1 Legal framework

1.1 Which legislative and regulatory provisions govern the banking sector in your jurisdiction?

The main legislative and regulatory provisions that govern the Turkish banking system are as follows:

  • the Banking Law (5411);
  • the Law on the Central Bank of the Turkish Republic (1211);
  • the Capital Markets Law (6362);
  • the Commercial Code (6102);
  • the Code of Obligations (6098);
  • the Mortgage Law (5582);
  • the Bank Cards and Credit Cards Law (5464);
  • the Financial Leasing Law (3226);
  • the Law on the Protection of the Value of the Turkish Currency (1567); and
  • other applicable laws and regulations.

1.2 Which bilateral and multilateral instruments on banking have effect in your jurisdiction? How is regulatory cooperation and consolidated supervision assured?

In the Turkish banking system, regulatory cooperation and consolidated supervision are assured by the Banking Regulation and Supervision Agency (BRSA). The Savings Deposit Insurance Fund, the Capital Markets Board, the Undersecretariat of the Treasury, the Central Bank and the Financial Crimes Investigation Board are other significant institutions.

The lead bank regulator is the BRSA. It regulates the operations of the institutions that are subject to its supervision and carries out the functions of supervision and enforcement in a safe and sound manner. The BRSA acts in a way that is compatible with the practices of foreign supervisory authorities. It also has connections with multinational institutions such as the World Bank, the International Monetary Fund and the World Trade Organization. Furthermore, the BRSA is a member of institutions such as the Basel Committee on Banking Supervision, the Islamic Financial Services Board and the Standing Committee on Supervisory and Regulatory Cooperation (Auditing and Cooperation Committee).

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers (including sanctions) do they have?

The BRSA is responsible for enforcing applicable laws and regulations. The BRSA, as per Article 93 of the Banking Law, is authorised to issue regulations and communiqués for the implementation of the Banking Law. It makes national regulations in line with international standards, and applies EU directives, Basel II and International Accounting Standards.

The BRSA prepares regulations and communiqués regarding banking. It may make changes to the legislation according to the evolving needs of the sector. In case of uncertainty about regulatory activities, it assists in identifying solutions by providing opinions. The BRSA has the authority to implement both prudential and conduct supervision. It has the power to ask the relevant institution to take necessary measures after an audit. According to Articles 146 and 149 of the Banking Law, the BRSA is entitled to impose financial penalties and certain extreme sanctions on banks. Additionally, Articles 150 and 161 of the Banking Law state that shareholders and members of the board of directors can also be subject to sanctions and penalties.

The Central Bank is responsible for managing monetary and exchange rate policies in Turkey. It is responsible for:

  • achieving and sustaining price stability and financial stability;
  • determining the exchange rate regime;
  • printing and issuing banknotes; and
  • overseeing payment systems.

1.4 What are the current priorities of regulators and how does the regulator engage with the banking sector?

The current priority of the regulators is to deal with the detrimental economic effects of the COVID-19 pandemic. The pandemic has put significant pressure on the Turkish economy and is affecting almost all institutions in Turkey. Currently, the regulators are trying to consolidate the Turkish banking system and minimise the detrimental effects of the pandemic.

2 Form and structure

2.1 What types of banks are typically found in your jurisdiction?

According to Turkish law, banks are categorised as either deposit banks or development and investment banks. Deposit banks consist of:

  • state-owned banks;
  • privately owned banks;
  • banks under the Savings Deposit Insurance Fund; and
  • foreign banks.

2.2 How are these banks typically structured?

There is no uniform structure of banks in Turkey; instead, each bank adopts the organisational structure that will allow it to provide the best service to its customers and benefit from the expertise of its staff at the highest level. However, the main structure is the same, as all banks are joint stock companies. The highest decision-making body of banks is the general assembly.

As with other organisations, the highest body at the management level of banks after the general assembly is the board of directors. The board of directors may delegate credit extension authority to the credit committee or the general directorate within the framework of the procedures and principles to be determined by the Banking Regulation and Supervision Agency (BRSA). The general directorate is the largest executive body of banks and can also use its delegated credit allocation authority through other units, regional offices and branches.

The audit committees of banks are regulated under Article 24 of the Banking Law. This body monitors the bank's compliance with banking principles and legislation; while the board of auditors is responsible for identifying differences and deviations between the bank's goals and practices and the reasons therefor.

2.3 Are there any restrictions on foreign ownership of banks?

According to Articles 10 and 48 of the Turkish Constitution, banking entities established in Turkey must enjoy equal treatment. Therefore, the same rules as apply to banks based in Turkey will apply to foreign entities that seek to operate a bank by setting up a subsidiary. This is further supported by Article 3 of the Foreign Direct Investment Law (4875), which states that foreign investors must be treated equally to domestic investors. However, foreign banks and financial institution shareholders must submit several additional documents when applying for permission to establish in Turkey.

2.4 Can banks with a foreign headquarters operate in your jurisdiction on the basis of their foreign licence?

Banks with a foreign headquarters can operate in Turkey by opening a branch, which will be subject to Articles 6 and 9 of the Banking Law. Provided that the conditions stipulated in the Banking Law are fulfilled, permission will be granted by decision taken by the vote of at least five of the seven BRSA board members. According to Article 9 of the Banking Law, any bank established abroad that seeks to operate in Turkey by opening a branch within the framework of the principles and procedures set out by the BRSA must meet the following conditions:

  • Its primary activities must not be prohibited in the country in which it is headquartered;
  • The supervisory authority in the country in which it is headquartered should not have a negative view of its proposed operation in Turkey;
  • The paid-in capital reserved for Turkey should not be less than the amount indicated in Article 7 of the Banking Law;
  • The members of the board of directors should have adequate professional experience to be able to satisfy the requirements laid down in the corporate governance provisions and to conduct the planned activities;
  • It must submit an activity programme indicating work plans for the fields of activity covered by the permission, a budgetary plan for the first three years and details of its structural organisation; and
  • The group including the bank must have a transparent partnership structure.

