Fintech Law: Türkiye - Part 3

Digital markets, payment services and funding

Law No. 6493 and its supplemental secondary legislation regulate the market and concepts such as e-money, digital wallets and digital currencies.

In terms of digital marketplaces, the Law Amending the Law on the Regulation of Electronic Commerce No. 31889 has been published in the Official Gazette dated 7 July 2022. This Law adds new clauses and defines important concepts relating to electronic commerce, such as electronic commerce intermediary service provider and electronic commerce service provider. In this regard, the Regulation on the Electronic Commerce Intermediary Service Providers and Electronic Commerce Service Providers No. 32058 has been published in the Official Gazette dated 29 December 2022. The Regulation stipulates the obligations of electronic commerce intermediary service providers and electronic commerce service providers, unfair commercial practices in electronic commerce, unlawful content, intermediation agreements, electronic commerce licence and other issues related to electronic commerce. The Crypto Assets Regulation defines cryptoassets as intangible assets that are created virtually by technology such as distributed ledger technology or similar and are distributed through digital networks but cannot be acknowledged as 'fiat money, deposit money, electronic money, payment instruments, securities or other capital market instruments' and stipulates that a special set of rules shall be applied to cryptoassets.

The general rules and principles regarding investment funds are mainly regulated under the Law on Capital Markets (Law No. 6362). The CMB has regulated further details regarding the establishment and activities of investment funds under the Communiqué on the Principles of Investment Funds (No. III.52.1) and has also introduced the Investment Funds Guide with its Resolution No. 19/614, to clarify the rules and principles stipulated in the Communiqué.

Communiqué No. III-35/A.2 on Crowdfunding entered into force upon its publication in the Official Gazette dated 27 October 2021 and designates the CMB as the supervisory regulatory authority. As per the Communiqué, crowdfunding activities shall be conducted via crowdfunding platforms, which can be joint-stock companies solely providing crowdfunding services; or investment institutions that are development and investment banks, participation banks or intermediary institutions.

Additionally, peer-to-peer lending is not currently regulated in a manner synonymous with the definition found under Payment Services Directive II. However, debt-based crowdfunding platforms, which can be considered peer-to-peer lending, have just been regulated, although a communiqué for these platforms has not yet been prepared by the CMB.

Law No. 7192, introducing a variety of amendments to Law No. 6493, stipulates that the CBRT is vested with the power to enact secondary legislation that may require payment service providers to share data with other payment service providers. On 1 December 2021, the Communiqué on the Information Systems of Payment and Electronic Money Institutions and Data Sharing Services in the Field of Payment Services of Payment Service Providers published by the CBRT entered into force. In this regard, pursuant to the Regulation on Banks' Information Systems and Electronic Banking Services, the private financial data of customers in banks can be shared with third parties, namely third-party providers, with customer permission. With this model, financial data belonging to customers, and that the banks do not share among themselves, are no longer private to banks and are placed on a common platform with the request and consent of the customer, making the data available to fintech companies.

In line with this approach, in the Turkish Competition Authority's Report on Financial Technologies in Payment Services, the open banking model is explained in response to the need for regulatory rules that prevent exclusionary actions from the very beginning. In addition, the Regulation on the Sharing of Confidential Information, which regulates the sharing and transfer of bank secrets and customer secrets, regulates confidentiality obligation exceptions and the principles regarding the sharing of confidential information.

Law No. 6493 and its supplemental secondary legislation regulate the market and concepts such as e-money, digital wallets and digital currencies.

In terms of digital marketplaces, the Law Amending the Law on the Regulation of Electronic Commerce No. 31889 has been published in the Official Gazette dated 7 July 2022. This Law adds new clauses and defines important concepts relating to electronic commerce, such as electronic commerce intermediary service provider and electronic commerce service provider. In this regard, the Regulation on the Electronic Commerce Intermediary Service Providers and Electronic Commerce Service Providers No. 32058 has been published in the Official Gazette dated 29 December 2022. The Regulation stipulates the obligations of electronic commerce intermediary service providers and electronic commerce service providers, unfair commercial practices in electronic commerce, unlawful content, intermediation agreements, electronic commerce licence and other issues related to electronic commerce. The Crypto Assets Regulation defines cryptoassets as intangible assets that are created virtually by technology such as distributed ledger technology or similar and are distributed through digital networks but cannot be acknowledged as 'fiat money, deposit money, electronic money, payment instruments, securities or other capital market instruments' and stipulates that a special set of rules shall be applied to cryptoassets.

