Payment Accounts & Wallets in Turkey (Law No. 6493 and CBRT Regulations): Framework, Licencing, and Real-Life Practice
yazarı lawyerfbc
açık Eylül 19, 2025

Introduction: Why “payment accounts & wallets” matter in Turkey

Turkey has become one of Europe’s most dynamic payments markets. Instant transfers, standardized QR payments, and open-banking rails now underpin the way consumers and businesses move money. Against this backdrop, payment accounts & wallets—typically operated by banks, payment institutions, or e-money institutions—sit at the core of retail payments. They are regulated principally by Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions and an evolving body of Central Bank of the Republic of Türkiye (CBRT) secondary legislation.

This post—written from a practitioner’s perspective—maps the legal framework, explains license expectations, and sets out the real-life operational and compliance issues fintech founders, product managers, and counsel should anticipate.

1) The legal backbone: Law No. 6493 and CBRT rule-making

Law No. 6493 defines the perimeter for payment services, payment institutions, and e-money institutions, and empowers the CBRT as the rule-maker and supervisor for the sector (today including licensing and ongoing oversight). The CBRT’s site lists the primary and secondary legislation governing payment services, which together form the “playbook” for payment accounts & wallets.

Key secondary legislation includes:

  • Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers (the main implementing rulebook for PSPs, including payment account services, outsourcing, governance, safeguarding, and operational rules). It entered into force upon publication in the Official Gazette on 1 December 2021 (No. 31676).
  • Guideline on Data-Sharing Services in Payment Services (open-banking guidance that frames API standards and security for access to customers’ payment accounts by licensed third parties).
  • Regulation on the Generation and Use of the TR QR Code (setting out a single, interoperable QR standard used across market participants and wallet schemes).

2) What exactly is a “payment account” and how do wallets fit?

Under Law No. 6493 and the CBRT Regulation, a payment account is the account used for executing payment transactions on behalf of a user. In practice, a consumer-facing wallet is a front-end that allows the user to (i) hold e-money issued by an e-money institution, or (ii) initiate/receive transfers through a payment account maintained by a PSP. Wallets therefore operate either on top of a payment account (bank or PSP ledger) or as the customer interface to e-money, subject to safeguarding and redemption rules.

This distinction drives core compliance duties:

  • Payment institutions provide payment services (e.g., money remittance, acquiring, account issuance) but do not issue e-money.
  • E-money institutions issue e-money stored in wallets and must redeem at par; user funds are safeguarded per CBRT rules.

3) Open banking, interoperability and access to accounts

Turkey’s open-banking rollout has been incremental but is now live. In December 2022, CBRT announced the launch of open-banking services via the Open Banking Gateway (GEÇİT) infrastructure developed by the Interbank Card Center. For wallet providers, this means third-party data access and payment initiation services can be enabled with customer consent, in line with the CBRT’s data-sharing guideline. In short: wallets can become account access hubs and payment initiation surfaces—if licensed appropriately and integrated to CBRT-aligned APIs.

4) TR QR and instant payments (FAST): what this means for wallets

Two pillars make Turkey a “tap-and-go” jurisdiction for payment accounts & wallets:

  • TR QR Code: A single QR standard that allows any compliant wallet or PSP to initiate payments at merchants and P2P, enabling cross-scheme interoperability and reducing fragmentation.
  • FAST (Instant and Continuous Transfer of Funds) System: CBRT’s 7×24 real-time payment rail enabling funds to reach the recipient within seconds and available immediately. Wallets integrated to FAST can deliver true real-time experiences and alias-based addressing (phone/email/ID).

Together, these rails shape UX expectations: near-instant crediting, interoperable QR acceptance, and broad merchant coverage. Wallets that lack TR-QR/FAST integrations struggle to meet market norms.

5) Getting licensed: high-level expectations

While the CBRT Regulation is detailed, founders should plan for the following licensing building blocks:

  1. Corporate governance & fit-and-proper: Shareholders, board, and key managers must pass integrity and competence checks; organizational structure must ensure independent risk, audit, and compliance functions proportionate to size. (See CBRT’s PSP framework.)
  2. Information systems & outsourcing: Information security, business continuity, and third-party risk are core. Outsourcing critical functions requires prior notice/approval and robust contracts; cloud use must satisfy localization and auditability requirements under CBRT guidance.
  3. Safeguarding of client funds: E-money issuers and some PSP models must segregate customer funds (e.g., in trust/escrow) and perform daily reconciliation, ensuring full redemption at par value. (This comes straight from Law No. 6493’s consumer-protection DNA.)
  4. AML/CFT and KYC: Wallet onboarding flows must reflect MASAK obligations (outside the CBRT corpus but essential in practice). Product design should account for risk-based identification, transaction monitoring, and suspicious-activity reporting. (Note: MASAK rules are separate; include them in your compliance map alongside CBRT requirements.)
  5. Capital and prudential metrics: Minimum capital and own-funds calculations depend on the service category; capital add-ons may apply as your volumes scale. Align treasury and safeguarding policies to stress scenarios; CBRT reviews these in authorizations and on-site inspections.

