Introduction
Electronic money institutions have become one of the most important pillars of the fintech ecosystem in Turkey. As digital wallets, prepaid balances, app-based payment accounts, stored-value products, merchant payment solutions, loyalty-based payment systems, online marketplaces, and embedded finance models continue to expand, businesses must understand whether their activities fall within the legal definition of electronic money issuance.
In Turkey, electronic money is not treated as an ordinary commercial product. It is a regulated financial activity. A company that receives customer funds, converts those funds into electronically stored monetary value, and enables users to make payments may need authorization as an electronic money institution. This means that an e-money business must consider licensing, capital requirements, fund safeguarding, anti-money laundering compliance, customer identification, data protection, information systems, internal controls, audit, consumer protection, and contractual transparency before launching its services.
The principal statute governing electronic money institutions in Turkey is Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions. The objective of Law No. 6493 is to regulate payment and securities settlement systems, payment services, payment institutions, and electronic money institutions. The Central Bank of the Republic of Türkiye, also known as the CBRT or TCMB, is the main regulatory and supervisory authority for payment services and electronic money institutions in Turkey. The CBRT states that payment services regulation and supervision are governed by Law No. 6493 and relevant secondary legislation.
This article explains the legal framework applicable to electronic money institutions in Turkey, the licensing process, operational requirements, customer fund protection, digital wallet rules, AML and KYC duties, personal data protection, crypto payment restrictions, and common legal risks for e-money businesses.
What Is Electronic Money?
Electronic money generally refers to monetary value that is issued in exchange for funds, stored electronically, and used for payment transactions. In practical terms, electronic money may appear as a digital wallet balance, prepaid app balance, stored value account, e-money card balance, or online payment balance that can be used to purchase goods or services or transfer funds.
However, not every digital balance is automatically electronic money. The legal classification depends on the real structure of the product. A balance that only represents loyalty points, discount coupons, in-platform credits, or accounting records may be different from a balance that represents monetary value issued against funds and accepted for payment transactions.
The key legal questions are:
Does the business receive funds from the customer?
Is monetary value issued in return for those funds?
Is the value stored electronically?
Can the customer use the value to make payments?
Can the value be used outside a limited closed-loop network?
Can the user transfer the balance to another person or merchant?
Is the company holding customer funds or merely providing technology?
Is the platform issuing payment instruments or operating payment accounts?
Under Law No. 6493, electronic money institutions must issue electronic money at par value upon receipt of funds, convert deposited funds into electronic money without delay, and make them ready for use. The law also requires funds collected in exchange for electronic money to be transferred to a separate account opened with banks operating under Turkish banking law.
This structure shows that electronic money is closely connected to customer fund protection. An electronic money institution does not simply sell a digital product; it receives customer money and issues regulated value in return.
Main Legal Framework for E-Money Businesses in Turkey
The main legal framework for electronic money institutions in Turkey consists of:
Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions
Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers
CBRT communiqués and regulatory decisions
Communiqué on information systems and data sharing services
Rules on the safeguarding of funds
MASAK legislation on anti-money laundering and counter-terrorist financing
Law No. 6698 on the Protection of Personal Data
Consumer protection legislation
Crypto asset payment restrictions
Commercial, tax, contract, and corporate law rules
The CBRT’s official payment services page lists Law No. 6493 and secondary legislation as the core regulatory framework for payment services and electronic money activities in Turkey, including the regulation on payment services and electronic money issuance, TR QR code rules, crypto asset payment restrictions, and information systems rules.
Because the regulatory framework is technical and continuously developing, e-money companies should not rely only on general fintech knowledge. The legal analysis must be based on the actual product flow, customer journey, fund flow, data flow, technical architecture, and contractual structure.
Who Can Issue Electronic Money in Turkey?
Electronic money may only be issued by authorized entities. Under Law No. 6493, it is prohibited for persons other than authorized entities to issue electronic money. The CBRT explains that all electronic money institutions are authorized to issue electronic money in accordance with Article 18 of Law No. 6493, and the payment services that electronic money institutions may provide under Article 12 are listed according to their license scope.
In practice, electronic money may be issued by:
Banks authorized under Turkish banking legislation
Electronic money institutions licensed by the CBRT
Other entities permitted under the applicable legal framework
For fintech startups, this point is critical. A company cannot legally operate an electronic money business merely by incorporating a technology company. If the product involves e-money issuance, a specific authorization process before the CBRT is required.
