Türkiye’s Financial Technology Agenda

Participants in the FAST System must comply with the rules outlined in this guide. According to 2020 data, the 15 banks with the highest transaction volume in the CBRT Payment Systems must prepare the infrastructure for QR code scanning/production for person-to-person and business payments by December 31, 2021. Other FAST participants, on the other hand, must prepare this infrastructure by different dates starting from the beginning of 2024.

Payment service providers offering FAST services through mobile applications must prepare the infrastructure for generating and scanning QR codes for person-to-person payments by April 30, 2024. Those providing payment acceptance services to businesses must complete the infrastructure for generating QR codes for FAST business payments with dynamic verification services at contracted businesses by the same date.

The transition periods for participants in the FAST System to the FAST-TR QR Code application are as follows:

Those who are participants in the FAST System before January 1, 2024:

1. Those Offering FAST Services Through A Mobile Application

• Generating and scanning QR codes for person-to-person payments
• Extended and compact QR code scanning offered by the business.
• Generating extended and compact QR codes with dynamic authentication at businesses (if payment services are offered to businesses)

The deadline for those offering these services is April 30, 2024.

2. Those Not Offering FAST Services Through A Mobile Application:

• Generating and scanning QR codes for person-to-person payments
• Extended and compact QR code scanning offered by the business.
• Extended and compact QR code scanning offered by the business.
• Generating extended/compact QR codes with dynamic authentication (If they are to offer payment services to businesses and this service has not yet started, it must be completed within 4 months (for person-to-person payments) or 6 months (for business payments) from the start date.)

The deadline for those not offering these services is within 4 months (for person-to-person payments) or 6 months (for business payments) from the date they start offering the service.

Those Who Become Participants in The FAST System On or After January 1, 2024

1. Those Offering FAST Services Through A Mobile Application:

• Generating and scanning QR codes for person-to-person payments
• Extended and compact QR code scanning offered by the business.
• Generating extended/compact QR codes with dynamic authentication (if payment services are offered to businesses)

The deadline for those offering these services is within a maximum of 4 months (for person-to-person payments) or 6 months (for business payments) from the date they go live in the FAST System.

2. Those Not Offering FAST Services Through A Mobile Application:

• Generating and scanning QR codes for person-to-person payments
• Extended and compact QR code scanning offered by the business.
• Generating extended/compact QR codes with dynamic authentication at businesses (If they are to offer payment services to businesses and this service has not yet started, it must be completed within 4 months (for person-to-person payments) or 6 months (for business payments) from the start date.)

The deadline for those not offering these services is within 4 months (for person-to-person payments) or 6 months (for businesses) from the date they start offering the service.

GLOBAL FINANCIAL TECHNOLOGY AGENDA

European Union:

• DORA (Digital Operational Resilience Act):

It creates a comprehensive framework for financial institutions to manage their information and communication technology (ICT) risks.

ICT Risk Management Framework: It mandates the creation of a framework that includes the processes for identifying, assessing, managing, monitoring, and reporting ICT risks of financial institutions.

Incident Reporting: It mandates the reporting of cyberattacks, data breaches, and other ICT-related incidents to the relevant authorities.

Information Sharing: It encourages information sharing about ICT risks and incidents between financial institutions.

Third-Party Risk Management: It mandates financial institutions to include specific security and performance standards in contracts with third-party ICT service providers.

Cyber Security Tests: It mandates financial institutions to regularly test the security of their ICT systems.

While DORA aims to enhance the digital resilience of the financial system, it will be binding on all financial institutions, including FinTech companies, and will impose severe sanctions on entities that fail to comply.

• PSD3 (Payment Services Directive 3): (Currently still in draft form)

PSD3, which will update the existing PSD2 directive in the field of payment services, aims to further expand open banking practices, enhance payment security, strengthen the fight against fraud, and promote financial innovation.

Expected Regulations:

Strong Customer Authentication (SCA): It aims to enhance security by further expanding the use of SCA in payment transactions.

Fraud Monitoring: It is expected to introduce measures that will enable payment service providers to detect and prevent fraudulent activities more effectively.

Open Banking API Standards: Common API standards are expected to be established to enhance the interoperability of open banking services.

New Payment Services: It is expected to include regulations that will facilitate the emergence of new payment methods and services.

With the entry into force of PSD3, an increase in competition in financial services and the provision of more options to consumers is expected. However, concerns regarding data security and privacy must also be addressed.

