Introduction
Electronic money institutions in Turkey have become one of the most important parts of the country’s fintech and digital finance ecosystem. As digital wallets, prepaid payment products, mobile applications, online platforms, marketplace payment models and embedded finance solutions continue to expand, electronic money has become a practical alternative to traditional cash and card-based payment structures.
In Turkey, electronic money is not an unregulated digital balance. It is a regulated financial service governed mainly by Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions and the secondary legislation of the Central Bank of the Republic of Türkiye, commonly known as the CBRT or TCMB. The CBRT states that regulation and supervision in the payment services area are governed by Law No. 6493 and related secondary legislation, including regulations on payment services, electronic money issuance, QR code payments, crypto assets in payments and information systems of payment and electronic money institutions.
For fintech companies, foreign investors, digital wallet providers, marketplace operators, payment service providers and technology companies, understanding the legal status of electronic money institutions in Turkey is essential before launching any product involving stored value, prepaid balances or digital payment accounts. A business model may appear to be a simple loyalty balance or platform credit system, but if it allows users to store monetary value and use it for payment transactions accepted by third parties, it may fall within the electronic money regulatory framework.
This article provides a comprehensive legal guide to electronic money institutions in Turkey, focusing on legal requirements, licensing, capital rules, customer fund protection, CBRT supervision, AML compliance, data protection and practical risks for fintech businesses.
1. What Is an Electronic Money Institution in Turkey?
An electronic money institution is a legal entity authorized to issue electronic money under Turkish law. Electronic money generally refers to monetary value issued in exchange for funds received from users, stored electronically and used to perform payment transactions. It is commonly used in digital wallets, prepaid cards, mobile payment accounts, online platform balances and stored-value payment systems.
Under Turkish law, electronic money issuance is a regulated activity. Law No. 6493 provides that, except for banks operating under Banking Law No. 5411, the Turkish Post and Telegraph Organization and electronic money institutions authorized under Law No. 6493, other persons are prohibited from issuing electronic money. The law also states that an electronic money institution wishing to issue electronic money must obtain permission from the CBRT.
This means that a company cannot freely issue electronic money in Turkey merely by creating a digital wallet application or prepaid balance system. The legal classification depends on the substance of the product. If the product involves funds received from users, electronic storage of monetary value and use of that value for payment transactions, electronic money licensing analysis becomes necessary.
2. Legal Framework for Electronic Money Institutions
The main legal framework for electronic money institutions in Turkey is Law No. 6493. This law regulates payment systems, securities settlement systems, payment services, payment institutions and electronic money institutions. The CBRT’s official payment services page confirms that payment services regulation and supervision are carried out under Law No. 6493 and secondary legislation.
In addition to Law No. 6493, electronic money institutions must comply with the Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers, the rules on information systems and data sharing services, AML legislation, data protection law, consumer protection principles and contractual obligations arising from customer and merchant relationships.
The CBRT’s payment systems legal framework also lists Law No. 6493, the Regulation on the Generation and Use of TR QR Code in Payment Services, the Regulation on the Disuse of Crypto Assets in Payments, information systems communiqués and other payment infrastructure rules.
Therefore, electronic money regulation in Turkey should not be analyzed only from a licensing perspective. A compliant e-money business must also address information security, customer fund safeguarding, anti-money laundering controls, data protection, outsourcing, merchant agreements, complaint handling and regulatory reporting.
3. Legal Requirements for Establishing an Electronic Money Institution
Law No. 6493 sets out key legal requirements for electronic money institutions. An electronic money institution must be established as a joint stock company. Shareholders holding ten percent or more of the capital, as well as persons controlling the company, must meet qualification requirements similar to those required for bank founders. Shares must be issued for cash and must be registered shares. The company must have paid-in capital free from fictitious transactions, sufficient management, qualified personnel and technical infrastructure. It must also establish units for complaints and objections, take necessary measures for continuity of operations and protect the security and confidentiality of user funds and information.
The company must also have a transparent ownership structure and organizational chart that does not prevent CBRT supervision. This is particularly important for foreign investors and corporate groups. Complex ownership chains, nominee arrangements or unclear ultimate beneficial ownership may create regulatory concerns.