Banks with foreign headquarters can open a representative office with the permission of the BRSA, provided that they do not accept deposit or participation funds and operate according to the principles determined by the BRSA.

3 Authorisation

3.1 What licences are required to provide banking services in your jurisdiction? What activities do they cover?

An establishment permit and operation licence must be obtained from the Banking Regulation and Supervision Agency (BRSA) to establish a bank or a branch of a foreign bank, and to carry out banking, financial leasing and/or factoring activities in Turkey.

Upon obtaining a licence for banking services, a bank may carry out the following activities:

  • accepting participation funds and deposits;
  • conducting lending activities such as cash or non-cash loans, and providing factoring and financial leasing services;
  • providing capital market-related services such as issuance or public offerings of capital markets instruments and conducting foreign exchange and derivative transactions;
  • trading money market instruments and carrying out foreign exchange transactions;
  • providing investment counselling services;
  • providing insurance agency and individual private pension fund services; and
  • conducting other activities to be determined by the BRSA.

However, the activities that may be carried out may vary depending on the type of bank.

3.2 What requirements must be satisfied to obtain a licence?

The establishment permit requirements set out in Article 7 of the Banking Law are as follows:

  • The bank should be established as a joint stock company;
  • Its shares should be issued against cash and to name;
  • The founders must meet the necessary requirements;
  • The members of the board of directors must hold the qualifications set out in the corporate governance provisions in the Banking Law, and must have the professional experience required to carry out the planned activities;
  • The bank's envisaged fields of activity must be harmonised with its planned financial, managerial and organisational structure;
  • The minimum share capital must not be less than TRY 30 million;
  • The articles of association must comply with the provisions of the Banking Law;
  • There should be a transparent and open partnership structure and organisational chart;
  • There should be no element that hampers its consolidated supervision; and
  • The work plans for the envisioned fields of activity and the projections regarding the financial structure of the institution – including capital adequacy, the budgetary plan for the first three years and an activity programme including internal control, risk management and internal audit systems showing the structural organisation – must be submitted.

A bank that obtains an establishment permit must satisfy the following requirements to commence operations:

  • Its capital must be paid up in cash and should be at a level to carry out the planned activities;
  • The applicant must provide a document stating that at least one-quarter of 10% of the minimum capital specified in Article 10/2(b) of the Banking Law has been deposited in the Savings Deposit Insurance Fund before commencing operations, as the fee for the founders to enter the system, and a commitment document stating that the remainder will be paid into the fund in three monthly instalments;
  • It must comply with corporate governance provisions and have sufficient personnel and technical equipment;
  • The managers must have the qualifications specified in the corporate governance provisions; and
  • The BRSA must be of the opinion that the bank has the necessary qualifications to carry out the proposed activities.

3.3 What is the procedure for obtaining a licence? How long does this typically take?

The applicant must first prepare its application for an establishment permit for submission to the BRSA. According to Article 4 of the Regulation on Operations of Banks Subject to Permission and Indirect Shareholding (‘Permission Regulation'), the applicant must provide several documents and pay a system entrance fee equal to 10% of its paid-up capital in cash. The necessary documents for opening the first branch of a foreign bank are stated in Article 5 of the Permission Regulation. Both articles state that the BRSA has the right to request additional documents. The establishment permit must be approved by at least five of the seven BRSA board members.

After obtaining an establishment permit, an operation licence must be obtained from the BRSA in line with Article 7 of the Permission Regulation. The application for an operation permit must be submitted within nine months of the date of publication in the Official Gazette of the BRSA's decision regarding the establishment permit. An operation permit fee of TRY 423,536 (regulated under Tariff 8, attached to the Law of Fees (492)) must also be paid, both during the operation permit application process and for each year of banking activities. After the BRSA has conducted its evaluation in line with Article 7 of the Permission Regulation, it will grant operating permission within three months of the date of receipt of the application for permission. The permissions given become valid from the date of publication in the Official Gazette.

4 Regulatory capital and liquidity

4.1 How are banks typically funded in your jurisdiction?

Turkish banks are funded through several different sources. While the primary sources of funding are equity share capital and borrowed funds, banks also raise funds through issuing bonds, debentures, cash certificates and so on.

4.2 What minimum capital requirements apply to banks in your jurisdiction?

According to Article 7 of the Banking Law, a bank's fully paid-in capital stock should be at least TRY 30 million. It is also possible to accept higher amounts of establishment capital than 25% of the fully paid-in capital stock of TRY 30 million. However, this rule is valid for new banks only; there is no obligation for banks in operation to increase their capital to this amount.

At the same time, the Banking Regulation and Supervision Agency requires a fully paid-up capital of at least $300 million for a new commercial banking licence.

4.3 What legal reserve requirements apply to banks in your jurisdiction?

According to the Communiqué on Reserve Requirements (Official Gazette 25 December 2013, No 2013/15), based on Article 40-II of the Law on the Central Bank of the Republic of Turkey as amended by the Banking Law, banks must maintain required reserves at the Central Bank for their liabilities.

