ARTICLE
14 February 2022

Turkey's Capital Markets Board Issues New Regulation On Method For Remote Identification And The Establishment Of Contractual Relationships In The Electronic Environment

GT
Gen Temizer

Contributor

Gen Temizer logo
Gen Temizer is a leading independent Turkish law firm located in Istanbul's financial centre. The Firm has an excellent track record of handling cross-border matters for clients and covers the full bandwidth of most complex transactions and litigation with its cross-departmental, multi-disciplinary and diverse team of over 30 lawyers. The Firm is deeply rooted in the local market with over 80 years of combined experience of the name partners while providing the highest global standards of legal services.
Explore Firm Details
Turkey's Capital Markets Board ("CMB") recently issued two regulations for remote identification and the establishment of contractual relationships in the electronic environment: the Communiqué on ...
Turkey Corporate/Commercial Law
Gen & Temizer Ozer Law Firm
Your Author LinkedIn Connections

February 2022 – Turkey's Capital Markets Board ("CMB") recently issued two regulations for remote identification and the establishment of contractual relationships in the electronic environment: the Communiqué on Remote Identification Methods to be Used by Intermediary Institutions and Portfolio Management Companies and the Establishment of Contractual Relationships in Electronic Media III-42.1 ("Communiqué III-42.1"), and the Communiqué Amending the Communiqué on Documentation and Record-Keeping Systems Regarding Investment Services and Activities and Ancillary Services ("Communiqué III-45.1.b").

These two regulations allow the relations between intermediary institutions and portfolio management companies and their customers to be established either in written form or by using remote communication tools. Accordingly, contracts can be concluded by verifying the identity of the customer over information or electronic communication devices within the framework determined by the CMB. By allowing for such means, Communiqué III-42.1 has introduced a new method for the conclusion of contracts in addition to written form, which had been the default method as set by law. In addition, the CMB has also introduced various amendments through Communiqué III-45.1.b in order to catch up with new developments in this area and to meet emerging needs in practice.

Both regulations come into force one month after their publication and together introduce a new method for electronic identification and the conclusion of contracts at a distance. The CMB has also introduced an identity verification application for activities to be carried out in the electronic environment.

Below we highlight the main changes introduced by both Communiqués.

1) Communiqué III-42.1

Rules regarding system security have been determined

Among the things that intermediary institutions and portfolio management companies must do to ensure system security are as follows:

  • review the implemented remote identification procedure at least twice a year;
  • comply with the provisions of Law No. 5549 on the Prevention of Laundering Proceeds of Crime and Personal Data Protection Law No. 6698;
  • ensure that only biometric data of sensitive personal data is used for remote identification of persons and that their explicit consent is recorded in the electronic environment.

Requirement to obtain application forms from customers before video calls is introduced

According to Communiqué III-42.1, customers' applications during the remote identification process must be received via a form completed electronically prior to the video call. Accordingly, Communiqué III-42.1 also lists the types of information on the relevant individual to be included in the received form (name and surname, address, signature sample etc.).

Minimum conditions for the completion of remote identification and contract establishment have been determined

Following remote identification, verbal approval must be obtained from the individual concerned regarding her/his approval to become a client of an intermediary institution or a portfolio management company.

Accordingly:

  • the intermediary institution or portfolio management company must transmit all the terms of the contract in the electronic environment to the customer in a manner in which the customer can read it;
  • the contract must be signed with a secret, customer-specific encryption key specified in the Document Registration Communiqué and be sent to the intermediary institution or the portfolio management company;
  • the intermediary institution or portfolio management company must ensure that the content of the contract communicated to the customer and the content of the contract signed by the customer is the same.

All types of contracts—such as guarantees, sureties, or assignments—that regulate the relations between intermediary institutions or portfolio management companies and customers that are made in compliance with the above-mentioned conditions are deemed to have been established in written form.

Responsibility regime on the possible risks that may arise from the remote identification process has been established

In the event of an objection with respect to any transaction creating an obligation to the related parties or a third party, the burden of proof is on the intermediary institution or the portfolio management company. Likewise, it is also the responsibility of the latter to ensure that the solutions used for remote identification are conducted in a way that minimises the risk of misidentification.

2) Communiqué III-45.1.b

Framework agreements executed with customers can be conducted via electronic media

Agreements to be concluded via electronic media should be conducted in compliance with Communiqué III-42.1, and a copy of the same or access to such agreement on electronic media should be provided to the customer.

Identity authentication application has been introduced

Intermediary institutions must implement the Identity Authentication Mechanism ("Authentication") for their investment services and activities provided to their customers. The Authentication to be used must consist of at least two independent components (i.e., components that the customer either knows or owns, or that has a biometric characteristic).

In relation to the Authentication, a verification code must be provided to the customer. Such verification code:

  • will be generated as disposable;
  • will be signed with a secret encrypted key assigned to the customer;
  • must not provide access to the information included in the authentication application;
  • must enable the use of several verification codes through the existing code.

The intermediary institution must also perform several functions to preclude any unsuccessful Authentication attempts.

Time for account extracts requested to be delivered to customers has been decreased

The delivery time of account extracts to customers has been decreased from seven working days to five working days.

Retention period for electronic records has been amended

While the storage period for voice recordings was foreseen as three years in the relevant article, the mandatory retention period for all documents, including voice recordings and those obtained during the remote identification process, has been set at 10 years by Communiqué III-45.1.b.

*This summary has been prepared from publicly available sources and does not constitute legal or other advice. Please contact us for more detailed information or legal advice on the subject.

1160754a.jpg

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Gen & Temizer Ozer Law Firm
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More