Regulatory Compliance for Fintech Companies in Turkey

Introduction

The development of the Internet of Things, artificial intelligence, and blockchain technologies has affected many sectors including finance in various ways. By the virtue of this impact on finance, financial technologies (“FinTech”) have started to be a part of our lives exponentially. The concept of FinTech which is derived from the combination of finance and technology has a tremendous role in the transformation of the financial sector. Particularly, payment services which are at the leading edge of the area in FinTech systems contribute to the stabilization of commerce, and growth of the economy. With the emergence of FinTech, the number of both FinTech companies and consumers who are used these services has been increasing over the past several years rapidly and these newly-established Fintech companies have tried to compete against traditional banks.

First of all, it should be clarified why FinTech is more become prevalent in the last couple of years. Speed and accessibility are the main reasons for its popularity. In other words, FinTech innovations enable people to make online transactions faster at the bank and anyone who has internet connectivity can use an online banking system. For instance, when a person applies for a loan or deposit account application, banks can enable funding within the same day. Thus, the ratio of people who are preferred online banking has been increasing dramatically.

FinTech also allows many individuals and corporations to send and receive money to each other without any charging or with a lower commission than the traditional banking system. Finally, FinTech can offer diverse services depending on individual necessities. It provides these personal services to FinTech users by asking particular questions and it detects the best investment strategy to ensure profitable growth. It is used a whole range of artificial intelligence algorithms in this process.

The Necessity of Legal Regulation Regarding FinTech

Along with these advances and advantages of FinTech systems, a lack of legal regulations caused considerable problems such as security breaches of data and a major increase in competition. Moreover, money laundering became catastrophic consequences on account of possible FinTech security breaches. Thereby, it is required to make legislative regulations in order to resolve the legal disputes between the users and providers of FinTech. On the other hand, there is no specific and efficient regulation in the Turkish legal system as worldwide and, therefore general provisions of Turkish Codes are implemented in litigations. In particular, competent authorities take advantage of wide-ranging legislation such as a consumer protection law, the principles of the banking law, legislation about payment services, act on the protection of competition in dispute resolutions.

Competent authorities have endeavored to make regulations in order to meet FinTech user’s and provider’s needs in recent years. Furthermore, complying with the legal rules regarding FinTech is fully expected by them. Consequently, it is an inevitable fact that FinTech corporations and users should give priority to raising their awareness about these regulations.

Legal Developments in FinTech Industry: Secondary Regulations

The Turkish legal system adopts new regulations in light of the developments in FinTech industry to keep pace with the new tech ecosystem. Last year, secondary regulations were published, which marks the beginning of a new legal era in FinTech industry. These secondary regulations were published in the Official Gazette by the Central Bank of the Republic of Turkey on December 1, 2021.

These secondary regulations are listed below;

• Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers (“Regulation”)[1]
• Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services (“Communiqué on Information Systems”)[2]

The relevant secondary regulations are aimed at compliance with the European Union Regulation on Payment Services Directive 2 (“PSD 2”). In addition, it has been introduced critical changes to the licensing conditions of open banking in FinTech companies. It has been arranged that those who continue their business models without a license by taking advantage of exceptions at the same time until the regulations are published will be subject to a license as a result of the new rules introduced. When the relevant regulations and communiqués are examined on the legal developments affecting FinTech, it is observed that there are many effects and scopes.

1. Evaluation of the Conditions in the Perspective of Regulation

1. Establishment of the Workplace Code System

In order to facilitate the processes related to payment transactions and prevent fraud and malicious usage activities in the field of payments, to the workplace that provides goods and services with a payment method that falls within the scope of payment service, a "workplace code number" specific to this workplace will be issued. (Art. 9 of the Regulation)

 

2. Terms and Details of the Workplace Activity Permit

Activity permit applications consist of two steps; stage of intelligence review and stage of final approval. (Art. 11 of the Regulation)

The license application fee has been fixed as TRY 500,000 and the license fee as TRY 1 Million. (Art. 11 of the Regulation)

The minimum collateral amounts for companies applying for an operating permit are set as follows;

• TRY 2 Million for payment institutions that mediate payments,
• TRY 3 Million for other payment institutions,
• TRY 5 Million for electronic money institutions. (Art. 11 of the Regulation)

 

3. Changes on the Representative Offices and the Procedure for Appointing
4.  

It is obligatory to forward the necessary information and documents regarding the representatives to the Union of Payment and Electronic Money Institutions of Turkey. (Art. 18 of the Regulation) Electronic Representation is regulated. (Art. 18 of the Regulation)

 

4. The Acquisition of External Services of the Organization

During the external service provider must take the necessary care in the selection of the organization and will be obliged to manage these risks effectively. (Art. 21 of the Regulation)

 

5. Conditions for One-Time Payment Transactions

The issues that should be included in the “One-Time Payment and Framework Agreements” to be signed with consumers are detailed. The conditions for establishing these contracts by remote communication tool are regulated. (Art. 37 of the Regulation)

 

2. Evaluation of the Conditions in the Perspective of Communiqué on Information Systems

1. General Principles of Information Systems Activities

It has been decided that the purpose of uninterrupted, secure, effective, and efficient operation of the service will be considered as a priority in the information system activities. (Art. 4 of Communiqué on Information Systems)

 

2. Regulations on Risk Management of Information Systems

Organizations need to set targets in writing clearly regarding the reliability, durability, and continuity of the operation of their information systems. It is regulated to use current software versions that support providers or manufacturers and take the necessary measures. (Art. 5 of Communiqué on Information Systems)

Within the framework of information processing system risk management, it is envisaged that it should establish a structure with sufficient vehicle wealth. (Art. 5 of Communiqué on Information Systems)

 

3. Conditions for Establishing Cyber Incident Response Mechanisms

Organizations will provide the necessary notifications to the Bank within the scope of cyber incident management and cyber incident response process, which it will establish in accordance with the legislation. (Art. 7 of Communiqué on Information Systems)

 

4. Conditions for Determining Authentication Procedures

Organizations need to establish an adequate and effective authentication system for use in transactions performed in information systems. (Art. 10 of Communiqué on Information Systems)

 

With secondary regulations, many conditions and new obligations come to FinTech companies. It is envisaged that the regulatory compliance process of the companies will continue in accordance with the relevant regulations and communiqué.

            In addition to all regulations regarding FinTech, the Turkish Competition Authority published an analysis report that is intended for financial technologies in payment Services in December 2021. According to the report, it is stated that regulatory authorities are accountable for making regulations that are protective to financial competition, and FinTech corporations are responsible for taking precautions to prohibit potential infringement of competitions. The primary purpose of the analysis report is to attract related people’s attention to the significance of FinTech and to provide people with the collaboration between regulatory bodies and FinTech companies. The report consists of 3 chapters. They are respectively; the reasons for the occurrence of FinTech and the effect on the financial sector, the faced challenges of FinTech corporations, and the obstacles to increasing innovations and competition.

Conclusion

In the last few years, FinTech has increased its influence in the field of financial services in Turkey and created an ecosystem. The regulations related to the regulatory compliance process within the FinTech ecosystem of companies are an emerging process. Along with the regulations, comminuqués, and laws issued concerning the application, as well as the provisions introduced, many conditions and new obligations are imposed on organizations.

As a result of these, it is envisaged that various effects will arise both in the competitive market and in the bank's activities and the regulatory compliance process of the organizations will continue with the legislation.