MASAK Made the Required Legal Amendments for Remote Identification of Legal Entities

As known, remote identification of legal entities by banks was made feasible by the Regulation Amending the Regulation on Remote Identification Methods to be Used by Banks and Establishment of the Contractual Relationship in Electronic Environment. You can reach the previous article covering this from here. In accordance with the relevant regulation, which entered into force on 1 June 2023, although it was feasible for legal entities to become bank customers through remote identification, this was not yet feasible in terms of the Financial Crimes Investigation Board (MASAK) legislation. In fact, since banks are also obliged to comply with the MASAK legislation, the definition of "customer" in the MASAK General Communiqué No. 19 on remote identification had to be amended to include legal entities.

The relevant amendments were made in the MASAK legislation and the Communiqué Amending the Communiqué (Serial No: 24) (Amendment Communiqué) was published in the Official Gazette dated 11 August 2023. With the amendment in the banking legislation, legal entities are also added to the list of "persons who can be remotely identified". This activity of MASAK obliged parties, who can conclude contracts with legal entities, primarily banks, by means of remote identification methods, has also become compatible with MASAK regulations.

The significant changes in Amendment Communiqué are as follows:

• The following two new terms were introduced under the definitions heading:

Near Field Communication: Defined as short-range wireless technology used for reading and writing data, enabling electronic devices to perform reliable, contactless transactions and access to digital content and/or electronic devices.

Security Elements: Visual security elements, which are security elements in the identity document that can be visually distinguished under white light, are defined as visual security elements consisting of clothing, rainbow printing, optical variable ink, hidden image, hologram and micro writing, photograph and signature.

• In case of remote identification, it is regulated that the process must be carried out online, uninterrupted, video and real-time. It is also stated that the entire remote identification process must be recorded and stored in a way to include all steps of the process and to ensure that it is auditable. Some changes are also included in the regulation on how to perform remote identification technically.
• In the case that the remote identification process is carried out partially or entirely through service procurement, it is obligatory for the service providers to have TS EN ISO/IEC 27001 Information Security Management System certificate.
• It is stated that the transactions performed by the customer representative in remote identification could also be performed partially or entirely by online and artificial intelligence-based methods. Details regarding the use of artificial intelligence in the relevant processes were also determined.

Amendment Communiqué entered into force on 11 August 2023. With the relevant communiqué, the process of establishing the legal basis for banks to acquire customers through remote identification has been largely completed with the inclusion of legal entities in the scope. As a matter of fact, adding new definitions to the Amendment Communiqué and regulating the steps to be taken in the process are crucial for establishing unity of practice.

You can reach the full text of the Amendment Communiqué here (only available in Turkish).

Tagged with: Gökçe, Yağmur Yollu, Fintech, Elif Aksöz