The general rules and principles regarding investment funds are mainly regulated under the Law on Capital Markets (Law No. 6362). The CMB has regulated further details regarding the establishment and activities of investment funds under the Communiqué on the Principles of Investment Funds (No. III.52.1) and has also introduced the Investment Funds Guide with its Resolution No. 19/614, to clarify the rules and principles stipulated in the Communiqué.

Communiqué No. III-35/A.2 on Crowdfunding entered into force upon its publication in the Official Gazette dated 27 October 2021 and designates the CMB as the supervisory regulatory authority. As per the Communiqué, crowdfunding activities shall be conducted via crowdfunding platforms, which can be joint-stock companies solely providing crowdfunding services; or investment institutions that are development and investment banks, participation banks or intermediary institutions.

Additionally, peer-to-peer lending is not currently regulated in a manner synonymous with the definition found under Payment Services Directive II. However, debt-based crowdfunding platforms, which can be considered peer-to-peer lending, have just been regulated, although a communiqué for these platforms has not yet been prepared by the CMB.

Law No. 7192, introducing a variety of amendments to Law No. 6493, stipulates that the CBRT is vested with the power to enact secondary legislation that may require payment service providers to share data with other payment service providers. On 1 December 2021, the Communiqué on the Information Systems of Payment and Electronic Money Institutions and Data Sharing Services in the Field of Payment Services of Payment Service Providers published by the CBRT entered into force. In this regard, pursuant to the Regulation on Banks' Information Systems and Electronic Banking Services, the private financial data of customers in banks can be shared with third parties, namely third-party providers, with customer permission. With this model, financial data belonging to customers, and that the banks do not share among themselves, are no longer private to banks and are placed on a common platform with the request and consent of the customer, making the data available to fintech companies.

In line with this approach, in the Turkish Competition Authority's Report on Financial Technologies in Payment Services, the open banking model is explained in response to the need for regulatory rules that prevent exclusionary actions from the very beginning. In addition, the Regulation on the Sharing of Confidential Information, which regulates the sharing and transfer of bank secrets and customer secrets, regulates confidentiality obligation exceptions and the principles regarding the sharing of confidential information.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

There are no specific provisions under the Turkish legislation that prohibit individuals from owning and exchanging cryptocurrencies. Nevertheless, the Crypto Assets Regulation prohibits:

1. the direct or indirect use of cryptoassets in making payments;

2. the provision of services enabling the direct or indirect use of cryptoassets in making payments, the development of business models, or the provision of services related to those business models, by payment service providers regarding the direct or indirect use of cryptoassets in the provision of payment services or the export of electronic money; and

3. payment and electronic money institutions from acting as intermediaries between platforms providing services on the trading, depositing, transferring or exporting of cryptoassets.

Although the Regulation prohibits licensed payment institutions and e-money institutions from using cryptoassets in their operations, it does not introduce any regulations with respect to cryptoasset trading platforms. Taking into consideration that cryptoassets reflect only one aspect of blockchain technology applications, we believe that this Regulation will not prevent significant technological developments that are constituted on blockchain technology, such as digital identity, open data or smart contracts in Türkiye.

There is no specific regulation governing ICO or token generation events. The CMB has not yet classified or assessed security tokens.

MASAK published a guide entitled 'Main Principles for the Crypto Asset Service Providers Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism' (the Guide) on 4 May 2021. The Guide provides detailed and instructive application-oriented information regarding the obligations that cryptoasset service providers have under the Regulation on Prevention of Laundering Proceeds of Crime as obliged parties, as well as the sanctions imposed if cryptoasset service providers fail to fulfil their obligations.