Based on the accounting standards and recording order to which banks are subject, the following balance-sheet items constitute Turkish lira and foreign currency liabilities subject to reserve requirements as per Article 4 of the Communiqué on Reserve Requirements:

  • deposit/participation fund;
  • funds from repo transactions;
  • borrowings;
  • securities issued;
  • debt instruments not included in the capital calculation;
  • payables from credit card payments; and
  • funds of borrowers.

Some exclusions and discounts apply to the above. The required reserve ratios in Turkish lira and foreign currency are regulated in Article 6 of the Communiqué on Reserve Requirements. According to Article 8 of the communiqué, required reserves must be met within 14 days. This period starts on Friday two weeks after the date on which the liabilities are calculated and ends on the Thursday of the second week. The Central Bank may change the calculation period of required reserve liabilities and the maintenance period of required reserves, provided that this is announced in advance.

5 Supervision of banking groups

5.1 What requirements apply with regard to the supervision of banking groups in your jurisdiction?

According to Article 65 of the Banking Law, the Banking Regulation and Supervision Agency (BRSA) is entitled to supervise and regulate the Turkish banking system. Before the BRSA's establishment, supervision operations were conducted by the Treasury and the Central Bank. After the establishment of the BRSA in 1999, the supervisory powers and responsibilities were transferred to the BRSA.

The BRSA performs duties regarding the supervision of the banking system in accordance with the Banking Law and other relevant laws and regulations. Furthermore, it determines the appointment of independent audits. Audits are carried out annually, quarterly and when necessary. The BRSA has the power to obtain all documents and records of banks and their subsidiaries, and maintains continuous communications between audit teams and bank representatives at different levels. The BRSA has the right to send its authorities to the general assembly meetings of banks. The BRSA also has the power to implement both prudential and conduct supervision. It has the power to ask the relevant institution to take necessary measures after an audit, as stated in Articles 67 to 72 of the Banking Law. According to Articles 150 and 161 of the Banking Law, the BRSA can impose sanctions not only on banks, but also on the administration and the board of directors. In practice, the BRSA does not frequently implement remedial and corrective actions. In general, the BRSA tends to apply administrative fines.

In addition, according to Article 66 of the Banking Law, the following shall be subject to consolidated supervision:

  • the parent company, subject to limitations and standard ratios on a consolidated basis;
  • domestic and foreign subsidiaries;
  • jointly controlled undertakings; and
  • branches and representative offices.

5.2 How are systemically important banks supervised in your jurisdiction?

The Regulation on Systemically Important Banks (Official Gazette of 23 February 2016, No 29633) lays down the procedures and principles on the identification of systemically important banks and the measurement and evaluation of their capital adequacy. It aims to ensure that these banks have sufficient capital to balance their losses in relation to the possible risks to which they are exposed. These banks are divided into three groups, which represent their systemic significance based on their overall score. Different capital levels and requirements apply to each group. The threshold scores and group score ranges that will determine whether a bank is systemically important are set by the BRSA. Banks identified as systemically important must have systemic bank buffers for the following year. In addition to the core capital requirement, these banks must keep additional core capital, determined according to the systemically important bank buffer ratio corresponding to the group in which the bank is categorised.

The BRSA also has the authority to change the grouping of systemically important banks and to add or remove a bank by evaluating other issues of relevance.

5.3 What is the role of the central bank?

The Central Bank commenced operations in 1930 in accordance with the Law on the Central Bank of the Turkish Republic. Its main goals are to achieve and maintain price stability and foreign exchange rate stability. The Central Bank directly determines the monetary policy and tools to be used for this purpose – in other words, it has unique, completely independent ‘sui generis' legal status. It is responsible for:

  • determining monetary policy and instruments;
  • protecting the value of the Turkish lira;
  • issuing banknotes;
  • granting advances to the Savings Deposit Insurance Fund;
  • advising the government;
  • managing official gold and foreign exchange reserves; and
  • monitoring financial markets.

6 Activities

6.1 What specific regulations apply to the following banking activities in your jurisdiction: (a) Mortgage lending? (b) Consumer credit? (c) Investment services? and (d) Payment services and e-money?

(a) Mortgage lending?

  • The Turkish Civil Code (4721);
  • The Banking Law (5411);
  • The Mortgage Law (5582);
  • The Communiqué on Asset-Backed and Mortgage-Backed Securities (Official Gazette of 9 January 2014, No 28877); and
  • The Regulation on Rules and Procedures of Re-financing of Loans in the Scope of Housing Finance (Official Gazette of 29 September 2007, No 26658).

(b) Consumer credit?

  • The Law on Consumer Protection (6502);
  • The Bank Cards and Credit Cards Law (5464);
  • The Consumer Loan Agreements Regulation (Official Gazette of 22 May 2015, No 29363); and
  • The Regulations on the Amendments of Regulation on Banks' Loan Transactions (Official Gazette of 26 February 2019, No 30698).

(c) Investment services?

  • The Foreign Direct Investment Law (4875);
  • The Capital Market Law (6362);
  • The Communique on the Basis of Investment Services and Activities, Ancillary Services (Official Gazette of 11 July 2013, No 28704);
  • The Communiqué on the Principles of Investment Funds (Official Gazette of 9 July 2013, No 28702); and
  • The Communiqué Amending the Communiqué (Official Gazette of 12 March 2019, No 30712).

