Burcu Tuzcu Ersin, LL.M. and A. Ülkü Solak - June 26, 2015
First published by Mondaq.
According to sector reports from local industry associations, Turkey’s information and communications technology, new media and e-commerce sectors are rapidly expanding.1 A joint report by TÜBİSAD (Turkish Industry and Business Association) and ETİD (Association of Electronic Commerce Operators) states the Turkish e-commerce market is worth 14 billion Turkish Liras, representing 1.3% of Turkey’s total retail sector transactional volume (E-Commerce Market in Turkey – 2013). The findings of these sector reports also imply the potential for growth of the e-commerce market vis-à-vis e-payment systems and instruments.
Alternative payment systems and instruments have emerged in Turkey in parallel to significant changes in financial markets, technological developments and expansion of e-commerce market. Accordingly, banks and several non-bank institutions have begun to operate in the area of electronic payments and electronic money. According to the Central Bank of the Republic of Turkey (“Central Bank”), by the end of 2014, there were 50 participants operating within the Central Bank Payment Systems (including the Central Bank itself). The Central Bank also notes that between January and November 2014, a total of 241,986,923 payment messages were executed2.
Until the Law on Payment and Security Settlement Systems, Payment Services and Electronic Money Institutions numbered 6493 (“Electronic Payment Law”)3 was enacted, alternative payment system and service providers have been acting without being subject to any requirement to obtain or maintain an operation license. Accordingly, the activities of non-bank institutions were exposed to financial and operational risks since they are not subject to any specific legislative oversight. A particular concern raised in this area was that alternative payment instruments (such as electronic money) may impair the currency policies overseen by central banks. Therefore, similar to other countries, Turkey made endeavors to form a legal basis and develop legal definitions for recently developed electronic payment methods, with the ultimate goal of controlling such systems, as well as ensuring secure and reliable transactions.
Turkey’s Electronic Payment Law represents an alignment with European Union legislation in this area, adopting the standards set out under the following European Union Directives:4
The Electronic Payment Law was enacted on 20 June 2013, which was followed by two secondary legislative instruments:
The Electronic Payment Law included a 12 month transitional period running from the date the Regulation was enacted. As per Provisional Article 2 of the Electronic Payment Law, the transitional period allows all existing system operators, payment institutions, and electronic money institutions who have already been engaged in operations within the scope of the Electronic Payment Law before 27 June 2013 to become compliant with the Electronic Payment Law until 27 June 2015, when the transitional period ends.
Based on a recent opinion published by the Banking Regulation and Supervision Agency (“Agency”) the system operators, payment institutions and electronic money institutions, having already been engaged in operations within the scope of the Electronic Payment Law before 27 June 2013 and filed their applications for the relevant license as described herein before 27 June 2015, may continue with their operations even after the end of the transitional period (i.e. 27 June 2015), until and unless the Agency rejects their application. As of the enactment date of the Electronic Payment Law, approximately thirty applications are known to be filed to the Agency, whereas no application process has yet been finalized.
The rules of the game will change significantly from 27 June 2015 for those who have not filed an application to the Agency and meet the license requirements since they will be required to suspend their activities until they are fully compliant with the requirements of the Electronic Payment Law, the Regulation, and the Communique. Those entities which operate without a license, or which are not in compliance with the Electronic Payment Law’s requirements will attract sanctions. These sanctions include imprisonment, as well as heavy judicial and administrative fines.
This article provides an in-depth analysis of the conditions and requirements imposed on the e-payment market players.
The Electronic Payment Law defines “system” as the infrastructure and set of common rules applied for clearing and settlement transactions resulting from transfer orders between three or more participants. In this respect, “security settlement systems” cover security transfers, and “payment systems” cover fund transfers. However, payment systems for banks and credit cards are excluded from the scope of the Electronic Payment Law.
The Electronic Payment Law assigns the Central Bank as the principal operator of payment and security settlement systems, empowered to make the necessary arrangements to ensure these systems function properly and without interruption. To act as a system operator, other entities must obtain a system operation license.
The Electronic Payment Law defines “system operator” as the legal entity which is responsible for operating the “system” on day-to-day basis and holds a system operation license. If a payment institution also operates a payment system, it must comply with the Electronic Payment Law’s requirements for system operators as well.
To be eligible to obtain a system operation license from the Central Bank, a system operator must:7
These requirements do not apply to the Interbank Clearing Center operating under the Cheque Law numbered 59418.
Applications for system operation licenses are received by the Central Bank and an answer is given within six months. If the system operation license is granted, the Central Bank’s decision is published in the Official Gazette. Applicants who are declined will be informed, along with the grounds of the decision.
The Electronic Payment Law simply sets out a framework for system operators. Secondary legislation is expected from the Central Bank which will detail the rules and principles which system operators must comply with when operating their respective systems9. Since the secondary legislation has not been enacted yet, system operators should watch out and prepare for additional requirements in the near future.
The Electronic Payment Law defines “payment services” under Article 12 with a detailed list of activities which are included and excluded from the definition’s scope. Accordingly, the following are considered to be payment services under the Electronic Payment Law:10
The list noted above is not exhaustive and may be expanded by the Banking Regulation and Supervision Board (“Board”). The Board exists within the Agency.
Payment institutions, electronic money institutions, the Central Bank, and banks operating under the Banking Law can provide payment services within the scope of Electronic Payment Law. The Regulation also includes the Post and Telegraph Organization (Posta ve Telgraf Teşkilatı Anonim Şirketi) as a payment service provider11. Except for banks and the Post and Telegraph Organization, institutions are required to hold an operation license to provide payment services. Therefore, institutions should keep close eye on Article 12 of the Electronic Payment Law and Board decisions to determine whether or not the services they provide are deemed to be payment services.
