The effective date of the Regulation on Banks’ Information Systems and Electronic Banking Services (“Regulation”) was initially set as July 1, 2020 (our recent legal alert on the Regulation is available here).
The Regulation was amended via a regulation published in the Official Gazette No. 31161, dated June 20, 2020, and the effective date of the provisions – excluding the following provisions – has been postponed to January 1, 2021:
- Article 13 on composing and following up on the trail records
- Article 29 on management of the outsourcing process
- Paragraph 13 on electronic distribution channels of Article 34 on authentication and transaction security
- Paragraph 15 on sensitive data used by banking applications on mobile devices of Article 34 on authentication and transaction security
- Paragraph 8 regarding electronic transmission of sensitive data by the bank to its customers of Article 37 on informing customers
- Article 40 on authentication, transaction security and service quality before mobile banking
- Article 42 on authentication and transaction security before ATMs
The above-mentioned articles will enter into force on July 1, 2020.
The Communiqué on the Principles to be Considered in Banks’ Information Systems Management will be abolished with the Regulation’s full entry into force by January 1, 2021.
It is worth noting that Article 29 of the Regulation, which regulates the mandatory provisions of the outsourcing agreements to be concluded under the Regulation, will come into force on July 1, 2020. Accordingly, banks will have to complete the necessary harmonization actions by this date.
The amendments provide a gradual transition period by setting different effective dates for the provisions in the Regulation. While banks will still have time to adapt themselves in terms of certain provisions, they will be required to take the necessary actions to comply with the provisions listed above by July 1, 2020.