Introduction
Banking regulation in Turkey is a highly structured and strictly supervised legal field. Banks are not treated as ordinary commercial companies under Turkish law. They collect deposits and participation funds, grant loans, process payments, issue guarantees, manage customer assets, participate in capital markets and play a central role in financial stability. For this reason, banking activities in Turkey are subject to a special licensing, supervision and compliance regime.
The main authority responsible for banking regulation in Turkey is the Banking Regulation and Supervision Agency, commonly known as the BRSA or BDDK. The BRSA regulates and supervises banks, financial holding companies and various banking-related institutions. The primary legal source is Banking Law No. 5411, which sets out the rules on establishment, operating permission, bank management, internal systems, capital adequacy, liquidity, supervision, confidentiality, deposit protection, corrective measures and sanctions. Banking Law No. 5411 expressly states that its objective is to ensure confidence and stability in financial markets, the efficient functioning of the credit system and the protection of depositors’ rights and interests.
For foreign investors, fintech companies, financial institutions, corporate borrowers, payment businesses and international banks, understanding the Turkish banking regulatory framework is essential before entering the Turkish market. A business model that appears commercially viable may require a banking license, BRSA approval, Central Bank authorization, Capital Markets Board authorization or another regulatory permission depending on the exact nature of the services offered.
This article explains the key principles of banking regulation in Turkey, with a focus on BRSA licensing, supervision and compliance rules.
1. The Legal Framework of Banking Regulation in Turkey
The foundation of Turkish banking regulation is Banking Law No. 5411. This law regulates the establishment and operation of banks, the permitted activities of banks, corporate governance obligations, internal control and risk management systems, financial reporting, own funds, standard ratios, loan limits, deposit and participation fund rules, supervision powers, confidentiality duties and the institutional structure of the BRSA and the Savings Deposit Insurance Fund.
Banking Law No. 5411 applies to deposit banks, participation banks, development and investment banks, Turkish branches of foreign banks, financial holding companies, the Banks Association of Turkey, the Participation Banks Association of Turkey, the BRSA and the Savings Deposit Insurance Fund. This broad scope shows that Turkish banking regulation is not limited to bank-customer relationships; it also covers the institutional architecture of the financial system.
In addition to the Banking Law, banks in Turkey must comply with many secondary regulations issued by the BRSA. These include regulations on internal systems, internal capital adequacy assessment, information systems, electronic banking services, remote identification, disclosure of confidential information, loan operations, capital adequacy, liquidity coverage ratio, net stable funding ratio, corporate governance, independent audit, indirect shareholding, loan classification and provisions, procurement of support services and systemic importance. The BRSA’s official legislation list demonstrates the wide and technical nature of the secondary regulatory framework applicable to banks.
Therefore, banking regulation in Turkey must be analyzed as a multi-layered legal regime. The Banking Law provides the main structure, while BRSA regulations, board decisions, communiqués, supervisory expectations and sectoral practice determine how banks must operate in daily business.
2. The Role of the BRSA in Turkish Banking Regulation
The BRSA is the central authority for the regulation and supervision of the Turkish banking sector. It is established as a public legal entity with administrative and financial autonomy under Banking Law No. 5411. The BRSA is responsible for granting permissions, supervising banks, issuing secondary regulations, monitoring compliance, requesting information, conducting on-site and off-site supervision and taking regulatory measures where necessary.
The BRSA’s role is not limited to domestic supervision. Because Turkish banks may operate abroad and foreign banks may operate in Turkey, the BRSA also cooperates with foreign supervisory authorities for consolidated supervision and regulatory coordination. The BRSA states that its international relations include cooperation with foreign supervisory authorities, relations with the European Union and links with international institutions.
This international dimension is important for foreign banks, multinational financial groups and cross-border transactions. A foreign banking group planning to establish a Turkish subsidiary or branch should expect the BRSA to examine not only the Turkish entity but also the group structure, ultimate ownership, home-country supervision, financial strength, governance standards and regulatory reputation.
3. Banks and Financial Institutions Subject to BRSA Supervision
Turkish law recognizes different categories of banks. The main categories are:
Deposit banks: These are conventional banks that accept deposits and grant loans. They provide current accounts, savings accounts, commercial loans, consumer loans, payment services, guarantees, credit cards and foreign exchange services.
