Revolution is Here: Branchless (Digital) Banking Regulation Published in the Official Gazette!

Recent Developments

The Regulation on the Operation Principles of Digital Banks and Service Model Banking (“Regulation“) previously published by the Banking Regulatory and Supervisory Authority (“BRSA“) as a draft regulation, aiming to determine the principles of branchless banking and service banking, was published in the Official Gazette on 29 December 2021 and will enter into force on 1 January 2022.

Further information on the Regulation is available in our previous legal alert here. The Regulation is available online here (in Turkish).

What’s New?

The Regulation is paving the way for banks that provide services only through digital channels without any physical branches, and set forth the operational principles for branchless banks as well as principles for service model banking.

Digital Banking

Incorporation / Operation Permit Requirements

• Digital banks must have a paid-in capital of at least TRY 1 billion.
• Digital banks cannot have physical offices other than their headquarters and service units linked to the headquarters. They cannot open physical branches or use their headquarters as physical branches. However, they must open at least one physical office from which they will handle client complaints.
• In case the applicant’s controlling shareholders are legal entities providing technology, e-commerce or telecommunication services, the BRSA may require that the controlling shareholder legal entities or those holding control of these legal entities be resident in Turkey and they sign an information exchange agreement with the Risk Center in order to share their risk data regarding the indebtedness and financial power of the persons residing in Turkey.
• Incorporation and operating license requirements applicable to conventional Turkish banks are also applicable.

Client Portfolio, Operation Limitations and BRSA Supervision

• Digital banks’ clients will consist of only financial consumers and small and medium-sized enterprises. Exceptionally, digital banks may extend foreign currency loans to enterprises that are larger than medium-sized enterprises.
• The total unsecured consumer cash loans that can be extended to any financial customer client cannot exceed four times the average monthly net revenue of the client as declared and confirmed by the digital bank, excluding expenditures and cash withdrawals made with credit cards and overdraft accounts. If the average monthly net income of the client cannot be determined, the upper limit will be TRY 10,000.

Service Continuity Undertaking 

• The service continuity percentage undertaken for the internet banking and mobile banking distribution channels of digital banks cannot be lower than 99.8%. Digital banks will be obliged to announce the committed continuity percentage values on the home page of their websites.

Service Model Banking

• The Regulation defines service model banking as “a banking business model which enables interface providers to intermediate the transactions of the clients through their interfaces and service banks by connecting to the services through open banking services.”
• The Regulation prohibits banks from becoming interface providers.
• Financial technology companies developing interfaces are strictly prohibited from using payment service provider, bank, payment institution, electronic money institution titles or words or expression that may give the impression that they are operating as a bank/payment service provider or that they collect deposits, participation funds or funds.
• Service banks must publish a list of interface providers to which they provide services and the banking services they provide on their websites. They must submit copies of each service agreement and any amendments executed with interface providers to the BRSA.
• Confidential information that service banks share with interface providers and client transactions are within the scope of the Regulation on Disclosure of Confidential Information.
• The client information transferred to the interface provider pursuant to the customer’s request will be processed by the interface provider or the parties from which the interface provider receives services only if storage is necessary and directly related to the establishment or performance of the agreement executed between the interface provider and the customer; mandatory for compliance with the legal obligations of the interface provider; or mandatory for the establishment, use or protection of a right for the interface provider.
• The Regulation lists in detail the provisions required in the service agreement between the service bank and interface provider. In addition, interface providers or their third party service providers’ systems and backups containing the confidential information transferred to the interface provider by service bank must be in Turkey.
• An interface provider can provide cloud computing services for the system and data backups only through either (i)  a private cloud service model where the hardware and software resources are  allocated to the interface provider; or (ii) externally over a community cloud model allowed by the BRSA where the hardware and software resources allocated to organizations subject to the supervision and control of the BRSA are physically shared, but logically assigned separately to each organization.
• The service bank, limited to the support services it receives from and the services it provides to the interface provider, can audit the interface provider to ensure the confidentiality and security of clients’ confidential information and compliance with the authentication and transaction security criteria in transactions carried out through the service channels of the interface provider. To this end, the service bank can examine any relevant information, documents and records of the interface provider.

Status of Existing Banks

• Banks that already have an operating license will not need to engage in a separate regulatory process to digitize their operations. However, banks that are contemplating to move their operations to digital banking either partially or completely must close their existing branches utilizing a plan approved by the BRSA. On the other hand, if banks prefer carrying out their activities only through electronic banking services distribution channels, they must undergo an on-site inspection of the information systems pursuant to the BRSA Organization Regulation, and receive the affirmative opinion of the relevant BRSA unit on the adequacy of these systems.

Conclusion

The Regulation sets out the principles applicable to the long-awaited concept of branchless banking, which is expected to become a new generation of banking. The Regulation also introduces the service banking model, which enables financial technology companies to present financial products and services utilizing the infrastructure of conventional banks.

The Regulation’s entry into force on 1 January 2022 will usher in a new era of banking.