The Era of Neobanks: the Regulation on the Operating Principles of Digital Banks and Service Model Banking

The concept of digital banking and its history 

Neobanking, digital banking or branchless banking as a concept in the European Union entered into our lives about five years ago in the UK through players operating in the field of financial technology (“fintech”) such as Monzo and Atom Bank. Neobanking is a new generation banking trend and refers to branchless online banks that, unlike in traditional banking, do not require a physical branch and where transactions can be initiated and completed on digital channels without requiring a wet signature.

In Turkey, as a result of the amendments made in Article 76 of the Banking Law No 5411 (the “Banking Law”) by the Law on the Amendment of Certain Laws and Decree Laws No 7247 dated 18 June 2020, and with the entry into force of the Regulation on the Establishment of a Contractual Relationship in the Electronic Environment and the Remote Identity Detection Methods to be Used by Banks prepared pursuant to these amendments, establishing contractual relations between banks and their customers in an electronic environment, including contracts subject to written contractual requirements, became possible. With these developments, the Banking Regulation and Supervision Agency (BRSA) has sought to construct the foundations of the digital banking model, which operates only in the digital environment without a physical branch, as in the European Union and UK applications.

On 29 December 2021, as a result of the increasing number of fintech companies and their desire to work in this field and with the aim of promoting financial innovations in the banking sector, increasing financial inclusion, and facilitating access to banking services, the BRSA published the Regulation on the Operating Principles of Digital Banks and Service Model Banking (the “Regulation”).

The Regulation aims to determine the operating principles of branchless banks that serve exclusively through digital channels and the conditions for the provision of banking as a service model (banking as a service, BaaS) to businesses and innovative enterprises, ie, start-ups.

The Regulation defines digital banks as credit institutions that provide banking services through electronic banking services distribution channels instead of physical branches. Unlike the branchless banking application in Europe and the UK, the Regulation allows neobanks to obtain a licence to operate directly over a BaaS infrastructure, without the requirement to have a licensed sponsor bank. 

In summary, the Regulation paved the way for legal entities, including fintech companies that are not currently deposit banks and participation banks, to become digital banks.

Unless otherwise stated in the Regulation or the relevant legislation, digital banks can perform all the activities that credit institutions can perform, depending on whether they are deposit or participation banks. Digital banks are obliged to comply with the provisions of the Regulation in addition to the provisions that credit institutions are obliged to comply with under the Banking Law such as restrictions on shareholding, acceptance of deposit and participation funds, insurance of the deposit and participation funds, privacy and security of confidential information, and related secondary legislation applicable to credit institutions. 

The licence submission

According to the Regulation, in order to be able to obtain a neobanking operating licence, digital banks must meet all the conditions for credit institutions, defined as deposit banks and participation banks, under Article 3 of the Banking Law, in accordance with the regulations in the relevant law, unless otherwise stipulated. Digital banks, like credit institutions, are obliged to comply with the BRSA regulations and practices, as well as the banking legislation.

Banks other than digital banks that have obtained an operating licence are not required to make a separate application within the framework of the Regulation in order to transfer their activities to digital.

If the licence applicant’s controlling partners are legal entities providing technology, electronic commerce or telecommunication services, the board may require that the said controlling shareholder or the natural and legal persons controlling these controlling shareholders be resident in Turkey and sign an information exchange agreement with the Risk Centre for the risk data they hold on the indebtedness and financial power of residents of Turkey.

Digital banking activities

The Regulation sets forth certain restrictions on the activities of digital banks. According to the Regulation, customers of digital banks can only be financial consumers and SMEs. In this respect, digital banks are prevented from carrying out commercial banking activities exceeding the SME1 size.

Operating in interbank markets or money and capital markets, accepting bank deposits, extending loans to other banks, providing custody account services to payment institutions and licensed payment institutions and electronic money institutions within the scope of the Law on Security Settlement Systems, Payment Services and Electronic Money Institutions  No 6493, and providing BaaS services to interface providers exceeding the SME size, are not considered to be subject to these restrictions.