Participation banks: These banks operate under participation finance principles. They collect funds through participation accounts and special current accounts instead of conventional deposits. Their financing activities are structured around profit-and-loss participation and trade-based or asset-based financing models.
Development and investment banks: These banks generally do not accept deposits or participation funds. Their activities focus on investment finance, project finance, development finance, capital market transactions and similar financial services.
Foreign bank branches: Banks established abroad may open branches or representative offices in Turkey only with the required BRSA permission. Representative offices cannot accept deposits or participation funds and their activities are limited.
The distinction between these bank types matters because not every bank may carry out every banking activity. For example, deposit banks cannot accept participation funds, while participation banks cannot accept conventional deposits. Development and investment banks are also subject to different restrictions regarding deposit and participation fund collection.
4. Activities Requiring Banking Authorization in Turkey
Banking activities are regulated activities in Turkey. A company cannot freely call itself a bank or perform banking activities without authorization.
Banking Law No. 5411 lists a wide range of activities that banks may conduct. These include accepting deposits, accepting participation funds, granting cash and non-cash loans, payment and collection transactions, fund transfers, correspondent banking, cheque account services, safekeeping services, issuing payment instruments, foreign exchange transactions, trading money market instruments, precious metals transactions, derivative transactions, capital market instrument transactions, guarantees, investment advisory services, portfolio management, factoring, forfeiting, interbank market transactions, financial leasing and insurance agency services where legally permitted.
This wide list has an important practical consequence. If a business model involves holding customer funds, granting credit, issuing payment instruments, providing bank-like guarantees, presenting financial products to the public or acting as a financial intermediary, the business should be reviewed from a regulatory licensing perspective.
Fintech companies, digital platforms, marketplace operators, lending platforms, embedded finance projects and foreign financial institutions should be especially careful. Even if a company describes itself as a “technology provider,” its actual activity may fall within a regulated financial service category.
5. BRSA Licensing: Establishing a Bank in Turkey
Establishing a bank in Turkey requires BRSA permission. Banking Law No. 5411 provides that the establishment of a bank in Turkey, or the opening of the first branch in Turkey by a bank established abroad, requires permission from the Banking Regulation and Supervision Board. The law states that this permission is granted by affirmative votes of at least five Board members, provided that the statutory conditions are fulfilled.
A bank to be established in Turkey must satisfy several legal requirements. It must be established as a joint stock company. Its shares must be issued against cash and must be registered shares. Its founders must meet the statutory qualifications. Its board members must satisfy corporate governance requirements and possess the professional experience necessary for the planned activities. Its proposed fields of activity must be compatible with its financial, managerial and organizational structure.
The licensing process is therefore much more demanding than ordinary company incorporation. The BRSA examines the founders, shareholders, ultimate beneficial owners, source of funds, capital structure, management qualifications, internal systems, business plan, operational infrastructure, risk profile and regulatory suitability of the proposed bank.
For foreign investors, transparency is critical. Complex ownership chains, unclear beneficial ownership, insufficient capital documentation, weak governance structures or inconsistent business plans may create serious licensing difficulties.
6. Operating Permission: The Second Stage of Authorization
Establishment permission does not automatically allow a bank to begin operations. A bank that has received establishment permission must also obtain operating permission from the BRSA.
Under Banking Law No. 5411, banks permitted to be established in Turkey or permitted to open branches in Turkey must receive operating permission from the Board. The operating permission covers the activities listed in Article 4 of the Banking Law, subject to legal limitations and the scope approved by the BRSA.
The operating permission stage focuses on whether the bank is actually ready to operate. The BRSA may examine paid-in capital, management appointments, internal control systems, risk management systems, internal audit systems, IT infrastructure, accounting systems, compliance structures, branch or digital service readiness and customer service arrangements.
This two-step licensing structure protects the banking system. First, the BRSA decides whether the proposed bank may be established. Second, it evaluates whether the bank is operationally prepared to provide banking services safely and lawfully.
7. Foreign Banks and BRSA Approval
Foreign banks cannot freely conduct banking activities in Turkey without permission. A foreign bank may enter the Turkish market through a branch, subsidiary or representative office depending on its intended activities.