The fact that the product is mobile, app-based, API-based, or cloud-based does not remove the licensing requirement. Turkish regulators focus on the substance of the activity, not only the terminology used by the company.
Licensing Requirements for Electronic Money Institutions
An electronic money institution must obtain an operating license from the CBRT before conducting regulated e-money activities. The licensing process requires a detailed review of the applicant’s corporate structure, shareholders, capital, governance, business plan, information systems, internal controls, risk management, compliance capacity, and operational readiness.
The CBRT evaluates whether the applicant has a transparent ownership structure, competent management, adequate personnel, sufficient technical infrastructure, complaint and objection units, business continuity measures, fund security measures, confidentiality controls, and an organization chart suitable for regulatory supervision. Law No. 6493 specifically refers to competent management, adequate personnel, technical equipment, complaint units, operational continuity, security and confidentiality of user funds and information, and a transparent partnership structure.
The licensing file is usually multidisciplinary. It may require legal documents, corporate documents, financial projections, internal policies, AML procedures, IT architecture, security documentation, outsourcing contracts, business continuity plans, and customer agreement templates.
A serious e-money licensing strategy should answer the following questions before filing:
What exact electronic money service will be provided?
Will the company also provide payment services?
Will the company operate a digital wallet?
Will users have payment accounts?
Will merchants accept the e-money balance?
Will the product include cards, QR payments, or online payments?
Will there be representatives or agents?
Will the company outsource KYC, cloud, IT, call center, or fraud monitoring functions?
How will customer funds be safeguarded?
How will AML and suspicious transaction monitoring work?
What is the governance structure of the company?
Who are the direct and indirect shareholders?
Are there any foreign shareholders or cross-border service elements?
The CBRT may also examine whether the company’s non-regulated activities could impair the financial soundness of the regulated business or the CBRT’s ability to supervise it. For payment institutions, Law No. 6493 authorizes the CBRT to require a separate entity where non-payment activities impair or may impair financial soundness or regulatory monitoring; similar principles are relevant in structuring regulated fintech businesses.
Minimum Capital and Equity Requirements
Electronic money institutions must satisfy capital and equity requirements. These requirements are not static. They may be redetermined periodically by regulatory communiqués. Therefore, founders and investors should verify the current threshold before preparing a license application or investment structure.
Recent legal updates indicate that the minimum equity requirement for electronic money institutions has been increased to TRY 105 million, with compliance required by 30 June 2026. This is a significant point for e-money startups, because regulatory capital planning must be built into the company’s financing roadmap from the beginning.
Capital adequacy is not only a licensing issue. It is also relevant after authorization. A licensed electronic money institution must continue to satisfy regulatory financial requirements. Failure to maintain required equity or comply with prudential obligations may lead to warnings, administrative measures, suspension, or revocation of the operating license.
For investors, this means that an e-money company should be assessed not only as a technology startup but also as a regulated financial institution. The business plan must include regulatory capital, compliance costs, audit expenses, IT security investments, personnel requirements, and ongoing reporting obligations.
Issuance and Redemption of Electronic Money
Electronic money must be issued in return for funds. Law No. 6493 provides that an electronic money institution shall issue electronic money at par value upon receipt of funds and convert the funds deposited by the user into electronic money without delay.
This means that e-money issuance must be transparent and traceable. The customer should understand when money is deposited, when electronic money is issued, how it can be used, whether it can be redeemed, what fees apply, and what happens if the account is closed.
A legally sound e-money user agreement should regulate:
Opening of the e-money account
Customer identification and verification
Deposit and loading methods
Issuance of electronic money
Use of electronic money for payments
Transfer limits
Merchant acceptance
Refund and redemption rules
Fees and commissions
Account suspension
Fraud prevention measures
Dormant accounts
Termination
Complaint mechanisms
Data processing
Liability for unauthorized transactions
The agreement should avoid ambiguity. Terms such as “wallet balance,” “credit,” “points,” “stored value,” or “account money” must be used carefully. If the product is electronic money, the legal terms should be consistent with the regulated nature of the service.
Safeguarding of Customer Funds
Customer fund protection is one of the most important legal requirements for electronic money institutions. Funds received from users in exchange for electronic money must be safeguarded according to the rules determined by the CBRT. Law No. 6493 states that funds received by payment institutions for payment services and funds collected by electronic money institutions in exchange for issuing electronic money shall be safeguarded under CBRT rules. It also provides that, in liquidation or cancellation of operating permission, such funds and accounts are used to compensate fund holders and fulfill liabilities arising from the law.
