Digital Banking Legislation
It is a significant step in developing our country's financial sector and fintech ecosystem and a milestone for a completely different era
As it is known, the "Regulation on Remote Identification Methods to be Used by Banks and Establishment of Contractual Relations in the Electronic Environment", prepared according to the amendment made in the second paragraph of Article 76 of the Banking Law No. 5411, entered into force on 01 May 2021. With the execution of this regulation, establishing contractual relations between banks and their customers has been possible, including contracts subject to written form, in an electronic environment. Thus, as in other country practices, an important step has been taken towards establishing the infrastructure of the branchless banking model, which is also known as"digital bank" or "neo- bank", which works only in a digital environment.
As a continuation of this step, banking activities can be offered at lower costs due to increased access to financial products, financial inclusion and investments in financial technology, and branchless operation. Considering that it would be beneficial to regulate the branchless banking activity authorisation process and operating principles with the motives of enabling products and services to be provided with more competitive and customer-friendly pricing, the issue of "enabling Digital (Branchless) Banking licensing (applications)” has been included in the Economic Reforms Action Plan announced by the Ministry of Treasury and Finance of the Republic of Turkey on 12 March 2021 as the action step numbered 3.4.c, and the Banking Regulation and Supervision Agency (BRSA) has been determined as the responsible institution for the said action step. Similarly, the action step of "Preparing transactions that will enable digital (branchless) banking licensing" was also included among the Actions of the Presidency's 2021 second term 180-Day Executive Program.
In this framework, to encourage financial innovation and competition in the banking sector, to increase financial inclusion and to facilitate access to banking services, to determine the operating principles of branchless banks that only serve through digital channels and determining the conditions for providing banking services as a service model to financial technology companies and other businesses and thereby contributing to the healthy development of the financial sector and the national economy, the "Regulation on the Operational Principles of Digital Banks and Service Model Banking" was prepared by our Agency and published in the Official Gazette to enter into force on 01 January 2022.
We want to summarise some of the highlights of this regulation that we acknowledge as a crucial step for the development of the financial sector and fintech ecosystem of our country and the turning point of a completely different era in terms of enabling digital banks that will provide an end-to-end digital customer experience, which will serve only through digital channels without a branch, and enable numerous innovative business models through service banking.
GENERAL PRINCIPLES REGARDING THE OPERATIONS OF DIGITAL BANKS
Digital banks, in essence, are branchless credit institutions that operate only through digital channels
and can be participation or deposit banks. With the regulation, a new type of bank is not created, but the operating principles of credit institutions that will provide service without branches, subject to activity restrictions, are determined. According to the regulation, digital banks will be able to carry out all the activities that credit institutions can perform, depending on whether they are deposit or participation banks. They are subject to activity restrictions only regarding credit activity and opening branches.
ACTIVITY RESTRICTIONS OF DIGITAL BANKS
Credit customers of digital banks can only consist of financial consumers and SMEs. The total of unsecured cash consumer loans that digital banks can extend to a customer cannot exceed four times the monthly average net income of the relevant customer declared and confirmed by digital banks, and 10 thousand TRY if the customer's average monthly net income cannot be determined. Digital banks will not organise under any name (such as correspondent, agency, representation) other than the head office and service units affiliated to the head office. Furthermore, they cannot open physical
branches and make service units affiliated to the head office used as physical branches for any intent other than their intended purpose. Digital banks, which are required to establish at least one physical office to handle customer complaints, will be able to serve their customers through ATM networks they will place themselves or other ATM networks and digital channels. They will also be able to provıde cash deposits or withdrawals from the account through contracted member merchants.
Upon the application of digital banks, which have increased the required minimum paid-in capital amount to 2 billion 500 million TRY, the Board will be able to remove the operating restrictions for digital banks that it believes can manage their risks in the new situation, entirely or gradually within the framework of a transition plan that it deems appropriate.
CONDITIONS REQUIRED FOR THE ESTABLISHMENT AND OPERATING LICENSE OF DIGITAL BANKS
Digital banks will need to have a paid-in capital of at least 1 billion TRY to obtain an operating license, and the Board can increase this amount. For digital banks, it will be required that the personnel designated as the highest level manager responsible for information systems have been appointed at least at the level of assistant general manager. In addition, at least one of the board members of the digital bank will be required to have at least ten years of professional experience in the field of information systems management.
In the activity program that digital banks will submit to our Agency to obtain an operating license, detailed information should be provided about how the risks arising from information systems will be managed and the processes related to verifying customer identity and remote identification. In the business plan that digital banks will submit to our Agency to obtain an operating license, the target group determined to increase financial inclusion in our country such as students, housewives, youth under the age of eighteen, SMEs and the needs determined for the groups in this target audience and the products and services it plans to offer to meet the needs, marketing strategies, numerical analyzes regarding the target audience market, pricing policy for the next five years and other financial projections to ensure a sustainable business model are expected to be included.
If the banks that are licensed to operate partially or wholly want to close their existing branches to provide services through electronic banking services distribution channels, this process will need to be carried out within a plan deemed appropriate by the Agency. If these banks want to carry out their activities only through electronic banking services distribution channels, the Agency will need to have a conformity opinion on the adequacy of the information systems of the banks in question.
BANKING AS A SERVICE (BAAS)
Within the scope of the regulation, provisions regarding banking as a service have also been determined, and it will be possible for startups, fintechs or other businesses with a customer base and innovative ideas to mediate the establishment of a contractual relationship between the service bank and the customer. In addition, through the interface provided under this contract, it will be possible to offer banking services to the customer by the service bank; thus, a new era will begin for numerous innovative business models.
According to the regulation, the service bank will only be able to provide banking as a service to domestically resident interface providers and only within the framework of their operating licenses, and banks will not be interface providers. System and data backups used by interface providers in processing confidential data will need to be kept domestically. Interface providers are defined as a support service organisation that provides
services to the service bank under the Support Services Regulation. Providing support services to a service bank as an interface provider is subject to the permission of the Agency, and service banks will not be able to provide banking as a service to any interface provider that does not obtain permission from the Agency.
The mandatory minimum elements to be included in the established contracts between the interface provider and the service bank are determined by the Regulation. In case of violation of these provisions, the permissions granted to the interface providers may be revoked by the Agency or terminated by the service bank at the service bank before the contract period expires. Service banks are obliged to provide information on the scope of their services on the website, showing the list of all interface providers they serve and which banking services they provide. The interface provider and the service bank are jointly responsible for ensuring that the interface provider's mobile application or internet browser- based interface, which the customer uses to access the services offered by the service bank, complies with the authentication and transaction security obligations set out in the legislation. The service bank will not provide service model banking services and receive support from interface providers that do not fulfil these obligations or whose systems are insufficient to meet these obligations.
Head of Information Systems Compliance Department at BDDK - Mustafa Aydın
Head of Regulation Department at BDDK - Murat Yönaç