In practice, a licensing file for an electronic money institution should clearly explain the company’s shareholders, ultimate beneficial owners, source of funds, capital structure, management team, business model, technology infrastructure, compliance program, risk management structure, outsourcing relationships and financial projections.
4. Licensing Requirement and CBRT Authorization
Electronic money institutions cannot operate in Turkey without CBRT authorization. Law No. 6493 provides that an electronic money institution wishing to issue electronic money may operate only with permission from the CBRT.
The licensing process is not a simple formality. The CBRT examines whether the applicant has a legally compliant structure, sufficient capital, reliable shareholders, qualified management, secure information systems, proper internal controls, customer protection mechanisms and a sustainable business plan. The application should be supported by documentation showing that the institution can safely issue electronic money and protect user funds.
A company applying for an e-money license should be ready to explain the entire transaction flow. The CBRT may need to understand when funds are received, when electronic money is issued, where funds are held, how user balances are recorded, how redemption works, how merchants are paid, how refunds are processed and how suspicious transactions are detected.
Foreign fintech companies should not assume that a license in another jurisdiction allows them to issue electronic money in Turkey. Turkish authorization is required where the activity falls within the scope of Turkish law.
5. Capital and Own Funds Rules for Electronic Money Institutions
Capital rules are one of the most important regulatory requirements for electronic money institutions in Turkey. Law No. 6493 contains statutory capital requirements for electronic money institutions, while CBRT secondary legislation and communiqués determine updated minimum own funds obligations.
As of the current regulatory framework, the minimum own funds amounts are periodically re-evaluated by the CBRT, taking into account annual changes in price indices. The CBRT’s 2024 Annual Report states that, as of 30 June 2024, the minimum own funds amounts were set as TRY 10 million for payment institutions exclusively mediating bill payments, TRY 20 million for other payment institutions except those exclusively providing account information services, and TRY 55 million for electronic money institutions.
A later communiqué published in January 2026 states that the amounts applied under the 2025 update were TRY 15 million, TRY 30 million and TRY 80 million respectively, and that these amounts will be increased to TRY 20 million, TRY 40 million and TRY 105 million respectively as of 30 June 2026. Therefore, for electronic money institutions, the minimum own funds amount is currently TRY 80 million until 30 June 2026 and will become TRY 105 million from 30 June 2026.
This distinction is important. A fintech company should not rely only on historical statutory amounts stated in the main law. In practice, minimum own funds obligations are updated and must be checked before any licensing application, share transfer, capital planning or compliance review.
6. Issuance and Redemption of Electronic Money
The core function of an electronic money institution is issuing electronic money in exchange for funds received from users. Law No. 6493 provides that an institution issuing electronic money must issue electronic money equal to the funds it receives. It must convert the funds deposited by the electronic money user into electronic money without delay and make them available for use.
This rule reflects the basic legal nature of electronic money. Electronic money is not a loan, investment product or deposit. It is monetary value issued against user funds for payment purposes. The institution should not issue electronic money without receiving corresponding funds, and it should not use customer funds as if they were its own operating capital.
Electronic money users should also have clear contractual rights regarding redemption. The customer agreement should explain how electronic money can be loaded, used, transferred, refunded or redeemed, and whether any fees, limits or conditions apply.
A poorly drafted user agreement may create disputes over balances, dormant accounts, refunds, mistaken transactions, fraud claims and termination.
7. Protection of Customer Funds
Customer fund protection is a central obligation for electronic money institutions. Law No. 6493 states that an electronic money institution must transfer the funds collected in exchange for electronic money issuance to a separate account opened with banks defined under Banking Law No. 5411.
The law also provides that funds received by payment institutions for payment services and funds collected by electronic money institutions for electronic money issuance must be protected according to procedures and principles determined by the CBRT. The CBRT may also impose collateral obligations.
These rules are designed to protect users. If an electronic money institution faces liquidation, license cancellation or financial distress, customer funds should not be treated like ordinary commercial assets of the institution. Law No. 6493 states that accepted funds and the accounts where such funds are held are used to compensate fund owners’ rights and fulfill obligations arising from the law, regardless of priorities under other laws, and that payment and electronic money institutions are responsible for compensating fund owners’ rights.