This protection mechanism is designed to prevent customer money from being treated as ordinary company assets. E-money institutions must avoid commingling customer funds with operational funds and must maintain proper accounting and reconciliation systems.
Practical safeguards may include:
Separate safeguarding accounts
Daily reconciliation
Clear accounting records
Internal controls over fund movement
Restricted access to customer funds
Audit trails
Compliance monitoring
Operational risk controls
Board-level oversight
Reporting to the CBRT where required
From a litigation perspective, fund safeguarding is also crucial. In disputes involving failed transfers, account freezing, insolvency, fraud, or unauthorized transactions, records showing how user funds were received, converted, stored, and used may become decisive evidence.
E-Money Is Not a Deposit
A very important distinction under Turkish law is that funds received in exchange for electronic money are not deposits or participation funds. Law No. 6493 states that funds received from electronic money users in exchange for issuing electronic money shall not be considered deposits or participation funds under Turkish banking legislation.
This distinction has several consequences.
First, electronic money institutions are not banks. They cannot present themselves as banks unless they are separately licensed as such. Second, e-money balances should not be marketed as deposit accounts. Third, customers should not be misled into believing that they have a bank deposit relationship with the e-money issuer. Fourth, the institution must be careful with advertising language, interest-like benefits, and savings-related claims.
A digital wallet may be convenient and widely used, but it is not the same as a bank account unless a licensed bank is involved in the structure and the customer relationship is clearly explained.
Prohibition on Credit and Interest
Electronic money institutions are subject to important activity restrictions. Law No. 6493 provides that electronic money institutions shall not grant credit and shall not grant interest or any other benefit related to the length of time during which the electronic money holder holds electronic money.
This rule is essential for product design. E-money businesses must be careful when offering:
Cashback programs
Reward balances
Promotional benefits
Yield-like returns
Deferred payment features
Buy-now-pay-later structures
Credit lines
Installment payment options
Merchant financing
Wallet-based advance payments
Not every reward or promotion is automatically prohibited. However, if the benefit is linked to the time during which the user holds electronic money, or if the model effectively resembles credit activity, the company may face regulatory risk.
This is especially important for fintech companies attempting to combine wallets with lending, investment, loyalty, or savings features. The product must be legally separated and classified correctly.
Digital Wallet Regulation
Digital wallets are one of the most common business models associated with e-money institutions. A digital wallet may allow users to store value, make payments, transfer funds, pay merchants, use QR codes, or manage multiple payment instruments from a single interface.
However, digital wallet models must be examined carefully. Some wallet services may require authorization as a payment institution or electronic money institution. Recent legal updates reported that the deadline for certain digital wallet service providers to submit required CBRT applications and for authorized institutions to comply with digital wallet provisions was extended to 31 December 2025.
Key legal questions for digital wallet businesses include:
Does the wallet store monetary value?
Does the wallet issue electronic money?
Can the user pay third-party merchants?
Does the wallet allow peer-to-peer transfers?
Are payment instruments stored or tokenized?
Are customer funds held by the wallet provider?
Is there a licensed bank or e-money institution behind the wallet?
Does the wallet provide account information or payment initiation services?
How is customer consent obtained?
How are transaction limits and AML rules applied?
A company offering a digital wallet in Turkey should not assume that it is merely providing a software interface. The legal structure must be assessed in detail.
AML and KYC Obligations
Electronic money institutions are exposed to anti-money laundering and counter-terrorist financing risks. Digital onboarding, rapid transfers, wallet-to-wallet transactions, merchant settlements, prepaid instruments, cross-border transfers, and high-volume low-value transactions can all be misused for illegal purposes.
Turkey’s core AML statute is Law No. 5549 on Prevention of Laundering Proceeds of Crime, whose objective is to determine the principles and procedures for preventing laundering proceeds of crime. E-money institutions must evaluate their obligations under MASAK legislation, including customer identification, suspicious transaction reporting, recordkeeping, compliance programs, and risk-based monitoring.
A strong AML/KYC program for an e-money business should include:
Customer due diligence
Remote identity verification controls
Beneficial ownership checks
Sanctions screening
Politically exposed person screening
Transaction monitoring
Velocity rules
Fraud detection
Suspicious transaction escalation
Record retention
Employee training
Compliance officer oversight
Internal audit
Risk-based customer classification
Enhanced due diligence for high-risk users
AML compliance should be built into the product before launch. It is not sufficient to prepare policy documents without technical enforcement. A wallet application must be able to detect suspicious patterns, prevent abuse, and preserve transaction evidence.