6) Building a compliant wallet: practical product & compliance tips

a) Design for interoperability from Day 1
Make TR-QR support and FAST connectivity part of your MVP. This reduces reliance on bilateral acquirer integrations and ensures your payment accounts & wallets strategy is aligned with how users already pay.

b) Treat data-sharing as a product surface, not only a compliance box
Open-banking capabilities (AIS/PIS) let a wallet become a financial control center for users. Use the CBRT guideline to harden consent flows, data minimization, and API security. Build “explainable” consent screens—customers reward transparency.

c) Safeguard like a bank; communicate like a consumer app
Your legal obligation is segregation and redemption at par. Your UX obligation is telling users—in plain language—where their money sits, how it’s protected, and when it can be redeemed. Clear in-app disclosures reduce complaints and supervisory friction.

d) Engineer for 7×24 operations
FAST and TR-QR imply continuous availability. Incident-response runbooks, RTO/RPO targets, and rollback plans must be production-ready. Regularly test failover with your sponsor banks and critical vendors.

e) Embed merchant protection and chargeback logic
Acquiring via wallets is mainstream. Document clear refund/chargeback SLAs in merchant agreements and align with scheme and CBRT expectations. Maintain dispute metrics and act on outliers.

f) Plan for audits and thematic reviews
CBRT conducts thematic reviews (e.g., security, access policies, safeguarding). Keep a living compliance matrix mapping each article of the Regulation to your policy, control owner, and evidence location.

7) Real-life operating issues we see most

  1. IBAN vs. wallet ledger clarity: Make it unambiguous whether the user holds an account with IBAN at a partner bank or an internal PSP ledger position. Mislabeling triggers complaints and regulatory queries. (Your ToS and product copy must match the legal structure.)
  2. Cross-scheme QR acceptance: Some merchants still display proprietary QR assets. Educate merchants that TR QR is scheme-agnostic and increases acceptance—use unified signage and staff training to reduce failed scans.
  3. Open-banking consent decay: Users forget what they granted. Implement consent dashboards and expiring scopes consistent with the CBRT guideline; prompt renewals with contextual value (e.g., “keep your salary account synced for bill predictions”).
  4. Operational limits in instant payments: FAST cancellations occur if time limits are exceeded. Build user messaging for timeouts and duplicate-payment protection; reconciliation jobs must handle edge cases for “late success vs. auto-cancel.”

8) Competition and access to infrastructure

Recent commentary highlights obligations for PSPs to provide fair access to payment account services and infrastructure to other PSPs (subject to capacity and security). For wallet players, this reduces gatekeeping risk and supports a level playing field for new entrants—an important consideration when negotiating sponsor bank or scheme connectivity.

9) Checklist for founders and counsel

  • License mapping: Determine whether you are a payment institution, e-money institution, or hybrid; build your scope precisely around Law 6493 services.
  • Policy stack: Finalize safeguarding, complaints handling, outsourcing/third-party risk, incident response, and data-sharing (open-banking) policies per CBRT rules.
  • Rail readiness: Integrate TR QR and FAST early; design for 7×24 monitoring, alias payments, and instant refunds where feasible.
  • Merchant terms: Align refund/chargeback mechanics with scheme rules and CBRT expectations.
  • User disclosures: Plain-English (and Turkish) explanations of how payment accounts & wallets are safeguarded, how redemption works, and how data is shared under consent.
  • Audit trail: Maintain article-by-article compliance evidence; prepare for CBRT thematic reviews.

Conclusion: Turning regulation into product advantage for payment accounts & wallets

Turkey’s regulatory architecture under Law No. 6493 and CBRT regulations is not a roadblock; it’s a blueprint to build trustworthy, interoperable, and high-availability payment accounts & wallets. With TR QR interoperability, FAST instant payments, and open-banking data sharing now in production, the winners will be those who internalize compliance as a product feature: transparent safeguarding, resilient 7×24 operations, and consent-led data design. For market entrants and global players alike, aligning legal structure, tech architecture, and user experience around payment accounts & wallets is no longer optional in Turkey—it’s the baseline.

Contact

Categories:

Genel

Tags:

fintech and bankingFintech and Turkish legal framework

Yanıt yok

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Our Client

We provide a wide range of Turkish legal services to businesses and individuals throughout the world. Our services include comprehensive, updated legal information, professional legal consultation and representation

Our Team

.Our team includes business and trial lawyers experienced in a wide range of legal services across a broad spectrum of industries.

Why Choose Us

We will hold your hand. We will make every effort to ensure that you understand and are comfortable with each step of the legal process.

Open chat
1
Hello Can İ Help you?
Hello
Can i help you?
Call Now Button