Author: Ozgür Kocabasoglu
With the initial regulation of the European Union called Payment Services Directive numbered 2007/64/EC (“PSD1”), which entered into force on 01.11.2009, an efficient, fast, secure and competitive payment market was intended, and the application of unified rules throughout this large market across Europe was ensured. FinTech companies, which are payment system providers within that scope, appeared in the finance scene as new actors, together with the banks.
In line with the European Union legislation and practices, Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions numbered 6493 entered into force by publication in the Official Gazette dated 27.06.2013 and numbered 28690 (“Law No. 6493”) under Turkish law, which also provided opportunities for innovative ventures, such as the establishment of payment system providers and payment systems, parallel to the PSD1. Following the PSD1, Payment Services Directive of the European Union numbered 2015/2366 (“PSD2”) entered into force on 12.01.2016 to boost innovation, competition, and security with its broad and more comprehensive scope, and the compliance period for PSD2 was extended until 14.09.2019. PSD2, being revolutionary in the finance sector, amended the rules of the market, via introducing various innovations that were not limited to payment services, as well as activating practices covering many different types of services.
PSD2 is targeted to support innovative applications by reducing the boundaries for third-party service providers in payment relationships; to encourage the usage and development of innovative online and mobile payment applications; to establish the rules and standards for the existing electronic payment applications; to determine the governing rules and rights of third-party service providers; to incentivize the protection and optimization of consumers by means of transaction security at low costs.
PSD2 aimed to provide the aforementioned by introducing new rules and a framework that affect all parties of the payment transactions, primarily the banks, payment and electronic money institutions, and consumers, i.e. the entire finance sector.
The most significant change is the opportunity to develop new services through the use of API’s (Application Programming Interfaces).
From the perspective of financial institutions, PSD2 aims to create equal opportunity for the other players in the payment industry. Hence, payment and electronic money institutions, FinTechs, and all other institutions that may innovate using banking data will have the opportunity to offer novelties to the customers and, in addition, it also aimed to include groups of people to the financial system who otherwise do not have access to banking services.
PSD2 added Open Banking or API Banking to our agenda. API’s are applications that allow user data, such as transactions in bank accounts, to be seen by third parties and, hence, provides one-point access to the shared customer platform formed; such as management of credit cards; online payments to be made by debit and credit cards; management of other payment services; obtaining investment advice from virtual assistants; wallet management for crypto currencies such as bitcoin, and management of personal finances, and also allows such services to be personalized.
PSD2 paves the way for providing novel services to banking customers, and provides innovation opportunities for financial institutions and finance technology companies (FinTechs).
Turkish Law Regulations Parallel to the PSD2 Regulation
It can be said that the regulations introduced via Law No. 6493 correspond to the European Union Payment Services Directive (PSD1). Furthermore, in line with certain regulations of PSD2 entered into force in 13.01.2018, Law on Amendment of the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions and Other Laws numbered 7192, which was published in the Official Gazette dated 22.11.2019 and numbered 30956 (“Law No. 7192”), entered into force at the end of 2019.
Two new payments systems are defined with the amendments introduced by Law No. 7192 and, within that scope, the services, below, are regulated as “payment services,” subject to the audit of the Central Bank of the Republic of Turkey:
- Service to initiate a payment order from a debit account from another payment system provider upon the request of the customer;
- Service to provide consolidated information of one or more debit accounts of the customer at payment service providers in online platforms, given that the consent of the customer is obtained.
Thereby, “initiation of payment order” and “providing account information” services are defined in our legislation in accordance with the “Account Information Service Providers” and “Payment Initiation Service Providers” services defined in PSD2.
Moreover, the Central Bank of the Republic of Turkey has been given the authority to set all kinds of procedures and principles regarding the sharing of data held by the payment service provider to another payment service provider within the scope of the aforementioned services.
Furthermore, it is also regulated that those who are currently providing these services, or those who are willing to provide these services, shall obtain the necessary licenses / permits within one year following the publication of the relevant regulations by the Central Bank of the Republic of Turkey.
The Central Bank of the Republic of Turkey is authorized to regulate the sharing of data held by the payment service provider to another payment service provider within the scope of initiation of payment order and providing account information services, and detailed rules have been introduced with the Regulation on Information Systems of the Banks and Electronic Banking Services published in the Official Gazette dated 15.03.2020 and numbered 31069 (“Regulation”), which is parallel to PSD2 on open banking.
The application programming interfaces that allow the communication infrastructure for software to software (API), and open banking, which allows the flow of authorized data between the banks and FinTechs, are defined as an “Electronic distribution channel through which the customers or parties acting on behalf of customers can remotely access financial services provided by the banks via methods such as API, web service and document transfer protocol, and can perform banking transactions, or can give an order to the bank for the performance of banking transactions,” in the Regulation.
From that perspective, the API development initiatives in the banking industry are expected to change the face of banking. In line with this, especially the Banks may need to develop API strategies, regulate API interfaces, determine the ownership and mechanisms for the management of API’s within the Bank and, hence, aim to increase the number of value-added services.
Finally, even though the Communiqué regarding Payment Systems is expected to be published, secondary legislations should also be enacted rapidly.
Among these, the Regulation, the Regulation on Generation and Use of TR QR Code in Payment Services, published in the Official Gazette dated 21.08.2020 and numbered 31220, and the Regulation on Remote Identification Methods to be Used by Banks and Establishment of Contractual Relations in Electronic Environment, published in the Official Gazette dated 01.04.2021 and numbered 31441, are significant in line with PSD2.
Conclusion
The most recent regulations regarding payment systems under Turkish law are parallel to the payment systems legislation of the European Union. Furthermore, the amendments made to the European Union payments systems legislation via PSD2 are reflected in Turkish law. It is anticipated that innovations in our country in this field will be enhanced, especially in the open banking area, and questions concerning the practice will dissipate with the secondary legislation expected to be enacted on payments systems.