A foreign bank branch requires BRSA approval and must satisfy Turkish banking law requirements. The BRSA may examine whether the foreign bank is properly supervised in its home jurisdiction, whether its activities are lawful in its home country, whether its financial structure is strong, whether the group has a transparent ownership structure and whether the proposed Turkish branch has adequate capital, management and internal systems.
Representative offices are more limited. They may engage in liaison, research and promotional activities but cannot accept deposits or participation funds. Banking Law No. 5411 expressly provides that banks established abroad may open representative offices in Turkey with Board permission, provided that they do not accept deposits or participation funds and operate within the framework determined by the Board.
Foreign banks should also consider tax law, employment law, data protection, anti-money laundering rules, foreign exchange legislation and cross-border reporting requirements before entering the Turkish market.
8. BRSA Supervision: On-Site and Off-Site Control
The BRSA supervises banks through both on-site and off-site methods. Off-site supervision generally involves the review of financial reports, regulatory filings, capital ratios, liquidity indicators, loan concentration, risk exposures, audit reports and other information submitted by banks. On-site supervision involves inspections conducted at banks or relevant institutions.
Banking Law No. 5411 includes a dedicated part on supervision and measures to be taken. It contains provisions on supervision, consolidated supervision, precaution plans, corrective measures, rehabilitating measures, restrictive measures, revocation of operating permission, transfer to the Savings Deposit Insurance Fund and measures against systemic risk.
This supervisory structure allows the BRSA to intervene before problems become irreversible. If a bank’s financial condition, management structure, capital adequacy, liquidity, internal systems or risk profile creates concern, the BRSA may require corrective action. In serious cases, it may restrict activities, require restructuring, revoke operating permission or transfer control to the relevant public authority under the legal framework.
9. Consolidated Supervision and Financial Groups
Consolidated supervision is an important part of Turkish banking regulation. Banks are often part of wider corporate groups that include subsidiaries, affiliates, financial holding companies, foreign branches, leasing companies, factoring companies, investment firms or other financial entities.
The BRSA must be able to assess the risks of the group as a whole. A bank may appear healthy on an individual basis but may carry risk through group companies, related-party transactions, off-balance-sheet exposures or foreign subsidiaries. For this reason, Turkish banking regulation includes consolidated supervision rules.
The BRSA’s cooperation with foreign supervisory authorities is also relevant here. Its official information states that cooperation with foreign supervisory authorities aims to improve the effectiveness of consolidated supervision, especially where Turkish banks operate abroad or foreign banks operate in Turkey.
For banking groups, consolidated supervision means that compliance cannot be limited to the licensed bank alone. Group structure, intra-group transactions, risk transfers, capital adequacy, reporting systems and governance mechanisms must be evaluated together.
10. Capital Adequacy and Liquidity Compliance
Capital adequacy is one of the most important compliance obligations in Turkish banking law. Banks must maintain sufficient own funds against the risks they assume. Banking Law No. 5411 includes protective provisions on own funds, standard ratios, capital adequacy and liquidity adequacy. The law requires banks to calculate, maintain and report capital adequacy and liquidity levels in line with BRSA regulations.
The BRSA also has detailed secondary regulations on the measurement and assessment of capital adequacy, own funds, leverage levels, liquidity coverage ratio, net stable funding ratio and foreign exchange net general position. These regulations form the technical backbone of prudential supervision.
Capital and liquidity rules are not merely accounting requirements. They are designed to ensure that banks can absorb losses, continue lending, meet withdrawal demands, manage market shocks and protect depositors. Weak capital or liquidity may lead to regulatory measures, restrictions on activities or more serious supervisory intervention.
11. Internal Systems: Internal Control, Risk Management and Internal Audit
Turkish banks must establish effective internal systems. Banking Law No. 5411 contains provisions on internal control, risk management and internal audit. These systems are essential for identifying, measuring, monitoring and managing risks.
The BRSA’s secondary legislation includes a specific regulation on internal systems and the internal capital adequacy assessment process of banks. The regulatory framework also includes rules on information systems, electronic banking services, independent audit of banks and audit of bank information systems and banking processes.
