Open Banking Integration 4.0 Part I

  1. Open Banking 101

    While financial technologies continue to be used in the existing banking ecosystem, they have started to be taken to the next level with open banking. Open banking is a system that entered the literature for the first time in Turkey with the ‘Regulation on Information Systems and Electronic Banking Services of Banks’ dated 15 March 2020 and essentially allows banks to open their APIs (application programming interface – code or protocol that enables different platforms to talk to each other) and provide third-party initiatives or institutions with access to customers’ financial information to develop new applications or services.

    With the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (‘Law’), the foundations for open banking were laid, and with the Law No. 7192 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, important updates that can be considered revolutionary were made and a uniform regulation was tried to be achieved.

    Until Today

    One of the most important milestones is the removal of the powers of the BRSA, which is one of the authorities with a say in open banking and which has created a duality with the CBRT, and the transfer of the decision-making mechanism within the scope of the Law to the CBRT. This transfer of authority is expected to improve stakeholder collaborations in the open banking ecosystem. Article 12 of the Law reads as follows;

    (f) initiating a payment order submitted in relation to a payment account with another payment service provider at the request of the payment service user,

    (g) the provision on online platforms of consolidated information on one or more payment accounts of the payment service user with payment service providers, provided that the consent of the payment service user has been obtained,

    services; the authority to determine the services other than these two services was entrusted to the CBRT and the licensing of open banking was almost winked at.


    The next milestone in this regard is undoubtedly the Draft Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers and the Draft Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services (‘Draft Regulations’), which, despite being submitted to the views of practitioners, especially sector stakeholders, and consultations for enforcement purposes, have still not achieved their enforcement targets in 2021 and are therefore constantly on the hot agenda for the fintech ecosystem.

    With the Draft Regulations, the addressees of the aforementioned services have also been determined. Namely

    Account Service Provider: A payment service provider holding a payment account,
    Payment Order Initiation Service Provider: A legal entity that provides the payment service (payment order initiation service) defined in Article 12/1/f of the Law,
    Account Information Service Provider: The legal entity providing the payment service (Account Information Service) defined in Article 12/1/g of the Law.

    The rules, which make open banking compulsory upon request in parallel with the EU Payment Service Providers Regulations, by stating that the counterparties, banks and other payment service providers ‘cannot prevent the customer or the service providers themselves from accessing the open banking service’, have been tried to be further strengthened with the rules that try to capture the environment of rich competition in this respect. Thus, institutions offering open banking services were also defined as payment service providers, and they were burdened with heavy obligations, the details of which will be listed in the remainder of this series of articles.

    In summary, these obligations can be listed as follows: obtaining an operating licence through a two-step approval process that starts with a preliminary application to the CBRT; establishing a corporate incorporation structure that stipulates rules that will also touch the main requirements of the board of directors, which is the representation and management body; the requirement of independent audit and financial audit, which will measure technical and administrative competence to a serious extent; the establishment of a ‘compliance’ unit, including internal complaints, internal control and some other workflow requirements; and finally, information security policies and information technology requirements in order to prove security and assurance.


    It should be noted that, although these updates and requirements that will determine the course and life cycle of open banking are essential, it is questionable to what extent they will be able to fulfil the new players and initiatives that will join the open banking ecosystem and provide the real development. In fact, transparent, affordable, supportable and measured regulations should be created as much as possible for open banking, which follows the evolution of branch banking, internet banking and mobile banking, which have evolved far away from the original meaning of the concept of ‘banking’.

    In our next article, the above-mentioned requirements will be discussed in detail from the perspective of law, finance, technology and most importantly, the living ecosystem.

    This article was prepared by GRC LEGALl- Av. Mehmet Şahin on behalf of Finteo, one of the startup members of FINTR.