New Regulations On Payment Services and Issuing Electronic Money and Payment Service Providers are Published.

12/24/2021

All News
  • Home Page
  • |
  • News
  • |
  • New Regulations On Payment Services and Issuing Electronic Money and Payment Service Providers are Published.
The Regulation on Payment Services and Issuing Electronic Money and Payment Service Providers (“Regulation”) and the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services (“Communiqué”) have been published in the Official Gazette dated December 1, 2021 and numbered 31676; the Regulation and Communiqué entered into force on the date of publication.
What Does the Regulation and Communiqué Bring?
“The Regulation on Payment Services and Issuing Electronic Money and Payment Service Providers” has been abolished with the Regulation; “the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services” has been abolished by the Communiqué and a series of developments are introduced in secondary regulations regarding payment services.

What is regulated under the Regulation?
The main rules introduced within the scope of the Regulation are as follows:
  • The concepts of “pre-paid instrument” and “anonymous pre-paid instrument” are defined. According to this Regulation;
    • A pre-paid instrument refers to a payment instrument that is either tangible or intangible enabling the fund used in payments to be used in payment services as electronic money, which the customer paid before spending to the payment service provider that issues the payment instrument and which equals the paid amount,
    • An anonymous pre-paid instrument refers to a pre-payment account that is not related to the payment account in any way and has not been identified or verified, is activated by pre-payment or top-up, can be issued in a form enabling or disabling multiple top-ups, and allows to use only the valid balance amount.

      Anonymous pre-paid instruments can only be used in payment transactions where the anonymous pre-paid instrument holder is physically at the workplace and the anonymous pre-paid instrument is physically used and payment transactions and invoice payment transactions regarding the purchase of goods or services to be made before service providers and intermediary service providers that are certified with an Authentication Stamp.
  • Workplace registration system; in order to facilitate the processes related to payment transactions and to prevent fraud and malicious use activities in the field of payments, a workplace code will be given by Bankalararası Kart Merkezi Anonim Şirketi ("BKM") to the workplaces that offer goods and services with a payment method that falls within the scope of payment service, and the workplace code will be used for these workplaces to sell goods and services.

    BKM is expected to establish the workplace registration system by June 30, 2022.
  • Within the scope of payment services; payment institutions (“Institutions”) will not grant interest for the funds received in return for electronic money, and no benefit will be provided to the customer depending on the period and amount of keeping the electronic money.
  • Conditions to be accepted as electronic money; Certain conditions have been introduced for the acceptance of intangible assets distributed over the digital network as electronic money, these conditions are as follows;
    • Issuing only at par value
    • Issuing in exchange for the funds accepted by the electronic money issuing institution
    • Storing electronically
    • Using for payment transactions defined in the legislation
    • Accepting as a means of payment by natural and legal persons other than the electronic money issuing institution.
    • Since all cryptocurrencies, especially Bitcoin, do not fulfill these conditions, they are excluded from the scope of the legislation. Therefore, the possibility of using and trading cryptocurrencies as electronic money has thus disappeared.

  • The titles of companies applying for an operating authorization are required to include phrases indicating that they are a payment institution or an electronic money institution. In addition, the amount of capital required to be held shall be at least 1 million Turkish Lira for payment institutions that will provide services to mediate invoice payments, at least 2 million Turkish Lira for providing other payment services, and at least 5 million Turkish Lira for issuing electronic money.
  • Persons who have been issuing assets, that can be considered as electronic money before the effective date of the Regulation, without an operating authorization but can be included in the category of electronic money institutions under the Law shall apply to the CBRT until December 1, 2022 to obtain an operating authorization. In other words, in order to obtain an operating authorization until this date, they shall meet the conditions such as the title, minimum capital, and granting collateral, and shall apply for the necessary authorization.
  • Restrictions on the selection of representatives have been introduced and supervisions have been increased. Without prejudice to the due diligence obligations of the Institutions in the selection of representatives, payment services can be carried out through representatives via electronic or physical channels.
  • Within the scope of the prohibition on granting a loan, the Institution will not be able to grant a loan and will not be able to engage in advertising and marketing activities in a way that creates the impression of granting a loan. Amounts subject to intermediary transactions cannot be divided into instalments.
  • Regarding the transactions in which both parties are resident in Turkey and the payment transactions used by the payment service providers located in Turkey, the Institution shall not be able to make foreign exchange transactions. However, provided that one of the parties to the transaction is abroad and in the case of other conditions specified in the Regulation are met, the Institution will be able to make foreign exchange transactions, limited only to the providing of payment services.
  • Other issues that the representatives of the Institution should pay attention to are as follows:
    • It shall not engage in foreign exchange trading activities without authorization.
    • There should not be any boards or similar documents or devices showing the exchange rates in the workplace, and there should not be any currency symbols.
    • There should not be any words, phrases, or signs giving the impression that foreign exchange is being traded.
  • In terms of safeguarding of funds and securities, obligation to have minimum security of 2 million Turkish Lira for payment institutions providing services for the intermediation of invoice payments before the Central Bank of the Republic of Turkey (“CBRT”), 3 million Turkish Lira for other payment institutions, and 5 million Turkish Lira for electronic money institution has been introduced.

