M. Özkan Özdoğan
Cenk Civan
On October 7, 2023, the Regulation on Amendments to the Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers, and the Communiqué on Amendments to Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services were published.
The significant amendments to the Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers(“Regulation“) are outlined below:
Digital Wallet
The Regulation governing digital wallets has undergone its inaugural set of legal amendments. As part of these new regulations, digital wallet is defined as a payment instrument that stores information related to the customer’s designated payment account or payment method, and enables the customer to conduct payment transactions using this information; and digital wallet services will be offered by payment service providers. Those who were already offering this service prior to the enforcement of the Regulation were required to ensure compliance the requirements by October 7, 2023.
Those services will not be considered digital wallet service; services (i) provided by persons who store sensitive client data on behalf of the workplaces or payment service providers within the limits permitted by the legislation under their contractual relationship, who are not a direct party to any legal transaction with the client in this respect, and who do not create the impression to the client that the payment transaction is carried out through the storing legal entity; (ii) where the storing legal entity does not own the funds involved in the payment transaction at any stage of the payment transaction and (iii) where the rights and obligations regarding the activity carried out are clearly defined in the agreement between the parties. Those who provide these services will not be required to be established as payment service providers.
Payment service providers intending to offer digital wallet services must at least obtain a digital wallet license from the Central Bank of the Republic of Turkey (“CBRT”) for issuing payment instruments. Additionally, payment service providers must obtain other licenses if they wish to provide any other payment services through the digital wallet.
If the digital wallet is used as a payment instrument in workplaces and the funds related to the payment transaction are transferred through the institution providing the digital wallet service, that institution must be authorized to issue electronic money.
In cases where payment transactions are conducted in workplaces using a digital wallet and the payment is directly initiated using either a payment account associated with the digital wallet or a payment instrument issued by another payment service provider, the institution must obtian a license for payment initiation service.
The exceptions to payment services as regulated in Law on Payment and Securities Settlement Systems, Payment Services, and Electronic Money Institutions numbered 6493 (“Law“), as well as the provisions related to closed-loop electronic money and prepaid instruments, will also enforce to digital wallet services.
Amendments to the Activities of Payment Service Providers
The recent amendments have introduced new activities for payment and electronic money institutions. With the amendments, the institutions;
can act as intermediaries for precious metals trading, but they are prohibited from directly engaging in precious metals trading. Furthermore, the institutions’ precious metals transactions as intermediaries will be limited to a maximum of 1% of the payment volume from the previous calendar year within a one-month period.
can provide interface services; however, these services do not encompass transactions, whether directly or indirectly, involving the trading of precious metals, gemstones, and foreign exchanges.
can offer training and consultancy services related to the issuance of electronic money or payment services.
Amendments to Open Banking Services
Payment and electronic money institutions can offer additional payment services to their customers without obtaining prior approval from the CBRT, provided it is deemed necessary by the CBRT and included in the framework agreement between the customer and the institution. However, once the necessary information about the additional payment service has been provided, the provision of this additional service cannot be carried out if the customer rejects it.
If the account containing the fund and the account to which the transfer is made belong to the same payment service provider, it will not be considered as a payment initiation service.
The Regulation now includes a definition of qualified services, enabling open banking companies to offer the services they provide to legal entities as value-added services to individuals as well.
Exception to Share Transfer
Share transfers occurring between companies within the same group, where there is no direct or indirect change in the shareholding ratio of the institution’s ultimate shareholders, do not require prior permission form the CBRT. However, the institution must notify the CBRT within 10 business days of the transaction.
Following the notification to the CBRT, if it is determined that the transaction jeopardizes the requirement of maintaining a transparent and unrestricted shareholding structure that does not obstruct oversight, the CBRT has the authority to request the suspension of the transaction, the reversal of the transaction if it has already been completed, to set a specific period for compliance, and to apply the sanctions prescribed in the Law and the Regulation if the necessary actions are not taken within the specified period.
Amendments to Mobile Payments
Changes have been made to the upper limits in mobile payments, with the limit per transaction set at TL 1,000, and the total monthly expenditure for all lines owned by the customer with their relevant electronic communication operator being set at TL 2,750.
Amendment to Payment Funds and Funds Collected in Exchange for Electronic Money
Institutions cannot use payment funds as collateral. Furthermore, all administrative and judicial requests, measures and seizures relating to the rights and claims of payment service users within the institution will be exclusively carried out by the institution. If banks, where the safeguard account is held, receive requests related to the funds’ ownership on a customer-specific basis within the institutions, these request will be fulfilled, limited to the relevant fund. The bank will promptly inform the institution of these actions.
Electronic money institutions will maintain records of the funds received in exchange for electronic money issuance in a manner that allows for customer-specific tracking the funds, excluding those related to anonymous prepaid instruments.
The significant amendments to the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services (“Communiqué”) are outlined below:
Amendments to Remote Identification
If remote identity verification is carried out using biometric data, the individual’s approval and explicit consent will be documented and recorded.
In the processes conducted remote communication tools, all responsibility will lie with the institution in contracts established without complying with the conditions in the Communiqué.
When a contract is established through a remote communication tool, a robust identity verification process must be conducted, and explicit consent must be obtained through the same electronic channel used for communication.
To confirm the identity of the individual, a liveness test will be performed using methods such as real-time online video, real-time online moving photos, or online video calls.
Amendments to Data Transfer Abroad and Information Systems
Maximum care will be taken to ensure that products and services related to critical information systems and security are produced in Türkiye or that their manufacturers have R&D centers in Türkiye, and this will be considered an important criterion in the procurement of external services. Such providers and manufacturers will be required to have intervention teams located in Türkiye.
In cases where one of the parties involved in the payment transaction, either themselves or the service provider, is located abroad, the institution may facilitate the transfer of data abroad to ensure the smooth execution of the payment transaction, provided that it complies with the Law on Personal Data Protection numbered 6698.
However, if the CBRT deems that it could have a negative impact on the development of the payment sector, it can decide to suspend data transfers or impose additional restrictions for providers.