Regulation and Communique on Payment and Electronic Money InstitutionsDecember 2021, ERDEMİR&ÖZMEN ATTORNEY PARTNERSHIP
Regulation and Communique on Payment and Electronic Money Institutions
As regards the emerging financial services sector in the world and in our country, the Regulation on Payment Services, Electronic Money Issuance and Payment Service Providers (“the Regulation”), which contains significant provisions that particularly payment institutions and electronic money companies have been waiting for a long time, entered into force as published in the Official Gazette on 01.12.2021.
The Regulation contains crucial provisions for the sectors in respect of the information systems of payment and electronic money institutions and data sharing services of payment service providers in payment services area.
The Regulation, published in the Official Gazette, sets forth the principles regarding authorization and activities of payment institutions and electronic money institutions as well as the principles for payment service providers and provision of payment services and electronic money issuance. The new Regulation repeals the Regulation on Payment Services and Electronic Money Issuance, Payment Institutions and Electronic Money Institutions, published in 2014.
Furthermore, the Communique on the Management and Supervision of the IT Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in Payment Services Area (“the Communique”), which is a long-awaited and significant regulation, also entered into force as published in the Official Gazette on 01.12.2021. The Communique on the Management and Supervision of IT Systems of Payment Institutions and Electronic Money Institutions is repealed upon the entry into force of the Communique consisting of five chapters in total.
The Communique aims to set forth the principles and procedures regarding management of the information systems used by payment institutions and electronic money institutions in the conduct of their activities, and supervision of these information systems by authorized independent auditing firms as well as the principles and procedures regarding data sharing services of payment service providers in payment services area. Pursuant to the relevant provision, the Postal and Telegraph Corporation is also governed by the provisions of the Communique in respect of its payment services and electronic money issuance.
The Communique contains articles to be taken as basis in the management of information systems as well as articles regarding the data sharing services used in payment systems. Pursuant to the Communique, account service providers shall be connected to the structure to be established by the Interbank Card Center Joint Stock Company.
This newsletter provides general information on the amendments introduced for IT systems of payment and electronic money institutions, data sharing services of payment service providers in payment services area, payment services, electronic money issuance and payment service providers.
New capital requirement for electronic money issuer institutions
With this newly introduced Regulation, it is predicted that the cost of operating an electronic money institution and payment service will increase significantly. Pursuant to the Regulation, a paid-in capital requirement of five million TRY is imposed on electronic money issuer institutions. It is necessary for these institutions to fulfil the paid-in capital requirement of at least one million TRY in the provision of services for intermediating bill payments, and the paid-in capital requirement of at least two million TRY in the provision of services such as operating a payment account, money transfer and remittance, issuance or acceptance of a payment instrument.
Furthermore, payment and electronic money institutions shall not accept deposits or participation funds, provide loans and split the amounts, intermediated for payment, into installments.
Electronic money issuer institutions shall issue, without delay, electronic money in the amount of funds they have received. Electronic money shall be deemed to have been issued when payment is made to obtain it. The electronic money issuer institution will be obliged to give the client the receipt in printed form or in electronic environment, which receipt indicates the amount of the fund received in return for the electronic money.
It is stipulated that the institutions intermediating for payment of bills shall conclude a contract with the institutions producing bills, in respect of making collections on their behalf.
The institution shall not buy or sell foreign currency in relation to payment transactions which are used by payment service providers located in Turkey and where both parties to the transaction are domiciled in Turkey. Foreign exchange trading will be possible within the conditions determined by the Regulation, with the prerequisite that one of the parties to the transaction is abroad.
The electronic money issuer institution shall issue without delay the electronic money in the amount of the fund it has received. The funds, delivered to the representative of the electronic money institution in order to obtain electronic money, are deemed to have been delivered to the electronic money institution.
No interest shall be charged for the fund received in return for electronic money, and no benefit shall be provided to the client, subject to the amount of the electronic money and depending on the period that the electronic money is kept. Upon the request of the client, the electronic money issuer institution will be obliged to perform the transactions regarding the repayment of the fund equal to the amount corresponding to the electronic money, by the end of the next business day at the latest, after receiving the request.
Intangible assets, issued in consideration of money and created virtually and distributed through digital networks, shall be considered electronic money in the case that they are issued against the funds accepted by the issuer institution and that they are stored electronically and that they are used in order to perform the payment transactions specified by the law and that they are also accepted as a payment instrument by real and legal persons apart from the issuer institution.
Therefore, bitcoin and similar crypto assets, and crypto assets issued on the basis of assets other than fiat money are not covered by the Regulation.
Payment and electronic money institutions’ cooperation with institutions domiciled abroad
Pursuant to the Regulation, payment and electronic money institutions may, in line with their purposes and activities, cooperate with legal persons that are domiciled abroad and have obtained permission from the Central Bank of the Republic of Turkey (“the CBRT” or “the Bank”).
With this amendment introduced, the cooperation is subject to the way in which the payment services included in the scope of the Law are provided jointly with a legal person domiciled abroad by the institution to its clients domiciled in the country; and the institution may cooperate with such legal person, only limited to payment services where at least one of the sender or recipient is abroad. Due to this amendment, no service shall be provided in terms of payment services where both the sender and the recipient are located in the country.
Accordingly, the legal person domiciled abroad, with whom the institution cooperates, shall not single-handedly be the visible face of the service towards the client and shall not use its own brands and logos in any documents, announcements and advertisements or in public statements in a way creating the impression that it has obtained an operating license in the country. Moreover, such legal person shall not establish a website to target clients domiciled in the country either.