(d) Payment services and e-money?

  • The Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (6493);
  • The Regulation on Payment Services and Electronic Money Issuance and Payment Institutions (Official Gazette of 27 June 2014, No 29043);
  • The Communique on the Management and Supervision of Information Systems of Payment Institutions and Electronic Money Institutions (Official Gazette of 27 June 2014, No 29043); and
  • The Circular of the Banking Regulation and Supervision Agency (12509071-010.06.02-2)

7 Reporting, organisational requirements, governance and risk management

7.1 What key reporting and disclosure requirements apply to banks in your jurisdiction?

It is mandatory for banks to publish their annual year-end financial statements in the Official Gazette by the end of April each year. These statements must include both consolidated and non-consolidated year-end financial statements. A legal obligation arising from the Banking Law and the Regulation on Principles and Procedures of Accounting Practices of Banks and of Retention of Documents in Banks (Official Gazette of 1 November 2006, No 2633) (‘Accounting Regulation') also requires banks to submit these statements to the Banking Regulation and Supervision Agency (BRSA). Additionally, as per the Regulation on the Principles and Procedures Concerning the Preparation of and Publishing Annual Report by Banks (Official Gazette of 1 November 2006, No 26333), banks must publish their annual activity reports on their websites by the end of May each year following the relevant financial period. Another requirement arising from this regulation is that banks must keep their year-end and interim period financial statements on their websites for a five-year period.

In addition, the following must be submitted to the BRSA and the Banks Association and the Participation Banks Association of Turkey in electronic form as per the Accounting Regulation:

  • unconsolidated interim financial reports, within 45 days of the end of each quarter of the respective year; and
  • consolidated interim financial reports and a copy of balance sheets and income statements, within 30 days of the end of each month.

Moreover, the public disclosure of financial statements through the Public Disclosure Platform (Kamuyu Aydýnlatma Platformu) is another requirement for banks that conduct capital markets activities as per Communiqué II-14.1 issued by the Capital Markets Board (CMB).

7.2 What key organisational and governance requirements apply to banks in your jurisdiction?

According to Article 22 of the Banking Law, the structure, processes and principles on the corporate governance of banks are determined by the BRSA, taking into account the opinions of the CMB and its associations. The Regulation on the Principles of Corporate Governance of Banks (Official Gazette of 1 November 2006, No 26333) is another key regulation that sets out the organisational and governance requirements for banks.

Turkish banks must establish:

  • a board of directors;
  • a corporate governance committee;
  • a remuneration committee;
  • an audit committee;
  • an internal systems unit;
  • a compliance unit in relation to compliance with anti-money laundering legislation; and
  • a credit committee (if the board of directors delegates its credit-related duties).

There must be at least five members (including the general manager) of the board of directors. Board members should have qualifications such as professional competence, independence and efficiency, as per the Banking Law.

The audit committee, to be established by the board of directors, must have at least two members. Members will be appointed from among the board members, but cannot have an executive position. Qualifications such as professional competence, independence and efficiency are also required for the members of the audit committee.

According to Article 25 of the Banking Law, general managers must have a bachelor's degree in law, economics, finance, banking or business administration, or related fields, or an undergraduate degree in engineering together with a graduate degree in one of these fields, together with 10 years of professional experience in banking or business administration. Deputy general managers must have at least seven years of professional experience; and at least two-thirds of the deputy general managers of a bank must have at least an undergraduate degree in one of the above fields.

7.3 What key risk management requirements apply to banks in your jurisdiction?

Banks must establish and implement their risk policies as set by the BRSA, which regulates the main principles for the risk management systems of banks.

Under the Regulation on the Internal Systems of Banks (Official Gazette of 28 June 2012, No 28337), the measurement, monitoring, control and reporting of risks are defined as risk management activities. In accordance with the risk evaluation of the internal audit unit, the implementation of an internal audit system is required. The following will be taken into account in determining the risk management policy and implementation procedures under the regulation:

  • strategies and implementation policies regarding the bank's activities;
  • compliance with the volume, nature and complexity of the activities and level of risk that may be taken;
  • risk monitoring and management capacity;
  • previous experience and performance;
  • levels of specialisation of the managers of the bank's different units; and
  • obligations under the Banking Law and other applicable legislation.

The limits for quantifiable risks – such as credit, market, interest rate and liquidity risk – arising from the bank's activities must be determined by banks and are subject to the BRSA's approval. The main parameters for banks in determining these risk limits include:

  • the level of risk to be taken;
  • the bank's activities;
  • the size and complexity of the bank's products and services;
  • the bank's staff and departments; and
  • the bank as a whole or the group of which it is a member.

7.4 What are the requirements for internal and external audit in your jurisdiction?

The main principles for internal and external audits are set out in the Banking Law. Other regulations that specify the procedures and principles of internal and external audits include:

  • the Regulation on the Internal Systems of Banks;
  • the Regulation on Independent Audits of Banks (Official Gazette of 2 April 2015, No 29314); and
  • the Regulation on Bank Information Systems and Banking Processes Audits to be Performed by External Audit Institutions (Official Gazette of 13 January 2010, No 27461).

Banks must establish an internal audit system covering the consolidated accounts of all units, branches and subsidiaries, to ensure compliance of banking activities with the legislation, articles of association, internal regulations and banking principles.

At least once every three months, an internal audit report – which must be independent and prepared by an adequate number of auditors, exercising due professional care – must be submitted by the internal audit unit and the authorised inspector to the board of directors.

