First published by Mondaq.

According to sector reports from local industry associations, Turkey’s information and communications technology, new media and e-commerce sectors are rapidly expanding.1 A joint report by TÜBİSAD (Turkish Industry and Business Association) and ETİD (Association of Electronic Commerce Operators) states the Turkish e-commerce market is worth 14 billion Turkish Liras, representing 1.3% of Turkey’s total retail sector transactional volume (E-Commerce Market in Turkey – 2013). The findings of these sector reports also imply the potential for growth of the e-commerce market vis-à-vis e-payment systems and instruments.

Alternative payment systems and instruments have emerged in Turkey in parallel to significant changes in financial markets, technological developments and expansion of e-commerce market. Accordingly, banks and several non-bank institutions have begun to operate in the area of electronic payments and electronic money. According to the Central Bank of the Republic of Turkey (“Central Bank”), by the end of 2014, there were 50 participants operating within the Central Bank Payment Systems (including the Central Bank itself). The Central Bank also notes that between January and November 2014, a total of 241,986,923 payment messages were executed2.

Until the Law on Payment and Security Settlement Systems, Payment Services and Electronic Money Institutions numbered 6493 (“Electronic Payment Law”)3 was enacted, alternative payment system and service providers have been acting without being subject to any requirement to obtain or maintain an operation license. Accordingly, the activities of non-bank institutions were exposed to financial and operational risks since they are not subject to any specific legislative oversight. A particular concern raised in this area was that alternative payment instruments (such as electronic money) may impair the currency policies overseen by central banks. Therefore, similar to other countries, Turkey made endeavors to form a legal basis and develop legal definitions for recently developed electronic payment methods, with the ultimate goal of controlling such systems, as well as ensuring secure and reliable transactions.

Turkey’s Electronic Payment Law represents an alignment with European Union legislation in this area, adopting the standards set out under the following European Union Directives:4

  • Directive on Payment Services numbered 2007/64/EC.
  • Directive on Settlement Finality in Payment and Securities Settlement Systems numbered 1998/26/EC (as amended by Directive numbered 2009/44/EC).
  • Directive on Taking Up, Pursuit and Prudential Supervision of the Business of Electronic Money Institutions numbered 2009/110/EC.

The Electronic Payment Law was enacted on 20 June 2013, which was followed by two secondary legislative instruments:

  • Regulation on Payment Services, Electronic Money Issuance, Payment Institutions and Electronic Money Institutions (“Regulation”)5.
  • Communiqué on the Management and Inspection of Information Systems of Payment and Electronic Money Institutions (“Communiqué”)6.

The Electronic Payment Law included a 12 month transitional period running from the date the Regulation was enacted. As per Provisional Article 2 of the Electronic Payment Law, the transitional period allows all existing system operators, payment institutions, and electronic money institutions who have already been engaged in operations within the scope of the Electronic Payment Law before 27 June 2013 to become compliant with the Electronic Payment Law until 27 June 2015, when the transitional period ends.

Based on a recent opinion published by the Banking Regulation and Supervision Agency (“Agency”) the system operators, payment institutions and electronic money institutions, having already been engaged in operations within the scope of the Electronic Payment Law before 27 June 2013 and filed their applications for the relevant license as described herein before 27 June 2015, may continue with their operations even after the end of the transitional period (i.e. 27 June 2015), until and unless the Agency rejects their application. As of the enactment date of the Electronic Payment Law, approximately thirty applications are known to be filed to the Agency, whereas no application process has yet been finalized.

The rules of the game will change significantly from 27 June 2015 for those who have not filed an application to the Agency and meet the license requirements since they will be required to suspend their activities until they are fully compliant with the requirements of the Electronic Payment Law, the Regulation, and the Communique. Those entities which operate without a license, or which are not in compliance with the Electronic Payment Law’s requirements will attract sanctions. These sanctions include imprisonment, as well as heavy judicial and administrative fines.

This article provides an in-depth analysis of the conditions and requirements imposed on the e-payment market players.