The Electronic Payment Law defines “electronic money” as the monetary value issued in exchange for funds and stored electronically, which is used for the purposes of realizing payment transactions described in the Electronic Payment Law and accepted as a payment instrument by real or legal persons other than the electronic money issuer12.
Prepaid payment instruments are excluded from the defined scope of electronic money if they are not available for general use (used only within the store network of the electronic money institution to purchase a certain group of goods or services), or are used within a certain service network pursuant to an agreement. Therefore, store cards and meal passes where consumers deposit money and use the prepaid value within a limited service network are not considered to be electronic money in this context. The only entities permitted to issue electronic money under the Electronic Payment Law are banks operating under the Banking Law and electronic money institutions which hold a payment services operating license.
License applications for payment and electronic money institutions follow the same procedure. To be eligible to obtain a payment and e-money institution operation license from the Agency by the decision of the Board, an applicant must:13
Payment and electronic money institutions are further required to insert expressions indicating they perform as a “payment institution” or “electronic money institution” into their trade name14. Such institutions are legislatively prohibited from performing any commercial activities other than:15
Payment institutions who also act as system operators must comply with the requirements set forth under Section II of the Electronic Payment Law (described above).
Applications for payment and e-money institution operation licenses must be made to the Agency, together with the documents listed in Article 8 of the Regulation. These documents include evidence that the applicant meets the eligibility requirements noted above. They also include documents such as the resolution of the board of directors regarding the license application, as well as the applicant’s activity schedule, business plan, and financial statements. Further documents are required if the applicant is a bank or financial institution incorporated outside Turkey. These additional documents include resolutions made by the authorized bodies regarding the applicant’s operations in Turkey, independent audit reports, as well as detailed information about the applicant’s organizational structure and activities.
The Agency will evaluate payment and e-money institution operation license applications within six months of receiving all necessary documents, referring to the Central Bank’s opinion before granting a license. The Agency notifies the applicant if documents are incomplete and if the applicant fails to rectify this within six months of the notification, the application will become invalid. If the payment and e-money institution operation license is granted, it will be effective from the date the decision is published in the Official Gazette. Applicants who are declined will be informed, including the grounds for the decision.
Apart from obtaining a payment and e-money institution operation license, payment and electronic money institutions are further subject to corporate and operational rules. Therefore, institutions must take measures and form the necessary infrastructure by 27 June 2015 to be compliant with the Electronic Payment Law. These requirements are outlined in detail by the Electronic Payment Law, the Regulation, and the Communique, including:
The Regulation imposes several obligations on payment and electronic money institutions regarding internal structure and functioning. The Regulation imposes obligations regarding internal control, accounting and reporting, risk management, and storage of data within Turkey. These institutions must also comply with the principles determined by the Public Surveillance Accounting and Auditing Standards Authority. Such institutions are subject to independent auditing.
The Communique imposes several obligations on electronic payment and electronic money institutions to bring their information systems into compliance with the Communique and the Electronic Payment Law. These requirements relate to risk management, security management, data protection, security and authorization, monitoring, authentication, outsourcing, user information, confidentiality, and independent auditing of information systems.
The Regulation requires payment institutions to conclude agreements in line with Part Four, Section I and II of the Regulation, based on the relationship types as below:
Article 20 of the Electronic Payment Law outlines the principles for issuing electronic money. Electronic money is restricted to the value of the received funds in order to prevent endangering the Central Bank’s monopoly in creating currency. Also, the Electronic Payment Law prevents institutions from making deductions from the funds they receive from consumers. Institutions must convert the funds into electronic money without delay and make them available for the users. During the term of their use, the funds collected by institutions must be kept in a separate account at a bank operating as per the Banking Law. The Board is authorized to impose additional restrictions on the business activities of such institutions.
Section VII of the Electronic Payment Law outlines administrative and penal liabilities for system operators, payment service institutions, electronic money institutions, and in some cases, their personnel and other persons working in connection with such institutions.
According to Article 27, those who act in violation of the Electronic Payment Law will be subject to an administrative fine ranging between TRY 20,000 to TRY 500,000, provided that their action is not subject to any other sanctions within the Section VII. If any benefit is gained from a violation, the fine will be increased by at least double the original amount. Real persons and officers of legal persons who act as a payment institution or electronic money institution without an operation license will be sentenced to imprisonment for between one and three years, or receive a judicial fine up to the nominated monetary value of five thousand days imprisonment.
Other offenses regulated under Section VII of the Electronic Payment Law include:
Although this article only considered the Electronic Payment Law, the Regulation, and the Communique, the legal framework for payment and security settlement systems has a wider scope. The following legislation is also relevant:
1. For example, reports published by TÜSİAD (Turkish Industry and Business Association), TÜBİSAD (Informatics Industry Association), and ETİD (Association of Electronic Commerce Operators)
3. Law on Payment and Security Settlement Systems, Payment Services and Electronic Money Institutions numbered 6493, dated 20 June 2013, published in the Official Gazette numbered 28690, dated 27 June 2013.
5. Regulation on Payment Services, Electronic Money Issuance, Payment Institutions and Electronic Money Institutions, published in the Official Gazette numbered 29043, dated 27 June 2014.
6. Communiqué on the Management and Inspection of Information Systems of Payment and Electronic Money Institutions, published in the Official Gazette numbered 29043, dated 27 June 2014.
7. Electronic Payment Law, Article 5/2
8. Electronic Payment Law, Article 5/3
9. Electronic Payment Law, Article 5/5
10. Electronic Payment Law, Article 12
11. Electronic Payment Law, Article 24/4
12. Electronic Payment Law, Article 3
13. Electronic Payment Law, Article 14/2 and Article 18/3
14. Regulation, Article 5/2
15. Regulation, Article 10