A bank’s internal control system should ensure that operations are performed in accordance with law, internal policies and banking principles. Its risk management system should cover credit risk, market risk, operational risk, liquidity risk, interest rate risk, foreign exchange risk, compliance risk and reputational risk. Its internal audit system should independently evaluate whether the bank’s activities, systems and controls are adequate.
In modern banking, internal systems also include cybersecurity, digital fraud prevention, data governance, outsourcing controls, cloud service risk, API security and remote customer onboarding procedures.
12. Corporate Governance Rules for Banks
Corporate governance has special importance in banking because banks manage public trust and systemic risk. Turkish banking regulation imposes stricter expectations on bank managers compared with ordinary commercial companies.
Bank board members, general managers, deputy general managers, audit committee members and other senior executives must meet professional, ethical and legal requirements. Banking Law No. 5411 includes provisions on corporate governance, board of directors, audit committee, general managers, deputy general managers, prohibition from working and signing, oath and declaration of property.
The BRSA also has a dedicated regulation on corporate governance principles of banks.
Strong governance is necessary to prevent excessive risk-taking, related-party abuse, weak credit decisions, internal fraud, misleading reporting and regulatory breaches. A bank’s board of directors must oversee risk strategy, compliance, capital planning, internal systems, audit functions and senior management accountability.
13. Loan Operations, Credit Risk and Related-Party Restrictions
Loan operations are a core area of BRSA supervision. Banking Law No. 5411 defines loans broadly. Loans may include cash loans, non-cash loans, guarantees, counter-guarantees, suretyships, avals, endorsements, acceptance loans, purchased bonds, receivables from installment sales, overdue loans, accrued but unpaid interest, derivative risks and other exposures recognized by the BRSA.
This broad definition prevents banks from avoiding credit risk rules by changing the form of a transaction. If the bank bears credit exposure, the transaction may fall within loan rules even if it is not labelled as a traditional loan.
Banks must comply with loan limits, risk group rules, credit monitoring obligations, loan classification requirements and provisioning rules. The BRSA has secondary regulations on loan operations, determination of connected clients and loan limits, classification of loans and provisions to be set aside.
For borrowers and guarantors, these rules are also relevant. A bank’s internal credit decisions, collateral requirements, loan acceleration practices and restructuring negotiations are shaped by regulatory obligations.
14. Confidentiality and Customer Data Protection
Banking confidentiality is a key obligation under Turkish law. Banking Law No. 5411 includes a dedicated confidentiality provision. It restricts the disclosure of bank secrets and customer secrets obtained through banking activities, except where disclosure is legally permitted. The law also includes provisions on protection of reputation, ethical principles and customer rights.
The BRSA has a separate regulation on the disclosure of confidential information, as listed among its banking law regulations.
In practice, banking confidentiality interacts with personal data protection, anti-money laundering reporting, court orders, prosecutor requests, tax investigations, regulatory audits and cross-border data transfer rules. Banks must carefully balance confidentiality obligations with mandatory legal disclosure duties.
Digital banking has made this area more important. Customer onboarding, mobile banking, internet banking, biometric verification, transaction monitoring, fraud detection and open banking services all involve sensitive customer data. Banks must therefore establish strong legal, technical and organizational measures to protect banking data.
15. Digital Banking and Banking-as-a-Service Compliance
Digital banking has become an important part of Turkish banking regulation. The BRSA has issued a regulation on the operating principles of digital banks and the banking-as-a-service model. This regulation appears in the BRSA’s official list of banking law regulations.
Digital banks operate mainly through electronic banking channels rather than traditional branch networks. Banking-as-a-service allows licensed banks to provide banking infrastructure through digital interfaces and partnerships. These models are especially relevant for fintech companies, e-commerce platforms, embedded finance providers and technology-driven financial services.
However, digital innovation does not remove licensing requirements. A digital bank is still a bank. A technology company that offers bank-like services may need to partner with a licensed institution or obtain its own authorization depending on the business model. Regulatory analysis should be conducted before launching any digital finance product in Turkey.
16. Deposit Protection and the Role of the Savings Deposit Insurance Fund
Deposit protection is an important part of the Turkish banking safety net. The Savings Deposit Insurance Fund, known as the SDIF or TMSF, insures eligible deposits and participation funds within the statutory limits.