For this reason, electronic money institutions must have strong reconciliation systems, segregation controls, accounting procedures and internal reporting mechanisms. Customer funds should always be traceable and protected.
8. Prohibition on Credit Activities and Interest Benefits
Electronic money institutions are not banks. They cannot use electronic money balances as a basis for granting credit unless a specific activity is permitted under the regulatory framework. Law No. 6493 expressly states that an electronic money institution cannot engage in lending activities. It also authorizes the CBRT to determine whether activities conducted in connection with payment services fall within lending activity.
The law also provides that an institution issuing electronic money cannot pay interest or provide any benefit to the holder depending on the period during which electronic money is held.
This is a critical distinction between electronic money and deposit banking. Electronic money is designed for payments, not for deposit collection, savings, investment or interest generation. If a digital wallet product begins to look like an interest-bearing account, investment product or credit facility, it may trigger serious regulatory issues.
Fintech companies should carefully review campaigns, cashback models, loyalty programs and promotional benefits to ensure they do not create prohibited interest-like benefits linked to the holding period of electronic money.
9. Electronic Money Is Not a Bank Deposit
Law No. 6493 states that funds received by electronic money institutions in exchange for electronic money issuance are not considered deposits or participation funds under Banking Law No. 5411.
This is important for customer communication. Users should not be misled into believing that electronic money balances are bank deposits or that they benefit from the same deposit insurance regime applicable to eligible bank deposits. Electronic money is protected through specific safeguarding rules, not through ordinary deposit insurance.
User agreements, marketing materials, mobile application screens and FAQs should clearly explain the legal nature of the product. Misleading customers may create regulatory risk, consumer complaints and reputational harm.
10. Activities Through Banks
Law No. 6493 provides that electronic money institutions conduct their activities through banks defined under Banking Law No. 5411.
This rule reflects the relationship between e-money institutions and the banking system. Electronic money institutions need bank accounts, safeguarding structures, settlement arrangements and operational support. They may also need bank partnerships for card issuing, virtual POS, account services, merchant settlement, payment rails and compliance infrastructure.
Contracts between electronic money institutions and banks should be carefully drafted. They should regulate account structures, safeguarding, settlement timing, transaction limits, compliance cooperation, information sharing, operational continuity, termination rights and liability for errors or unauthorized transactions.
11. CBRT Supervision and Enforcement Powers
Electronic money institutions are supervised by the CBRT. Law No. 6493 states that banks, payment institutions, electronic money institutions and the Turkish Post and Telegraph Organization are subject to CBRT supervision within the scope of the law. The CBRT may conduct inspections at branches, representatives and outsourced service providers. Institutions and relevant persons must provide requested information and documents and keep their books and records ready for examination.
The CBRT also has significant enforcement powers. It may request necessary corrective measures, grant a reasonable period not exceeding six months, temporarily suspend the activity license until required measures are taken, and cancel the license if measures are not taken within the specified period.
This means that compliance failures are not merely internal operational problems. They may lead to administrative sanctions, suspension of activities, license cancellation and reputational damage. Electronic money institutions must maintain continuous compliance, not only compliance at the licensing stage.
12. Market Size and Regulatory Activity
The Turkish electronic money sector has grown substantially. According to the CBRT’s 2024 Annual Report, as of 31 December 2024, there were 26 payment institutions and 63 electronic money institutions operating in Turkey under Law No. 6493. The same report states that in 2024, eight operating license applications were approved, seven activity expansion applications were approved, five share transfer permissions were approved, one institution’s operating license was temporarily suspended and one license was cancelled.
The report also states that, following supervision and inspection activities conducted in 2023, administrative fines totaling TRY 160.3 million were imposed on 55 institutions and warnings were issued to 16 institutions under Law No. 6493.
These figures show that the market is active but closely supervised. Electronic money institutions should expect regulatory monitoring, information requests, inspections and enforcement action where compliance weaknesses are identified.
13. Recordkeeping, Information Systems and Data Localization
Electronic money institutions must comply with recordkeeping and information systems obligations. Law No. 6493 requires system operators, payment institutions and electronic money institutions to keep documents and records relating to matters under the law securely, accessible when requested and within Turkey for at least ten years. It also requires certain information systems and backups to be kept domestically.