According to Article 33 of the Banking Law, a list of independent audit firms is issued by the BRSA. If an independent audit firm detects any matters that may endanger the existence of the bank or suggest that the managers have violated the Banking Law or articles of association during the audit, it must inform the BRSA immediately.

8 Senior management

8.1 What requirements apply with regard to the management structure of banks in your jurisdiction?

According to the Regulation on the Corporate Governance Principles of Banks (Official Gazette of 1 November 2006, No 26333), banks may determine their corporate governance structures and processes based on the principles included in the annex to the regulation. In determining corporate governance structures and processes, the activities and structure of the bank must be considered, and the principles and procedures set out in the Banking Law and the regulations issued thereunder must be followed. The basic principles stated in the regulation include the following:

  • The corporate values and strategic goals must be determined;
  • The vision and mission of the bank must be determined;
  • The board of directors must determine the strategies which direct the bank's ongoing business and establish ethical principles to guide its own activities and those of senior management and other employees; and
  • Authorisations and obligations must be directly determined and implemented.

8.2 How are directors and senior executives appointed and removed? What selection criteria apply in this regard?

There are no specific regulations on the appointment or removal of directors or senior executives in the Banking Law. Therefore, as banks are joint stock companies, the provisions of the Turkish Commercial Code will apply. According to Article 363 of the code, in case of a vacancy on the board of directors, the board must elect a new person as a temporary member and submit this for approval at the first general assembly. Upon approval, the new member will complete the term of his or her predecessor. Article 363 also states that if any member of the board of directors loses the legal requirements for membership or the qualifications stipulated in the articles of association, he or she will be dismissed from the board of directors. Even if the members of the board of directors are appointed by the articles of association, they can always be dismissed by decision of the general assembly in case of a relevant agenda or for just cause, even if there is no relevant agenda.

According to Article 370 of the code, the board of directors may delegate its representative authority to one or more managing directors or third parties as directors. At least one member of the board of directors must have the power of representation. The board of directors may appoint those who are affiliated with the company with an employment contract as senior executives or other managers with limited authority as per Article 370 of the code.

According to Article 4-5-6-7 of the Regulation on the Directors of Banks (Official Gazette of 1 November 2006, No 26333), the Banking Regulation and Supervision Agency (BRSA) must be notified within seven business days of the election or appointment of directors or senior executives. The notification must include several documents containing information required for the position.

Members of the board of directors and members and the chairman of the board of managers must take an oath upon their election or appointment and before commencing their duties. The general manager, who is an ordinary member of the board of directors, and the persons who will represent him or her must take an oath as per Article 9 of the Regulation on the Directors of Banks. The oath must be taken in the commercial court and the document prepared thereafter sent to the BRSA. According to Article 10 of the regulation, directors and senior executives must declare their property.

For non-executive board members to be elected to the audit committee, several other requirements must be satisfied as stated in Decision 1918 of the BRSA Board of 4 July 2006.

8.3 What are the legal duties of bank directors and senior executives?

The legal duties of bank directors and senior executives are regulated under the Regulation on Corporate Governance. Directors and senior executives must perform their duties in a fair, transparent, accountable and responsible manner. The regulation imposes the following obligations on directors and senior executives:

  • to ensure that the bank's business is carried out within the framework of its mission, vision, goals and policies;
  • to act in accordance with the financial and operational plans approved by the board of directors;
  • to comply with the Banking Law, regulations issued thereunder and other legislation, articles of association and in-bank regulations;
  • not to accept gifts, directly or indirectly, or provide an unfair advantage in relation to the bank's business;
  • to ensure transparency in corporate governance;
  • to ensure that remuneration policies are in line with the ethical values, strategic goals and internal balances of the bank; and
  • to observe customer rights in the marketing of bank products and services, and during the service relationship.

8.4 How is executive compensation in the banking sector regulated in your jurisdiction?

On 31 March 2016, the BRSA published the Guide on Good Remuneration Practices in Banks to provide a better salary system for bank employees, including executives and qualified staff. The guide sets out principles and minimum standards to follow in determining all kinds of material benefits for bank employees and managers.

9 Change of control and transfers of banking business

9.1 How are the assets and liabilities of banks typically transferred in your jurisdiction?

Article 19 of the Banking Law requires permission from the Banking Regulation and Supervision Agency (BRSA) for the transfer of assets and liabilities of banks. It further states that if the relevant bodies of banks do not make a decision and commence procedures in accordance with Articles 7, 11, 15 and 19 of the Regulation on the Merger, Transfer, Division and Share Exchange of Banks within three months of receiving permission, the permission will be null and void.

Following the transfer procedure, all assets and liabilities will be transferred to the transferee bank, the legal person statuts of the transferor bank will be annulled and the transferor bank will be deleted from the Commercial Register.

9.2 What requirements must be met in the event of a change of control?

According to Article 18 of the Banking Law, the following types of share acquisitions require the BRSA's approval:

  • the direct or indirect acquisition of shares representing 10% or more of the capital of a bank;
  • the direct or indirect acquisition of shares representing or exceeding 10%, 20%, 30% or 50% of the capital of a bank; and
  • a reduction on shareholding below 10%, 20%, 30% or 50% of the capital of a bank.

