info@ferhatkule.av.tr
+90 212 579 79 85

Single Blog Title

This is a single blog caption

FinTech Regulation in Turkey: Payment Institutions, Electronic Money Companies, and Licensing Requirements

20 Şub 2026
0

Introduction

FinTech regulation in Turkey has evolved rapidly in recent years, reflecting both technological innovation and increased regulatory oversight. Payment institutions and electronic money companies play a central role in Turkey’s digital financial ecosystem, facilitating online payments, mobile wallets, remittance services, and digital platforms.

The regulatory landscape is primarily shaped by Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, as well as secondary legislation issued by the Central Bank of the Republic of Turkey (CBRT), which has acted as the primary supervisory authority since 2020.

This article provides a legally sound and detailed overview of FinTech regulation in Turkey, focusing on licensing requirements, operational obligations, capital thresholds, and enforcement risks for payment institutions and electronic money companies.

Legal Framework Governing FinTech in Turkey

The cornerstone of FinTech regulation in Turkey is Law No. 6493, which regulates:

  • Payment services

  • Electronic money issuance

  • Payment institutions

  • Electronic money institutions

  • Settlement systems

Supervision is carried out by the Central Bank of the Republic of Turkey (CBRT), which replaced the Banking Regulation and Supervision Agency (BDDK) as the competent authority for this sector.

Additional regulatory frameworks include:

  • Anti-Money Laundering (AML) regulations under MASAK

  • Personal Data Protection Law (KVKK)

  • Turkish Commercial Code

  • Secondary CBRT communiqués

Compliance requires multi-layered regulatory coordination.

Payment Institutions in Turkey

Definition and Scope

Payment institutions are legal entities authorized to provide payment services without being a bank. Their services may include:

  • Money transfers

  • Execution of payment transactions

  • Direct debit and credit transfer services

  • Payment account operation

  • Payment instrument issuance

They cannot collect deposits or provide credit independently (except limited ancillary credit tied to payment services).

Electronic Money Institutions

Electronic money institutions issue electronic money (e-money), defined as:

  • Monetary value stored electronically,

  • Issued upon receipt of funds,

  • Used for payment transactions,

  • Accepted by persons other than the issuer.

E-money companies typically operate:

  • Digital wallets

  • Prepaid cards

  • Online payment platforms

  • Embedded finance applications

Unlike banks, they cannot use collected funds for lending purposes.

Licensing Requirements Under Turkish Law

Corporate Structure Requirements

To obtain a license, a FinTech company must:

  • Be established as a joint stock company (anonim şirket)

  • Issue registered shares

  • Have transparent ownership structure

  • Meet minimum capital requirements

Foreign shareholders are permitted, but regulatory scrutiny applies.

Minimum Capital Requirements

Capital requirements vary depending on the type of license:

  • Payment institutions: Different tiers based on services offered

  • Electronic money institutions: Higher capital threshold due to issuance function

Capital must be fully paid in cash and maintained throughout operations.

Failure to maintain minimum capital may result in license suspension.

Application Procedure Before the CBRT

The licensing process includes:

  1. Submission of application file

  2. Detailed business plan

  3. Internal control and risk management framework

  4. IT infrastructure documentation

  5. AML compliance structure

  6. Shareholder and executive suitability assessment

The CBRT conducts a thorough review of:

  • Financial soundness

  • Technological capacity

  • Corporate governance

  • Risk management systems

Licensing may take several months, depending on complexity.

Governance and Compliance Obligations

Licensed institutions must maintain:

  • Internal control mechanisms

  • Risk management systems

  • Independent audit functions

  • Secure IT infrastructure

Board members and senior executives must satisfy professional qualification and integrity criteria.

The CBRT may request periodic reporting and conduct on-site inspections.

Safeguarding Customer Funds

One of the most critical regulatory obligations concerns safeguarding customer funds.

Payment and electronic money institutions must:

  • Segregate customer funds from company assets

  • Deposit funds in designated banks

  • Ensure availability for redemption at all times

Funds cannot be used for operational financing.

Failure to safeguard customer funds constitutes a serious regulatory violation.

Data Protection and Cybersecurity

FinTech companies process large volumes of personal and financial data. Compliance with the Personal Data Protection Law (KVKK) is mandatory.

Obligations include:

  • Lawful data processing

  • Explicit consent where required

  • Cross-border data transfer compliance

  • Cybersecurity safeguards

  • Data breach notification procedures

Regulatory overlap between CBRT supervision and data protection authority oversight increases compliance complexity.

Anti-Money Laundering (AML) and MASAK Compliance

Payment institutions and electronic money companies are subject to AML regulations.

They must:

  • Conduct customer due diligence (KYC)

  • Monitor suspicious transactions

  • Report to MASAK

  • Implement internal AML policies

Digital onboarding procedures must comply with identity verification standards.

Non-compliance may result in administrative fines and criminal liability.

Cross-Border Services and Passporting Limitations

Unlike EU-based FinTech firms, Turkish payment institutions do not benefit from passporting rights.

Providing cross-border services may require:

  • Separate licensing in foreign jurisdictions

  • Compliance with local regulatory frameworks

  • Additional reporting obligations

Conversely, foreign FinTech companies operating in Turkey must obtain local authorization if they provide services targeting Turkish residents.

Regulatory Sanctions and Enforcement

The CBRT has broad enforcement powers, including:

  • Administrative fines

  • License suspension

  • Revocation of license

  • Operational restrictions

In severe cases, criminal liability may arise.

Common compliance violations include:

  • Insufficient capital maintenance

  • Failure to segregate customer funds

  • Weak AML controls

  • Inadequate IT security infrastructure

Reputational risk is often as significant as financial penalties.

FinTech and Embedded Finance Developments

Turkey has seen significant growth in:

  • Digital wallets

  • Buy-now-pay-later models

  • Embedded payment systems

  • API-based open banking

Open banking regulation, aligned with international standards, allows secure access to financial data via APIs under CBRT supervision.

This creates innovation opportunities but increases cybersecurity risk.

Litigation Risks in the FinTech Sector

FinTech companies may face:

  • Regulatory investigations

  • Customer compensation claims

  • Data breach lawsuits

  • Contractual disputes with partner banks

  • Competition law scrutiny

Clear contractual drafting and regulatory compliance mitigate exposure.

Strategic Considerations for Investors

Foreign investors entering the Turkish FinTech market should:

  1. Conduct regulatory due diligence

  2. Verify licensing status

  3. Review capital adequacy

  4. Assess AML compliance

  5. Evaluate cybersecurity framework

Early regulatory engagement improves licensing prospects.

Conclusion

FinTech regulation in Turkey reflects a balance between innovation and financial stability. Payment institutions and electronic money companies operate under a structured legal regime centered on Law No. 6493 and CBRT supervision.

Licensing requirements, capital adequacy rules, customer fund safeguarding, AML compliance, and data protection obligations create a robust but demanding regulatory environment.

As Turkey’s digital finance ecosystem continues to expand, regulatory scrutiny is expected to intensify. FinTech companies must implement comprehensive compliance frameworks and proactive risk management strategies to operate successfully within Turkish financial regulation.

For international investors and domestic entrepreneurs alike, regulatory alignment is not merely a formal requirement—it is a strategic necessity.

, , , , , , , , ,

About Post Author

Leave a Reply

Call Now Button