• The European Digital Identity Framework (e-IDAS 2.0) has come into force.

e-IDAS 2.0, which came into force on May 20, 2024, is a regulation developed to enhance online security. With e-IDAS 2.0, the European Digital Identity Wallet has been introduced, and member states are encouraged to adopt this wallet. This wallet will enable users to manage their identities securely and carry out various transactions easily. Particularly in areas such as financial services, the acceptance of this wallet has been made mandatory upon customer request.

The European Digital Identity Wallet is supported by blockchain technology and data sharing, with security measures also being implemented. The European Commission is expected to regulate the implementation laws for the European Digital Identity Wallet by November 21, 2024.

By the second half of 2026 at the latest, financial institutions operating in the EU are expected to offer the “Verify with EU Digital Identity” option in their remote customer onboarding processes, while Italy is expected to launch its own digital identity wallet by January 2025.

United States of America:

• The U.S. Securities and Exchange Commission (SEC) Has Approved The Application for A Spot Ethereum ETF

The U.S. Securities and Exchange Commission (SEC) has granted expedited approval for rule changes related to the listing and trading of various Ether-based exchange-traded products (ETFs) proposed by NYSE Arca, Nasdaq, and Cboe BZX. This decision includes Ether-based products from major financial institutions such as Grayscale, Bitwise, iShares, VanEck, Blackrock, ARK  21Shares, Invesco Galaxy, Fidelity, and Franklin.

Thus, with the SEC’s referred decision, which is an important step towards further integrating cryptocurrency units into the financial system, it is understood that these assets should be evaluated within the framework of securities laws, and that necessary oversight and monitoring mechanisms will be applied to protect these products from market manipulation.

• RFIA (Responsible Financial Innovation Act): (At the draft bill stage)

It addresses issues such as the classification of crypto assets, stablecoin regulations, tax regulations, consumer protection, and the sharing of authority among federal agencies.

The RFIA aims to establish a comprehensive legal framework for crypto assets in the U.S. However, there have been criticisms that the bill, in its current form, contains some uncertainties and may not fully address the needs of the sector.

• OCC (Office of the Comptroller of the Currency) Guide:

It has issued a series of guidelines allowing national banks to offer cryptocurrency custody services.

Risk Management: It requires banks to effectively manage operational, cybersecurity, and compliance risks while offering cryptocurrency custody services.

Customer Protection: It mandates banks to inform their customers about the risks of cryptocurrency investments and conduct suitability assessments.

Legal Compliance: It requires banks to comply with all relevant federal and state laws when offering cryptocurrency custody services.

The guide facilitates greater involvement of banks in the cryptocurrency ecosystem, but it is crucial for banks to manage  the risks in this area accurately.

Other Countries:

United Kingdom:

• Financial Services and Markets Bill: (At the draft bill stage)

It is a draft bill aimed at updating the existing laws regulating financial services in the UK and expanding them to include crypto assets. The bill aims to promote competition and innovation in the financial services sector, protect consumers, and ensure financial stability.

This draft bill could help the UK maintain its leadership in the FinTech sector and resolve uncertainties related to crypto assets.

India:

• Cryptocurrency Draft Bill (Still in draft stage)

It addresses issues such as the classification of crypto assets, licensing, taxation, consumer protection, and the issuance of the digital rupee (CBDC) by the Reserve Bank of India (RBI).

Classification of Crypto Assets: It is expected to categorize crypto assets into different types (such as payment tokens, security tokens, utility tokens) and introduce different regulations for each category.

Licensing and Registration: It may require crypto asset service providers to obtain a license or registration from the RBI.

Taxation: It is expected to introduce tax regulations for gains derived from crypto asset transactions.

Consumer Protection: It is expected to establish specific rules to protect crypto asset investors (e.g., risk disclosures, suitability assessments).

Digital Rupee (CBDC): It is expected to create a legal framework for the RBI to issue and regulate the digital rupee.

India’s cryptocurrency draft bill will significantly impact the country's cryptocurrency ecosystem and will shape the future direction of the sector.

China:

• Digital Yuan Regulations:

It encompasses the use and regulation of the digital yuan, the central bank digital currency (CBDC) issued by the People's Bank of China (PBOC).

Pilot Projects: The digital yuan is being tested through pilot projects across various cities  and sectors.

Wallets and Payments: Digital yuan wallets and payment infrastructure are being developed.

AML/KYC: Anti-money laundering (AML) and Know Your Customer (KYC) requirements are applied to digital yuan transactions.

Taxation and Accounting: Regulations are being made regarding the taxation and accounting of digital yuan transactions.

China’s push to mainstream the digital yuan could lead to significant changes in the global financial system and may prompt other countries to accelerate their CBDC initiatives.