The Regulation does not cover a cooperation which is established by the institution with legal persons domiciled abroad through methods similar to acting as a correspondent or representative in relation to the services it will provide and which does not create any direct or indirect client relationship between the legal person domiciled abroad and the institution’s client domiciled in the country in the transactions that will take place within this context.
The institution may cooperate with legal persons abroad, provided that it obtains the relevant permission from the CBRT. On the other hand, the Bank is granted the authorization to request for restriction or termination of the cooperation established by the institution. Accordingly, in case of cooperation with legal persons domiciled abroad, the CBRT is authorized to impose an additional equity obligation on the institution. Moreover, it is stipulated that the documents and records, which are related to the payment transactions that will performed in result of the cooperation to be established, shall be kept by the institution in the country. On the other hand, this condition shall not be sought in case the transactions are processed over the payment or electronic money institution in the country and the trace records of all transactions are kept by the institution located in the country.
Operating permit process introduced by the Regulation
Another amendment introduced by the Regulation is related to the incorporation permit and operating license to be obtained. Accordingly, a phased system shall apply. In the previous system, the Bank conducted a two-phased process i.e., first incorporation permit and then operating license. However, with the new amendment, a three-phased structure is adopted for payment and electronic money institutions.
The application may be lodged by submitting the relevant letter of declaration accompanied by the draft articles of incorporation and the application form accompanied by a receipt indicating that the application fee in the amount of five hundred thousand Turkish Liras and the relevant payable statutory liabilities have been deposited into the account determined by the Bank.
Equity in payment and electronic money institutions
Pursuant to the relevant article in the Regulation, equity of payment and electronic money institutions shall be calculated based on the situation by the end of June and December. Within this context, it is prescribed that the equity shall not be less than three million Turkish Liras for bill payment institutions, five million Turkish Liras for other payment institutions and thirteen million Turkish Liras for electronic money institutions. The amounts i.e., three million Turkish Liras, five million Turkish Liras and thirteen million Turkish Liras specified by the relevant paragraph shall be revalued in January every year by the CBRT, taking into account the yearly changes in the price indexes published by the Turkish Statistical Institute.
Pursuant to the Regulation, it is stipulated that the minimum equity liability and the guarantee mechanism must be reviewed and that the payment and electronic money institutions must have a financially sound structure.
Client status of persons under the age of 18 in the issuance of electronic money
The Regulation stipulates that minors may use prepaid cards upon the approval of their legal representatives and that the approval must be recorded. Accordingly, it is necessary to establish a system whereby the approval of the legal representative is obtained.
The condition “being a representative in payment and electronic money institutions”
The Regulation makes the terms of being a representative difficult. The institution may carry out payment services via electronic or physical channels through a representative. In order for the institution to carry out payment services through a representative, the institution must obtain the necessary information and documents from the representative, the institution must conclude that there is no risk in providing payment services through the representative smoothly and in compliance with the legislation, and the institution must register the representative in the list established by the Association of Payment and Electronic Money Institutions of Turkey (“the Association”) in electronic environment. The contract between the institution and the representative shall be drawn up in writing. The institution shall not in any way authorize third parties for the purpose of providing payment services, other than using a representative, and shall not sign a contract with third parties under a name other than a representation contract.
The institution is obliged to declare the representative to the Association within fifteen business days following the signing of the representation contract. The institution is not entitled to provide payment services through its representative who is not registered in the list established by the Association.
Sensitive client data are not provided to any parties other than external service providers and authorities expressly empowered by law, without prejudice to the cases permitted under the Law, the Regulation and the Communique. Client data may be provided to the parties other than the authorities expressly empowered by law, provided that the client is clearly informed about the limitations on the sharing and that the client’s explicit consent is obtained.
The client’s explicit consent shall be obtained in a secure manner in compliance with the Law numbered 6698 on the Protection of Personal Data. The consent that will be obtained through a contract in electronic environment may only take place when logging in for the first time and provided that the client is clearly informed. The client’s consent for sharing his data shall not be made a prerequisite for the service that will be provided.
Framework contract in payment and electronic money institutions
Periodic payment relations between the payment service provider and the client, which are on a continuous basis, shall be regulated in writing through a contract. Written form requirement shall not be sought for the contracts concluded through remote communication means.
The CBRT may impose limitations on the payment services that will be provided by the payment service providers under the framework contracts concluded through remote communication means. The payment service providers may also impose limitations on the payment services they will provide under the framework contracts concluded through remote communication means. In the absence of the client’s request, no transaction shall be performed for the conclusion of a framework contract through remote communication means.
Identity verification requirement in payment and electronic money institutions
Pursuant to the amendment introduced by the Communique, the institution shall establish an adequate and effective identity verification system to be used in transactions carried out in information systems. It is stipulated that the roles and responsibilities defined for the personnel shall be expressly determined in writing, within the framework of the identity verification system to be established.
It shall be established through a method which is used in identity verification and which comprises of at least two components where the hijacking of one component would not jeopardize the security of the other component and in which these two components are selected in such a way that they are included in two different classes among the classes of components that the client knows, owns, or has a biometric characteristic.
As explained above, in today’s rapidly developing financial services sector, certain deficiencies have been completed by the provisions that particularly payment institutions and electronic money institutions have been waiting for a long time. The Regulation and the Communique have been prepared on the basis of the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions and introduce new obligations and principles for the institutions governed by the Law.
The Regulation details payment services and sets forth the principles regarding the issuance of electronic money. The Regulation also defines payment institutions, their activity and management principles, their operating licenses, and other various obligations necessary to be observed by these institutions. On the other hand, the Communique contains new obligations for these institutions in respect of the matters such as information security and data privacy.
That being the case, it is predicted that many new actors compatible with the sector and the legislation may enter the sectors through the Regulation and the Communique, which contain the long-awaited significant provisions.