You can see the rules and regulations in other jurisdictions.
The Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers and the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services in the Field of Payment Services Providers were published in the Official Gazette dated 1 December 2021. To ensure a smooth transition, a one-year period has been allocated in order to meet all the requirements brought forth by this Regulation, which is replacing the Regulations on Payment Services and Issuing Electronic Money and Payment Institutions and E-money Institutions. It aims to more strictly regulate payment activities, as well as operations and services related to electronic money institutions.1
In order to prevent abuse, the Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers has made changes to the application process for operation permits. It now consists of two steps - an informative investigation stage followed by a final stage. Additionally, applicants must include in their corporate name phrases that identify them as either payment or e-money institutions, and they must pay an application fee of 500,000 Turkish lira. The required capital for payment institutions providing intermediary services for invoice payments is 5.5 million lira, for other payment institutions it is 9 million lira, and for electronic money institutions it is 25 million lira. Furthermore, when the permit is granted a licence fee of one million lira must be paid.1
Payment service providers must be licensed by the CBRT and they are subject to significant duties. A payment service provider's confidentiality duties are also governed by Turkish legislation, such as the Banking Law, the Turkish Commercial Code, the Turkish Criminal Code, and the Personal Data Protection Law. In this duty, data can only be shared in a manner that is considered to promote competition. However, Law No. 7192, introducing a variety of amendments to Law No. 6493, stipulates that the CBRT has the power to enact secondary legislation that may require payment service providers to share data with other payment service providers. According to the Regulation on Banks' Information Systems and Electronic Banking Services, banks may share the private financial data of their customers with third parties, including third-party providers, with their permission. Financial data belonging to customers, which banks do not share among themselves, is no longer private to banks, but placed on a common platform with the consent of the customer, making it available to fintech companies.1
