Turkey's Law on Payment Services and Electronic Money Institutions

A practical guide to Law No. 6493 — the regulatory framework governing payment systems, payment institutions, and electronic money in Turkey.

Law No. 6493, published in the Official Gazette on 27 June 2013, is Turkey's primary legislation governing payment systems, electronic money institutions, and payment service providers. Understanding its scope is essential for any financial institution, fintech company, or foreign investor operating in the Turkish market.

Overview and Purpose

The law establishes a comprehensive regulatory framework for Turkey's payment infrastructure. Its stated objective is to regulate the procedures and principles regarding payment and securities settlement systems, payment services, payment institutions, and electronic money institutions.

The law has been amended significantly by Law No. 7192 of November 2019, which transferred supervisory authority over payment and electronic money institutions from the Banking Regulation and Supervision Agency (BDDK) to the Central Bank of the Republic of Turkey (TCMB). This shift reflects the Central Bank's expanding role in Turkey's rapidly growing fintech sector.

PRIMARY REGULATORTCMBCentral Bank of Turkey (since 2019 amendment)SYSTEM OPERATOR MIN. CAPITAL₺5 MillionPaid-in, cash, free of all fictitious transactionsPAYMENT INSTITUTION MIN. CAPITAL₺1–2 Million₺1M for bill payment services; ₺2M for all othersE-MONEY INSTITUTION MIN. CAPITAL₺5 MillionPaid-in, cash, free of collusion

Scope: What Counts as a Payment Service?

Article 12 of the law defines payment services broadly. The following activities fall within its scope and therefore require licensing:

1. Operating a payment account — including cash deposits and withdrawals
2. Executing payment transactions such as credit transfers, direct debits, and card payments
3. Issuing or acquiring payment instruments (cards, e-wallets, etc.)
4. Money remittance services — transferring funds without a named payment account
5. Payments initiated via telecommunications or digital devices where the operator acts as an intermediary
6. Bill payment services
7. Payment initiation services (PIS) — added by the 2019 amendment, aligned with EU PSD2 concepts
8. Account information services (AIS) — consolidating information across payment accounts

Important Exclusions

Not everything involving money transfer is regulated under this law. Excluded transactions include: direct cash payments between payer and payee with no intermediary; payments through commercial agents; non-profit cash collection; traveller's cheques; ATM cash withdrawal services by third-party operators; and intra-group transfers within the same corporate group without external payment service provider involvement.

Who Can Provide Payment Services?

Article 13 restricts payment service provision to a defined list of institutions. Only the following may legally provide payment services in Turkey:

1. Banks licensed under Banking Law No. 5411
2. Electronic money institutions licensed under Law No. 6493
3. Payment institutions licensed under Law No. 6493
4. Postal and Telegraph Corporation (PTT) — added by Decree Law No. 690 of 2017

Any other legal person providing payment services without a licence commits a criminal offence under Article 28, carrying imprisonment of one to three years and significant judicial fines.

Licensing Requirements

Payment Institutions

To obtain operating authorisation as a payment institution under Article 14, an applicant must satisfy the following conditions:

1. Be established as a joint stock company (anonim şirket)
2. Shareholders holding 10% or more of capital must meet bank founder eligibility criteria under Banking Law No. 5411
3. All shares must be issued in cash and fully registered to name
4. Minimum paid-in capital of ₺1 million (bill payment services) or ₺2 million (all other payment services)
5. Sufficient qualified personnel, technical infrastructure, and management capacity
6. Transparent and clear ownership structure that does not obstruct Central Bank supervision

Electronic Money Institutions

The requirements for electronic money institutions under Article 18 mirror those for payment institutions, with one key difference: the minimum capital threshold is higher at ₺5 million. Additionally, electronic money institutions are strictly prohibited from granting credit and from paying interest or any other benefit to electronic money holders based on the duration they hold the electronic money.

System Operators

Entities wishing to operate a payment or securities settlement system require a separate operating licence from the Central Bank under Article 5. System operators must maintain minimum paid-in capital of ₺5 million and are subject to full Central Bank oversight. The licence application must be concluded by the Bank within six months of receiving a complete application.

Licence Application Timeline

The Central Bank must conclude a payment institution licence application within six months of receiving all required documents in complete form. If refused, the Bank must communicate its reasons in writing. Institutions granted a licence must notify the Bank of the commencement of operations within ten days of beginning activities.

Safeguarding of Client Funds

A critical consumer protection feature of the law is the mandatory segregation of client funds. Article 22 requires that funds received by payment institutions for executing payment services — and funds collected by electronic money institutions in exchange for issuing electronic money — must be safeguarded according to Central Bank regulations.

These funds are ring-fenced: in the event of voluntary or compulsory liquidation of the institution, or cancellation of its operating licence, the safeguarded funds and associated accounts are used exclusively to compensate fund holders for losses, regardless of any priorities established under other laws. Client funds cannot be claimed by the institution's general creditors.

Regulatory Sanctions and Criminal Liability

Law No. 6493 combines administrative penalties with serious criminal sanctions. The following table summarises the key offences and their consequences:

OFFENCE SANCTION SEVERITY
Operating as a payment institution, e-money institution or system operator without a licence 1–3 years imprisonment + judicial fine of up to 5,000 days CRIMINAL
Embezzlement of client funds 6–12 years imprisonment + judicial fine up to 5,000 days; up to 12+ years if concealed by fraud CRIMINAL
Preventing supervision or oversight activities of the Central Bank 1–3 years imprisonment CRIMINAL
Disclosure of confidential client information 1–3 years imprisonment + judicial fine up to 1,000 days CRIMINAL
Failure to disclose information/documents requested during supervision 3 months–1 year imprisonment + fine up to 1,500 days CRIMINAL
Violation of regulatory provisions (general) Administrative fine ₺40,000–₺900,000; minimum 2× any benefit gained ADMINISTRATIVE
Failure to maintain data records for 10 years in Turkey 1–3 years imprisonment + fine 500–1,500 days CRIMINAL

Key 2019 Amendments

Law No. 7192 of November 2019 made the most significant changes since the law's enactment. The principal amendments include:

1. Transfer of supervisory authorityfrom the BDDK (Banking Regulation and Supervision Agency) to the TCMB (Central Bank) for all payment and electronic money institution matters
2. Introduction of PSD2-aligned services— payment initiation services (Article 12(f)) and account information services (Article 12(g)) were formally recognised
3. Establishment of the Association— the Payment and Electronic Money Institutions Association of Turkey (Additional Article 1) was created as a mandatory professional body for all licensed institutions
4. Central Bank shareholding power— the Bank may now take shareholding stakes in systemically important system operators to ensure financial stability (Article 8)
5. Enhanced data protection— the Bank was granted authority to regulate data-sharing between payment service providers

Key Compliance Obligations

Beyond the licensing threshold, all payment and electronic money institutions operating in Turkey must maintain ongoing compliance with the following core obligations:

1. Record keeping— All documents and records must be maintained in Turkey for a minimum of ten years in a secure and accessible manner
2. Independent audit— Institutions are subject to independent financial audit under the Public Oversight Authority framework, and separate information systems audits under Central Bank rules
3. Data protection— Personal data may only be used to the extent necessary to prevent, investigate, and detect payment fraud
4. Notification of changes— Any change affecting the validity of information provided to the Bank must be notified promptly

1. Share transfer approval— Acquisitions of 10%, 20%, 33%, or 50% shareholding thresholds require prior Central Bank permission

1. Association membership— Payment and electronic money institutions must apply for ÖDEMDER membership within one month of receiving their operating licence