Prohibited activities
Special activities
Increased reporting
From permission to notification
Liability insurance
The Banking Regulation and Supervision Agency (BRSA) recently amended the Regulation Regarding Banks' Procurement of Support Services. The regulation defines 'support services' as services which are either an extension of or supplementary to the main services provided by banks. The regulation sets out the principles and conditions for providing support services, as well as requirements for support service providers and service agreements signed between such providers and banks. The regulation clearly excludes from its scope certain services which do not constitute an extension of banks' main services, such as consultancy, marketing, security, travel, maintenance, repairs and legal counselling.
The amended regulation prohibits banks from acquiring certain services on the grounds that such activities are at the core of banking operations and therefore must be handled by banks directly. While the former regulation categorised these activities as activities which must be conducted by the banks' board of directors and internal system units exclusively, the amended regulation goes a step further and lists such activities in a detailed manner. Pursuant to the amended regulation, the following activities cannot be carried out by support service providers:
- assessing the creditworthiness of clients requesting loans;
- accounting for banking transactions and preparing financial reports;
- monitoring and assessing the exposure and process regarding loans; and
- safekeeping activities.
The amended regulation has brought certain activities fully within its scope which previously were subject only to the confidentiality, insurance and audit provisions of the regulation. These activities are:
- call centre services;
- maintenance of information systems software;
- operation of automated telling machine and point of sale services;
- printing of bank cards, credit cards, cheque books and bank statements, and the electronic delivery of such statements; and
- archiving, collection, safekeeping and delivery of assets such as cash, commercial papers and precious metals provided by special security companies.
If procured externally by banks, such activities will now be treated as support services and will be subject to the full scope of the regulation.
The former regulation imposed three reporting requirements on banks using support services. First, they had to create a risk management system to:
- identify the necessary support services;
- evaluate the costs and benefits of procuring such services; and
- manage risks, including an action plan to be implemented in case of any risks arising from such procurement, and to be submitted to the board of directors.
The amended regulation now requires banks to make such submissions at least once a year.
Second, banks were required to prepare a technical adequacy report by conducting examinations and evaluations to confirm that the relevant service providers have the required technical equipment and infrastructure, financial capability and experience, and to submit such report to the board of directors and supervisory committee. The amended regulation requires such report to be prepared for the sole purpose of submission to the BRSA upon request.
Third, banks had to audit service providers to confirm whether such providers maintain the required qualifications in accordance with the regulation, and whether the procurement of support services aids the effective operation of the banks' internal systems. Previously, this report had to be prepared and submitted to the board of directors and the supervisory committee at least once a year; the amended regulation has reduced the reporting frequency to quarterly periods.
The amended regulation also introduces a new reporting requirement - the risk analysis report - which must be prepared by banks before the procurement of support services with respect to the risks that may arise out of procurement, management of those risks and the expected benefits and costs. This report must be submitted to the BRSA upon request.
From permission to notification
The most significant amendment introduced by the regulation is the transition from a permission-based system to a notification-based system. The former regulation required banks to apply to the BRSA for permission to procure external support services by providing the following documentation:
- the service agreement;
- all the reports prepared as mentioned above; and
- the documents set out under the regulation, such as the articles of association, the balance sheet available on the date of application and the registration documents.
Under the amended regulation, the BRSA has eliminated the permission process and now requires banks to report to the BRSA only annually regarding support service procurement and providers. However, the BRSA reserves the right to require that certain services be procured only with its permission.
The former regulation required service providers to purchase a professional liability insurance policy to cover any loss that might be caused by them while rendering support services to banks. The amended regulation has abolished such requirement by stating that providers must buy insurance only if the bank or the BRSA so requests.
For further information on this topic please contact A Cem Davutoglu or Duygu Tanisik at Davutoğlu Attorneys At Law by telephone (+90 212 281 7100), fax (+90 212 281 6040) or email ([email protected] or [email protected]).