This rule is especially important for fintech companies using cloud infrastructure, foreign data centers, international group systems or outsourced technology providers. Before selecting vendors, electronic money institutions should confirm whether data storage, backup, access, logging and disaster recovery arrangements comply with Turkish requirements.
The CBRT’s official payment services page also identifies the communiqué on the management and supervision of IT systems of payment and electronic money institutions and data sharing services as part of the relevant regulatory framework.
Information systems compliance should include access controls, encryption, logging, transaction monitoring, incident response, business continuity, penetration testing, vulnerability management, authentication mechanisms, outsourcing controls and audit rights.
14. AML Compliance for Electronic Money Institutions
Electronic money institutions are exposed to money laundering and terrorist financing risks because they onboard customers digitally, handle stored value, process high-volume transactions and work with merchants or platforms. Therefore, AML compliance is a core legal requirement.
Turkey’s main AML statute is Law No. 5549 on Prevention of Laundering Proceeds of Crime, whose objective is to determine principles and procedures for preventing money laundering.
Electronic money institutions should implement a risk-based AML program including customer due diligence, identity verification, beneficial ownership checks, sanctions screening, transaction monitoring, suspicious transaction reporting, recordkeeping, internal controls, staff training and audit mechanisms.
A weak AML program may allow mule accounts, stolen identities, suspicious merchants, fraud networks or illegal platforms to use the institution’s services. This may create regulatory sanctions, criminal exposure, banking relationship problems and serious reputational damage.
15. Data Protection and Privacy Compliance
Electronic money institutions process significant volumes of personal data, including identity information, contact details, device data, IP addresses, transaction history, wallet balances, merchant data, fraud signals and sometimes biometric verification data.
Turkish data protection law is governed mainly by Law No. 6698 on the Protection of Personal Data. The official English text of the law includes rules on processing conditions and international transfers; Article 9 was amended by Law No. 7499 in 2024 and now sets out the framework for transferring personal data abroad, including adequacy decisions and appropriate safeguards.
This is particularly important for electronic money institutions using foreign cloud providers, overseas analytics tools, international fraud detection systems, group companies abroad or cross-border customer support teams.
Data protection compliance should include privacy notices, legal grounds for processing, explicit consent where necessary, data minimization, storage limitation, data subject request procedures, information security measures and cross-border transfer analysis. Customer data should not be collected or processed merely because it is commercially useful; it must be legally justified and proportionate.
16. Crypto Assets and Electronic Money
Electronic money institutions should be especially cautious about crypto-related services. The CBRT’s payment services legal framework includes the Regulation on the Disuse of Crypto Assets in Payments.
This means that a wallet provider or e-money institution should not design a product in which crypto assets are used directly or indirectly as a prohibited payment instrument. Even where blockchain technology is used for technical infrastructure, the legal analysis must focus on whether crypto assets are being used for payment, settlement or value transfer in a way restricted by Turkish law.
Crypto-linked wallets, merchant settlement models, stablecoin-based payments or indirect crypto payment flows should be reviewed carefully before launch.
17. QR Code Payments and E-Money Wallets
Electronic money institutions may also participate in QR code payment models where authorized. The CBRT’s TR QR Code Regulation applies to transactions made using QR codes that fall within payment services under Law No. 6493. The regulation identifies relevant parties such as QR code generators, merchants, consumers, payment service providers and payment systems transferring funds between payment service providers for clearing or settlement.
For e-money wallet providers, QR code payments can be commercially valuable. They allow users to pay merchants quickly through mobile applications. However, QR code payment products must comply with transaction security, technical standards, merchant onboarding, customer authentication, refund, dispute and fraud control requirements.
Merchant agreements should clearly regulate settlement timing, fees, refunds, prohibited goods and services, fraud responsibility, data protection, AML cooperation and termination rights.
18. Customer Agreements and Consumer Transparency
Electronic money institutions should have clear and enforceable customer agreements. The agreement should explain what electronic money is, how the user can load funds, how electronic money is issued, where it can be used, how redemption works, whether fees apply, what transaction limits exist, how complaints are submitted and what happens in case of fraud or unauthorized use.
