Legal AlertGuidelines on Data Sharing Services for Payment Services Has Been Published by the Central Bank of the Republic of Turkey.

24 February 2023

The Central Bank of the Republic of Turkey’s (“CBRT”) Guidelines on Data Sharing Services for Payment Services (“Guidelines”) has been published on December 30, 2022.

Article 12, paragraph 1 of the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (“Law“) added the following two main services to the field of payments under the CBRT’s authority and responsibility:

  • Payment Order Initiation Service: Payment order initiation service provided at the request of a payment service user in relation to a payment account with another payment service provider
  • Account Information Service: Provided that the consent of the payment service user is obtained, the service of providing consolidated information regarding one or more payment accounts of the payment service user with payment service providers on online platforms

Together, these two services are referred to as “Payment Services for Data Sharing Services” (“PDSS“).

The Guidelines prepared by the CBRT relate to payment services and the business models used in this field as outlined by the “Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers” (“Regulation“) and the “Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services” (“Communiqué“), and regulate the activity permits to be granted by the CBRT in these areas.

According to the Guideline, there are two types of Payment Service Providers within the scope of PDSS: Account Information Service Provider (“AISP“) and Payment Order Initiation Service Provider (“PISP“). Payment Service Providers that provide one or both of these services, provided that they have the necessary authorizations, are referred to as Authorized Payment Service Providers, and payment service providers that hold payment accounts are referred to as Account Service Providers (“ASPs“). Under the regulations; banks, electronic money institutions, payment institutions and Posta ve Telgraf Teşkilatı A.Ş. are regarded as ASPs.

According to the Guidelines, the AISPs shall compile the information of the payment service user’s accounts together with different ASPs and make such information available to the payment service user through a single application on online platforms, while the PISP initiates payment transactions from the payment account held with the Account Service Provider upon the user’s request. Pursuant to Provisional Article 3, paragraph 3 of the Law, institutions providing Account Information Services are required to obtain an operating license from the CBRT for these activities.

If the AISP receives customer information directly from the ASP; if it communicates directly with the ASP and is technically/administratively/legally responsible in relation to these parties; if it enters into contracts with the ASP to receive responses to the queries it makes with certain frequencies through its own company infrastructure, this service is considered to be an Account Information Service. According to the Guidelines, this service requires an operating license.

However, if the customer itself signs a web services protocol with the ASPs where the customer’s accounts are kept and shares his/her account activity information, and if the service provider does not enter into a legal relationship with the ASPs where the customer’s accounts are held, the service provided by the service provider shall not be considered as an Account Information Service.

In the Guidelines, it is assessed that if a PISP enters into a contract directly with the ASP where their customers’ accounts are held and assume technical/administrative/legal responsibilities in relation to such, this service is considered to be a Payment Order Initiation Service and is among the activities that require authorization.

Finally, the Guidelines state that service providers that already provide services in these two categories but have not applied to the CBRT for an operating license are not subject to any objection if they act in compliance with the Regulation, the Communiqué and the CBRT Instruction on “Contracts” dated 13 December 2021.

You can access the full text of the Guidelines from the link below: