In June 2013, the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money (Law No. 6493) (the Payment Services Law or Law) entered into force. In accordance with the Payment Services Law, secondary regulations have been enacted on 27 and 28 June 2014, by both the Banking Regulation and Supervision Agency (BRSA) for payment, electronic money (e-money) institutions and the Central Bank of the Republic of Turkey (CBRT) for payment, settlement system operators.
Issued by the BRSA on 27 June 2014 are (i) the Regulation on Payment Services, E-Money Issuance, Payment and E-Money Institutions (BRSA Regulation) and (ii) the Communiqué on Management and Audit of Information Systems of Payment and E-Money Institutions (BRSA Communiqué). Issued by the CBRT on 28 June 2014 are (i) the Regulation on Activities of Payment and Securities Settlement Systems (CBRT Activities Regulation) and (ii) the Regulation on Supervision of Payment and Securities Settlement Systems (CBRT Supervision Regulation). Implementation of this secondary legislation shall be made within one year of their entry into force. This means that companies shall comply with the secondary legislation and obtain their licenses no later than 27 and 28 June 2015, depending on their operations.
Significant provisions under the secondary legislation
(a) The BRSA Regulation
In short: The BRSA Regulation stipulates the rules and procedures for obtaining license and daily operations, however fails to shed clarity on which activities may qualify as payment services.
The BRSA Regulation sets out the license application procedures&documents for payment and e-money companies. In addition, the requirements for board members of these companies as well as requirements to establish adequate internal systems, risk management units. Further, the BRSA Regulation provides for calculation formula of the equity of these companies. By taking a look at all these provisions indicate that the BRSA deems the payment&e-money companies as bank-like operations since it provides for detailed establishment and supervision procedures. since their internal organizations. Companies are permitted to open branches and appoint representatives for their operations. Companies may outsource their non-core operations. The BRSA Regulation also introduces two types of contracts for payment services: (i) one-time payment agreement and (ii) framework agreement. The BRSA Regulation sets out the topics to be addressed in the relevant agreements; thus provides an outline for the relevant agreement. The Regulation provides specific exemptions on some of the liabilities with respect to payment transactions under TL 300 within the scope of a framework agreement or payment instruments with an expense limit or maximum balance of TL 500.
In short: The BRSA Communiqué provides the regulatory framework for payment&e-money companies to establish internal and IT systems; similar to systems required for BRSA-regulated banks, which indicates that the BRSA is not taking the payment&e-money sector lightly.
Since the majority of payment and e-money services shall be provided electronically/on-line, the provisions of the BRSA Communiqué are important for payment service providers in order to establish their IT systems. In that respect, the BRSA Communiqué is in parallel with the provisions pertaining to IT systems of the banks as in the establishment of primary and secondary systems and system security. The BRSA Communiqué includes provisions applicable to risk management for information systems, security and confidentiality of data, ID verification for transactions performed over the IT systems. Emergency, continuity and similar plans shall be put in place for performing payment & e-money services. The BRSA Communiqué includes provisions on independent audit of IT systems. In that respect, the Draft Communiqué refers expressly to the regulation on IT systems and its audit for banks.
(c) The CBRT Activities Regulation
In short: The CBRT, with an established experience of regulating certain banking transactions, introduces itself to the regulatory and supervisory role for the payment&securities settlement system operators. Signs are that the CBRT intends to play an active role in regulating and supervising the system activities.
The CBRT Activities Regulation sets out the rules and procedures for payment and securities settlement systems operators' activities. Accordingly, in accordance with the clearance and settlement definitions under the law, any system including at least three participants and where at least clearance or settlement activities are conducted may be defined as a system, thus be subject to licensing requirements. As per the CBRT Activities Regulation, system operators shall sign a uniform system agreement with all system participants, the content of which shall be approved by the CBRT. This means that all system operators shall submit their uniform agreements to the CBRT to get its consent on their proposed agreement. The system operators shall also set out the system rules. Any structural changes to such rules shall also be subject to the CBRT approval. The CBRT Activities Regulation also provides the necessary requirements for obtaining licences and the necessary qualifications of board members. Rules pertaining to risk management, information systems, outsourcing and audit are also provided under the CBRT Activities Regulation. Interestingly, while transfer of shares in a system operator is subject the CBRT approval, the transfer of operations and assets from a system operator to another is also subject to the CBRT approval.
(d) The CBRT Supervision Regulation
In short: The CBRT Supervision Regulation gives the CBRT, for the first time in its history, the power to make physical inspections over the regulated system operators.
Under the CBRT Supervision Regulation, the CBRT may classify certain systems in accordance with their importance and provide differing supervision methods for different classes of systems. The regulation also provides the CBRT with the right to request an independent audit of system operators' information systems, as done in banks. In case of any irregularities with the Law or the secondary legislation, the CBRT is able to take the measures indicated in the Law for preserving the well-functioning of the system operators.
(e) System operators designated by the CBRT
On March 2014, the CBRT, has determined the systems which fall under the scope of the Payment Services Law. Accordingly systems operated by the CBRT itself, Interbank Check Clearing House (Bankalararası Takas Odaları Merkezi), Istanbul Settlement and Custody Bank – Takasbank (Istanbul Takas ve Saklama Bankası A.Ş.), Central Registry Agency – CRA (Merkezi Kayıt Kuruluşu A.Ş. – MKK) as well as the Interbank Card Center (Bankalararası Kart Merkezi A.Ş. – BKM) have been defined as payment and securities settlement systems falling within the scope of the Payment Services Law.
While the Payment Services Law, the secondary legislation issued by the BRSA and the CBRT include provisions applicable to non-bank institutions which will provide payment&e-money and system operation services such provisions are often derived from similar rules applicable to banks. Thus, non-bank institutions willing to obtain their licenses for payment & e-money services will need to improve their corporate and operational structure in order to comply with the relevant requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.