Transparency is crucial because many users may not understand the legal difference between electronic money, bank deposits, loyalty points, prepaid cards and credit products. The institution should avoid misleading statements suggesting that e-money balances are bank deposits, insured deposits, investment products or interest-bearing accounts.
Mobile application screens, FAQs, marketing materials and customer support scripts should be consistent with the legal nature of the product.
19. Merchant and Platform Agreements
Electronic money institutions often work with merchants, marketplaces and digital platforms. These relationships create significant legal and operational risk.
A strong merchant agreement should cover merchant onboarding, prohibited goods and services, settlement periods, transaction fees, refunds, chargebacks, fraud, customer complaints, AML cooperation, data protection, tax responsibility, technical integration, service interruptions, suspension, termination and post-termination obligations.
Marketplace structures require special attention. If users load electronic money into a wallet and use it across multiple sellers, the institution must ensure that the flow of funds, settlement logic and customer communication comply with electronic money and payment services rules.
20. Outsourcing and Technology Providers
Electronic money institutions typically rely on software vendors, cloud providers, identity verification services, fraud prevention tools, payment processors, card issuers, call centers and data analytics providers. Outsourcing can improve efficiency, but it also creates compliance risk.
The institution remains responsible for its regulated activity even when a function is outsourced. Therefore, outsourcing contracts should include audit rights, confidentiality, data protection, information security, service levels, incident notification, business continuity, subcontracting restrictions, regulatory cooperation and termination rights.
Before outsourcing critical functions, the institution should conduct due diligence on the vendor’s technical capacity, financial reliability, security standards, regulatory experience and data processing practices.
21. Practical Compliance Checklist for Electronic Money Institutions
An electronic money institution operating in Turkey should follow a structured compliance checklist.
First, the business model should be legally classified to determine whether it involves electronic money issuance, payment services, a limited network exemption, loyalty points, marketplace payments or another regulated activity.
Second, licensing requirements should be reviewed before launch.
Third, capital and own funds requirements should be checked according to the latest CBRT updates.
Fourth, customer fund safeguarding mechanisms should be established.
Fifth, electronic money issuance, redemption and reconciliation processes should be clearly documented.
Sixth, AML and fraud monitoring systems should be implemented.
Seventh, information systems, cybersecurity, domestic recordkeeping and backup requirements should be reviewed.
Eighth, customer agreements, merchant agreements and outsourcing contracts should be drafted in compliance with Turkish law.
Ninth, data protection documentation and cross-border transfer analysis should be completed.
Tenth, regulatory reporting, complaint handling and internal audit procedures should be maintained.
22. Why Legal Support Is Important
Electronic money regulation in Turkey is highly technical. It combines payment services law, fintech regulation, AML compliance, data protection, consumer protection, contract law, IT security and administrative supervision.
A Turkish fintech lawyer can assist with regulatory classification, CBRT license applications, e-money wallet structures, payment flow analysis, capital planning, customer fund safeguarding, user agreements, merchant agreements, outsourcing contracts, AML policies, privacy documentation, crypto payment restrictions and regulatory correspondence.
Early legal analysis is especially important. If a fintech company launches first and analyzes regulation later, it may face licensing problems, blocked bank relationships, customer claims, administrative fines, suspension of operations or license cancellation.
Conclusion
Electronic money institutions in Turkey are key players in the digital finance ecosystem. They support digital wallets, prepaid balances, mobile payments, marketplace payments, QR code payments and embedded finance solutions. However, electronic money issuance is a regulated financial activity and cannot be conducted without proper authorization.
Law No. 6493 and CBRT secondary legislation create a detailed framework covering licensing, capital and own funds, customer fund protection, electronic money issuance, redemption, prohibition of lending, prohibition of interest-like benefits, supervision, information systems, recordkeeping and enforcement.
For fintech companies and investors, the main legal challenge is to design the product correctly from the beginning. The business model must be classified accurately, capital requirements must be satisfied, user funds must be protected, AML and data protection systems must be implemented, and contracts must clearly define rights and obligations.
Turkey offers significant opportunities for electronic money institutions, but success depends on combining technology, trust and legal compliance. A well-structured electronic money institution can operate safely and competitively in the Turkish market, provided that it complies with CBRT supervision, protects customer funds and maintains a strong regulatory governance framework.
Yanıt yok