Article 18 states that, irrespective of the percentage of the share acquisition or transfer, approval from the BRSA is required for the issue or transfer of privileged shares, which confer the right to appoint a member to the board of directors or the audit committee. As a condition to obtaining the BRSA's permission, the transferee must pay a transfer fee equal to 1% of the nominal value of the shares to be transferred in all transfers of bank shares to the Savings Deposit Insurance Fund (SDIF).

Shareholders with qualified shares must meet the criteria applicable to founders. Shareholders with qualified shares that no longer meet those criteria will not benefit from shareholder rights, other than dividends.

Where such shares are transferred without the permission of the BRSA, the shareholder rights stemming from these shares, other than dividends, become exercisable by the SDIF.

10 Consumer protection

10.1 What requirements must banks comply with to protect consumers in your jurisdiction?

Given the current structure of the Turkish financial system, the Banking Regulation and Supervision Agency (BRSA), the Capital Markets Board (CMB), the Treasury, the Central Bank and the Savings Deposit Insurance Fund (SDIF) are considered as responsible and relevant institutions for the protection of financial consumers.

Within the framework of consumer protection, the Financial Consumer Relations Department – a subsidiary of the BRSA – was established for the sole purpose of evaluating consumer information requests and resolving their complaints. Public institutions and organisations, financial institutions, professional associations and non-governmental organisations are all relevant parties in this regard.

There are no specific regulations on the protection of financial consumers in Turkey. However, special provisions on financial products and services are included within the legal regulations on consumer protection. In addition to general issues relating to consumer protection, financial products and services are covered by special provisions in the Consumer Protection Law (6502). For instance, according to Article 4 of the law:

an additional fee cannot be claimed from the consumer for the acts that are among the legal obligations of the party drafting the contract and which the consumer rightly expects relative to the good or service presented to the consumer, and for the expenses made in line with the benefits of the party drafting the contract. All types of fees, commissions and expenses that will be claimed from the consumer, other than interest, and the principles and rules related to such for goods or services provided to the consumer by banks, financial institutions offering consumer credits or issuing cards, shall be regulated by the Banking Regulation and Supervision Agency, obtaining the opinion of the Ministry, in line with the spirit of this Law and in a manner that protects the consumer.

In this context, the Regulation on Procedures and Principles Regarding the Fees to be Received from Financial Consumers (Official Gazette of 3 October 2014, No 29138), which was published by the BRSA, introduced important changes regarding banking fees which have since been the subject of intense complaints.

In addition to the Consumer Protection Law, many laws and sub-regulations – especially the Banking Law, the Bank Cards and Credit Cards Law (5484) and the Insurance Law (5684) – contain provisions that protect the rights and interests of financial consumers. This fragmented structure is also reflected in the public institutions that are responsible for protecting financial consumers. The financial markets are variously regulated and supervised by the BRSA, the CMB, the Treasury and the Central Bank. As a result, responsibility and authority for the protection of financial consumers are shared among these institutions and organisations. It is very important for these organisations to engage in strong cooperation and coordination during regulatory and policy development. The Financial Stability Committee plays an important role in this regard.

Customer orientation rating (Müþteri Odaklýlýk Derecesi) (COR) is a tool that can be used to evaluate the performance of financial institutions, creating a consumer satisfaction index based on consumer complaints. In this context, the BRSA has developed a COR to compare banks' compliance with banking principles on individual service and product delivery. The COR measures banks' level of transparency and fairness towards financial clients, with the aim of minimising the information asymmetry between banks and customers – in particular, in relation to:

  • individual financial services;
  • the prices of products and services marketed to consumers;
  • interest rates;
  • early payment terms; and
  • the enforcement of contractual violations.

The COR is an evaluation system created by harmonising foreign applications with local needs and covers four main topics:

  • the adequacy of disclosures and information provided by the bank;
  • fair pricing principles;
  • the quality of customer relations management; and
  • consumer perception research results.

10.2 How are deposits protected in your jurisdiction?

According to Article 63 of the Banking Law, the savings deposit and participation funds belonging to real persons with accounts held in credit institutions are insured by the SDIF, in an amount which is decided by the SDIF Board with the approval of the Central Bank, the BRSA and the Treasury. For 2020, saving deposits and participation funds which have not arisen from commercial transactions are insured up to TRY 100,000 per individual. The tariff, collection time, method and other conditions of the risk-based insurance premium are established by the SDIF upon consulting the BRSA.

11 Data security and cybersecurity

11.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for banks?

While the main rules on data protection are set out in the Law on Protection of Personal Data (6698) (Official Gazette of 7 April 2016, No 29677), Article 73 of the Banking Law also includes specific regulations regarding banking activities.

Article 73 of the Banking Law regulates ‘customer secrets', defined as data of natural and legal persons which is gathered after they have entered into a customer relationship with a bank specific to banking activities. Given that the definition of ‘personal data' included in the Law on Protection of Personal Data covers only information relating to natural persons, banks must take the definition of ‘customer secrets' set out in the Banking Law seriously. According to Article 73, customer secrets cannot be disclosed or transferred to any third party, located either in Turkey or abroad, without a request or instruction from the customer. Exemptions from this rule include the mandatory legal provisions in other laws and information that must be disclosed to certain ministries as listed in Article 73 of the Banking Law.

Additionally, the Banking Regulation and Supervision Agency (BRSA) is authorised to prohibit the transfer of customer secrets or bank secrets to third parties abroad after assessing the economic security of those customer secrets. The BRSA is authorised to issue decisions on the information systems used by banks to carry out their activities and their backups in Turkey.

11.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for banks?