Personal Data Protection and KVKK Compliance
Electronic money institutions process large volumes of personal data. This may include identity data, contact information, transaction history, device data, IP addresses, card data, bank account details, risk scores, biometric verification data, location data, and customer support records.
In Turkey, personal data processing is governed by Law No. 6698 on the Protection of Personal Data, known as the KVKK. The law’s purpose is to protect fundamental rights and freedoms, particularly privacy, in relation to the processing of personal data, and to set obligations and procedures for natural and legal persons processing personal data.
For e-money businesses, KVKK compliance should include:
Privacy notices
Data processing inventory
Lawful basis analysis
Explicit consent mechanisms where required
Data minimization
Retention and deletion policies
Cross-border data transfer assessment
Data processing agreements with vendors
Customer rights procedures
Breach response plans
Cookie and tracking compliance
Security measures
Access controls
Internal data governance
E-money institutions must also consider the relationship between data protection and fraud prevention. Law No. 6493 recognizes that, when needed to prevent, investigate and detect payment fraud, payment systems operators and payment service providers may use personal data while taking necessary measures for the protection of personal information.
Information Systems and Cybersecurity
Electronic money institutions are technology-dependent financial institutions. A failure in cybersecurity, transaction processing, API integration, user authentication, reconciliation, or system availability can create regulatory, contractual, and civil liability.
Law No. 6493 requires payment and electronic money institutions to keep documents and records related to matters within the scope of the law for at least ten years in Turkey, in a secure and accessible manner. It also authorizes the CBRT to determine procedures and principles regarding the information systems used by payment and electronic money institutions.
A proper cybersecurity and IT governance framework should cover:
Secure software development
Access management
Encryption
Penetration testing
Incident response
Business continuity
Disaster recovery
Logging and monitoring
Fraud detection systems
API security
Vendor security
Cloud compliance
Data backup
Authentication controls
Segregation of duties
Independent information systems audits
The CBRT’s Annual Report for 2024 states that payment and electronic money institutions are subject to independent financial audit and information systems audit obligations. It also reports that, as of 31 December 2024, there were 26 payment institutions and 63 electronic money institutions operating in Turkey under Law No. 6493.
Crypto Asset Restrictions for E-Money Institutions
Crypto assets are a sensitive issue for e-money businesses. Turkey has a specific regulation on the disuse of crypto assets in payments. The CBRT’s Regulation on the Disuse of Crypto Assets in Payments states that crypto assets cannot be used directly or indirectly in payments and that payment service providers cannot develop business models directly or indirectly using crypto assets in payment services or electronic money issuance.
This is highly relevant for companies planning:
Crypto-linked wallets
Crypto debit or prepaid cards
Merchant payments funded by crypto assets
Stablecoin-based payment models
Crypto-to-fiat payment conversion flows
Crypto rewards linked to payment accounts
E-money balances backed by digital assets
Merchant settlement in crypto assets
An e-money institution should be especially careful not to create a structure where crypto assets are indirectly used as a payment method. Even if the product is technically designed as a conversion mechanism, the legal risk must be assessed under the CBRT’s crypto payment restrictions.
Representatives, Outsourcing, and Business Partners
Electronic money institutions may work with representatives, agents, banks, merchants, KYC providers, cloud providers, software vendors, call centers, card processors, fraud monitoring providers, and other third parties. However, outsourcing or delegation does not eliminate regulatory responsibility.
TÖDEB explains that a representative is a real or legal person acting on behalf of a payment institution or electronic money institution, and that representatives may perform payment services limited to the official authorization scope of the institution they represent.
Contracts with representatives and outsourcing providers should regulate:
Scope of services
Regulatory compliance duties
Audit rights
Data protection obligations
Confidentiality
AML responsibilities
Customer complaint handling
Information security
Subcontracting restrictions
Incident notification
Business continuity
Termination assistance
Liability and indemnity
Regulatory access to documents and systems
A weak outsourcing agreement can create serious exposure. If a vendor fails to perform KYC checks properly, mishandles customer data, causes a system outage, or enables fraudulent transactions, the licensed institution may still face regulatory and customer claims.
Consumer Protection and Customer Agreements
Electronic money services are usually offered to consumers through mobile applications, websites, cards, QR systems, or merchant platforms. Therefore, user agreements must be clear, transparent, and consistent with consumer protection principles.
