committee established to create and develop a culture of ethics and compliance in institutions, to advise and guide personnel regarding the problems they encounter on ethics and compliance principles, and to evaluate ethical and compliance practices.

Ethics and Compliance Officer: The person who ensures the preparation and implementation of ethics and compliance programs within the framework of the legal regulations, institutional policies and procedures, quality requirements, risk management priorities, and ethical principles to which the institution is subject, and provides ownership and guidance to other employees in making ethical decisions

Ethics and Compliance Risk Analysis: A preliminary analysis of the likelihood of a particular breach of ethics and compliance with ethics and the severity of the harm or damage that may arise from the consequences of this event.

Ethics and Compliance: A set of policies and practices that are part of the ethics management framework and are regulated to ensure compliance with rules such as laws, international binding laws, ethical standards, and internal principles.

Extraterritorial jurisdiction: The right of a state with international authority to exercise its jurisdiction beyond its own borders.

Externalities: The situations that occur during the production activities of the producers, companies or the consumption activities of the consumers and affect the third parties who have no direct connection with this activity, positively or negatively.

Extortion: A public official taking advantage of the difficult situation of the other party through coercion, threat, and similar situations

Facilitation Payments (Grease payments): Informal, improper, small payments (oecd) made to a lower-tier official to secure or expedite the execution of a routine or necessary action for which the paying party is legally entitled

Failure to prevent bribery: A crime regulated in the UKBA chapter 7  for the failure of a business organization to prevent the crime of bribery by failing to take the measures it must take within itself. This type of crime is regulated as vicarious liability and regulates that the organization’s employees, representatives, and business partners are also responsible for their actions.

Fair market value: Fair market value indicates the price equilibrium point of a good or service in the same market in line with general perceptions and comparisons. Fair market value is important in determining whether there is compatibility between payment and goods and services in terms of fighting bribery and similar crimes.

Fair Trade: A market-oriented organized social movement aimed at helping manufacturers in developing countries and promoting sustainability.

Federal Sentencing Guidelines FSG: US Federal Criminal Rules

Federal Trade Comission FTC: U.S. Federal Trade Commission

Foreign Corrupt Practices Act (FCPA): US Foreign Corrupt Practices Act

Forgery: Preparing a fake document, altering a document in a way that deceives others, or using a fake official document.

Fourth Parties Logistics: Companies that bring together the resources, capabilities, and technology of their own organization with third-party logistics (3PL) companies to provide comprehensive supply chain solutions to their customers and undertake the design and management of the entire chain.

Fraud: Unlawful acts that may be characterized as fraud or abuse of security for the purpose of providing money, goods or services, avoiding loss of service or payment, or gaining personal or business advantage.   Or using one’s profession to attain personal wealth through deliberate misuse or embezzlement of assets belonging to the employing organization. [11]

[8] KVKK article 3

[9] KVKK article 3

[10] KVKK article 3

[11] ACFE

General Data Protection Regulation (GDPR): European General Data Protection Regulation

Good Faith: Acting without any bad thoughts or personal interests about any person or matter, [12] goodwill

Governance: Including relevant stakeholders in decision-making and implementation processes, and carrying out these processes with a mutual dialogue and in a pluralistic way (social policies glossary)

High-Risk Activities: Actions with high potential of harmful consequences arising from the risk

Hotline: Communication system of potential or realized ethical and compliance violations faced by all stakeholders of the institution to the competent authorities

Insider Trading: (alt: information-based trading undisclosed to the public) to gain unfair benefit or to eliminate a loss in a way that disrupts the equality of opportunity among those trading in the capital market, by using information that has not yet been disclosed to the public to benefit individuals or third parties, which may affect the value of capital market instruments. [13]

Integrity: A state of integrity and honesty in the form of having strong ethical principles and values and consistency between what is done and what is said.

Internal Investigation: An internal investigation conducted for the purpose of detecting possible damages and losses in an institution or investigating the truth of a claim

International Financial Reporting Standards IFRS: International Financial Reporting Standards

[12] TDK

[13] SPK

Kickback: When a person authorized to make a purchase decision in an organization claims the price of an unfair commission on their own behalf and benefit in exchange of services rendered by their business partner

Legal Hold Order: Instructions sent by the legal department of the institution to protect information and documents sent to employees to be used in a possible litigation.

Mergers and Acquisitions: By creating a permanent change in control; a) Merger of two or more undertakings; or b) Direct or indirect control of all or part of one or more undertakings, by purchase of shares or assets, by contract or other means, by one or more undertakings or at least taking over by one or more persons controlling an undertaking, [14] 

Misconduct: Failure to fulfill any compliance management obligation,

Monitoring: Regular internal monitoring, inspection, and audit activities carried out by the institutions regarding whether the laws and rules are applied in their business processes.

Moral: The verbal behaviors, customs, and rules that people in a society have to obey, varying from society to society from location to location.

Organizational Justice: Ensuring a fair distribution of the gains in accordance with the relationships within the organization, and that the procedures followed while making this distribution, the decisions, regulations, practices of managers regarding the organization and employees, and their behavior towards employees are perceived as impartial and fairly unconditional by the employees. [15]

Passive Bribery: When a public or private sector official or any other person accepts, directly or through intermediaries, an improper benefit for performing or not performing a task related to their duties

Pay off: It takes place with the concept above.

Perceived conflicts of interest: A situation in which the interests of an employee/person bound by contract in an institution may be perceived as in conflict with the interests of the institution by the world, even if there is no such conflict

Potential conflicts of interest: The situation in which the personal interests of an employee/person bound by contract in an institution may potentially conflict with the interests of the institution in the future, even if these conditions do not occur in reality.