    However, it has been regulated that payment funds safeguard accounts and electronic money safeguard accounts may be blocked by the relevant bank, in certain cases, in order to compensate the rights of the fund owners and to fulfill the obligations of the institution arising from the legislation.
  • In terms of the obligation to inform the consumer, payment service providers are obliged to prepare an electronic or physical information form that includes the rights of consumers regarding their activities, uses a clear and easily understandable language, and is designed in a way that can be easily read.
  • In terms of the notification obligation of those who are out of the scope, if the amount of transactions performed within the last 12 months exceeds 50 million Turkish Lira, an obligation to share the report including service definition, detailed workflow and models, transaction volumes, and other information and documents that may be requested by the CBRT, to the CBRT has been introduced.

    As a result of the notification, the CBRT may decide to consider the related activity as a payment service. Thus, it may be necessary to obtain an operating authorization.

    For those who have applied for an operating authorization before December 1, 2021, only the regulations of the Regulation on the above-mentioned operating authorization, sufficient capital, and securities obligations, and the safeguarding of payment funds and funds collected in exchange for electronic money will be applied; the abrogated regulation will remain in effect regarding other matters.

    In other words, those who applied for the authorization before December 1, 2021; shall meet the obligations and criteria with respect to title, minimum capital, and securities amount determined according to the service to be provided.

    Persons who have been granted an operating authorization are obliged to comply with the regulations to be made by the CBRT regarding the management and supervision of information systems and the entire Regulation by December 1, 2022 at the latest.

What is regulated under the Communiqué?
The main regulations introduced within the scope of the Communiqué are as follows:
  • In terms of risk management regarding information systems, the Institution shall carry out a comprehensive risk assessment of information systems before any significant changes in the information systems and at least once a year, and it shall prepare a relevant report covering the methods to be followed regarding previous year until the end of January each year, and submit the report to its board of directors and the CBRT.
  • In terms of cyber incidents, the Institution is obliged to inform Personal Data Protection Authority, as soon as possible, in the event that a cyber incident that leads to the leakage or disclosure of sensitive customer data or personal data exists or personal data is illegally obtained by others.
  • In terms of information security management, the Institution is obliged to prepare an information assets classification guide approved by the board of directors in order to ensure appropriate controls in line with security requirements, clearly specify the access rights and storage, transmission and destruction procedures regarding information assets, and inform all its personnel about the related obligations.
  • In terms of data security and privacy, the Institution is obliged to take the necessary measures to ensure the confidentiality and security of customer information and to prevent the leakage of sensitive customer data obtained or stored during its activities outside the institution. Customer information can only be given to parties other than the competent authorities, provided that the obligation to inform the customer is performed and the explicit consent of the customers is obtained.
  • In terms of identity verification, the Institution is obliged to establish an adequate and effective identity verification system. In terms of accessing sensitive customer data or issuing regular payment orders, a strong verification method will be used. The principle of using strong identity verification has been introduced in transactions made by customers electronically and which may or may not have financial consequences. There is no strong identity verification requirement for transactions related to the anonymous pre-paid instruments.
  • In terms of access management, it is regulated that the Institution will clearly determine the authority and limitations of the personnel based on the need-to-know principle, and will take the necessary measures to prevent unauthorized access.
  • In terms of security vulnerabilities, in order to prevent possible security violations on the information systems, it is regulated that the Institution shall regularly scan all servers associated with the system for vulnerabilities at least six times a year. The Institution will submit a report, containing critical security vulnerabilities and measures to overcome them, to the CBRT at least once a year.
  • In terms of creating supervision tracks, the Institution will establish a supervision track recording system that will allow tracking of activities and unauthorized access attempts in information systems. Supervision tracks will be backed up in a secure medium.
  • In terms of information systems continuity plan, the Institution will prepare an information systems continuity plan as a part of its business continuity plan. Information systems continuity plan will include information systems continuity targets to be determined, the source of the continuity plan, the damage it causes, its potential size and impact, the procedures related to the preparation process of the plan and the duties of the people who will be involved when the plan comes into effect, the method of communication with the related partners, the recording method of the decisions and actions within the scope of the plan.
  • In terms of establishing a secondary center, in order to ensure the Institution's continuous activities, the obligation to establish the "Secondary Center and Systems" and periodically test the Secondary Center and Systems is introduced. These systems are a structure that can be accessed readily for use, enables the personnel to work, and does not carry the same risks as the primary center.
To access the full text of the Regulation, please click here, and to access the full text of the Communiqué, please click here.