In Turkey, cybersecurity is not regulated under a single legislative instrument, but is rather regulated under different sector-specific regulations. The Communiqué on the Principles to be Considered in Bank Information Systems Management (Official Gazette of 15 March 2020, No 31069) requires banks to establish cyberattack management and response processes, in order to address and track cyberattacks that take place as a result of cyber incidents. Banks must also:

  • establish an institutional cyberattack response team (ICART), composed of members with sufficient technical and operational skills; and
  • ensure that the current contact details of the ICART are notified to the BRSA and that cyberattacks are reported to the relevant management units.

The ICART is responsible for conducting routine penetration tests on computing assets and routinely monitoring track records through the record management system interface prior to any cyberattack. It is also responsible for managing the intervention of the information systems function and coordinating the relevant staff involved in this function in the event of a cyberattack.

In the event of a cyberattack that results in the breach or disclosure of personal data or sensitive data (which does not have the same meaning as ‘special categories of personal data' under the Law on the Protection of Personal Data), banks must notify their customers following an internal assessment.

12 Financial crime and banking secrecy

12.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for banks?

Most of the criminal law provisions are set out in the Criminal Law (5237). Other laws that contain provisions on financial crimes include:

  • the Law on the Prevention of Laundering Proceeds of Crime (5549);
  • the Anti-terror Law (3713);
  • the Law on the Prevention of the Financing of Terrorism (6415);
  • the Tax Procedural Code;
  • the Capital Markets Law (6362);
  • the Banking Law;
  • the Law on Asset Declaration and Fighting Against Bribery and Corruption (3628); and
  • the Anti-Smuggling Law (5607).

Article 282 of the Criminal Law and the Law on the Prevention of Laundering Proceeds of Crime govern the crime of money laundering and preventive measures. The general principles of the Criminal Procedure Law and the Law on the Prevention of the Financing of Terrorism govern terrorist financing.

Legal entities also face a fine of up to TRY2 million where money laundering, terrorist financing and other such crimes are committed by an individual within them. The following security measures specific to legal entities may also be imposed under Article 60 the Criminal Code:

  • revocation of a licence or permit;
  • confiscation of property or material interests;
  • imposition of administrative fines, as per Article 43/A of the Turkish Misdemeanour Code (5326); and
  • a prohibition against participating in public tenders.

12.2 Does banking secrecy apply in your jurisdiction?

With the exception of information belonging to third parties, documents and information – such as figures, tables, charts, programmes, budgets, projects, contracts, decisions and bank correspondence – which are not required to be disclosed and published according to law, and which do not have general and abstract features, constitute bank secrets. The Banking Law requires the protection of the secrets of banks, affiliates, subsidiaries and jointly controlled partners. The scope of their secrets includes:

  • their relationship with the bank;
  • financial, economic, cash and credit conditions; and
  • information and documents that must remain confidential, such as management principles, operating strategy, technical features of production, pricing policies, marketing tactics, income and expense situations, and market shares.

As customer secrets and bank secrets are protected under Article 73 of the Banking Law, breach of the confidentiality obligation specified in Article 73 of the Banking Law constitutes a criminal offence. Articles 159 and 161 of the Banking Law will apply to those who breach Article 73.

Additionally, the disclosure of bank secrets and customer secrets to unauthorised persons is also subject to penalties under Article 239 of the Turkish Criminal Law.

13 Competition

13.1 What specific challenges or concerns does the banking sector present from a competition perspective? Are there any pro-competition measures that are targeted specifically at banks?

The heavily regulated nature of the banking sector poses a challenge in terms of competition law. The main rules are set out in the Law on the Protection of Competition. Article 4 provides that decisions or agreements that restrict competition, concerted actions and associations of undertakings are unlawful. It applies to all such transactions that cause or are likely to result in a restriction of competition in terms of their purpose and effect. Concerted actions, on the other hand, will be examined by the Turkish Competition Board where the existence of an agreement between undertakings cannot be proven. Concerted actions include conscious coordination or consensus that aims to reduce or eliminate competition. The Turkish Competition Board has examined many claims of concerted actions in relation to file expenses and credit card interest rates. In its Decision 13-13/198-100 of 8 August 2013, the board investigated allegations of competition violations in the credit and credit card markets, and imposed administrative fines totalling TRY 1,116,957,468.76 on 12 banks.

Article 5 (abuse of dominant position) and 7 (control of anti-competitive mergers and acquisitions) of the Competition Law are also notable in this regard.

While there are no pro-competition measures that are targeted specifically at banks, the Banks Association and the Participation Banks Association of Turkey have stated that banks must safeguard ongoing trust in the banking sector, ensure its continued development and act in accordance with the spirit of competition law (Banking Ethical Principles of 20 August 2014).

14 Recovery, resolution and liquidation

14.1 What options are available where banks are failing in your jurisdiction?

If a bank has failed to take the measures outlined in question 14.2, if its liabilities exceed the total value of its assets or if a case mentioned in Article 71 of the Banking Law arises, the Banking Regulation and Supervision Agency (BRSA) may revoke its operating permissions or transfer the shareholder rights, except dividends, and the management and supervision of the bank to the Savings Deposit Insurance Fund (SDIF), for the purpose of transferring, selling or merging them, partially or fully, on condition that the loss will be deducted from the capital of the existing partners.