System Operators 

The Electronic Payment Law defines “system” as the infrastructure and set of common rules applied for clearing and settlement transactions resulting from transfer orders between three or more participants. In this respect, “security settlement systems” cover security transfers, and “payment systems” cover fund transfers. However, payment systems for banks and credit cards are excluded from the scope of the Electronic Payment Law.

The Electronic Payment Law assigns the Central Bank as the principal operator of payment and security settlement systems, empowered to make the necessary arrangements to ensure these systems function properly and without interruption. To act as a system operator, other entities must obtain a system operation license.

The Electronic Payment Law defines “system operator” as the legal entity which is responsible for operating the “system” on day-to-day basis and holds a system operation license. If a payment institution also operates a payment system, it must comply with the Electronic Payment Law’s requirements for system operators as well.

To be eligible to obtain a system operation license from the Central Bank, a system operator must:7

  • Be incorporated as a joint-stock company.
  • Have paid-up capital of at least TRY 5,000,000.
  • Have sufficient qualified personnel, technical equipment, and management required to perform the services.
  • Have adequate risk management and adopt the necessary measures to ensure information security, reliability, and business continuity.
  • Ensure the system, participants, and operational rules are compliant with the Electronic Payment Law and other secondary legislation (“participant” is defined to mean legal persons entitled to directly give transfer orders by participating in the system and who are subject to the system’s rules).
  • Issue share certificates against cash payments and as registered shares.
  • Have a transparent and open partnership structure and organizational chart which will not constitute an obstacle to efficient supervision by the Central Bank.
  • Meet the qualification requirements for bank founders set forth under the Banking Law numbered 5411 (“Banking Law”) for any shareholders who own 10% or more of the capital and hold control as defined by related legislation.

These requirements do not apply to the Interbank Clearing Center operating under the Cheque Law numbered 59418.

Applications for system operation licenses are received by the Central Bank and an answer is given within six months. If the system operation license is granted, the Central Bank’s decision is published in the Official Gazette. Applicants who are declined will be informed, along with the grounds of the decision.

The Electronic Payment Law simply sets out a framework for system operators. Secondary legislation is expected from the Central Bank which will detail the rules and principles which system operators must comply with when operating their respective systems9. Since the secondary legislation has not been enacted yet, system operators should watch out and prepare for additional requirements in the near future. 

Payment Services – Payment and Electronic Money Institutions

The Electronic Payment Law defines “payment services” under Article 12 with a detailed list of activities which are included and excluded from the definition’s scope. Accordingly, the following are considered to be payment services under the Electronic Payment Law:10

  • All operations required for operating a payment account, including services enabling cash to be deposited in a payment account, as well as cash withdrawals from a payment account.
  • Payment transactions, including transfers of funds from the payment service user’s account with the payment service provider, direct debits (including one-off direct debits), execution of payment transactions through a payment card or a similar device, as well as execution of money transfers (including regular standing orders).
  • Issuance or acceptance of payment instruments.
  • Money remittance.
  • Execution of payment transaction where the consent of the payer to execute a payment transaction is granted by means of any information technology or electronic telecommunication device and the payment is made to the information technology or electronic telecommunication operator, acting only as an intermediary between the payment service user and the supplier of the goods and services.
  • Intermediary invoice payment services.

The list noted above is not exhaustive and may be expanded by the Banking Regulation and Supervision Board (“Board”). The Board exists within the Agency.

Payment institutions, electronic money institutions, the Central Bank, and banks operating under the Banking Law can provide payment services within the scope of Electronic Payment Law. The Regulation also includes the Post and Telegraph Organization (Posta ve Telgraf Teşkilatı Anonim Şirketi) as a payment service provider11. Except for banks and the Post and Telegraph Organization, institutions are required to hold an operation license to provide payment services. Therefore, institutions should keep close eye on Article 12 of the Electronic Payment Law and Board decisions to determine whether or not the services they provide are deemed to be payment services.