In addition, a Draft Bill that aims to amend the Capital Markets Law No. 6362 to set the legal framework regarding cryptoassets is before the Grand National Assembly of Türkiye. In the Draft Bill, the concepts of 'crypto wallet', 'cryptoasset', 'cryptoasset trading platform', 'cryptoasset custody service' and 'cryptoasset service provider' are defined. While the Draft Bill regulates cryptoassets within the Capital Markets Law, it does not qualify the cryptoassets as 'capital markets instruments'. Accordingly, cryptoassets will be subject to a legal regime different from that of capital markets instruments. Lastly, the Draft Bill authorises the Capital Markets Board of Türkiye to issue secondary legislation on the matter.

Regarding tax issues, to be able to impose a tax on cryptocurrencies and tokens, the Tax Law has to be amended in a comprehensive manner. If cryptocurrencies were to be qualified as a commodity in Türkiye, the income derived from the exchange of cryptocurrencies would be subject to income tax. However, for the time being, gains derived from cryptocurrencies are not included within the types of income that are subject to income tax.

There is no regulation allowing or restricting the offering of tokens to residents from abroad.

There are no specific provisions under the Turkish legislation that prohibit individuals from owning and exchanging cryptocurrencies. Nevertheless, the Crypto Assets Regulation prohibits:

1. the direct or indirect use of cryptoassets in making payments;

2. the provision of services enabling the direct or indirect use of cryptoassets in making payments, the development of business models, or the provision of services related to those business models, by payment service providers regarding the direct or indirect use of cryptoassets in the provision of payment services or the export of electronic money; and

3. payment and electronic money institutions from acting as intermediaries between platforms providing services on the trading, depositing, transferring or exporting of cryptoassets.

Although the Regulation prohibits licensed payment institutions and e-money institutions from using cryptoassets in their operations, it does not introduce any regulations with respect to cryptoasset trading platforms. Taking into consideration that cryptoassets reflect only one aspect of blockchain technology applications, we believe that this Regulation will not prevent significant technological developments that are constituted on blockchain technology, such as digital identity, open data or smart contracts in Türkiye.

There is no specific regulation governing ICO or token generation events. The CMB has not yet classified or assessed security tokens.

MASAK published a guide entitled 'Main Principles for the Crypto Asset Service Providers Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism' (the Guide) on 4 May 2021. The Guide provides detailed and instructive application-oriented information regarding the obligations that cryptoasset service providers have under the Regulation on Prevention of Laundering Proceeds of Crime as obliged parties, as well as the sanctions imposed if cryptoasset service providers fail to fulfil their obligations.

In addition, a Draft Bill that aims to amend the Capital Markets Law No. 6362 to set the legal framework regarding cryptoassets is before the Grand National Assembly of Türkiye. In the Draft Bill, the concepts of 'crypto wallet', 'cryptoasset', 'cryptoasset trading platform', 'cryptoasset custody service' and 'cryptoasset service provider' are defined. While the Draft Bill regulates cryptoassets within the Capital Markets Law, it does not qualify the cryptoassets as 'capital markets instruments'. Accordingly, cryptoassets will be subject to a legal regime different from that of capital markets instruments. Lastly, the Draft Bill authorises the Capital Markets Board of Türkiye to issue secondary legislation on the matter.

Regarding tax issues, to be able to impose a tax on cryptocurrencies and tokens, the Tax Law has to be amended in a comprehensive manner. If cryptocurrencies were to be qualified as a commodity in Türkiye, the income derived from the exchange of cryptocurrencies would be subject to income tax. However, for the time being, gains derived from cryptocurrencies are not included within the types of income that are subject to income tax.

There is no regulation allowing or restricting the offering of tokens to residents from abroad.

Other new business models

Owing to the nature of self-executing contracts, without separate legislation to regulate these, their enforceability may be challenged on the grounds that they restrict parties' negotiation power over the terms and conditions of an agreement. In addition, self-executing contracts are not legally enforceable as formal contracts specified by certain laws (e.g., real estate contracts, vehicle sales agreements).

There is no regulation regarding artificial intelligence (AI) under Turkish legislation; however, the Digital Transformation Office, structured under the Presidency, is granted the task of leading the AI transformation process. In this context, the National Artificial Intelligence Strategy 2021–2025, drafted in cooperation with the Digital Transformation Office of the Presidency of the Republic of Türkiye and the Ministry of Industry and Technology, was announced on 24 August 2021, and the Presidential Circular on the National Artificial Intelligence Strategy was published in the Official Gazette dated 20 August 2021.