The total amount of unsecured cash loans that digital banks can make available to certain financial consumers cannot exceed four times the average monthly net income of the relevant financial consumer, and if the customer’s average monthly net income cannot be determined, the total amount of unsecured cash loans that can be extended to that customer cannot exceed TRY10,000. In other words, the customer coverage is broad, but the monetary thresholds are limited.

The initial capital of digital banks must be at least TRY1 billion. However, if a digital bank is established with a capital of at least TRY2.5 billion or the paid-in capital is increased to this level, the digital bank can apply to BRSA to remove the above-mentioned restrictions on the activities of digital banks.

Digital banks cannot organise and open physical branches other than the head office and affiliated service units of the head office; however, they are required to establish at least one physical office to handle customer complaints. 

Digital banks are able to provide services to their customers through their own ATM networks or other existing ATM networks. Through the establishments with whom an agreement is made for accepting the payment instruments they issue pursuant to the Debit Cards and Credit Cards Law No 5464, the digital banks have the right to provide cash withdrawal and deposit services.

A second and different activity: BaaS

The Regulation defines the BaaS as “a service model in which customers can perform banking transactions through the service bank by connecting directly with the systems of service banks via open banking services by the interface offered by the interface providers”. The service bank can only provide service model banking services to resident interface providers and only within the framework of their own operating permits. The interface providers are considered as support service providers under the Regulation on Banks’ Procurement of Support Services (“Support Regulation”). In this regard, the conditions under the Support Regulation must also be fulfilled. 

Under no circumstances can the interface providers: (i) use names such as bank, payment institution or electronic money institution; or (ii) use idioms or make statements that may give the impression that they are operating as banks, payment institutions or electronic money institutions, or that they are collecting deposits, participation funds or funds like a bank/payment service provider.

In order for the service bank to provide banking services to the interface provider’s customers, a banking services contract relationship must be established between the customer and the service bank. In the BaaS model, the service bank and interface provider are severally responsible for ensuring that the identity verification and transaction security obligations regarding electronic banking services are fulfilled. Service banks cannot provide service model banking services to interface providers who do not fulfil these obligations or whose systems are insufficient to fulfil these obligations. 

The Regulation also includes the minimum content of the service contract between the service bank and an interface provider. Accordingly, the contract should contain at least the following.

  • In cases where the interface provider has not obtained the necessary operating permits, it must be clearly stated in the contract to be established with the customer that the interface provider is not a bank or payment service provider that has an operating licence.
  • The website address of the customer services offered by the service bank and the call centre telephone number must be provided so that the customers can communicate their requests and complaints to the service bank.
  • A statement that banking services are provided by the service bank, information regarding services offered by and the responsibilities of the service bank, the service bank’s website address regarding the terms of the contract between the service bank and the customer, and other terms of use of the service bank services must also be included.
  • A copy of the agreement between the interface provider and the customer, and a copy of the agreement between the service bank and the customer, should be visible on the home page of the interface provider’s official website.
  • The logo and name of the service bank should be visible on the home page of the interface provider’s website.
  • If the service bank issues a card payment instrument for the interface provider, the bank’s name and logo must be visible on the said payment instrument.
  • There should also be a statement that the confidential information transferred to the interface provider at the request of the customer cannot be stored by the interface provider or by the parties that the interface provider receives service on behalf of, except in the following cases:
    1. storage is mandatory, provided that it is directly related to the establishment or performance of the contract between the interface provider and the customer;
    2. storage is mandatory for the interface provider to fulfill its legal obligation; or
    3. storage is mandatory for the interface provider to establish, use or protect a right.

Pursuant to the Regulation, the service bank is obliged to provide information on the scope of its services on the website, showing the list of all interface providers it serves and which banking services it provides, and to send a copy of each service contract it has signed with interface providers to the BRSA within one week following the date of signature.

The Regulation entered into force on 1 January 2022 and shall be enforced by the head of the BRSA.