The Electronic Payment Law defines “electronic money” as the monetary value issued in exchange for funds and stored electronically, which is used for the purposes of realizing payment transactions described in the Electronic Payment Law and accepted as a payment instrument by real or legal persons other than the electronic money issuer12.

Prepaid payment instruments are excluded from the defined scope of electronic money if they are not available for general use (used only within the store network of the electronic money institution to purchase a certain group of goods or services), or are used within a certain service network pursuant to an agreement. Therefore, store cards and meal passes where consumers deposit money and use the prepaid value within a limited service network are not considered to be electronic money in this context. The only entities permitted to issue electronic money under the Electronic Payment Law are banks operating under the Banking Law and electronic money institutions which hold a payment services operating license.

License applications for payment and electronic money institutions follow the same procedure. To be eligible to obtain a payment and e-money institution operation license from the Agency by the decision of the Board, an applicant must:13

  • Be incorporated as a joint-stock company.
  • Have paid-up capital of at least:
    • TRY 2,000,000 for payment institutions.
    • TRY 5,000,000 for electronic money institutions.
    • TRY 1,000,000 for payment institutions which provide intermediary invoice payment services.
  • Have sufficient qualified personnel, technical equipment, and management to perform the services, and establish departments to address complaints and objections.
  • Adopt the necessary measures for business continuity, as well as ensure the security and confidentiality of the service users’ information and funds.
  • Issue shares as registered shares in consideration for cash.
  • Have a transparent and open partnership structure and organizational chart which will not constitute an obstacle to efficient supervision by the Agency.
  • Meet the qualification requirements for bank founders set forth under the Banking Law for any shareholders who own 10% or more of the capital and hold control as defined by related legislation.

Payment and electronic money institutions are further required to insert expressions indicating they perform as a “payment institution” or “electronic money institution” into their trade name14. Such institutions are legislatively prohibited from performing any commercial activities other than:15

  • Payment and electronic money services as outlined in Article 12 of the Electronic Payment Law.
  • Conducting exchange transactions relating to payment and electronic money services.
  • Operating payment and electronic money systems provided they comply with Section II of the Electronic Payment Law.

Payment institutions who also act as system operators must comply with the requirements set forth under Section II of the Electronic Payment Law (described above).

Applications for payment and e-money institution operation licenses must be made to the Agency, together with the documents listed in Article 8 of the Regulation. These documents include evidence that the applicant meets the eligibility requirements noted above. They also include documents such as the resolution of the board of directors regarding the license application, as well as the applicant’s activity schedule, business plan, and financial statements. Further documents are required if the applicant is a bank or financial institution incorporated outside Turkey. These additional documents include resolutions made by the authorized bodies regarding the applicant’s operations in Turkey, independent audit reports, as well as detailed information about the applicant’s organizational structure and activities.

The Agency will evaluate payment and e-money institution operation license applications within six months of receiving all necessary documents, referring to the Central Bank’s opinion before granting a license. The Agency notifies the applicant if documents are incomplete and if the applicant fails to rectify this within six months of the notification, the application will become invalid. If the payment and e-money institution operation license is granted, it will be effective from the date the decision is published in the Official Gazette. Applicants who are declined will be informed, including the grounds for the decision.

Apart from obtaining a payment and e-money institution operation license, payment and electronic money institutions are further subject to corporate and operational rules. Therefore, institutions must take measures and form the necessary infrastructure by 27 June 2015 to be compliant with the Electronic Payment Law. These requirements are outlined in detail by the Electronic Payment Law, the Regulation, and the Communique, including:

  • Legal Requirements
    • For share acquisitions and transfers, any acquisition of shares representing 10% or more of the capital by direct or indirect share ownership, or share acquisitions resulting in a shareholder directly or indirectly holding over 10%, 20%, 33% or 50% of the capital and share transfers resulting that a shareholder having shares under these ratios requires permission of the Board. Permission is obtained by submitting the documents outlined in Article 9 of the Regulation.
    • Transfer of shares or subscription of new shares which grant privileges for the determination of the board of directors’ members are subject to the permission of the Board without consideration of any limitations of ratio. Permission is obtained by submitting the documents outlined in Article 9 of the Regulation (such as a copy of the share transfer agreement).
    • The Board of Directors for institutions must consist of at least three members, including a general manager who has seven years’ experience in the area of financial or business management. Each nomination for members of the board of directors’ or company managers must be notified to the Agency within one month after the date of nomination. The notification must include the documents outlined in Article 18 of the Regulation. Members of board of directors and general manager of the companies must meet the following conditions:
      • Should not have been declared bankrupt, be in possession of a certificate of bankruptcy, have an approved application for restructuring through reconciliation, or have been issued a bankruptcy postponement decision,
      • Should not to have qualified shares, or hold control in banks, banker, or in other financial institutions whose operation license, permission, or authorization to accept deposits and participation funds has been removed, or that have been transferred to the Savings Deposit Insurance Fund,
      • Should not have been sentenced to imprisonment for crimes such as embezzlement, extortion, bribery, theft, swindling, forgery, breach of trust, or tax evasion.
  • Business Management and Independent Audit Requirements

The Regulation imposes several obligations on payment and electronic money institutions regarding internal structure and functioning. The Regulation imposes obligations regarding internal control, accounting and reporting, risk management, and storage of data within Turkey. These institutions must also comply with the principles determined by the Public Surveillance Accounting and Auditing Standards Authority. Such institutions are subject to independent auditing.

  • Information Systems and Security Requirements

The Communique imposes several obligations on electronic payment and electronic money institutions to bring their information systems into compliance with the Communique and the Electronic Payment Law. These requirements relate to risk management, security management, data protection, security and authorization, monitoring, authentication, outsourcing, user information, confidentiality, and independent auditing of information systems. 

  • Operational Requirements for Payment Services

The Regulation requires payment institutions to conclude agreements in line with Part Four, Section I and II of the Regulation, based on the relationship types as below:

  • One-time payment agreements.
  • Framework agreements, when there is a standing payment relation between the parties.
  • Operational Requirements for Electronic Money Services

Article 20 of the Electronic Payment Law outlines the principles for issuing electronic money. Electronic money is restricted to the value of the received funds in order to prevent endangering the Central Bank’s monopoly in creating currency. Also, the Electronic Payment Law prevents institutions from making deductions from the funds they receive from consumers. Institutions must convert the funds into electronic money without delay and make them available for the users. During the term of their use, the funds collected by institutions must be kept in a separate account at a bank operating as per the Banking Law. The Board is authorized to impose additional restrictions on the business activities of such institutions.

Administrative and Penal Liabilities

Section VII of the Electronic Payment Law outlines administrative and penal liabilities for system operators, payment service institutions, electronic money institutions, and in some cases, their personnel and other persons working in connection with such institutions.

According to Article 27, those who act in violation of the Electronic Payment Law will be subject to an administrative fine ranging between TRY 20,000 to TRY 500,000, provided that their action is not subject to any other sanctions within the Section VII. If any benefit is gained from a violation, the fine will be increased by at least double the original amount. Real persons and officers of legal persons who act as a payment institution or electronic money institution without an operation license will be sentenced to imprisonment for between one and three years, or receive a judicial fine up to the nominated monetary value of five thousand days imprisonment.

Other offenses regulated under Section VII of the Electronic Payment Law include:

  • Preventing supervision and monitoring activities,
  • Failing to provide information requested,
  • Making false statements,
  • Failing to comply with obligation regarding keeping documents and information security,
  • Disclosing confidential information,
  • Actions damaging reputation,
  • Unrecorded transactions and inaccurate accounting, and
  • Embezzlement.

Although this article only considered the Electronic Payment Law, the Regulation, and the Communique, the legal framework for payment and security settlement systems has a wider scope. The following legislation is also relevant:

  • The Banking Law
  • The Law on the Central Bank of the Republic of Turkey
  • The Capital Markets Law
  • The Cheque Law
  • The Bank Cards and Credit Cards Law
  • The Public Finance and Debt Management Law
  • The Turkish Commercial Code