An e-money user agreement should explain:
Who the licensed provider is
What electronic money means
How users load funds
How electronic money is issued
Where the e-money can be used
Whether redemption is possible
What fees apply
How refunds are processed
How unauthorized transactions are reported
When accounts may be suspended
What transaction limits apply
How customer complaints are handled
How personal data is processed
Which security obligations apply to the user
Which courts or dispute mechanisms apply
Marketing materials must also be reviewed. E-money institutions should not use misleading language suggesting that e-money balances are bank deposits, investment products, savings accounts, or interest-bearing financial instruments.
Legal Risks for Unauthorized E-Money Businesses
Operating an electronic money business without authorization is a serious legal risk. Law No. 6493 contains criminal provisions for persons operating as system operators, payment institutions, or electronic money institutions without required licenses. It also penalizes the unauthorized use of words and expressions that may create the impression that a person is acting as a licensed institution.
Potential risks include:
Administrative sanctions
Criminal liability
Suspension of activities
Closure of business premises in certain cases
Bank account termination
Merchant contract termination
Customer claims
Investor due diligence failure
Regulatory investigation
Reputational damage
Difficulty obtaining a future license
For this reason, startups should avoid launching wallet or stored-value products before completing a legal classification analysis. A product may look like a simple mobile balance, but if it functions as electronic money, prior authorization may be required.
Compliance Checklist for E-Money Businesses in Turkey
An electronic money business in Turkey should consider the following compliance steps:
Classify the product under Law No. 6493.
Determine whether the product involves electronic money issuance.
Assess whether a CBRT license is required.
Prepare a licensing strategy and corporate structure.
Verify current capital and equity requirements.
Prepare shareholder and governance documentation.
Design customer fund safeguarding mechanisms.
Prepare AML, KYC, and suspicious transaction policies.
Establish transaction monitoring systems.
Prepare KVKK privacy documents and data processing agreements.
Review cross-border data transfer risks.
Prepare e-money user agreements and merchant contracts.
Review digital wallet compliance obligations.
Assess crypto asset payment restrictions.
Prepare IT security and business continuity documentation.
Review outsourcing and representative agreements.
Implement customer complaint procedures.
Maintain legally usable transaction records.
Plan independent financial and IT audits.
Monitor CBRT, MASAK, and KVKK updates continuously.
This checklist should be adapted to the specific business model. A prepaid card issuer, digital wallet provider, marketplace wallet, closed-loop platform, QR payment product, and open banking wallet will not have identical compliance obligations.
Why Legal Support Is Important for E-Money Companies
Electronic money regulation in Turkey is highly technical. A successful e-money business requires more than a good mobile application. It requires a legally compliant structure that aligns product design, licensing, fund flow, AML controls, data protection, contracts, technical infrastructure, and regulatory reporting.
A fintech lawyer can assist with:
E-money legal classification
CBRT licensing strategy
Preparation of license application documents
Corporate and shareholder structuring
User agreement drafting
Merchant agreement drafting
Digital wallet compliance
AML and KYC policy preparation
KVKK compliance
Outsourcing contracts
Representative agreements
Crypto payment risk analysis
Regulatory correspondence
Administrative sanction defense
Fintech litigation and customer disputes
Legal advice should be obtained before launch, not after regulatory scrutiny begins. In the e-money sector, legal design is part of product design.
Conclusion
Electronic money institutions in Turkey operate within a detailed and strict regulatory framework. Law No. 6493, CBRT secondary legislation, MASAK rules, KVKK obligations, cybersecurity requirements, consumer protection principles, and crypto payment restrictions all affect the way e-money businesses may operate.
The most important legal issue is correct classification. If a company receives funds, issues stored monetary value, allows users to make payments, operates a wallet, or enables transfers, it may need authorization as an electronic money institution or payment service provider. Calling the product a “wallet,” “balance,” “credit,” or “technology solution” does not determine its legal status. Regulators look at the actual function of the product.
Turkey offers significant opportunities for e-money institutions, digital wallets, payment platforms, embedded finance businesses, prepaid solutions, and fintech startups. However, these opportunities come with regulatory responsibility. Companies that build strong legal and compliance foundations from the beginning are more likely to obtain regulatory approval, protect customer trust, attract investment, establish banking partnerships, and scale sustainably.
Electronic money law is not merely a barrier to innovation. Properly understood, it provides the legal infrastructure that allows digital finance to grow safely, transparently, and credibly in Turkey.
Yanıt yok