To print this article, all you need is to be registered or login on Mondaq.com.
Recent Developments
Last October, the Central Bank of the Republic of Türkiye
(the “CBRT“) published the guidelines (the
“Guidelines“) aiming to ensure
compliance with the legislation and uniformity in operating
licenses to be granted by the CBRT by correlating the payment
services regulated under the Law No. 6493 on Payment and Securities
Settlement Systems, Payment Services and Electronic Money
Institutions (the “Law“) and the
Regulation on Payment Services and Electronic Money Issuance and
Payment Service Providers (the
“Regulation“) with the business models
in the field of payments. You can access our newsletter dated
October 10, 2022 regarding the Guidelines here.
This time, on December 30, 2022, the CBRT published the
Guidelines on Data Sharing Services for Payment Services (the
“DSSPS Guidelines“), which provide
detailed information on (i) Payment Order Initiation Service and
(ii) Account Information Service, referred to as Data Sharing
Services for Payment Services (the
“DSSPS“), regulated by the Law and the
Communiqué on Information Systems of Payment and Electronic
Money Institutions and Data Sharing Services of Payment Service
Providers in Payment Services Area (the
“Communiqué“).
The DSSPS Guidelines provide detailed explanations as to whether
certain frequently used business models in the field of payments
require an operating license for payment order initiation services
and account information services, and the licensing and technical
certification process. However, the DSSPS Guidelines state that
evaluations elaborated thereunder only provide general framework
and final evaluations will be subject to review of the CBRT upon
official applications for operating licenses. You can access the
DSSPS Guidelines here.
What’s new?
Exemplary Business Models and Respective Evaluations within the
Scope of the DSSPS Guidelines
1. Account Information Services
As elaborated in the Communiqué, Account Information
Service is defined as presentation of the data collected by the
Account Information Service Provider licensed within the scope of
the payment services from payment service user’s accounts with
different Account Service Providers. Institutions providing such
services are required to obtain an operating license from the CBRT
in accordance with subparagraph (g) of the first paragraph of
Article 12 of the Law.
The DSSPS Guidelines shed light as to whether an operating
license is required for various business models implemented in the
sector. In this respect, the following criteria are taken as a
basis for identifying a service as an “Account Information
Service”:
- If the service provider enters into direct agreements with the
account service providers in order to receive responses to the
inquiries they pose with certain frequencies through their own firm
infrastructure, and if the service provider directly deals with the
account service providers and they are
technically/administratively/legally liable to these parties and
client data is directly transmitted by the account service
providers to the service provider that will provide account
information services, the service in question is considered Account
Information Service and requires an operating license under the
Law. - If the service provider does not enter into a direct legal
relationship with the account service providers where the client
accounts are held, but instead the client signs a web services
protocol with the account service provider and shares the account
activity data with the service provider itself, the service
provider’s efforts are not considered Account Information
Service.
It is also stated that whether the client accesses the Bank with
an IP belonging to the client or to the service provider does not
change the evaluation. The situation must be evaluated within the
scope of outsourcing services by a technology company by the
client, the legal/contractual counterparty of the bank being still
the client.
- The DSSPS Guidelines do not consider it a payment service for a
technology firm to sell white-labeled software or lease a license
for such software that is used for consolidating web services for
the purpose of providing its customers with “Account Activity
and Online Bulk Transfer Web Services” related to the
customers’ accounts with account service providers. The service
in question is considered as a technical service.
In addition, it clarifies that if the client is a holding
company, the access of its holding companies with a single IP is
considered within the scope of the DSSPS and there is no need to
obtain a license and they may rely on the exemption in the Law
regarding payment services that are realized between the parent
company and its subsidiaries or between the subsidiaries that are
not intermediated by any payment service provider other than a
company belonging to the same group.
2. Payment Order Initiation Service
The DSSPS Guidelines define a payment order initiation service
as intermediation by a licensed Payment Order Initiation Service
Provider of payment service users to place a payment order for
payment from a payment account before another payment service
provider.
Accordingly, the DSSPS Guidelines clarify whether an operating
license is required for various business models implemented in the
sector as follows:
- If the service provider enters into direct agreements with the
institutions where their clients’ accounts are held and are
direct counterparties to these institutions being
technically/administratively/legally liable to them, the service in
question is considered Payment Order Initiation Service and
requires an operating license under the Law.
In addition, if the payment institution obtains the client’s
account information (balance, account activities, etc.) from the
relevant Account Service Providers and provides it to the client,
it must also obtain an operating license from the CBRT for the
Account Information Service.
- The payment flow, in which a payment institution stores its
clients’ bank cards in the digital wallet offered by the
payment institution and the payment institution acts as an
intermediary for the clients to transfer funds from their cards in
this digital wallet (from the linked payment account) to the
payment institution’s contracted merchant account using the
payment institution’s application, is considered Ppayment Order
Initiation service and requires an operating license under the
Law.
Evaluations on Frequently Asked Questions
- The DSSPS Guidelines clarify that service providers that
currently provide Account Information Service and/or Payment Order
Initiation Service, but have not applied to the CBRT for an
operating license for these services, may continue to operate as
the representative of an institution that has obtained an operating
license, as long as they comply with the provisions of the CBRT
Instruction dated December 13, 2021 on “Contracts”,
particularly the contracts to be concluded with the client, and the
provisions regarding representation of the Regulation and
Communiqué. - Banks’ online account statement sharing services are also
considered Account Information Services. In case such service is
provided through technology companies (assuming they have direct
agreements with these companies), it is considered that the
technology companies providing the said service must also obtain a
license. - Pursuant to the Regulation, payment institutions can provide
information services for the accounts of legal entities and
merchants that are not considered payment accounts, regarding their
administrative and operational processes. DSSPS Guidelines state
that if the validity of the consent for processing of
customer’s account information expires or the customer removes
their consent, their data may continue to be stored with the
customer’s approval. However, the DSSPS Guidelines emphasize
that data other than audit trail data must be deleted if the
relationship between the customer and the payment organization is
terminated. - DSSPS Guidelines regulate that counterparty information such as
Turkish identity number, tax identification number, IBAN and
account number can only be displayed by masking. - The DSSPS Guidelines clarify that the Account Information
Service and the Payment Order Initiation Service are not
prerequisites for each other. In this regard, a license application
can be applied separately only for Account Information Service or
only for the Payment Order Initiation Service, or for both at the
same time.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Finance and Banking from Turkey