For 2026, the official TMSF deposit insurance information indicates coverage up to TRY 1,200,000 for eligible deposits and participation funds, subject to the applicable scope and exclusions.
Deposit insurance supports confidence in the banking system, but it is not unlimited. The scope of protection depends on the type of account, the account holder, the bank, whether the account is held at a domestic branch and whether any statutory exclusion applies. For high-balance depositors, corporate clients and foreign investors, deposit protection rules should be reviewed carefully.
17. BRSA Enforcement Powers and Regulatory Measures
The BRSA has broad powers to enforce banking legislation. If a bank fails to comply with capital adequacy, liquidity, reporting, internal systems, loan limits, governance or other obligations, the BRSA may take supervisory measures.
Banking Law No. 5411 includes corrective measures, rehabilitating measures, restrictive measures and, in serious cases, revocation of operating permission or transfer to the Savings Deposit Insurance Fund.
Regulatory enforcement may include requiring the bank to strengthen capital, limit risk exposure, change management practices, improve internal systems, restrict certain activities, submit recovery plans or take other measures. Administrative fines and sanctions may also apply depending on the violation.
For banks, compliance failures are not merely legal risks. They may cause reputational damage, customer distrust, operational restrictions, shareholder disputes, management liability and regulatory intervention.
18. Practical Compliance Checklist for Banks and Financial Institutions in Turkey
Banks and financial institutions operating in Turkey should maintain a structured compliance program. A practical checklist should include:
Reviewing licensing status and permitted activities; ensuring BRSA permissions are obtained before launching new banking services; maintaining capital adequacy and liquidity ratios; implementing internal control, risk management and internal audit systems; complying with corporate governance rules; monitoring loan limits and related-party exposures; maintaining accurate financial reporting; preserving banking confidentiality and customer data; complying with independent audit requirements; managing outsourcing and support service risks; reviewing digital banking and information systems compliance; maintaining customer rights procedures; responding properly to BRSA information requests; and preparing for on-site and off-site supervision.
For foreign investors and fintech companies, the most important first step is legal classification of the business model. The key question is not how the company describes itself, but what it actually does. If the business accepts funds, transfers money, grants credit, issues payment instruments, holds customer balances, provides banking infrastructure or presents regulated financial products, Turkish financial regulation must be analyzed in detail.
19. Why Legal Support Is Essential in BRSA Licensing and Banking Compliance
BRSA licensing and banking compliance require specialized legal knowledge. Banking regulation combines administrative law, corporate law, finance law, contract law, data protection, AML compliance, tax considerations and dispute resolution.
A Turkish banking lawyer may assist with bank establishment applications, foreign bank branch permissions, representative office applications, share acquisition approvals, regulatory due diligence, compliance policies, internal governance documentation, loan and collateral structures, digital banking models, confidentiality analysis, BRSA correspondence and banking disputes.
Legal support is particularly important before submitting regulatory applications. Incomplete or inconsistent applications may delay the process or create credibility concerns. A well-prepared licensing file should clearly explain ownership, capital, business model, governance, internal systems, risk controls, information systems, financial projections and compliance procedures.
Conclusion
Banking regulation in Turkey is built on a strict licensing, supervision and compliance framework. The BRSA plays a central role in regulating banks, granting permissions, supervising activities, issuing secondary regulations and protecting financial stability. Banking Law No. 5411 provides the main legal structure, while BRSA regulations create detailed obligations on capital adequacy, liquidity, corporate governance, internal systems, loan operations, audit, confidentiality, digital banking and supervisory reporting.
For banks, compliance with BRSA rules is not a formality; it is the legal foundation of lawful banking operations. For foreign banks and investors, BRSA licensing requirements must be carefully analyzed before entering the Turkish market. For fintech companies and digital finance businesses, the distinction between technology services and regulated banking activities must be clearly established.
Turkey’s banking sector offers significant opportunities for domestic and international market participants. However, these opportunities come with serious regulatory responsibilities. Any institution planning to establish a bank, acquire shares in a bank, open a foreign bank branch, launch digital banking services, provide banking infrastructure or structure financial products in Turkey should obtain professional legal guidance before taking action.
Yanıt yok