In addition, the Personal Data Protection Authority published the guide entitled 'Recommendations on the Protection of Personal Data in the Field of Artificial Intelligence' on 15 September 2021. This guide has been prepared by taking into account the studies 'Guidelines on Artificial Intelligence and Data Protection' of the Directorate General of Human Rights and Rule of Law of the Council of Europe, 'Recommendation of the Council on Artificial Intelligence' of the Organisation for Economic Co-operation and Development (OECD) and 'Ethics Guidelines for Trustworthy AI' of the European Commission.

As it enables non-financial firms to provide consumers with financial services that are likely to be received by consumers, especially product-related financial services such as payment, lending, insurance, etc., at the time of receipt of the product or service, embedded finance is one of the most important fintech trends. As a result of the increasing customer demand and rise of e-commerce, regulatory developments are expected for buy now, pay later (BNPL) services, as an example of embedded finance, as there is no legislation specifically regulating BNLP services. In line with the rising trend in embedded finance, developments are also expected in insurtech, including tailor-made fast fashion insurance policies.

Under Türkiye's jurisdiction, decentralised finance (DeFi) is perceived as a financial intermediation, leveraging decentralised network consisting of cryptocurrencies, where all financial transactions are carried out with smart contracts to transform financial products into trusted and transparent protocols using computer networks without the need for any central intermediary. DAOs are defined as 'Autonomous organizational structures and management processes in which decisions are made jointly by all network participants where the rules defined by blockchain protocols or smart contracts guide the decisions of the participants and an automated managerial consensus is established' in the Blockchain Dictionary issued by the Presidency of the Republic of Türkiye Digital Transformation Office. Neither DeFi nor DAOs are regulated under the law.

Owing to the nature of self-executing contracts, without separate legislation to regulate these, their enforceability may be challenged on the grounds that they restrict parties' negotiation power over the terms and conditions of an agreement. In addition, self-executing contracts are not legally enforceable as formal contracts specified by certain laws (e.g., real estate contracts, vehicle sales agreements).

There is no regulation regarding artificial intelligence (AI) under Turkish legislation; however, the Digital Transformation Office, structured under the Presidency, is granted the task of leading the AI transformation process. In this context, the National Artificial Intelligence Strategy 2021–2025, drafted in cooperation with the Digital Transformation Office of the Presidency of the Republic of Türkiye and the Ministry of Industry and Technology, was announced on 24 August 2021, and the Presidential Circular on the National Artificial Intelligence Strategy was published in the Official Gazette dated 20 August 2021.

In addition, the Personal Data Protection Authority published the guide entitled 'Recommendations on the Protection of Personal Data in the Field of Artificial Intelligence' on 15 September 2021. This guide has been prepared by taking into account the studies 'Guidelines on Artificial Intelligence and Data Protection' of the Directorate General of Human Rights and Rule of Law of the Council of Europe, 'Recommendation of the Council on Artificial Intelligence' of the Organisation for Economic Co-operation and Development (OECD) and 'Ethics Guidelines for Trustworthy AI' of the European Commission.

As it enables non-financial firms to provide consumers with financial services that are likely to be received by consumers, especially product-related financial services such as payment, lending, insurance, etc., at the time of receipt of the product or service, embedded finance is one of the most important fintech trends. As a result of the increasing customer demand and rise of e-commerce, regulatory developments are expected for buy now, pay later (BNPL) services, as an example of embedded finance, as there is no legislation specifically regulating BNLP services. In line with the rising trend in embedded finance, developments are also expected in insurtech, including tailor-made fast fashion insurance policies.

Under Türkiye's jurisdiction, decentralised finance (DeFi) is perceived as a financial intermediation, leveraging decentralised network consisting of cryptocurrencies, where all financial transactions are carried out with smart contracts to transform financial products into trusted and transparent protocols using computer networks without the need for any central intermediary. DAOs are defined as 'Autonomous organizational structures and management processes in which decisions are made jointly by all network participants where the rules defined by blockchain protocols or smart contracts guide the decisions of the participants and an automated managerial consensus is established' in the Blockchain Dictionary issued by the Presidency of the Republic of Türkiye Digital Transformation Office. Neither DeFi nor DAOs are regulated under the law.