According to Article 106 of the Banking Law, if the permission of a bank is revoked, its management and supervision shall be transferred to the SDIF and the SDIF shall pay for the insured deposits and the insured participation funds, and seek the bank's direct bankruptcy, instead of the deposit and participation fund owners. If a bank is directly transferred to the SDIF, the relevant process described in Article 107 of the Banking Law will be followed.

14.2 What insolvency and liquidation regime applies to banks in your jurisdiction?

If a bank's assets are unlikely to meet its obligations, its profitability is insufficient to reliably perform its activities, its funds are inadequate under the provisions pertaining to capital adequacy or any of the above is likely to occur, the measures set out in Articles 68, 69 and 70 of the Banking Law must be taken. These measures can be corrective, restrictive or rehabilitative. If the bank does not take such measures, if its liabilities exceed the total value of its assets or if a case mentioned in Article 71 of the Banking Law arises, the BRSA may revoke its operating permissions or transfer the shareholder rights, except dividends, and the management and supervision of the bank to the SDIF, for the purpose of transferring, selling or merging them, partially or fully, on condition that the loss will be deducted from the capital of the existing partners.

According to Article 106 of the Banking Law, if the permission of a bank is revoked, its management and supervision shall be transferred to the SDIF and the SDIF shall pay for the insured deposits and the insured participation funds, and seek the bank's direct bankruptcy, instead of the deposit and participation fund owners.

If a bank is directly transferred to the SDIF, according to Article 107 of the Banking Law, the SDIF will exercise its powers in relation thereto under Article 71 of the Banking Law, in line with principles aimed at ensuring cost efficiency and maintaining the security and stability of the financial system. Within this framework, the SDIF may:

  • request termination of the operating permission of the bank, either partially or fully;
  • provide financial support and take over the losses; or
  • decide on other options as set out in Article 107 of the Banking Law.

15 Trends and predictions

15.1 How would you describe the current banking landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

While the Turkish economy was already struggling due to exchange rate issues, COVD-19 has now put the banking sector under severe strain. The Turkish government had introduced emergency regulations to protect the economy against the exchange rate issues, but the situation has now been exacerbated by the COVID-19 pandemic.

Although credit demands already exceeded the amounts that could be met by banks, the government has forced banks to grant more credit to the public in order to help the economy recover. It is still difficult to predict what regulations may be introduced to protect the banks or stimulate the economy, but due to the pandemic it is clear that the situation will remain difficult for the foreseeable future.

15.2 Does your jurisdiction regulate cryptocurrencies? Are there any legislative developments with respect to cryptocurrencies or fintech in general?

As the Banking Regulation and Supervision Agency (BRSA) stated in an announcement issued on 25 November 2013, cryptocurrencies are not e-money as defined under the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (6493), and thus are not regulated and audited by the BRSA. The BRSA issued its statement after the introduction of the law, which regulates payment and electronic money services. The law – in which the concept of electronic money was officially recognised for the first time – includes general provisions on payment and electronic money markets in parallel with EU directives. However, there are no provisions of Turkish law that currently prohibit or otherwise regulate cryptocurrencies.

On 28 July 2019, the Grand National Assembly of Turkey approved the 11th Development Plan, which aimed to create a digital central bank currency based on blockchain technology by 2023.

The Financial Crimes Investigation Board has also updated its Suspicious Transaction Reporting Guideline (11 September 2019) for the banking sector. According to the guideline, suspicious transactions include the following:

  • money transfers to customer accounts as a result of the sale of cryptocurrencies whose source is unknown or which are suspected to be inconsistent with the customer's financial profile; and
  • money transfers from customer accounts to domestic and foreign cryptocurrency stock markets or to the accounts of individuals or legal persons for the purpose of purchasing cryptocurrencies, at a frequency and in an amount which are inconsistent with the customer's financial profile.

If a profit is made by buying and selling cryptocurrencies, this will be regarded as commercial earnings in terms of the tax legislation and will be subject to income tax. The trading of cryptocurrencies is subject to value added tax (VAT) within the scope of Article 1 of the VAT Law (3065). Earnings generated by cryptocurrency companies will be subject to corporate tax.

Fintech institutions are subject to different regulations based on their activities. While the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions is the main statute that applies to payment activities, the Bank Cards and Credit Cards Law is the main statute that applies to credit and bank card activities. Know-your-customer and anti-money laundering regulations are set out in the Law on the Prevention of Laundering Proceeds of Crime (5549), among others.

On 15 March 2020, the BRSA announced the Regulation on Banks' Information Systems and Electronic Banking Services, which establishes the legal infrastructure of open banking. This will help both fintech companies and banks to design their systems and implement customised products and interfaces according to clients' needs.

16 Tips and traps

16.1 What are your top tips for banking entities operating in your jurisdiction and what potential issues would you highlight?

In recent years, the Turkish economy has not lived up to the expectations of the previous decade. The devaluation of the Turkish lira and the ongoing pandemic have prompted the government to take more drastic measures and introduce further regulation in the banking field. However, the crisis could also present a unique opportunity for foreign investment. Those entities that establish effective governance frameworks, that have executives with deep experience of the Turkish economy and good working relationships with the Banking Regulation and Supervision Agency (BRSA) and other authorities, and that operate in accordance with the BRSA's highly regulated standards stand to benefit significantly. Compliance with the BRSA's regulations and guidelines will forestall possible investigations and result in a healthier process. Achieving these high levels of corporate governance requires the recruitment of experienced staff.

Turkey's young population, which is open to new technological developments in banking, also affords a real chance for rapid growth.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.