Bilge Binay Kanat, Senior Associate
Burak Batı, Associate
Dilara Kürkçüoğlu, Legal Intern
Zeynep Yalçın, Legal Intern

Other News
4/16/2024
Export Restrictions Have Been Imposed on Israel
The Ministry of Trade announced that export restrictions had been imposed on fifty-four product groups exported from Turkey to Israel, effective from April 9, 2024.
News| Legal Updates
3/20/2024
2023 Corporate Tax Reservation and Litigation Matters
In our 2023 Corporate Tax Reservation and Litigation note; we have examined the issues of "application of reduced corporate tax rate to earnings from services provided to foreigners in Türkiye (accommodation, health, etc.)" and "excess profit declared due to not subjecting the assets sold in 2023 to inflation adjustment".
News| Legal Updates
3/12/2024
Amendments to Law Numbered 6698 on the Protection of Personal Data
Law Numbered 7499 on the Amendment of the Code of Criminal Procedure and Certain Laws introduced long-awaited amendments to the Law Numbered 6698 on the Protection of Personal Data ("KVKK"). Law Numbered 7499 was published in the Official Gazette dated March 12, 2024 and numbered 32487. The provisions amending the KVKK will enter into force as of June 1, 2024.
News| Legal Updates
2/29/2024
Exceptions to Foreign Currency Payment Prohibition in Movable Sales Agreements Have Been Introduced
Communiqué (No: 2024-32/69) ("Communiqué") amending the Communiqué (Communiqué No: 2008-32/34) on Decree No: 32 on the Protection of the Value of the Turkish Currency was published in the Official Gazette dated February 28, 2024 and numbered 32474. The Communiqué introduced some exceptions to the prohibition of payment in foreign currency in certain agreements.
News| Legal Updates
1/23/2024
Strategic Shift: Administrative Cancellation of Trademarks
As of 10.01.2024, the authority to cancel trademarks, which was temporarily given to the courts by Article 26 of the Industrial Property Law No. 6769 ("IPL"), which entered into force on 10.01.2017, has been given to the Turkish Patent and Trademark Office ("TPTO"), whose founding purpose is to contribute to the effective protection and commercialization of industrial property rights by increasing industrial property awareness in all segments of society.
News| Legal Updates
1/18/2024
Amendments to the Principles and Rules to be Applied in Retail Trade
The "Regulation Amending the Regulation on Principles and Rules to be Applied in Retail Trade" ("Regulation"), which has been subject to a long period of study by the Ministry of Trade, was published in the Official Gazette dated December 14, 2023 and numbered 32399.
News| Legal Updates
12/28/2023
Significant Amendments to the Price Label Regulation
With the amendment published in the Official Gazette on December 19, 2023, effective as of 01.01.2024, the Regulation Amending the Price Labeling Regulation ("Regulation") introduced the obligation for establishments providing food and beverage services such as restaurants, cafes, patisseries, etc. to display tariffs and price lists in places where consumers can easily see them. The primary objective of the Regulation is to ensure that consumers are informed in a correct and transparent manner.
News| Legal Updates
12/13/2023
Amendments Introduced to Reduce Losses as a Result of the Earthquake
With the Law No. 7471 on the Amendment of the Law to the Transformation of Areas under Disaster Risk and Certain Laws and the Decree Law No. 375 (the “Law”), which was published in the Official Gazette on November 9, 2023, a number of significant amendments were made in urban transformation practices.
News| Legal Updates
11/15/2023
The Constitutional Court Upholds Amendments to the E-Commerce Law
The decision on the annulment case filed in the Constitutional Court (“CC”) regarding the Law No. 7416, which made substantial amendments to the Law No. 6563 ("E-Commerce Law") and entered into force on 07.07.2022, has been published in the Official Gazette No. 32317 dated 22.09.2023. The CC uphold the amendments related to the provisions of the E-Commerce Law and rejected the request for annulment by a majority vote.
News| Legal Updates
11/7/2023
The Law Introduced for Short-Term Leases
The Law on the Leasing of Residences for Tourism Purposes and Amendments to Certain Laws ("Law") published in the Official Gazette dated 02.11.2023 sets forth significant obligations for lessors, intermediaries, and intermediary service providers enabling the electronic commerce platforms promoting short-term residence leases. This legislation mandates that residences leased for periods less than 100 days must be registered with the Ministry of Culture and Tourism ("Ministry") and non-compliance with the obligations thereto will result in administrative penalties. Further, lessors are required to obtain an authorization document from the Ministry and a plaque indicating the qualification of the residence. Non-adherence to these requirements will cause to incurrence of administrative fines. The Law will come into effect on 01.01.2024.
News| Legal Updates
10/28/2023
Matters To Be Considered For Roofed Workplace Leases
In accordance with the Turkish Code of Obligations No. 6098 ("TCO"), lease relations are categorised under three main headings: (i) general provisions, (ii) residential and roofed workplace leases, and (iii) product leases. Properties to be leased as offices, warehouses, etc. for the purpose of conducting commercial activities will be subject to the provisions of "Residential and Roofed Workplace Leases".
News| Legal Updates
9/20/2023
Sale of Real Estate Before Notary Public Has Begun
The amendment made to the Notary Public Law numbered 1512 regulated that, real estate sale agreements, which could previously only be executed before the land registry offices, could now be executed at the offices of the notary public, as of 2023. With the public announcement made by the Union of Notaries of Turkey, the sale of real estate in the offices of the notary public has begun as of July 3rd, 2023, and actively implemented as of September.
News| Legal Updates
Expertise
Sectors
Insights & News
Insights
Covid-19 Legal Guide
Corporate
Contact Us
Subscribe to our Newsletters
All Rights Reserved. © 2020