TR-TR 
EN-US 
The new Regulation on Payment Services, Electronic Money Issuance, and Payment Service Providers (“Regulation”) and Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Transfer Services Regarding Payment Services of Payment Service Providers (“Communiqué”), regulating payment service providers and electronic money institutions (“Institutions”), have been promulgated on the Official Gazette no. 31676 and entered into force on December 1, 2021. With the new Regulation and Communiqué, the Regulation on Payment Services and Electronic Money Issuance, and Payment Institutions and Electronic Money Institutions and the Communiqué on the Management and the Supervision of the Information Services of Payment Institutions and Electronic Money Institutions published in the Official Gazette no. 29043 dated June 27, 2014, have been repealed.
Previously, with the amendment dated January 1, 2020, to the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions no. 6493 (“Law no. 6493”), all of the powers and duties of Banking Regulation and Supervision Authority under Law no. 6493 were transferred to the Central Bank of Republic of Turkey (“Central Bank”). The Regulation and the Communiqué are in some aspects part of this transaction process since both the Regulation and the Communiqué are regulations of the Central Bank pursuant to the aforementioned amendment dated January 1, 2020, to the Law no. 6493, as opposed to the previous regulation and communiqué which were regulations of the Banking Regulation and Supervision Authority.
While preserving most of the previous provisions, the new Regulation includes a considerable number of changes and additions to the previous regulation. Anonymous pre-paid instruments are defined as a new physical payment method. Payment service providers are now required to provide payment account services and infrastructure services regarding the payment services, to other payment service providers upon request in terms similar with their commercial customers and business partners.
Regulation also stipulates a registration system for businesses allowing sale of goods or services via payment methods that fall under the scope of payment services to facilitate payment services and prevent fraudulent and malicious activity. These businesses are required to register to this system and receive their ‘business code’ identifiers and payment service providers are obliged to check whether their customers who fall under such category are registered in this system before commencing services.
There are also changes to the establishment and activities of the Institutions. As per the Law no. 6493, operations and certain share transfers of these companies are subject to permissions from the Central Bank and with the Regulation there are changes and additions to these permission and application processes for activity permits and share transfer permits. Payments made through IT or electronic communications operators and reflected to the customers’ invoices from these intermediaries are now subject to transaction limits within the scope of the Institutions’ ban from practicing crediting activities. Central Bank’s power to disallow activities of the Institutions in certain countries or to request the closing of Institutions branches in Turkey and other countries, detailed terms regarding the Institutions’ agents and cooperation with foreign legal persons are stipulated. Certain limitations and reporting processes regarding the Institutions holding or acquiring shares of other companies are also part of the additions in the Regulation. Changes to Institutions’ commercial titles that were previously only required to be notified to the Central Bank are now subject to Central Bank’s permission. Some of the changes regarding the activities of the Institutions include provisions on risk management, business continuity plan, equity and professional liability insurance requirements, and preservation of funds and necessary securities.
Another area with detailed changes and additions in the Regulation are the provisions regarding one time payment procedures, framework agreement, and relevant processes, including provisions on terms of these processes, possible fees, Institutions’ obligation to inform their customers regarding the terms of these processes and consumer rights, security and correction measures, fund availability confirmation processes for payment systems, stipulations for sharing account information and data privacy, and payment service providers’ responsibilities for faulty transactions.
Along with these expansive changes and additions in the Regulation, there are also some changes from the old regulation that mainly aim to detail and clarify subjects such as types and details of payment services, activity principles of the Institutions, audit and reporting procedures of the Institutions, and some specific issues such as the conditions for electronic instruments that may be considered to be within the scope of the Law no. 6493 and the Regulation as an exception, foreign exchange transactions, types of services of the Institutions that are allowed to be delegated to subcontractors, notifications to the Central Bank regarding the members of the board of directors and general managers of the Institutions.
In addition to the Regulation, the Communiqué constitutes an even broader update to the previous communiqué regarding the IT systems of the Institutions and their management and includes expansive changes and stipulations for the Institutions on IT system management, incident management, system continuity measures, outsourcing IT systems, data security and data privacy, data transfer processes and measures, and relevant audits.
Kortan Gödekoğlu