Personal Data: All kinds of information regarding an identified or identifiable real person. [16]

Privacy By Design: Designing any project in which personal data will be processed, in accordance with the rules and principles of protection of personal data, from the beginning to the end.

Processing of personal data: Provided that personal data are fully or partially automated or are part of any data recording system, any operation performed on this data such as non-automatic acquisition, recording, storage, preservation, modification, reorganization, disclosure, transfer, taking over, making available, classifying, or preventing use. [17]

Processor: Real or legal persons outside the organization of the data controller, who process personal data on behalf of the data controller based on the authority given by the data controller

Quality Policy: All of the knowledge and documents that regulate the principles and rules in the field of business where the theory and practice of all business processes are brought together to perfect the operations of the institution, based on the objectives of the institution, the business environment, the sector, and the rules in the country where it operates.

[14] Declaration on Mergers and Acquisitions Requiring Permission from the Competition Board Article 5

[15] Journal of Commerce University

[16] KVKK

[17] KVKK

Regulatory Compliance: Institutions being aware of the relevant legislation and doing the necessary work to comply with them.

Reporting System: Systematic reporting of the investigations conducted by the institutions on any issue or problem to the authorized units within the institution.

Reputational Risk: the current and potential effects of negative public opinions about institutions.

Retaliation: The situation in which stakeholders are faced with harmful acts such as being punished, fired, demoted, threatened, or harassed because of concerns about ethics and compliance they have reported.

Right to Audit: The right of the institution to perform an audit in order to check whether the issues promised by the articles added to the agreements between the institution and its business partners are realized

Right to Be Forgotten: The right to request for the names and surnames of the relevant Persons and the technical regulation of the results of searches through search engines in a way that will not be indexed. [18]

Right to Erasure: The right to request the process of making personal data inaccessible and unavailable in any way for the relevant users. [19]

Risk: Potential of loss, injury, or other harmful consequences from the hazard

Risk assessment: Activities required for identifying hazards which are existing in or may arise from outside the workplace, for analyzing the factors which may cause these hazards turn into risk and analyzing and grading the risks resulted from these hazards, and for comparing the control precautions

Risk Based Approach: A management approach that focuses on risk analysis and methods.

Risk Management: Risk management is to define and evaluate the risks that may arise during the operations of the institutions carefully and in detail, and to take measures to minimize or eliminate these risks.

Safe harbor principles: Statute or a regulatory provision that recognizes that certain behavior will not violate a particular rule

Sample: The group chosen from the whole, to which research techniques will be applied to understand the whole in a study

Sapin II: French Anti-Bribery Act

SEC: Securities and Exchange Commission: United States Securities and Exchange Commission. Capital Markets regulator of the USA

Self-disclosure: Notification of an improper situation or a crime in the law to the relevant institutions spontaneously, without any external supervision.

Serious Fraud Office SFO: Serious Fraud Investigation Agency of the UK

Stakeholder: All individuals and institutions affected by the activities of the organization and in contact with the organization

Speak-up: Verbal or written report from a stakeholder of an organization about a situation or action that they believe is wrong, even if they are in doubt.

Speak-up Culture: Internal culture created so that employees can freely and without hesitation disclose violations of ethics in organizations.

Special Categories of Personal Data: The data related to people’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and dress, association, foundation or union membership, health, sexual life, criminal conviction, and security measures and biometric and genetic data are personal data of special nature. [20]  GDPR is regulated by Article 9 and while GDPR does not include dress code, membership of associations and foundations, sects and other beliefs in this category, it has evaluated sexual orientation within this scope.

Standard Operating Procedure: A series of instructions issued by an organization to help employees carry out complex routine operations.

Sustainability: Continuity of a particular situation or process within the current system

[18] (KVKK announcement dated 17.07.2020)

[19]  Regulation on Deletion, Destruction, or Anonymization of Personal Data, Article 8

[20] KVKK article 6

Third Party: The Business Partner/Third Party includes, but is not limited to, its customers, joint ventures, consortium partners, joint venture stakeholders, contractors, subcontractors, suppliers, vendors, consultants, agents, distributors, representatives, the person or entity with which the organization has or plans to establish a business relationship.

Tone from the middle: The behavior of the mid-level managers of the institution and management styles and the sincere support they give to the ethics and compliance program of the institution

Tone from the top: The sincere support given to the ethics and compliance program of the institution with the behavior and management styles of the top managers Trade sanctions: Trade bans against one or more targets (state, administration, group, person, company) by one or more practitioners (state, international organizations) for political purposes and sanction rules applied in case of breach of these bans

Transfer of value: direct or indirect value transfers in cash, in real or other forms

Transparency: The principle of making and implementing decisions in line with the rules and regulations, providing access to information for those who will be affected by the decisions, and making this information accessible, understandable and concrete [21]

UK Bribery Act (UKBA): UK Bribery Act

Values: A certain mode of behavior, a persistent belief that is socially or personally preferable to the current ultimate or ultimate state.

Whistleblower: A person who reports or reveals potential or realized unethical and non-compliance behaviors or practices that employees of the organizations encounter.

Whistleblower Award: According to the FCPA, the amount of incentive to be given to the person who provides information and assistance that affects the result of an investigation of the institution, over the penalty to be imposed on the institution.

White collar crimes: Non-violent crimes committed by individuals with entrepreneurial, professional, or semi-professional status for financial gain by using deception techniques. [22]

[21] International Transparency Association

[22] DOJ