Risks Encountered by Payment and Electronic Money Institutions

Ödeme ve Elektronik Para Kuruluşlarının Karşılaşabileceği Riskler

Since the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (Law No. 6493), which regulates the establishment and activities of payment and electronic money companies, about forty companies have been authorized by the Banking Regulation and Supervision Agency (BDDK). has obtained a payment or electronic money institution license.

However, obtaining a payment and electronic money institution license is only the beginning. There are a number of possible difficulties and risks within the scope of compliance with the legislation during the initiation and continuation of activities after obtaining the license. The first thing that comes to mind from these risks is; the inability to start the activities as stipulated in the legislation after obtaining the license or the failure to comply with the activity restrictions stipulated in the legislation. In addition, it is another possible risk that the internal systems (internal control and risk management) stipulated in the Law and related sub-regulations cannot be functionalized during the continuation of activities. The adequate and effective operation of the internal systems is extremely important in terms of compliance with the Law No. 6493 and its sub-regulations, as well as with the MASAK legislation. Another risk factor is; customer, representation, cooperation, foreign service etc. organized by companies. It is the possibility that the contracts cannot be designed in accordance with the legislation and accordingly, the companies incur financial losses in various legal processes.

Organizations that will start their activities after obtaining a license from the BRSA are required to start operating within one year from the publication of the Board decision regarding the operating permit in the Official Gazette and notify the BRSA of this situation. There is a similar situation for organizations that operate within the scope of the relevant temporary articles of the Law as of the effective date of Law No. 6493 and that have obtained a license with a wider scope than their current activities by applying to the BRSA. For example: a company that has obtained an electronic money institution license both to offer one or more of the payment services listed in the Law No. 6493 and to issue electronic money begins to offer only payment services, however, it does not carry out electronic money issuance activities. will not be sufficient for its implementation. In this respect, it is extremely important to determine the right fields of activity by making a realistic evaluation by the companies that will apply for a license at the stage of making a license application to the BRSA. Companies that have or are likely to experience problems within the scope specified herein are required to take a proactive attitude and implement legal and administrative solutions appropriate to their situation before being exposed to administrative or criminal processes within the scope of the legislation.

Another critical issue for licensed payment and electronic money institutions is the establishment of an internal control unit and risk management unit compatible with the size of these institutions and the scope of the services they provide, and the effective operation of these units. For this, the persons responsible for the said units and the personnel of the unit must have sufficient knowledge and experience on the relevant legislation and activities. It is of great importance for all institutions operating in the financial sector to apply the principles of know your customer, to detect suspicious transactions and to notify relevant public institutions when necessary. It is not possible for organizations to transfer their obligations in these matters to their representatives, external service providers or other persons and avoid responsibility. The expansion of the representative and external service network in parallel with the increase in activities brings more responsibility to audit the expanding service networks as well as the obligation to design a more comprehensive and sophisticated internal control and risk management. Within this framework, licensed payment and electronic money institutions should run their internal control and risk management units adequately and effectively, and pay attention to the training of their personnel and representatives in these units.

Another issue to be considered in terms of payment and electronic money institutions is contracts. As it is known, payment and e-money institutions sign cooperation or representation agreements with domestic or foreign institutions in order to offer their services in a wider network, and make outsourcing contracts with various institutions to provide technical support on various issues. The preparation of these contracts in accordance with the relevant sub-regulations and general provisions is essential in terms of protecting the rights of organizations and ensuring compliance with the legislation. There are some important errors or deficiencies in the contracts prepared by some licensed institutions, including international companies, due to the incomplete understanding or misunderstanding of the legislation. It is possible to say that in case of legal disputes and/or complaint applications to supervisory authorities, errors and deficiencies in contracts create a significant cost and risk of administrative/judicial sanctions for licensed institutions. In this framework, it would be beneficial for organizations to check the compliance of their contracts with the legislation before encountering any negative situation.

One of the most striking issues in the payment services and electronic money sector is the existence of companies that offer these services even though they do not have a payment and/or electronic money institution license. Although it is possible to foresee that some of these companies are consciously engaged in activities within the scope of Law No. 6493 without obtaining an operating permit/license from the BRSA; It can be said that many companies are not yet aware of the fact that they are engaged in payment services and electronic money issuance activities that require licenses within the scope of Law No. 6493. In this case, there is a two-sided risk. From the point of view of licensed companies operating, the existence of rival companies operating without incurring any cost and without being subject to audit creates a situation against licensed companies. From the point of view of companies that do not have a license/operation permit, it is possible to file complaints about these companies to the BRSA regarding “operation without permission”. We see that in the Law No. 6493, serious judicial sanctions are foreseen for the crime of operating without permission. In this framework, it is necessary to evaluate whether the activities of companies operating in the same or similar fields with companies licensed under the Law No. 6493 remain within the scope of activities requiring license; If there is a business model subject to a license, it is necessary to obtain a license or to choose a legal structure that will remain within the scope of various exception provisions stipulated in the Law No. 6493.


Av. Dr. Mehmet S. YURTCICEK                                                             Recep AKTEKİN
Senior Consultant Manager BaFin Consulting                                Senior Consultant Bafin Consulting
Email:                        Email: